[GH-ISSUE #197] Nix package is broken #90

New issue

Closed

opened 2026-02-27 15:55:04 +03:00 by kerem · 3 comments

kerem commented

2026-02-27 15:55:04 +03:00

Owner

Originally created by @pedorich-n on GitHub (Feb 27, 2026).
Original GitHub issue: https://github.com/RayLabsHQ/gitea-mirror/issues/197

Originally assigned to: @arunavo4 on GitHub.

Hello!

I am experiencing an issue similar to https://github.com/RayLabsHQ/gitea-mirror/issues/143#issuecomment-3734223131, when trying to build a Nix package:

@nix { "action": "setPhase", "phase": "buildPhase" }
bun install v1.3.6 (d530ed99)
Resolving dependencies
Resolved, downloaded and extracted [396]
error: ConnectionRefused downloading package manifest vitest
error: ConnectionRefused downloading package manifest @astrojs/check
error: ConnectionRefused downloading package manifest @testing-library/jest-dom
error: ConnectionRefused downloading package manifest @types/uuid
error: ConnectionRefused downloading package manifest @vitejs/plugin-react
error: ConnectionRefused downloading package manifest drizzle-kit
....

Looking at the buildPhase, and the package in general, I had a suspicion that it required internet access to build. The Nix CI workflow confirmed it: github.com/RayLabsHQ/gitea-mirror@c26b5574e0/.github/workflows/nix-build.yml (L42-L43)

The problem is that on Linux and NixOS, sandboxing is enabled by default (not only on CI), but on MacOS, I think it's not. Sandboxing blocks internet access, meaning this package (in its current form) will never build on Linux machines.

To build a proper Nix package, until https://github.com/NixOS/nixpkgs/issues/335534 is merged, you need to use something like Fixed Output Derivation or a wrapper like bun2nix.

I'm not familiar with bun, but I am somewhat familiar with nix and packaging apps with it. I can try to help package this app so that it will be buildable on all platforms.

Originally created by @pedorich-n on GitHub (Feb 27, 2026). Original GitHub issue: https://github.com/RayLabsHQ/gitea-mirror/issues/197 Originally assigned to: @arunavo4 on GitHub. Hello! I am experiencing an issue similar to https://github.com/RayLabsHQ/gitea-mirror/issues/143#issuecomment-3734223131, when trying to build a Nix package: ``` @nix { "action": "setPhase", "phase": "buildPhase" } bun install v1.3.6 (d530ed99) Resolving dependencies Resolved, downloaded and extracted [396] error: ConnectionRefused downloading package manifest vitest error: ConnectionRefused downloading package manifest @astrojs/check error: ConnectionRefused downloading package manifest @testing-library/jest-dom error: ConnectionRefused downloading package manifest @types/uuid error: ConnectionRefused downloading package manifest @vitejs/plugin-react error: ConnectionRefused downloading package manifest drizzle-kit .... ``` Looking at the [`buildPhase`](https://github.com/RayLabsHQ/gitea-mirror/blob/c26b5574e0ca4976cefd54612564d779b8f87534/flake.nix#L39-L45), and the package in general, I had a suspicion that it required internet access to build. The Nix CI workflow confirmed it: https://github.com/RayLabsHQ/gitea-mirror/blob/c26b5574e0ca4976cefd54612564d779b8f87534/.github/workflows/nix-build.yml#L42-L43 The problem is that on Linux and NixOS, sandboxing is **enabled by default** (not only on CI), but on MacOS, I think it's not. Sandboxing blocks internet access, meaning this package (in its current form) will never build on Linux machines. To build a proper Nix package, until https://github.com/NixOS/nixpkgs/issues/335534 is merged, you need to use something like Fixed Output Derivation or a wrapper like [bun2nix](https://nix-community.github.io/bun2nix). I'm not familiar with bun, but I am somewhat familiar with nix and packaging apps with it. I can try to help package this app so that it will be buildable on all platforms.

kerem closed this issue

2026-02-27 15:55:04 +03:00

kerem commented

2026-02-27 15:55:05 +03:00

Author

Owner

@arunavo4 commented on GitHub (Feb 27, 2026):

@pedorich-n would appreciate your help. I will also run this on a linux vm and check.

@arunavo4 commented on GitHub (Feb 27, 2026): @pedorich-n would appreciate your help. I will also run this on a linux vm and check.

kerem commented

2026-02-27 15:55:05 +03:00

Author

Owner

@arunavo4 commented on GitHub (Feb 27, 2026):

Fix verified on Linux (Ubuntu 24.04 LTS, x64)

The Nix package now builds and runs successfully on Linux with sandboxing enabled. This is fixed in PR #199.

What was done:

Integrated bun2nix to pre-fetch all npm dependencies as fixed-output derivations - no network access needed during build
Fixed runtime issue where the app couldn't write to the read-only Nix store by creating a writable workdir with symlinks
Added nanoid as an explicit dependency (was only available as a transitive dep, which broke under the isolated linker)

Test environment:

OS: Ubuntu 24.04.3 LTS (x64) on Azure VM
Nix: with sandboxing enabled (default on Linux)
Build: nix build completes successfully
Runtime: Server starts, database initializes, health check passes

Health check output:

{
  "status": "ok",
  "database": { "connected": true, "message": "Database connection successful" },
  "recovery": { "status": "healthy", "jobsNeedingRecovery": 0 },
  "system": {
    "os": { "platform": "linux", "version": "#17~24.04.1-Ubuntu", "arch": "x64" },
    "env": "production"
  }
}

Screenshots of the app running from the Nix package will be attached to PR #199. This will ship in the next release.

@arunavo4 commented on GitHub (Feb 27, 2026): ## Fix verified on Linux (Ubuntu 24.04 LTS, x64) The Nix package now builds and runs successfully on Linux with sandboxing enabled. This is fixed in PR #199. ### What was done: 1. Integrated [bun2nix](https://github.com/nix-community/bun2nix) to pre-fetch all npm dependencies as fixed-output derivations - no network access needed during build 2. Fixed runtime issue where the app couldn't write to the read-only Nix store by creating a writable workdir with symlinks 3. Added `nanoid` as an explicit dependency (was only available as a transitive dep, which broke under the isolated linker) ### Test environment: - **OS:** Ubuntu 24.04.3 LTS (x64) on Azure VM - **Nix:** with sandboxing enabled (default on Linux) - **Build:** `nix build` completes successfully - **Runtime:** Server starts, database initializes, health check passes ### Health check output: ```json { "status": "ok", "database": { "connected": true, "message": "Database connection successful" }, "recovery": { "status": "healthy", "jobsNeedingRecovery": 0 }, "system": { "os": { "platform": "linux", "version": "#17~24.04.1-Ubuntu", "arch": "x64" }, "env": "production" } } ``` Screenshots of the app running from the Nix package will be attached to PR #199. This will ship in the next release.

kerem commented

2026-02-27 15:55:05 +03:00

Author

Owner

@arunavo4 commented on GitHub (Feb 27, 2026):

Screenshots from Linux VM (Nix package)

Light mode:

Dark mode:

@arunavo4 commented on GitHub (Feb 27, 2026): ### Screenshots from Linux VM (Nix package) **Light mode:** ![Gitea Mirror - Light Mode (Nix on Linux)](https://files.catbox.moe/1xihk0.png) **Dark mode:** ![Gitea Mirror - Dark Mode (Nix on Linux)](https://files.catbox.moe/krxayo.png)