The bashrc poisoning thing was sarcastic. the point is it’s not important as an attack vector because if that’s even part of your surface area, then the attacker is already pretty well into your system
The bashrc poisoning thing was sarcastic. the point is it’s not important as an attack vector because if that’s even part of your surface area, then the attacker is already pretty well into your system
If your system uses 3 different Pythons as dependencies of different packages, which one gets to be /usr/bin/python?
Not sure about 1, but 2 and 3 both have the same answer. Both TSInstall and Mason are just trying to install other software packages on your system, and you’re on NixOS, so of course they can’t do that. You don’t install your software, you declare it. Add the Treesitter parsers you need right next to your plugins (there is a sub collection under the vimPlugins collection just for Treesitter parsers), and put whatever Mason would be installing into your user packages instead.
That said, I agree with the other commenter. Even though the community has done a lot of work on rich config options for Neovim, they’re just too far away from the normal way of doing things in the Neovim world, and plenty of plugins are written in ways that assume it’s configured in “normal” ways. Plus configuring Neovim is already kinda like assembling your own car from parts in any case, so it’s honestly better to just use nix to install Lazyvim or whatever flavor of choice and let it handle the plugin management/config. And believe me, I really tried to do it all in Nix, I wanted to do it that way. But it’s just not worth the headache at this point
Now you’ll have a zillion users trying to install software in ways that violate all the assumptions that NixOS operates on, but which are still tightly coupled to your NixOS config. Now updates to your system, or even seemingly unrelated config changes (through some transitive dependency chain) can easily break that software.
So now we’ve basically removed half the advantages that motivate Nix/OS in the first place, and when stuff breaks it will look like it’s Nix’s fault, even if it isn’t.
On the other hand, nixpkgs is already the most comprehensive repository of system software out there, and for 99% of packages Nixifying it is pretty trivial. Hell, my NixOS config does that for 3 different GitHub repos right inline in my config.nix