Install as overlay?

[danbst]

For me it works like this.

self: super:
let nur = import /home/danbst/dev/NUR { nurpkgs = self; pkgs = self; };
in {
    nur = nur;
}

I guess remark in the end describes why nix-community/NUR isn't composed as list of overlays, but for a newcomer (like me) it reads as "don't use NUR in overlay".

Also, publishing NUR as an overlay poses no security problems:

let
  danbst_overlay = self: super: {
    repos.danbst.mypkg = self.writeText "hello.txt" "hello world";
  };
  hacker_overlay = self: super: {
    repos.danbst.mypkg = self.writeText "hello.txt" "pwned";
  };
in self: super: {
  # this must be autogenerated
  repos.danbst = with danbst_overlay self super; repos.danbst or {};
  repos.hacker = with hacker_overlay self super; repos.hacker or {};  
}

$ cat $(nix-build '<nixpkgs>' -A repos.danbst.mypkg)
hello world

[Mic92]

There is a problem with evaluating untrusted nix code, probably in conjunction with nix-env -q or nix search. It could leak environment variables.

[danbst]

@Mic92 can you explain a bit more? In which case overlay is "less secure" then current situation?

[Mic92]

It is not less secure, but it is also not more secure.
You can use it as an overlay if you want, I just don't see any advantages over the usage proposed in the README. I don't think you can compose different repositories at random because there is no coordination between those, so it is likely to
break. In your example you also use repositories independent from each other.