- The host used to select the
nixosConfigurationnow defaults to the--target-hostfor remote deployments instead of the local hostname, unless the hostname is explicitly specified via the-H|--hostnameflag.
- Nushell completions now properly complete and expand the
installableargument by treating it like a path instead of a string.
- Passing the
--bypass-root-checkflag now elevates if the user is not root instead of calling Nix as non-root user. - A new
nh os build-imagesubcommand for building a disk-image variant is now available. A variant can be selected using the--image-variantflag. All variants in theconfig.system.build.imagesattribute set are supported. --elevation-programflag was renamed to--elevation-strategywith support for'none'(no elevation) and'passwordless'(for remote hosts withNOPASSWDconfigured) values. The old flag name remains available as an alias for backward compatibility. It may be removed at a later version. (#434)- Multi-program remote elevation support:
sudo,doas,run0, andpkexecare now supported with correct flags for each program - Environment variable
NH_ELEVATION_PROGRAMis still supported for backward compatibility (falls back toNH_ELEVATION_STRATEGYif set)
- Multi-program remote elevation support:
- Platform commands (
nh os,nh home,nh darwin) now support SSH-based remote builds via--build-host. The flag now uses proper remote build semantics: derivations are copied to the remote host vianix-copy-closure, built remotely, and results are transferred back. This matchesnixos-rebuildbehavior, and is significantly more robust than the previous implementation where--build-hostwould use Nix's--buildersflag inefficiently. (#428, #497)- A new
--no-validateflag skips pre-activation system validation checks. Can also be set via theNH_NO_VALIDATEenvironment variable. - Added
NH_REMOTE_CLEANUPenvironment variable. When set, NH will attempt to terminate remote Nix processes on interrupt (Ctrl+C). Opt-in due to fragility.
- A new
- Shell argument splitting now uses
shlexfor proper quote handling in complex command arguments. nh os infonow supports--fieldsto select which field(s) to display (#375).- Empty columns are now hidden by default to avoid visual clutter.
- A new, per-generation "Closure Size" column has been added
nh os switchandnh os bootnow support the--install-bootloaderflag, which will explicitly setNIXOS_INSTALL_BOOTLOADERforswitch-to-configuration. Bootloader behaviour was previously supported by explicitly passing the variable tonhcommands, which has now been made explicit through the--install-bootloaderflag. (#424)- A
--runflag was added tonh os build-vm, which allows immediately starting a built VM after the build is complete. This can be chained with otherbuild-vmflags such as--with-bootloader. - Switched from owo-colors to Yansi as the internal coloring library. This should not affect end-users, but please create an issue if you notice anything different.
nh os infonow hides empty fields by default, they can be explicitly shown via the--fieldsflag.nh completionsnow supports nushell- Platform commands (
nh os,nh home,nh darwin) now accept a--show-activation-logsflag that displays activation output at the end. While activation output is now hidden to reduce noise by default, this flag can be used to replicate the activation behaviour fromnixos-rebuildwhere failing units are displayed at the end.- Breaking change: Activation output is now hidden by default on Home Manager and Darwin. The logs were previously always visible.
- The flag can be set globally via the
NH_SHOW_ACTIVATION_LOGSenvironment variable. nh searchdisplays a link to thepackage.nixfile on the nixpkgs GitHub, and also fixes the existing links so that they no longer brokenly point to a non-existent file path on Nix flake systems.
nh os infonow gracefully handles out-of-sync profiles. When a previous switch failed during activation (e.g., a Systemd service failed), the profile may be out of sync with/run/current-systemwhile in "test mode" viaswitch-to-configuration test. NH now warns about this condition and displays version info from the running system instead of failing with an error.- Fixed the whitespace splitting of self-elevated commands so spaces inside quotes don't get separated.
- Missing or "invalid" installable references are now handled more gracefully.
- Previously the error emitted by NH was unhelpful and generic, which negatively affected user experience. NH will now instead fall back to common installable locations and tell you what exactly is missing in the error with instructions.
- If the fallback directory is a symlink, NH will now resolve it to the
canonical path for correct flake handling. If the fallback directory is real
but
flake.nixinside it is a symlink, NH will resolve the symlink and use its parent directory as the flake reference. This matches hownixos-rebuildhandles symlinked flake files. - Permission errors and other I/O errors are now surfaced with clear, actionable messages.
- All fallback errors now include a hint to check
man nhor the GitHub repo for more details. - NH also refused to handle references that contained hostname as a part of
the installable such as (
./flake.nix#myHost) in the past and lead to confusing behaviour for those unfamiliar. Such arguments are now normalized with a warning if NH can parse them.
- Password caching now works across all remote operations.
- Empty password validation prevents invalid credential caching.
- Direnv caches in alternative locations (e.g.,
$XDG_CACHE_DIR/direnv/layouts) will now be detected duringnh clean. - Fixed
--use-substitutesbeing incorrectly passed tonix build, causing "unrecognised flag" errors. - nh now properly resolves installables, fixing issues when e.g. multiple
NH_{FLAKE,FILE,{OS,HOME_DARWIN}_FLAKE}environment variables are set. - For the
--keep-sinceflag, the explanation linking to the documentation of thehumantimecrate is now shown. - In the man page, print full available documentation details for each option.
- Shell completion generation has been moved OUT of the main NH CLI, and is now
done via
cargo-xtaskin the packaging step. Thenh completionscommand is now fully deprecated and shell completion can be done withcargo xtask completionsorcargo xtask dist.
- Nh checks are now more robust in the sense that unnecessary features will not be required when the underlying command does not depend on them.
- The
--update-inputflag now supports being specified multiple times. - The
--update-inputflag no longer requires--updatein order to take effect, and both flags are now considered mutually exclusive. If you specify the--updateflag, all flake inputs will be updated. If you specify the--update-input NAMEflag, only the specified flake(s) will be updated. nh darwin switchnow shows the output from thedarwin-rebuildactivation. This allows you to see more details about the activation fromnix-darwin, as well asHome Manager.nvdis replaced bydix, resulting in saner and faster diffing.- Nh now supports a new
--diffflag, which takes one ofautoalwaysneverand toggles displaying the package diff after a build. - Manpages have been added to nh, and will be available as
man 1 nhif the package vendor provides them. nh cleanwill now skip directories that are checked and don't exist. Instead of throwing an error, it will print a warning about which directories were skipped.- nh's verbosity flag can now be passed multiple times for more verbose debug output.
nh searchwill now use the system trust store for it's HTTPS requests.- Error handling has been improved across the board, with more contextful errors replacing direct error propagation or unwraps.
- The directory traversal during
nh cleanhas been improved slightly and relevant bits of the clean module has been sped up.- It's roughly %4 faster according to testing, but IO is still a limiting factor and results may differ.
- Added more context to some minor debug messages across platform commands.
- Nh now supports alternative privilege escalation methods. Namely
doas,run0and a fallbackpkexecstrategies will be attempted if the system does not usesudo. - Nh will correctly prompt you for your
sudopassword while deploying remotely. This helps mitigate the need to allow password-lesssudoon the target host to deploy remotely.
- Nh will now correctly detect non-semver version strings, such as
x.ygit. Instead of failing the check, we now try to normalize the string and simply skip the check with a warning. - In the case system switch is disabled (
system.switch enable = false;) Nh will provide a more descriptive error message hinting at what might be the issue. (#331)- We cannot accurately guess what the issue is, but this should be more graceful than simply throwing an error about a missing path (what path?)
- Nh will now carefully pick environment variables passed to individual
commands. This resolves the "
$HOMEis not owned by you!" error, but it's also a part of a larger refactor that involves only providing relevant variables to individual commands. This is an experimental change, please let us know if you face any new bugs. (#314) - Fixed a tempdir race condition causing activation failures. #386
- The environment and Nix feature checks have been made more robust, which
should allow false positives caused by the initial implementation
- Version normalization for the Nix version is now much more robust. This gets
rid of unexpected breakage when using, e.g.,
pkgs.nixVersions.git
- Version normalization for the Nix version is now much more robust. This gets
rid of unexpected breakage when using, e.g.,
- Support for additional Nix variants have been added. This allows for us to handle non-supported Nix variants gracefully, treating them as mainline Nix.
- Version check regex in checks module is now compiled only once, instead of in a loop.
-
Nh is now built on Cargo 2024 edition. This does not imply any changes for the users, but contributors might need to adapt.
-
nh os buildandnh os build-vmnow default to placing the output at./resultinstead of a temp directory.
- The Elasticsearch backend version has been updated to v43, which fixes failing search commands (#316)
-
A new
nh os rollbacksubcommand has been added to allow rolling back a generation, or to a specific generation with the--toflag. Seenh os rollback --helpfor more details on this subcommand. -
Nh now supports the
--build-hostand--target-hostcli arguments -
Nh now checks if the current Nix implementation has necessary experimental features enabled. In mainline Nix (CppNix, etc.) we check for
nix-commandandflakesbeing set. In Lix, we also userepl-flakeas it is still provided as an experimental feature in versions below 2.93.0. -
Nh will now check if you are using the latest stable, or "recommended," version of Nix (or Lix.) This check has been placed to make it clear we do not support legacy/vulnerable versions of Nix, and encourage users to update if they have not yet done so.
-
NixOS: Nh now accepts the subcommand
nh os build-vm, which builds a virtual machine image activation script instead of a full system. This includes a new option--with-bootloader/-Bthat applies to just build-vm, to build a VM with a bootloader.
- Darwin: Use
darwin-rebuilddirectly for activation instead of old scripts - Darwin: Future-proof handling of
activate-userscript removal - Darwin: Improve compatibility with root-only activation in newer nix-darwin versions
- NixOS: Check if the target hostname matches the running system hostname before
running
nvdto compare them.
- Nh now supports specifying
NH_SUDO_ASKPASSto pass a custom value toSUDO_ASKPASSin self-elevation. If specified,sudowill be called with-Aand theNH_SUDO_ASKPASSwill beSUDO_ASKPASSlocally.
- Fix
--configurationbeing ignored innh home switch(#262)
- Add
--jsontonh search, which will return results in JSON format. Useful for parsing the output ofnh searchwith, e.g., jq.
- NixOS 24.05 is now marked as deprecated, and will emit an error if the search command attempts to use it for the channel. While the Elasticsearch backend still seems to support 24.05, it is deprecated in Nixpkgs and is actively discouraged. Please update your system at your earliest convenience.