Impure evaluation (--impure) not propagated to inner home-manager activation due to locked flake path #137
Description
Hi @srid,
I'm encountering an issue where running nix run .# --impure -- --impure (to activate my home-manager config impurely) doesn't work as expected. The activation script uses a locked, store-path flake (e.g., /nix/store/...#hariamoor), which enforces pure evaluation mode and blocks impure builtins like builtins.fetchurl without a hash, even with --impure passed.
Steps to Reproduce:
- Set up a flake with nixos-unified (e.g., basic home-manager config using
autoWire). - Add an impure fetch in the config, like:
let wallpaper = builtins.fetchurl "https://example.com/image.jpg";
- Run
nix run .# --impure -- --impure. - Observe the error: "in pure evaluation mode, 'fetchurl' requires a 'sha256' argument".
Expected Behavior:
The --impure flag should propagate to the inner home-manager switch call, allowing impure evaluation similar to running home-manager switch --flake .#config --impure directly.
Actual Behavior:
The inner call uses a locked store path, which ignores --impure and enforces purity.
Workaround:
Directly running home-manager switch --flake .#config --impure works, but bypasses the unified activation.
This seems like a limitation in how the activation script handles locked flakes. Could you add support for optional impure activations, perhaps via a flag to use the original flake path (.) instead of the locked one when --impure is detected?
Thanks for looking into this!
Environment:
- NixOS version: 24.05 (or unstable, as in my flake)
- nixos-unified: latest from github:srid/nixos-unified
- home-manager: following nixpkgs-unstable
You can find a repro Flake with my NixOS config (hosted on Gitea!)