Nix FlakesGarnyaml configWhat Garnix CI doesDeploymentsUsing Private InputsCachingGitHub Actions IntegrationBadges

Using Private Inputs/Repositories.share

Sometimes you want to depend on a private repository. Nix has two mechanisms for this: using SSH keys (git+https dependencies), or using personal tokens (e.g. github: dependencies).

garnix supports the latter of these two. In order for this two work, several conditions must be met:

  1. garnix must be enabled on all the dependencies;
  2. the dependency must belong to the same user/org and the depending repo;
  3. every collaborator on the depending repo must be a collaborator on every dependency; and
  4. (as a special case of 4) the depending repo must not be public.

3 and 4 are to ensure you don't accidentally give read-access to someone via this mechanism.

If you have special requirements that don't match this behavior and are using a paid tier, please contact us.

An example of such a private dependency is:

  inputs.privateDep.url = "github:garnix-io/private";

Note that in order to use private inputs like this work locally, you will need to create an access token with GitHub, and set access-tokens in your user's nix.conf.

Alternatively, you can use git's insteadOf configuration so that locally you can continue to use ssh. See here how to set that up.