TheDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/cachix/devenv/llms.txt
Use this file to discover all available pages before exploring further.
devenv.yaml file sits alongside devenv.nix in your project root. It controls project-level concerns that live outside the Nix module system: which Nix inputs (dependencies) to pin, which remote or local environments to import, how nixpkgs is configured, and global devenv behaviors like shell auto-reload, profile selection, and secretspec integration.
This file is managed by the
devenv inputs add command and updated by devenv update. You can also edit it directly.devenv.yaml looks like this:
inputs
A map of Nix flake inputs. Each key is the input name used in your Nix expressions; the value is a configuration object describing where to fetch it. The default entry points to devenv’s curated nixpkgs rolling channel.
| Field | Value |
|---|---|
| Type | attribute set of input |
| Default | inputs.nixpkgs.url: github:cachix/devenv-nixpkgs/rolling |
inputs.<name>.url
The URI that identifies the flake or non-flake source. Supports all Nix flake URI formats.
URI specification of the input.
| Format | Example |
|---|---|
| GitHub | github:NixOS/nixpkgs/nixos-unstable |
| GitHub (tagged) | github:cachix/devenv/v1.4 |
| GitHub (dir) | github:myorg/configs?dir=devenv |
| GitLab | gitlab:user/repo |
| Sourcehut | sourcehut:~user/repo |
| Tarball | https://example.com/pkg.tar.gz |
| Local path | path:/absolute/path or path:./relative |
| Git | git+https://github.com/org/repo |
inputs.<name>.flake
Whether the input contains a
flake.nix. Set to false for non-flake inputs such as plain tarballs or devenv.nix-only repositories.inputs.<name>.follows
Another input name to inherit from, ensuring version alignment. For example, setting
follows: nixpkgs makes this input use the same nixpkgs revision as your top-level nixpkgs input, avoiding duplicate Nix store paths.inputs.<name>.inputs
Override nested inputs inside this dependency by name. Uses the same structure as the top-level
inputs map.inputs.<name>.overlays
A list of overlay attribute paths to include from this input into nixpkgs. See the Overlays guide.
imports
A list of paths or input references that contribute additional devenv.nix and devenv.yaml configuration. Imported environments are deeply merged with the current environment, enabling reuse across projects.
Relative paths, absolute paths, or flake input references to import.
| Type | Example |
|---|---|
| Relative path | ./shared |
| Absolute path | /home/user/devenv-base |
| Input reference | my-configs (must be declared in inputs) |
backend
Select the Nix backend used to evaluate devenv.nix.
The Nix evaluation backend. Currently only
nix is supported.clean
Options controlling environment variable cleaning when entering the shell.
When
true, strip all parent environment variables before entering the shell. Equivalent to the --clean CLI flag. New in devenv 1.0.A list of environment variable names to preserve even when
clean.enabled is true. New in devenv 1.0.impure
Relax the hermeticity of the environment, allowing access to the host system’s environment variables and file system. Equivalent to
--impure. New in devenv 1.0.nixpkgs
Fine-grained nixpkgs configuration controlling which packages are allowed and how the package set is built.
nixpkgs.allow_unfree
Allow packages with unfree licenses. New in devenv 1.7.
nixpkgs.allow_broken
Allow packages marked as broken in nixpkgs. New in devenv 1.7.
nixpkgs.allow_non_source
Allow packages not built from source (nixpkgs default). New in devenv 1.7.
nixpkgs.allow_unsupported_system
Allow packages that are not officially supported on the current system. New in devenv 2.0.5.
nixpkgs.permitted_insecure_packages
A list of insecure package names to allow. New in devenv 1.7.
nixpkgs.permitted_unfree_packages
A list of unfree package names to allow by name (more targeted than
allow_unfree). New in devenv 1.9.nixpkgs.allowlisted_licenses
A list of license attribute names to allow (e.g.
gpl3Only, mit, asl20). See nixpkgs license list.nixpkgs.blocklisted_licenses
A list of license attribute names to block (e.g.
unfree, bsl11).nixpkgs.cuda_support
Enable CUDA support in nixpkgs. New in devenv 1.7.
nixpkgs.cuda_capabilities
CUDA capabilities to select (e.g.
["8.0" "8.6"]). New in devenv 1.7.nixpkgs.rocm_support
Enable ROCm (AMD GPU compute) support in nixpkgs. New in devenv 2.0.7.
nixpkgs.android_sdk.accept_license
Accept the Android SDK license. Can also be set via
NIXPKGS_ACCEPT_ANDROID_SDK_LICENSE=1.nixpkgs.per_platform
Per-platform nixpkgs configuration. The keys are system strings (e.g.
x86_64-linux). Accepts all the same options as the top-level nixpkgs block. New in devenv 1.7.profile
Default profile to activate on shell entry. Can be overridden by the
--profile CLI flag. See Profiles. New in devenv 1.11.reload
Enable auto-reload of the shell when
devenv.nix or devenv.yaml change. Can be overridden by --reload or --no-reload. New in devenv 2.0.require_version
Version requirement for the devenv CLI. Set to
true to require that the CLI version matches the modules version from the devenv input. Use a constraint string for more precise control: >=2.0, <3.0, =2.1.3, or a bare version string for an exact match. New in devenv 2.1.shell
Default interactive shell to use when entering the devenv environment via
devenv shell. Supported values: bash, zsh, fish, nu. Falls back to $SHELL then bash when unset. Can be overridden by the --shell CLI flag. New in devenv 2.1.strict_ports
Error if a port is already in use instead of auto-allocating the next available port. Can be overridden by
--strict-ports or --no-strict-ports. New in devenv 2.0.secretspec
Integration with secretspec for declarative secrets management.
Enable secretspec integration. New in devenv 1.8.
Secretspec provider to use (e.g.
keyring, 1password, dotenv). New in devenv 1.8.Secretspec profile name to use. New in devenv 1.8.
Name of the secretspec secret to read the Cachix auth token from when
CACHIX_AUTH_TOKEN is not set in the environment. This is the secret name in secretspec.toml, not the token value. New in devenv 2.1.3.