Nix store volume not updating during rebuilds

[dani0854]

Running on linux (nixos), with docker.

Steps to reproduce:

1. Create and start a new environment

   {
     "name": "test",
     "image": "mcr.microsoft.com/devcontainers/base:noble",
     "features": {
       "ghcr.io/devcontainers/features/nix:1": {
         "packages": "hello"
       }
     }
   }
   

2. Change packages and rebuild

   {
     "name": "test",
     "image": "mcr.microsoft.com/devcontainers/base:noble",
     "features": {
       "ghcr.io/devcontainers/features/nix:1": {
         "packages": "busybox"
       }
     }
   }
   

3. After rebuild busybox won't be available (or any other package from packages).

After some debugging I think I found the cause. First time we build and run it, nix-store-* volume is empty, and files are copied into it when an empty volume is mounted. Second time however since volume already contains data, it mounts over existing /nix/store from second build. And so /home/vscode/.nix-profile symlink chain is broken, since the new profile is not in /nix/store.

Furthermore if we change anything that affects nix installation itself, it will likely also be overwritten by volume mount. And I somehow managed to also break nix install completely during debugging, but I wasn't able to reproduce it.

The workaround would be to delete the volume every time devcontainers gets rebuilt, or somehow make volume name unique to specific build of the image, not image name.

To make work with /nix/store in volume, it would have to be mounted during feature install, which I don't think is possible.

Is it possible to make mount point optional (or a separate feature with or without it)?

[Kaniska244]

Hello @dani0854 ,

Thank you for reporting the issue. I tried same in vscode locally in mac according to the steps you have provided but unfortunately couldn’t reproduce the same and in fact couldn’t find any discrepancies between /home/vscode/.nix-profile (symlink to /home/vscode/.local/state/nix/profiles/profile) and /nix/store even after switching package to busybox and rebuilding.

Would you kindly share the container logs for both scenarios i.e. creating new dev container with hello package and rebuilding with busybox package. That could help us a great deal to investigate this issue further.

With Regards,
Kaniska

[dani0854]

Hello @Kaniska244,

Thank you for taking a look.

I have attached both reproducer script and the logs it produced when run in clean alpine vm.

reproducer.sh
log.txt

The above is the result of the following change:
#1127

I have fixed the version of the feature to 1.2.0, where it works as expected.
I do believe that having a cached /nix/store is a useful feature, but it would be nice if it could be optionally turned off, since it does have some downsides.

[dani0854]

What happens in the second build, is that /home/vscode/.nix-profile gets pointed to new /nix/store/*-user-environment, but when volume is mounted on top of /nix/store, /nix/store/*-user-environment is missing, since volume will always contain the contents of the first build (due to the fact that docker copies content during mounting to volume only if volume is empty).

If the second image is started without nix-store mount (docker run <image_name>), then it will contain the correct /nix/store/*-user-environment and symlink will resolve.

[ArchieAtkinson]

devcontainers cli version: 0.80.0
docker version: Docker version 28.2.2, build v28.2.2
OS: NixOS 25.11.20250627.30e2e28 (Xantusia) x86_64

I'm having the same issue, I think:

The below will install stow if the nix-store-* volume doesn't exist.

devcontainer up --workspace-folder . --additional-features '{"ghcr.io/devcontainers/features/nix:1":{"packages":"stow","useAttributePath":true}}' --remove-existing-container

If I run this after it:

devcontainer up --workspace-folder . --additional-features '{"ghcr.io/devcontainers/features/nix:1":{"packages":"stow, lazygit","useAttributePath":true}}' --remove-existing-container

lazygit won't get installed. I have to remove the store for it to be installed.

My current workaround is using exec commands to install programs using nix -iA <packages ...>, post create commands would also work I assume.

(The workspace is just a .devcontainer pointing to an ubuntu image)