Skip to content

tweag/rules_nixpkgs

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Nixpkgs rules for Bazel

Continuous integration

Use Nix and the Nixpkgs package set to import external dependencies (like system packages) into Bazel hermetically. If the version of any dependency changes, Bazel will correctly rebuild targets, and only those targets that use the external dependencies that changed.

Links:

See examples for how to use rules_nixpkgs with different toolchains.

Rules

Setup

Add the following to your WORKSPACE file, and select a $COMMIT accordingly.

load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")

http_archive(
    name = "io_tweag_rules_nixpkgs",
    strip_prefix = "rules_nixpkgs-$COMMIT",
    urls = ["https://github.com/tweag/rules_nixpkgs/archive/$COMMIT.tar.gz"],
)

load("@io_tweag_rules_nixpkgs//nixpkgs:repositories.bzl", "rules_nixpkgs_dependencies")
rules_nixpkgs_dependencies()

load("@io_tweag_rules_nixpkgs//nixpkgs:nixpkgs.bzl", "nixpkgs_git_repository", "nixpkgs_package", "nixpkgs_cc_configure")

load("@io_tweag_rules_nixpkgs//nixpkgs:toolchains/go.bzl", "nixpkgs_go_configure") # optional

If you use rules_nixpkgs to configure a toolchain, then you will also need to configure the build platform to include the @rules_nixpkgs_core//constraints:support_nix constraint. For example by adding the following to .bazelrc:

build --host_platform=@rules_nixpkgs_core//platforms:host

Example

nixpkgs_git_repository(
    name = "nixpkgs",
    revision = "17.09", # Any tag or commit hash
    sha256 = "" # optional sha to verify package integrity!
)

nixpkgs_package(
    name = "hello",
    repositories = { "nixpkgs": "@nixpkgs//:default.nix" }
)

Migration from older releases

path Attribute (removed in 0.3)

path was an attribute from the early days of rules_nixpkgs, and its ability to reference arbitrary paths is a danger to build hermeticity.

Replace it with either nixpkgs_git_repository if you need a specific version of nixpkgs. If you absolutely must depend on a local folder, use Bazel's local_repository workspace rule. Both approaches work well with the repositories attribute of nixpkgs_package.

local_repository(
  name = "local-nixpkgs",
  path = "/path/to/nixpkgs",
)

nixpkgs_package(
  name = "somepackage",
  repositories = {
    "nixpkgs": "@local-nixpkgs//:default.nix",
  },
)

Reference documentation

nixpkgs_cc_configure

nixpkgs_cc_configure(name, attribute_path, nix_file, nix_file_content, nix_file_deps, repositories,
                     repository, nixopts, quiet, fail_not_supported, exec_constraints,
                     target_constraints, register, cc_lang, cc_std, cross_cpu)

Use a CC toolchain from Nixpkgs. No-op if not a nix-based platform.

By default, Bazel auto-configures a CC toolchain from commands (e.g. gcc) available in the environment. To make builds more hermetic, use this rule to specify explicitly which commands the toolchain should use.

Specifically, it builds a Nix derivation that provides the CC toolchain tools in the bin/ path and constructs a CC toolchain that uses those tools. Tools that aren't found are replaced by ${coreutils}/bin/false. You can inspect the resulting @<name>_info//:CC_TOOLCHAIN_INFO to see which tools were discovered.

If you specify the nix_file or nix_file_content argument, the CC toolchain is discovered by evaluating the corresponding expression. In addition, you may use the attribute_path argument to select an attribute from the result of the expression to use as the CC toolchain (see example below).

If neither the nix_file nor nix_file_content argument is used, the toolchain is discovered from the stdenv.cc and the stdenv.cc.bintools attributes of the given <nixpkgs> repository.

# use GCC 11
nixpkgs_cc_configure(
  repository = "@nixpkgs",
  nix_file_content = "(import <nixpkgs> {}).gcc11",
)
# use GCC 11 (same result as above)
nixpkgs_cc_configure(
  repository = "@nixpkgs",
  attribute_path = "gcc11",
  nix_file_content = "import <nixpkgs> {}",
)
# alternate usage without specifying `nix_file` or `nix_file_content`
nixpkgs_cc_configure(
  repository = "@nixpkgs",
  attribute_path = "gcc11",
)
# use the `stdenv.cc` compiler (the default of the given @nixpkgs repository)
nixpkgs_cc_configure(
  repository = "@nixpkgs",
)

This rule depends on rules_cc.

Note: You need to configure --crosstool_top=@<name>//:toolchain to activate this toolchain.

Parameters

name

optional. default is "local_config_cc"

attribute_path

optional. default is ""

optional, string, Obtain the toolchain from the Nix expression under this attribute path. Uses default repository if no nix_file or nix_file_content is provided.

nix_file

optional. default is None

optional, Label, Obtain the toolchain from the Nix expression defined in this file. Specify only one of nix_file or nix_file_content.

nix_file_content

optional. default is ""

optional, string, Obtain the toolchain from the given Nix expression. Specify only one of nix_file or nix_file_content.

nix_file_deps

optional. default is []

optional, list of Label, Additional files that the Nix expression depends on.

repositories

optional. default is {}

dict of Label to string, Provides <nixpkgs> and other repositories. Specify one of repositories or repository.

repository

optional. default is None

Label, Provides <nixpkgs>. Specify one of repositories or repository.

nixopts

optional. default is []

optional, list of string, Extra flags to pass when calling Nix. See nixopts attribute to nixpkgs_package for further details.

quiet

optional. default is False

bool, Whether to hide nix-build output.

fail_not_supported

optional. default is True

bool, Whether to fail if nix-build is not available.

exec_constraints

optional. default is None

Constraints for the execution platform.

target_constraints

optional. default is None

Constraints for the target platform.

register

optional. default is True

bool, enabled by default, Whether to register (with register_toolchains) the generated toolchain and install it as the default cc_toolchain.

cc_lang

optional. default is "c++"

string, "c++" by default. Used to populate CXX_FLAG so the compiler is called in C++ mode. Can be set to "none" together with appropriate copts in the cc_library call: see above.

cc_std

optional. default is "c++0x"

string, "c++0x" by default. Used to populate CXX_FLAG so the compiler uses the given language standard. Can be set to "none" together with appropriate copts in the cc_library call: see above.

cross_cpu

optional. default is ""

string, "" by default. Used if you want to add a cross compilation C/C++ toolchain. Set this to the CPU architecture for the target CPU. For example x86_64, would be k8.

nixpkgs_cc_configure_deprecated

nixpkgs_cc_configure_deprecated(repository, repositories, nix_file, nix_file_deps, nix_file_content,
                                nixopts)

Use a CC toolchain from Nixpkgs. No-op if not a nix-based platform.

Tells Bazel to use compilers and linkers from Nixpkgs for the CC toolchain. By default, Bazel auto-configures a CC toolchain from commands available in the environment (e.g. gcc). Overriding this autodetection makes builds more hermetic and is considered a best practice.

Example

nixpkgs_cc_configure(repository = "@nixpkgs//:default.nix")

Parameters

repository

optional. default is None

A repository label identifying which Nixpkgs to use. Equivalent to repositories = { "nixpkgs": ...}.

repositories

optional. default is {}

A dictionary mapping NIX_PATH entries to repository labels.

Setting it to

repositories = { "myrepo" : "//:myrepo" }

for example would replace all instances of <myrepo> in the called nix code by the path to the target "//:myrepo". See the relevant section in the nix manual for more information.

Specify one of repository or repositories.

nix_file

optional. default is None

An expression for a Nix environment derivation. The environment should expose all the commands that make up a CC toolchain (cc, ld etc). Exposes all commands in stdenv.cc and binutils by default.

nix_file_deps

optional. default is None

Dependencies of nix_file if any.

nix_file_content

optional. default is None

An expression for a Nix environment derivation.

nixopts

optional. default is []

Options to forward to the nix command.

nixpkgs_flake_package

nixpkgs_flake_package(name, nix_flake_file, nix_flake_lock_file, nix_flake_file_deps, package,
                      build_file, build_file_content, nixopts, quiet, fail_not_supported,
                      legacy_path_syntax, kwargs)

Make the content of a local Nix Flake package available in the Bazel workspace.

IMPORTANT NOTE: Calling nix build copies the entirety of the Nix Flake into the Nix Store. When using the path: syntax, this means the directory containing flake.nix and any subdirectories. Without specifying path: Nix may infer that the flake is the Git repository and copy the entire thing. As a consequence, you may want to isolate your flake from the rest of the repository to minimize the amount of unnecessary data that gets copied into the Nix Store whenever the flake is rebuilt.

Parameters

name

required.

A unique name for this repository.

nix_flake_file

required.

Label to flake.nix that will be evaluated.

nix_flake_lock_file

required.

Label to flake.lock that corresponds to nix_flake_file.

nix_flake_file_deps

optional. default is []

Additional dependencies of nix_flake_file if any.

package

optional. default is None

Nix Flake package to make available. The default package will be used if not specified.

build_file

optional. default is None

The file to use as the BUILD file for this repository. See nixpkgs_package for more information.

build_file_content

optional. default is ""

Like build_file, but a string of the contents instead of a file name. See nixpkgs_package for more information.

nixopts

optional. default is []

Extra flags to pass when calling Nix. See nixpkgs_package for more information.

quiet

optional. default is False

Whether to hide the output of the Nix command.

fail_not_supported

optional. default is True

If set to True (default) this rule will fail on platforms which do not support Nix (e.g. Windows). If set to False calling this rule will succeed but no output will be generated.

legacy_path_syntax

optional. default is False

If set to True (not default), the Nix Flake invocation will directly call nix build <path> instead of nix build path:<path> which may involve copying the entirety of the Git repo into the Nix Store instead of just the path and its children.

kwargs

optional.

Common rule arguments.

nixpkgs_git_repository

nixpkgs_git_repository(name, revision, remote, sha256, kwargs)

Name a specific revision of Nixpkgs on GitHub or a local checkout.

Parameters

name

required.

String

A unique name for this repository.

revision

required.

String

Git commit hash or tag identifying the version of Nixpkgs to use.

remote

optional. default is "https://github.com/NixOS/nixpkgs"

String

The URI of the remote Git repository. This must be a HTTP URL. There is currently no support for authentication. Defaults to upstream nixpkgs.

sha256

optional. default is None

String

The SHA256 used to verify the integrity of the repository.

kwargs

optional.

Additional arguments to forward to the underlying repository rule.

nixpkgs_http_repository

nixpkgs_http_repository(name, url, urls, auth, strip_prefix, integrity, sha256, kwargs)

Download a Nixpkgs repository over HTTP.

Parameters

name

required.

String

A unique name for this repository.

url

optional. default is None

String

A URL to download the repository from.

This must be a file, http or https URL. Redirections are followed.

More flexibility can be achieved by the urls parameter that allows to specify alternative URLs to fetch from.

urls

optional. default is None

List of String

A list of URLs to download the repository from.

Each entry must be a file, http or https URL. Redirections are followed.

URLs are tried in order until one succeeds, so you should list local mirrors first. If all downloads fail, the rule will fail.

auth

optional. default is None

Dict of String

An optional dict mapping host names to custom authorization patterns.

If a URL's host name is present in this dict the value will be used as a pattern when generating the authorization header for the http request. This enables the use of custom authorization schemes used in a lot of common cloud storage providers.

The pattern currently supports 2 tokens: <login> and <password>, which are replaced with their equivalent value in the netrc file for the same host name. After formatting, the result is set as the value for the Authorization field of the HTTP request.

Example attribute and netrc for a http download to an oauth2 enabled API using a bearer token:

auth_patterns = {
    "storage.cloudprovider.com": "Bearer <password>"
}

netrc:

machine storage.cloudprovider.com
        password RANDOM-TOKEN

The final HTTP request would have the following header:

Authorization: Bearer RANDOM-TOKEN

strip_prefix

optional. default is None

String

A directory prefix to strip from the extracted files.

Many archives contain a top-level directory that contains all of the useful files in archive. This field can be used to strip it from all of the extracted files.

For example, suppose you are using nixpkgs-22.11.zip, which contains the directory nixpkgs-22.11/ under which there is the default.nix file and the pkgs/ directory. Specify strip_prefix = "nixpkgs-22.11" to use the nixpkgs-22.11 directory as your top-level directory.

Note that if there are files outside of this directory, they will be discarded and inaccessible (e.g., a top-level license file). This includes files/directories that start with the prefix but are not in the directory (e.g., nixpkgs-22.11.release-notes). If the specified prefix does not match a directory in the archive, Bazel will return an error.

integrity

optional. default is None

String

Expected checksum in Subresource Integrity format of the file downloaded.

This must match the checksum of the file downloaded. It is a security risk to omit the checksum as remote files can change. At best omitting this field will make your build non-hermetic. It is optional to make development easier but either this attribute or sha256 should be set before shipping.

sha256

optional. default is None

String The expected SHA-256 of the file downloaded.

This must match the SHA-256 of the file downloaded. It is a security risk to omit the SHA-256 as remote files can change. At best omitting this field will make your build non-hermetic. It is optional to make development easier but should be set before shipping.

kwargs

optional.

Additional arguments to forward to the underlying repository rule.

nixpkgs_java_configure

nixpkgs_java_configure(name, attribute_path, java_home_path, repository, repositories, nix_file,
                       nix_file_content, nix_file_deps, nixopts, fail_not_supported, quiet, toolchain,
                       register, toolchain_name, toolchain_version, exec_constraints,
                       target_constraints)

Define a Java runtime provided by nixpkgs.

Creates a nixpkgs_package for a java_runtime instance. Optionally, you can also create & register a Java toolchain. This only works with Bazel >= 5.0 Bazel can use this instance to run JVM binaries and tests, refer to the Bazel documentation for details.

Example

Bazel 4

Add the following to your WORKSPACE file to import a JDK from nixpkgs:

load("@io_tweag_rules_nixpkgs//nixpkgs:nixpkgs.bzl", "nixpkgs_java_configure")
nixpkgs_java_configure(
    attribute_path = "jdk11.home",
    repository = "@nixpkgs",
)

Add the following configuration to .bazelrc to enable this Java runtime:

build --javabase=@nixpkgs_java_runtime//:runtime
build --host_javabase=@nixpkgs_java_runtime//:runtime
# Adjust this to match the Java version provided by this runtime.
# See `bazel query 'kind(java_toolchain, @bazel_tools//tools/jdk:all)'` for available options.
build --java_toolchain=@bazel_tools//tools/jdk:toolchain_java11
build --host_java_toolchain=@bazel_tools//tools/jdk:toolchain_java11
Bazel 5

Add the following to your WORKSPACE file to import a JDK from nixpkgs:

load("@io_tweag_rules_nixpkgs//nixpkgs:nixpkgs.bzl", "nixpkgs_java_configure")
nixpkgs_java_configure(
    attribute_path = "jdk11.home",
    repository = "@nixpkgs",
    toolchain = True,
    toolchain_name = "nixpkgs_java",
    toolchain_version = "11",
)

Add the following configuration to .bazelrc to enable this Java runtime:

build --host_platform=@io_tweag_rules_nixpkgs//nixpkgs/platforms:host
build --java_runtime_version=nixpkgs_java
build --tool_java_runtime_version=nixpkgs_java
Bazel 6

with with Bzlmod

Add the following to your MODULE.bazel file to depend on rules_nixpkgs, rules_nixpkgs_java, and nixpgks:

bazel_dep(name = "rules_nixpkgs_core", version = "0.12.0")
bazel_dep(name = "rules_nixpkgs_java", version = "0.12.0")
bazel_dep(name = "rules_java", version = "7.3.1")
bazel_dep(name = "platforms", version = "0.0.9")

nix_repo = use_extension("@rules_nixpkgs_core//extensions:repository.bzl", "nix_repo")
nix_repo.github(
    name = "nixpkgs",
    org = "NixOS",
    repo = "nixpkgs",
    commit = "ff0dbd94265ac470dda06a657d5fe49de93b4599",
    sha256 = "1bf0f88ee9181dd993a38d73cb120d0435e8411ea9e95b58475d4426c0948e98",
)
use_repo(nix_repo, "nixpkgs")

non_module_dependencies = use_extension("//:non_module_dependencies.bzl", "non_module_dependencies")
use_repo(non_module_dependencies, "nixpkgs_java_runtime_toolchain")

register_toolchains("@nixpkgs_java_runtime_toolchain//:all")

archive_override(
    module_name = "rules_nixpkgs_java",
    urls = "https://github.com/tweag/rules_nixpkgs/releases/download/v0.12.0/rules_nixpkgs-0.12.0.tar.gz",
    integrity = "",
    strip_prefix = "rules_nixpkgs-0.12.0/toolchains/java",
)

Add the following to a .bzl file, like non_module_dependencies.bzl, to import a JDK from nixpkgs:

load("@rules_nixpkgs_java//:java.bzl", "nixpkgs_java_configure")

def _non_module_dependencies_impl(_ctx):
    nixpkgs_java_configure(
        name = "nixpkgs_java_runtime",
        attribute_path = "openjdk19.home",
        repository = "@nixpkgs",
        toolchain = True,
        toolchain_name = "nixpkgs_java",
        toolchain_version = "19",
        register = False,
    )

non_module_dependencies = module_extension(
    implementation = _non_module_dependencies_impl,
)

Add the following configuration to .bazelrc to enable this Java runtime:

common --enable_bzlmod
build --host_platform=@rules_nixpkgs_core//platforms:host
build --java_runtime_version=nixpkgs_java_19
build --tool_java_runtime_version=nixpkgs_java_19
build --java_language_version=19
build --tool_java_language_version=19

with WORKSPACE

Add the following to your WORKSPACE file to import a JDK from nixpkgs:

load("@io_tweag_rules_nixpkgs//nixpkgs:nixpkgs.bzl", "nixpkgs_java_configure")
nixpkgs_java_configure(
    attribute_path = "jdk11.home",
    repository = "@nixpkgs",
    toolchain = True,
    toolchain_name = "nixpkgs_java",
    toolchain_version = "11",
)

Add the following configuration to .bazelrc to enable this Java runtime:

build --host_platform=@io_tweag_rules_nixpkgs//nixpkgs/platforms:host
build --java_runtime_version=nixpkgs_java_11
build --tool_java_runtime_version=nixpkgs_java_11
build --java_language_version=11
build --tool_java_language_version=11
Bazel 7 with Bzlmod

Add the following to your MODULE.bazel file to depend on rules_nixpkgs, rules_nixpkgs_java, and nixpgks:

bazel_dep(name = "rules_nixpkgs_core", version = "0.12.0")
bazel_dep(name = "rules_nixpkgs_java", version = "0.12.0")
bazel_dep(name = "rules_java", version = "7.5.0")
bazel_dep(name = "platforms", version = "0.0.9")

nix_repo = use_extension("@rules_nixpkgs_core//extensions:repository.bzl", "nix_repo")
nix_repo.github(
    name = "nixpkgs",
    org = "NixOS",
    repo = "nixpkgs",
    commit = "ff0dbd94265ac470dda06a657d5fe49de93b4599",
    sha256 = "1bf0f88ee9181dd993a38d73cb120d0435e8411ea9e95b58475d4426c0948e98",
)
use_repo(nix_repo, "nixpkgs")

non_module_dependencies = use_extension("//:non_module_dependencies.bzl", "non_module_dependencies")
use_repo(non_module_dependencies, "nixpkgs_java_runtime_toolchain")

register_toolchains("@nixpkgs_java_runtime_toolchain//:all")

archive_override(
    module_name = "rules_nixpkgs_java",
    urls = "https://github.com/tweag/rules_nixpkgs/releases/download/v0.12.0/rules_nixpkgs-0.12.0.tar.gz",
    integrity = "",
    strip_prefix = "rules_nixpkgs-0.12.0/toolchains/java",
)

Add the following to a .bzl file, like non_module_dependencies.bzl, to import a JDK from nixpkgs:

load("@rules_nixpkgs_java//:java.bzl", "nixpkgs_java_configure")

def _non_module_dependencies_impl(_ctx):
    nixpkgs_java_configure(
        name = "nixpkgs_java_runtime",
        attribute_path = "openjdk19.home",
        repository = "@nixpkgs",
        toolchain = True,
        toolchain_name = "nixpkgs_java",
        toolchain_version = "19",
        register = False,
    )

non_module_dependencies = module_extension(
    implementation = _non_module_dependencies_impl,
)

Add the following configuration to .bazelrc to enable this Java runtime:

build --host_platform=@rules_nixpkgs_core//platforms:host
build --java_runtime_version=nixpkgs_java_19
build --tool_java_runtime_version=nixpkgs_java_19
build --java_language_version=19
build --tool_java_language_version=19
build --extra_toolchains=@nixpkgs_java_runtime_toolchain//:all # necessary on NixOS only

Parameters

name

optional. default is "nixpkgs_java_runtime"

The name-prefix for the created external repositories.

attribute_path

optional. default is None

string, The nixpkgs attribute path for jdk.home.

java_home_path

optional. default is ""

optional, string, The path to JAVA_HOME within the package.

repository

optional. default is None

See nixpkgs_package.

repositories

optional. default is {}

See nixpkgs_package.

nix_file

optional. default is None

optional, Label, Obtain the runtime from the Nix expression defined in this file. Specify only one of nix_file or nix_file_content.

nix_file_content

optional. default is ""

optional, string, Obtain the runtime from the given Nix expression. Specify only one of nix_file or nix_file_content.

nix_file_deps

optional. default is None

See nixpkgs_package.

nixopts

optional. default is []

See nixpkgs_package.

fail_not_supported

optional. default is True

See nixpkgs_package.

quiet

optional. default is False

See nixpkgs_package.

toolchain

optional. default is False

Create a Bazel toolchain based on the Java runtime.

register

optional. default is None

Register the created toolchain. Requires toolchain to be True. Defaults to the value of toolchain.

toolchain_name

optional. default is None

The name of the toolchain that can be used in --java_runtime_version.

toolchain_version

optional. default is None

The version of the toolchain that can be used in --java_runtime_version.

exec_constraints

optional. default is None

Constraints for the execution platform.

target_constraints

optional. default is None

Constraints for the target platform.

nixpkgs_local_repository

nixpkgs_local_repository(name, nix_file, nix_file_deps, nix_file_content, nix_flake_lock_file,
                         kwargs)

Create an external repository representing the content of Nixpkgs.

Based on a Nix expression stored locally or provided inline. One of nix_file or nix_file_content must be provided.

Parameters

name

required.

String

A unique name for this repository.

nix_file

optional. default is None

Label

A file containing an expression for a Nix derivation.

nix_file_deps

optional. default is None

List of labels

Dependencies of nix_file if any.

nix_file_content

optional. default is None

String

An expression for a Nix derivation.

nix_flake_lock_file

optional. default is None

String

A flake lock file that can be used on the provided nixpkgs repository.

kwargs

optional.

Additional arguments to forward to the underlying repository rule.

nixpkgs_nodejs_configure

nixpkgs_nodejs_configure(name, attribute_path, repository, repositories, nix_platform, nix_file,
                         nix_file_content, nix_file_deps, nixopts, fail_not_supported, quiet,
                         exec_constraints, target_constraints, register)

Parameters

name

optional. default is "nixpkgs_nodejs"

attribute_path

optional. default is "nodejs"

repository

optional. default is None

repositories

optional. default is {}

nix_platform

optional. default is None

nix_file

optional. default is None

nix_file_content

optional. default is None

nix_file_deps

optional. default is None

nixopts

optional. default is []

fail_not_supported

optional. default is True

quiet

optional. default is False

exec_constraints

optional. default is None

target_constraints

optional. default is None

register

optional. default is True

nixpkgs_nodejs_configure_platforms

nixpkgs_nodejs_configure_platforms(name, platforms_mapping, attribute_path, repository,
                                   repositories, nix_platform, nix_file, nix_file_content,
                                   nix_file_deps, nixopts, fail_not_supported, quiet,
                                   exec_constraints, target_constraints, register, kwargs)

Runs nixpkgs_nodejs_configure for each platform.

Since rules_nodejs adds platform suffix to repository name, this can be helpful if one wants to use npm_install and reference js dependencies from npm repo. See the example directory.

Parameters

name

optional. default is "nixpkgs_nodejs"

platforms_mapping

optional. default is {"aarch64-darwin": struct(exec_constraints = ["@platforms//os:macos", "@platforms//cpu:arm64"], rules_nodejs_platform = "darwin_arm64", target_constraints = ["@platforms//os:macos", "@platforms//cpu:arm64"]), "x86_64-linux": struct(exec_constraints = ["@platforms//os:linux", "@platforms//cpu:x86_64"], rules_nodejs_platform = "linux_amd64", target_constraints = ["@platforms//os:linux", "@platforms//cpu:x86_64"]), "x86_64-darwin": struct(exec_constraints = ["@platforms//os:macos", "@platforms//cpu:x86_64"], rules_nodejs_platform = "darwin_amd64", target_constraints = ["@platforms//os:macos", "@platforms//cpu:x86_64"]), "aarch64-linux": struct(exec_constraints = ["@platforms//os:linux", "@platforms//cpu:arm64"], rules_nodejs_platform = "linux_arm64", target_constraints = ["@platforms//os:linux", "@platforms//cpu:arm64"])}

struct describing mapping between nix platform and rules_nodejs bazel platform with target and exec constraints

attribute_path

optional. default is "nodejs"

repository

optional. default is None

repositories

optional. default is {}

nix_platform

optional. default is None

nix_file

optional. default is None

nix_file_content

optional. default is None

nix_file_deps

optional. default is None

nixopts

optional. default is []

fail_not_supported

optional. default is True

quiet

optional. default is False

exec_constraints

optional. default is None

target_constraints

optional. default is None

register

optional. default is True

kwargs

optional.

nixpkgs_package

nixpkgs_package(name, attribute_path, nix_file, nix_file_deps, nix_file_content, repository,
                repositories, build_file, build_file_content, nixopts, quiet, fail_not_supported,
                kwargs)

Make the content of a Nixpkgs package available in the Bazel workspace.

If repositories is not specified, you must provide a nixpkgs clone in nix_file or nix_file_content.

Parameters

name

required.

A unique name for this repository.

attribute_path

optional. default is ""

Select an attribute from the top-level Nix expression being evaluated. The attribute path is a sequence of attribute names separated by dots.

nix_file

optional. default is None

A file containing an expression for a Nix derivation.

nix_file_deps

optional. default is []

Dependencies of nix_file if any.

nix_file_content

optional. default is ""

An expression for a Nix derivation.

repository

optional. default is None

A repository label identifying which Nixpkgs to use. Equivalent to repositories = { "nixpkgs": ...}

repositories

optional. default is {}

A dictionary mapping NIX_PATH entries to repository labels.

Setting it to

repositories = { "myrepo" : "//:myrepo" }

for example would replace all instances of <myrepo> in the called nix code by the path to the target "//:myrepo". See the relevant section in the nix manual for more information.

Specify one of repository or repositories.

build_file

optional. default is None

The file to use as the BUILD file for this repository.

Its contents are copied into the file BUILD in root of the nix output folder. The Label does not need to be named BUILD, but can be.

For common use cases we provide filegroups that expose certain files as targets:

:bin
Everything in the bin/ directory.
:lib
All .so, .dylib and .a files that can be found in subdirectories of lib/.
:include
All .h, .hh, .hpp and .hxx files that can be found in subdirectories of include/.

If you need different files from the nix package, you can reference them like this:

package(default_visibility = [ "//visibility:public" ])
filegroup(
    name = "our-docs",
    srcs = glob(["share/doc/ourpackage/**/*"]),
)

See the bazel documentation of filegroup and glob.

build_file_content

optional. default is ""

Like build_file, but a string of the contents instead of a file name.

nixopts

optional. default is []

Extra flags to pass when calling Nix.

Subject to location expansion, any instance of $(location LABEL) will be replaced by the path to the file referenced by LABEL relative to the workspace root.

Note, labels to external workspaces will resolve to paths that contain ~ characters if the Bazel flag --enable_bzlmod is true. Nix does not support ~ characters in path literals at the time of writing, see #7742. Meaning, the result of location expansion may not form a valid Nix path literal. Use ./$${"$(location @for//:example)"} to work around this limitation if you need to pass a path argument via --arg, or pass the resulting path as a string value using --argstr and combine it with an additional --arg workspace_root ./. argument using workspace_root + ("/" + path_str).

quiet

optional. default is False

Whether to hide the output of the Nix command.

fail_not_supported

optional. default is True

If set to True (default) this rule will fail on platforms which do not support Nix (e.g. Windows). If set to False calling this rule will succeed but no output will be generated.

kwargs

optional.

nixpkgs_python_configure

nixpkgs_python_configure(name, python3_attribute_path, python3_bin_path, repository, repositories,
                         nix_file_deps, nixopts, fail_not_supported, quiet, exec_constraints,
                         target_constraints, register)

Define and register a Python toolchain provided by nixpkgs.

Creates nixpkgs_packages for Python 2 or 3 py_runtime instances and a corresponding py_runtime_pair and toolchain. The toolchain is automatically registered and uses the constraint:

"@io_tweag_rules_nixpkgs//nixpkgs/constraints:support_nix"

Parameters

name

optional. default is "nixpkgs_python_toolchain"

The name-prefix for the created external repositories.

python3_attribute_path

optional. default is "python3"

The nixpkgs attribute path for python3.

python3_bin_path

optional. default is "bin/python"

The path to the interpreter within the package.

repository

optional. default is None

See nixpkgs_package.

repositories

optional. default is {}

See nixpkgs_package.

nix_file_deps

optional. default is None

See nixpkgs_package.

nixopts

optional. default is []

See nixpkgs_package.

fail_not_supported

optional. default is True

See nixpkgs_package.

quiet

optional. default is False

See nixpkgs_package.

exec_constraints

optional. default is None

Constraints for the execution platform.

target_constraints

optional. default is None

Constraints for the target platform.

register

optional. default is True

nixpkgs_python_repository

nixpkgs_python_repository(name, repository, repositories, nix_file, nix_file_deps, quiet)

Define a collection of python packages based on a nix file.

The only entry point is a nix_file which should expose a pkgs and a python attributes. python is the python interpreter, and pkgs a set of python packages that will be made available to bazel.

⚠️ All the packages in pkgs are built by this rule. It is therefore not a good idea to expose something as big as pkgs.python3 as provided by nixpkgs.

This rule is instead intended to expose an ad-hoc set of packages for your project, as can be built by poetry2nix, mach-nix, dream2nix or by manually picking the python packages you need from nixpkgs.

The format is generic to support the many ways to generate such packages sets with nixpkgs. See our python tests and examples to get started.

This rule is intended to mimic as closely as possible the rules_python API. nixpkgs_python_repository should be a drop-in replacement of pip_parse. As such, it also provides a requirement function.

⚠️ Using the requirement fucntion inherits the same advantages and limitations as the one in rules_python. All the function does is create a label of the form @{nixpkgs_python_repository_name}//:{package_name}. While depending on such a label directly will work, the layout may change in the future. To be on the safe side, define and import your own requirement function if you need to play with these labels.

⚠️ Just as with rules_python, nothing is done to enforce consistency between the version of python used to generate this repository and the one configured in your toolchain, even if you use nixpkgs_python_toolchain. You should ensure they both use the same python from the same nixpkgs version.

⚠️ packages names exposed by this rule are determined by the pname attribute of the corresponding nix package. These may vary slightly from names used by rules_python. Should this be a problem, you can provide you own requirement function, for example one that lowercases its argument.

Parameters

name

required.

The name for the created package set.

repository

optional. default is None

See nixpkgs_package.

repositories

optional. default is {}

See nixpkgs_package.

nix_file

optional. default is None

See nixpkgs_package.

nix_file_deps

optional. default is []

See nixpkgs_package.

quiet

optional. default is False

See nixpkgs_package.

nixpkgs_rust_configure

nixpkgs_rust_configure(name, default_edition, repository, repositories, nix_file, nix_file_deps,
                       nix_file_content, nixopts, fail_not_supported, quiet, exec_constraints,
                       target_constraints, register)

Parameters

name

optional. default is "nixpkgs_rust"

default_edition

optional. default is "2018"

repository

optional. default is None

repositories

optional. default is {}

nix_file

optional. default is None

nix_file_deps

optional. default is None

nix_file_content

optional. default is None

nixopts

optional. default is []

fail_not_supported

optional. default is True

quiet

optional. default is False

exec_constraints

optional. default is None

target_constraints

optional. default is None

register

optional. default is True

nixpkgs_sh_posix_configure

nixpkgs_sh_posix_configure(name, packages, exec_constraints, register, kwargs)

Create a POSIX toolchain from nixpkgs.

Loads the given Nix packages, scans them for standard Unix tools, and generates a corresponding sh_posix_toolchain.

Make sure to call nixpkgs_sh_posix_configure before sh_posix_configure, if you use both. Otherwise, the local toolchain will always be chosen in favor of the nixpkgs one.

Parameters

name

optional. default is "nixpkgs_sh_posix_config"

Name prefix for the generated repositories.

packages

optional. default is ["stdenv.initialPath"]

List of Nix attribute paths to draw Unix tools from.

exec_constraints

optional. default is None

Constraints for the execution platform.

register

optional. default is True

Automatically register the generated toolchain if set to True.

kwargs

optional.