Merge pull request 'Remove nix_shell_legacy' (#3341) from nix_shell into main

Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/3341
2025-04-16 19:56:53 +00:00
parent a708ef3615 f3512b853a
commit ff558615a5
24 changed files with 91 additions and 119 deletions
--- a/docs/CONTRIBUTING.md
+++ b/docs/CONTRIBUTING.md
@@ -82,7 +82,7 @@ For instance, if you need to update `nixos-anywhere` in clan-cli, find its usage
 ```python
 run(
    nix_shell(
-        ["nixpkgs#nixos-anywhere"],
+        ["nixos-anywhere"],
        cmd,
    ),
    RunOpts(log=Log.BOTH, prefix=machine.name, needs_user_terminal=True),
--- a/pkgs/clan-app/tests/conftest.py
+++ b/pkgs/clan-app/tests/conftest.py
@@ -29,12 +29,12 @@ def pytest_sessionstart(session: pytest.Session) -> None:
@pytest.fixture
 def git_repo(tmp_path: Path) -> Path:
    # initialize a git repository
-    cmd = nix_shell(["nixpkgs#git"], ["git", "init"])
+    cmd = nix_shell(["git"], ["git", "init"])
    subprocess.run(cmd, cwd=tmp_path, check=True)
    # set user.name and user.email
-    cmd = nix_shell(["nixpkgs#git"], ["git", "config", "user.name", "test"])
+    cmd = nix_shell(["it"], ["git", "config", "user.name", "test"])
    subprocess.run(cmd, cwd=tmp_path, check=True)
-    cmd = nix_shell(["nixpkgs#git"], ["git", "config", "user.email", "test@test.test"])
+    cmd = nix_shell(["git"], ["git", "config", "user.email", "test@test.test"])
    subprocess.run(cmd, cwd=tmp_path, check=True)
    # return the path to the git repository
    return tmp_path
--- a/pkgs/clan-cli/clan_cli/api/directory.py
+++ b/pkgs/clan-cli/clan_cli/api/directory.py
@@ -6,7 +6,7 @@ from typing import Any, Literal
 from clan_cli.cmd import RunOpts
 from clan_cli.errors import ClanError
-from clan_cli.nix import nix_shell_legacy, run_no_stdout
+from clan_cli.nix import nix_shell, run_no_stdout
 from . import API
@@ -126,8 +126,8 @@ def show_block_devices() -> Blockdevices:
    It must return a list of block devices.
    """
-    cmd = nix_shell_legacy(
+    cmd = nix_shell(
-        ["nixpkgs#util-linux"],
+        ["util-linux"],
        [
            "lsblk",
            "--json",
--- a/pkgs/clan-cli/clan_cli/api/mdns_discovery.py
+++ b/pkgs/clan-cli/clan_cli/api/mdns_discovery.py
@@ -3,7 +3,7 @@ import re
 from dataclasses import dataclass
 from clan_cli.cmd import run_no_stdout
-from clan_cli.nix import nix_shell_legacy
+from clan_cli.nix import nix_shell
 from . import API
@@ -89,8 +89,8 @@ def parse_avahi_output(output: str) -> DNSInfo:
@API.register
 def show_mdns() -> DNSInfo:
-    cmd = nix_shell_legacy(
+    cmd = nix_shell(
-        ["nixpkgs#avahi"],
+        ["avahi"],
        [
            "avahi-browse",
            "--all",
--- a/pkgs/clan-cli/clan_cli/bwrap/init.py
+++ b/pkgs/clan-cli/clan_cli/bwrap/init.py
@@ -1,5 +1,5 @@
 from clan_cli.cmd import run
-from clan_cli.nix import nix_shell_legacy
+from clan_cli.nix import nix_shell
 _works: bool | None = None
@@ -13,10 +13,10 @@ def bubblewrap_works() -> bool:
 def _bubblewrap_works() -> bool:
    # fmt: off
-    cmd = nix_shell_legacy(
+    cmd = nix_shell(
        [
-            "nixpkgs#bash",
+            "bash",
-            "nixpkgs#bubblewrap",
+            "bubblewrap",
        ],
        [
            "bwrap",
--- a/pkgs/clan-cli/clan_cli/clan/create.py
+++ b/pkgs/clan-cli/clan_cli/clan/create.py
@@ -9,7 +9,7 @@ from clan_cli.cmd import CmdOut, RunOpts, run
 from clan_cli.errors import ClanError
 from clan_cli.flake import Flake
 from clan_cli.inventory import Inventory, init_inventory
-from clan_cli.nix import nix_command, nix_metadata, nix_shell_legacy
+from clan_cli.nix import nix_command, nix_metadata, nix_shell
 from clan_cli.templates import (
    InputPrio,
    TemplateName,
@@ -41,7 +41,7 @@ class CreateOptions:
 def git_command(directory: Path, *args: str) -> list[str]:
-    return nix_shell_legacy(["nixpkgs#git"], ["git", "-C", str(directory), *args])
+    return nix_shell(["git"], ["git", "-C", str(directory), *args])
@API.register
--- a/pkgs/clan-cli/clan_cli/facts/generate.py
+++ b/pkgs/clan-cli/clan_cli/facts/generate.py
@@ -18,7 +18,7 @@ from clan_cli.errors import ClanError
 from clan_cli.git import commit_files
 from clan_cli.machines.inventory import get_all_machines, get_selected_machines
 from clan_cli.machines.machines import Machine
-from clan_cli.nix import nix_shell_legacy
+from clan_cli.nix import nix_shell
 from .check import check_secrets
 from .public_modules import FactStoreBase
@@ -39,10 +39,10 @@ def read_multiline_input(prompt: str = "Finish with Ctrl-D") -> str:
 def bubblewrap_cmd(generator: str, facts_dir: Path, secrets_dir: Path) -> list[str]:
    # fmt: off
-    return nix_shell_legacy(
+    return nix_shell(
        [
-            "nixpkgs#bash",
+            "bash",
-            "nixpkgs#bubblewrap",
+            "bubblewrap",
        ],
        [
            "bwrap",
--- a/pkgs/clan-cli/clan_cli/facts/secret_modules/password_store.py
+++ b/pkgs/clan-cli/clan_cli/facts/secret_modules/password_store.py
@@ -5,7 +5,7 @@ from typing import override
 from clan_cli.cmd import Log, RunOpts
 from clan_cli.machines.machines import Machine
-from clan_cli.nix import nix_shell_legacy
+from clan_cli.nix import nix_shell
 from . import SecretStoreBase
@@ -18,8 +18,8 @@ class SecretStore(SecretStoreBase):
        self, service: str, name: str, value: bytes, groups: list[str]
    ) -> Path | None:
        subprocess.run(
-            nix_shell_legacy(
+            nix_shell(
-                ["nixpkgs#pass"],
+                ["pass"],
                ["pass", "insert", "-m", f"machines/{self.machine.name}/{name}"],
            ),
            input=value,
@@ -29,8 +29,8 @@ class SecretStore(SecretStoreBase):
    def get(self, service: str, name: str) -> bytes:
        return subprocess.run(
-            nix_shell_legacy(
+            nix_shell(
-                ["nixpkgs#pass"],
+                ["pass"],
                ["pass", "show", f"machines/{self.machine.name}/{name}"],
            ),
            check=True,
@@ -51,8 +51,8 @@ class SecretStore(SecretStoreBase):
        hashes = []
        hashes.append(
            subprocess.run(
-                nix_shell_legacy(
+                nix_shell(
-                    ["nixpkgs#git"],
+                    ["git"],
                    [
                        "git",
                        "-C",
@@ -71,8 +71,8 @@ class SecretStore(SecretStoreBase):
            if symlink.is_symlink():
                hashes.append(
                    subprocess.run(
-                        nix_shell_legacy(
+                        nix_shell(
-                            ["nixpkgs#git"],
+                            ["git"],
                            [
                                "git",
                                "-C",
--- a/pkgs/clan-cli/clan_cli/flash/flash.py
+++ b/pkgs/clan-cli/clan_cli/flash/flash.py
@@ -13,7 +13,7 @@ from clan_cli.errors import ClanError
 from clan_cli.facts.generate import generate_facts
 from clan_cli.facts.secret_modules import SecretStoreBase
 from clan_cli.machines.machines import Machine
-from clan_cli.nix import nix_shell_legacy
+from clan_cli.nix import nix_shell
 from clan_cli.vars.generate import generate_vars
 from .automount import pause_automounting
@@ -147,8 +147,8 @@ def flash_machine(
            disko_install.extend(["--option", "dry-run", "true"])
            disko_install.extend(extra_args)
-            cmd = nix_shell_legacy(
+            cmd = nix_shell(
-                ["nixpkgs#disko"],
+                ["disko"],
                disko_install,
            )
            run(
--- a/pkgs/clan-cli/clan_cli/machines/install.py
+++ b/pkgs/clan-cli/clan_cli/machines/install.py
@@ -18,7 +18,7 @@ from clan_cli.errors import ClanError
 from clan_cli.facts.generate import generate_facts
 from clan_cli.machines.hardware import HardwareConfig
 from clan_cli.machines.machines import Machine
-from clan_cli.nix import nix_shell_legacy
+from clan_cli.nix import nix_shell
 from clan_cli.ssh.deploy_info import DeployInfo, find_reachable_host, ssh_command_parse
 from clan_cli.ssh.host_key import HostKeyCheck
 from clan_cli.vars.generate import generate_vars
@@ -145,24 +145,19 @@ def install_machine(opts: InstallOptions) -> None:
            # nix copy does not support tor socks proxy
            # cmd.append("--ssh-option")
            # cmd.append("ProxyCommand=nc -x 127.0.0.1:9050 -X 5 %h %p")
-            run(
+            cmd = nix_shell(
                nix_shell_legacy(
                [
-                        "nixpkgs#nixos-anywhere",
+                    "nixos-anywhere",
-                        "nixpkgs#tor",
+                    "tor",
                ],
                ["torify", *cmd],
                ),
                RunOpts(log=Log.BOTH, prefix=machine.name, needs_user_terminal=True),
            )
        else:
-            run(
+            cmd = nix_shell(
-                nix_shell_legacy(
+                ["nixos-anywhere"],
                    ["nixpkgs#nixos-anywhere"],
                cmd,
                ),
                RunOpts(log=Log.BOTH, prefix=machine.name, needs_user_terminal=True),
            )
        run(cmd, RunOpts(log=Log.BOTH, prefix=machine.name, needs_user_terminal=True))
 def install_command(args: argparse.Namespace) -> None:
--- a/pkgs/clan-cli/clan_cli/machines/list.py
+++ b/pkgs/clan-cli/clan_cli/machines/list.py
@@ -20,7 +20,7 @@ from clan_cli.inventory import (
    patch_inventory_with,
 )
 from clan_cli.machines.hardware import HardwareConfig
-from clan_cli.nix import nix_eval, nix_shell_legacy
+from clan_cli.nix import nix_eval, nix_shell
 from clan_cli.tags import list_nixos_machines_by_tags
 log = logging.getLogger(__name__)
@@ -126,8 +126,8 @@ def check_machine_online(
    timeout = opts.timeout if opts and opts.timeout else 20
-    cmd = nix_shell_legacy(
+    cmd = nix_shell(
-        ["nixpkgs#util-linux", *(["nixpkgs#openssh"] if hostname else [])],
+        ["util-linux", *(["openssh"] if hostname else [])],
        [
            "ssh",
            *(["-i", f"{opts.keyfile}"] if opts and opts.keyfile else []),
--- a/pkgs/clan-cli/clan_cli/nix/init.py
+++ b/pkgs/clan-cli/clan_cli/nix/init.py
@@ -105,24 +105,6 @@ def nix_metadata(flake_url: str | Path) -> dict[str, Any]:
    return data
 # Deprecated: use nix_shell() instead
 def nix_shell_legacy(packages: list[str], cmd: list[str]) -> list[str]:
    # we cannot use nix-shell inside the nix sandbox
    # in our tests we just make sure we have all the packages
    if (
        os.environ.get("IN_NIX_SANDBOX")
        or os.environ.get("CLAN_NO_DYNAMIC_DEPS")
        or len(packages) == 0
    ):
        return cmd
    return [
        *nix_command(["shell", "--inputs-from", f"{nixpkgs_flake()!s}"]),
        *packages,
        "-c",
        *cmd,
    ]
 # lazy loads list of allowed and static programs
 class Packages:
    allowed_packages: set[str] | None = None
@@ -152,7 +134,6 @@ class Packages:
        return program in cls.static_packages
 # Alternative implementation of nix_shell() to replace nix_shell_legacy() at some point
 #   Features:
 #     - allow list for programs (need to be specified in allowed-packages.json)
 #     - be abe to compute a closure of all deps for testing
--- a/pkgs/clan-cli/clan_cli/nix/allowed-packages.json
+++ b/pkgs/clan-cli/clan_cli/nix/allowed-packages.json
@@ -3,12 +3,14 @@
  "avahi",
  "bash",
  "bubblewrap",
  "disko",
  "e2fsprogs",
  "git",
  "gnupg",
  "mypy",
  "netcat",
  "nix",
  "nixos-anywhere",
  "openssh",
  "pass",
  "qemu",
@@ -18,6 +20,8 @@
  "sshpass",
  "tor",
  "util-linux",
  "virt-viewer",
  "virtiofsd",
  "waypipe",
  "zbar"
 ]
--- a/pkgs/clan-cli/clan_cli/secrets/import_sops.py
+++ b/pkgs/clan-cli/clan_cli/secrets/import_sops.py
@@ -11,7 +11,7 @@ from clan_cli.completions import (
    complete_users,
 )
 from clan_cli.errors import ClanError
-from clan_cli.nix import nix_shell_legacy
+from clan_cli.nix import nix_shell
 from .secrets import encrypt_secret, sops_secrets_folder
@@ -30,7 +30,7 @@ def import_sops(args: argparse.Namespace) -> None:
        if args.input_type:
            cmd += ["--input-type", args.input_type]
        cmd += ["--output-type", "json", "--decrypt", args.sops_file]
-        cmd = nix_shell_legacy(["nixpkgs#sops", "nixpkgs#gnupg"], cmd)
+        cmd = nix_shell(["sops", "gnupg"], cmd)
        res = run(cmd, RunOpts(error_msg=f"Could not import sops file {file}"))
        secrets = json.loads(res.stdout)
--- a/pkgs/clan-cli/clan_cli/secrets/sops.py
+++ b/pkgs/clan-cli/clan_cli/secrets/sops.py
@@ -16,7 +16,7 @@ from clan_cli.api import API
 from clan_cli.cmd import Log, RunOpts, run
 from clan_cli.dirs import user_config_dir
 from clan_cli.errors import ClanError
-from clan_cli.nix import nix_shell_legacy
+from clan_cli.nix import nix_shell
 from .folders import sops_machines_folder, sops_users_folder
@@ -233,7 +233,7 @@ def sops_run(
                raise ClanError(msg)
        sops_cmd.append(str(secret_path))
-        cmd = nix_shell_legacy(["nixpkgs#sops", "nixpkgs#gnupg"], sops_cmd)
+        cmd = nix_shell(["sops", "gnupg"], sops_cmd)
        opts = (
            dataclasses.replace(run_opts, env=environ)
            if run_opts
@@ -249,7 +249,7 @@ def sops_run(
 def get_public_age_key(privkey: str) -> str:
-    cmd = nix_shell_legacy(["nixpkgs#age"], ["age-keygen", "-y"])
+    cmd = nix_shell(["age"], ["age-keygen", "-y"])
    error_msg = "Failed to get public key for age private key. Is the key malformed?"
    res = run(cmd, RunOpts(input=privkey.encode(), error_msg=error_msg))
@@ -257,7 +257,7 @@ def get_public_age_key(privkey: str) -> str:
 def generate_private_key(out_file: Path | None = None) -> tuple[str, str]:
-    cmd = nix_shell_legacy(["nixpkgs#age"], ["age-keygen"])
+    cmd = nix_shell(["age"], ["age-keygen"])
    try:
        proc = run(cmd)
        res = proc.stdout.strip()
--- a/pkgs/clan-cli/clan_cli/ssh/deploy_info.py
+++ b/pkgs/clan-cli/clan_cli/ssh/deploy_info.py
@@ -14,7 +14,7 @@ from clan_cli.completions import (
 )
 from clan_cli.errors import ClanError
 from clan_cli.machines.machines import Machine
-from clan_cli.nix import nix_shell_legacy
+from clan_cli.nix import nix_shell
 from clan_cli.ssh.host import Host, is_ssh_reachable
 from clan_cli.ssh.host_key import HostKeyCheck
 from clan_cli.ssh.parse import parse_deployment_address
@@ -65,8 +65,8 @@ def find_reachable_host(
 def qrcode_scan(picture_file: Path) -> str:
-    cmd = nix_shell_legacy(
+    cmd = nix_shell(
-        ["nixpkgs#zbar"],
+        ["zbar"],
        [
            "zbarimg",
            "--quiet",
--- a/pkgs/clan-cli/clan_cli/ssh/tor.py
+++ b/pkgs/clan-cli/clan_cli/ssh/tor.py
@@ -10,7 +10,7 @@ from dataclasses import dataclass
 from clan_cli.async_run import AsyncRuntime
 from clan_cli.cmd import Log, RunOpts, run
 from clan_cli.errors import TorConnectionError, TorSocksError
-from clan_cli.nix import nix_shell_legacy
+from clan_cli.nix import nix_shell
 log = logging.getLogger(__name__)
@@ -116,8 +116,8 @@ def spawn_tor(runtime: AsyncRuntime) -> None:
    def start_tor() -> None:
        """Starts Tor process using nix-shell."""
        cmd_args = ["tor", "--HardwareAccel", "1"]
-        packages = ["nixpkgs#tor"]
+        packages = ["tor"]
-        cmd = nix_shell_legacy(packages, cmd_args)
+        cmd = nix_shell(packages, cmd_args)
        runtime.async_run(None, run, cmd, RunOpts(log=Log.BOTH))
        log.debug("Attempting to start Tor")
--- a/pkgs/clan-cli/clan_cli/tests/git_repo.py
+++ b/pkgs/clan-cli/clan_cli/tests/git_repo.py
@@ -2,21 +2,19 @@ import subprocess
 from pathlib import Path
 import pytest
-from clan_cli.nix import nix_shell_legacy
+from clan_cli.nix import nix_shell
 # fixture for git_repo
@pytest.fixture
 def git_repo(temp_dir: Path) -> Path:
    # initialize a git repository
-    cmd = nix_shell_legacy(["nixpkgs#git"], ["git", "init"])
+    cmd = nix_shell(["git"], ["git", "init"])
    subprocess.run(cmd, cwd=temp_dir, check=True)
    # set user.name and user.email
-    cmd = nix_shell_legacy(["nixpkgs#git"], ["git", "config", "user.name", "test"])
+    cmd = nix_shell(["git"], ["git", "config", "user.name", "test"])
    subprocess.run(cmd, cwd=temp_dir, check=True)
-    cmd = nix_shell_legacy(
+    cmd = nix_shell(["git"], ["git", "config", "user.email", "test@test.test"])
        ["nixpkgs#git"], ["git", "config", "user.email", "test@test.test"]
    )
    subprocess.run(cmd, cwd=temp_dir, check=True)
    # return the path to the git repository
    return temp_dir
--- a/pkgs/clan-cli/clan_cli/tests/test_secrets_password_store.py
+++ b/pkgs/clan-cli/clan_cli/tests/test_secrets_password_store.py
@@ -6,7 +6,7 @@ from clan_cli.facts.secret_modules.password_store import SecretStore
 from clan_cli.flake import Flake
 from clan_cli.machines.facts import machine_get_fact
 from clan_cli.machines.machines import Machine
-from clan_cli.nix import nix_shell_legacy
+from clan_cli.nix import nix_shell
 from clan_cli.ssh.host import Host
 from clan_cli.tests.fixtures_flakes import ClanFlake
 from clan_cli.tests.helpers import cli
@@ -58,14 +58,10 @@ def test_upload_secret(
    """
    )
    subprocess.run(
-        nix_shell_legacy(
+        nix_shell(["gnupg"], ["gpg", "--batch", "--gen-key", str(gpg_key_spec)]),
            ["nixpkgs#gnupg"], ["gpg", "--batch", "--gen-key", str(gpg_key_spec)]
        ),
        check=True,
    )
-    subprocess.run(
+    subprocess.run(nix_shell(["pass"], ["pass", "init", "test@local"]), check=True)
        nix_shell_legacy(["nixpkgs#pass"], ["pass", "init", "test@local"]), check=True
    )
    cli.run(["facts", "generate", "vm1", "--flake", str(flake.path)])
    store = SecretStore(Machine(name="vm1", flake=Flake(str(flake.path))))
--- a/pkgs/clan-cli/clan_cli/vars/generate.py
+++ b/pkgs/clan-cli/clan_cli/vars/generate.py
@@ -17,7 +17,7 @@ from clan_cli.completions import (
 from clan_cli.errors import ClanError
 from clan_cli.git import commit_files
 from clan_cli.machines.inventory import get_all_machines, get_selected_machines
-from clan_cli.nix import nix_config, nix_shell_legacy, nix_test_store
+from clan_cli.nix import nix_config, nix_shell, nix_test_store
 from clan_cli.vars._types import StoreBase
 from .check import check_vars
@@ -84,10 +84,10 @@ def bubblewrap_cmd(generator: str, tmpdir: Path) -> list[str]:
    test_store = nix_test_store()
    # fmt: off
-    return nix_shell_legacy(
+    return nix_shell(
        [
-            "nixpkgs#bash",
+            "bash",
-            "nixpkgs#bubblewrap",
+            "bubblewrap",
        ],
        [
            "bwrap",
--- a/pkgs/clan-cli/clan_cli/vars/secret_modules/password_store.py
+++ b/pkgs/clan-cli/clan_cli/vars/secret_modules/password_store.py
@@ -9,7 +9,7 @@ from tempfile import TemporaryDirectory
 from clan_cli.cmd import CmdOut, Log, RunOpts, run
 from clan_cli.machines.machines import Machine
-from clan_cli.nix import nix_shell_legacy
+from clan_cli.nix import nix_shell
 from clan_cli.ssh.upload import upload
 from clan_cli.vars._types import StoreBase
 from clan_cli.vars.generate import Generator, Var
@@ -49,9 +49,7 @@ class SecretStore(StoreBase):
        return Path(self.entry_prefix) / self.rel_dir(generator, name)
    def _run_pass(self, *args: str, options: RunOpts | None = None) -> CmdOut:
-        cmd = nix_shell_legacy(
+        cmd = nix_shell(packages=["pass"], cmd=[self._store_backend, *args])
            packages=["nixpkgs#pass"], cmd=[self._store_backend, *args]
        )
        return run(cmd, options)
    def _set(
@@ -92,8 +90,8 @@ class SecretStore(StoreBase):
        hashes = []
        hashes.append(
            run(
-                nix_shell_legacy(
+                nix_shell(
-                    ["nixpkgs#git"],
+                    ["git"],
                    [
                        "git",
                        "-C",
@@ -120,8 +118,8 @@ class SecretStore(StoreBase):
            if symlink.is_symlink():
                hashes.append(
                    run(
-                        nix_shell_legacy(
+                        nix_shell(
-                            ["nixpkgs#git"],
+                            ["git"],
                            [
                                "git",
                                "-C",
--- a/pkgs/clan-cli/clan_cli/vms/run.py
+++ b/pkgs/clan-cli/clan_cli/vms/run.py
@@ -19,7 +19,7 @@ from clan_cli.dirs import module_root, user_cache_dir, vm_state_dir
 from clan_cli.errors import ClanCmdError, ClanError
 from clan_cli.facts.generate import generate_facts
 from clan_cli.machines.machines import Machine
-from clan_cli.nix import nix_shell_legacy
+from clan_cli.nix import nix_shell
 from clan_cli.qemu.qga import QgaSession
 from clan_cli.qemu.qmp import QEMUMonitorProtocol
@@ -96,8 +96,8 @@ def prepare_disk(
    file_name: str = "disk.img",
 ) -> Path:
    disk_img = directory / file_name
-    cmd = nix_shell_legacy(
+    cmd = nix_shell(
-        ["nixpkgs#qemu"],
+        ["qemu"],
        [
            "qemu-img",
            "create",
@@ -127,7 +127,7 @@ def start_vm(
 ) -> Iterator[subprocess.Popen]:
    env = os.environ.copy()
    env.update(extra_env)
-    cmd = nix_shell_legacy(packages, args)
+    cmd = nix_shell(packages, args)
    machine.debug(f"Starting VM with command: {cmd}")
    with subprocess.Popen(
@@ -280,11 +280,11 @@ def spawn_vm(
            interactive=stdin is None,
        )
-        packages = ["nixpkgs#qemu"]
+        packages = ["qemu"]
        extra_env = {}
        if vm.graphics and not vm.waypipe.enable:
-            packages.append("nixpkgs#virt-viewer")
+            packages.append("virt-viewer")
            remote_viewer_mimetypes = module_root() / "vms" / "mimetypes"
            extra_env["XDG_DATA_DIRS"] = (
                f"{remote_viewer_mimetypes}:{os.environ.get('XDG_DATA_DIRS', '')}"
--- a/pkgs/clan-cli/clan_cli/vms/virtiofsd.py
+++ b/pkgs/clan-cli/clan_cli/vms/virtiofsd.py
@@ -6,7 +6,7 @@ from collections.abc import Iterator
 from pathlib import Path
 from clan_cli.errors import ClanError
-from clan_cli.nix import nix_shell_legacy
+from clan_cli.nix import nix_shell
@contextlib.contextmanager
@@ -14,8 +14,8 @@ def start_virtiofsd(socket_path: Path) -> Iterator[None]:
    sandbox = "namespace"
    if shutil.which("newuidmap") is None:
        sandbox = "none"
-    virtiofsd = nix_shell_legacy(
+    virtiofsd = nix_shell(
-        ["nixpkgs#virtiofsd"],
+        ["virtiofsd"],
        [
            "virtiofsd",
            "--socket-path",
--- a/pkgs/clan-cli/clan_cli/vms/waypipe.py
+++ b/pkgs/clan-cli/clan_cli/vms/waypipe.py
@@ -6,7 +6,7 @@ import time
 from collections.abc import Iterator
 from clan_cli.errors import ClanError
-from clan_cli.nix import nix_shell_legacy
+from clan_cli.nix import nix_shell
 VMADDR_CID_HYPERVISOR = 2
@@ -29,8 +29,8 @@ def start_waypipe(cid: int | None, title_prefix: str) -> Iterator[None]:
    if cid is None:
        yield
        return
-    waypipe = nix_shell_legacy(
+    waypipe = nix_shell(
-        ["nixpkgs#waypipe"],
+        ["waypipe"],
        [
            "waypipe",
            "--vsock",