I'm pretty committed to the `nix` ecosystem (I rewrote `nix` from scratch to unbreak it: https://gist.github.com/b7r6/90107d8e8ebe81fb0577b9c033b6ab0..., so, pretty committed), but I can't endorse it in it's current form after learning how the sausage is made and enough math to know why it's not just buggy but conceptually unsalvagable with the current `nixpkgs` and the current purity dogma.

And `home-manager` is maybe the most glaring instance of a tool that is demonstrably ill-posed where the "you're holding it wrong" from the community is a the community problem, not anyone holding anything wrong. From the Zed editor configuration stanza in `home-manager`: https://github.com/nix-community/home-manager/blob/a78606767.... That's not a Zed problem, that's a Nix problem. No one is holding it wrong, XDG config paths get mutated.

Another example and this is the one that really shows the shape of the thing: https://github.com/nixified-ai/flake/blob/bbd3a04fa1ae294096....

There is absolutely nothing "impure" about taking content-addressed bytes from a CAS (Xet in this instance) and surfacing them as a derivation. The "impurity" is called a "coeffect" and the action over the coeffect is called "grade discharge". This is thoroughly studied and works properly, it can cope with all of these cases and it's creates scope for dramatically more reproducible systems that are much easier to reason about (they are possible to reason about). Also, if you can't download shit from HuggingFace in 2026 without a weird hack where the name of the field is a scolding? That's gonna be putting downward pressure on adoption.

And most of the high-friction shit in Nix is like this, ignorance hardened into dogma hardened into theology. To wit:

- FHS vs. zany one-of-a-kind filesystems are nothing to do with purity or hermeticity or reproducibility, it's pure theology and the constant breakage with all the `patchFail` jank is at this point a jobs program, it's totally unnecessary. Namespaces/unshare, we have all the stuff to do this properly (`patchelf` and `unshare --bind-mount` are mathematically dual but only one blows content addressing).

- `drv` hash addressing is a reproducibility war crime. Floating CA is fine it's just broken upstream and in Determinate, it's not a valid ideological debate, it's bugs.

- there is absolutely no reason why the builder where a binary is produced needs to have the same filesystem layout or find libraries in the same place as the resulting artifact runs in any more than an adult needs to live in the same house they grew up in. `patchelf` works.

- having `libcuda.so.1` and friends at `/run/opengl-driver/lib` is dark comedy and source builds of `NCCL` when NVIDIA-certified binaries are in a wheel (zip file) on PyPI is the sequel. this is straight up bad for the planet and we should feel bad we haven't fixed it.

I could go on, but the main point for this thread is to the people who are on the fence about Nix: you're not holding it wrong the `nixpkgs` maintainers are holding it wrong, and more and more of us are getting serious about fixing it. Don't give up on declarative and reproducible systems that you can reason about because Nix is stuck in a weird place as software and as a community. There are reformers on the case.

What a snakepit of a comment! I know there are tensions within nix but this feels like a classic case of Chestertons fence at a big scale.

Your second example i dont understand what you're getting at.

This is just a mechanism for the builder to inject credentials during fetch time. The derivation is still content addressed (it's a fixed output derivation).

The derivation isn't even marked as impure or whatever. There is just an environment variable that gets injected by the builder into the build env so you can authenticate.

This is required to talk to hugging face

What are you on about?

Or do you mean that the cas address of HF should directly be addreessable in nix itself?

Worse is better.

Mommy, the Nix Reformationist is scaring me