If Nix Builds It, Everything Works

March 19, 2026

I saw this post:

Eliezer Yudkowsky @allTheYud

I'm amused by how in the modern era, "Rewrite this terminal UI to CLI so Opus can use it" is a 5-minute task consisting of "tell Opus to rewrite it", and "Okay but now make that new tool's Github private repository visible to Claude operating out of your other private repository" is 10 minutes of trying to wrangle API tokens followed by giving up and hard-downloading the new repository.
View on Twitter

Naturally my first thought was "Nix solves this".

Step 0: Install Nix

Nix Installer

You might need to enable flakes. I don't have a non-NixOS system on hand to test what the situation is there. Determinate claims to have a more user friendly installer. I don't really have a strong opinion.

Step 1: Packaging

Say you have a basic C program with a Makefile. Nix already knows how to build these — stdenv.mkDerivation handles ./configure && make && make install out of the box. Your flake.nix is just:

{
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
    flake-utils.url = "github:numtide/flake-utils";
  };

  outputs = { self, nixpkgs, flake-utils }:
    flake-utils.lib.eachDefaultSystem (system:
      let
        pkgs = nixpkgs.legacyPackages.${system};
        mycoolprogram = pkgs.stdenv.mkDerivation {
          pname = "mycoolprogram";
          version = "0.1.0";
          src = ./.;
          installFlags = [ "PREFIX=$(out)" ];
        };
      in {
        packages.mycoolprogram = mycoolprogram;
        packages.default = mycoolprogram;
      }
    );
}

nix run .#mycoolprogram -- arguments go here will build the program reproducibly and run it. There are similar templates for other build systems (CMake, Rust, Go, Python, JS, etc). Honestly there's a decent chance Claude can write this for you if you'd rather not learn an entirely new programming language. Just ask your nearest Linux-using trans woman if that doesn't work.

Once you push it up, you can just do nix run github:yourusernamegoeshere/reponame#mycoolprogram -- args go here if it's a public repo. If it's a private repo, do Step 2 and come back.

Step 2: Give Nix Access to Private Repos

Add a GitHub personal access token to your Nix config so it can fetch private flakes. In your ~/.config/nix/nix.conf

access-tokens = github.com=ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

This lets Nix authenticate when pulling github: flake references to private repos.