Workspace (aves.toml)
aves.toml is the workspace-wide configuration. Every package built in
the workspace sees the same aves.toml; project-specific concerns
belong in aves_manifest.toml instead.
Example
[nixpkgs]
channel = "nixos-25.05"
rev = "<lock-hash>"
[policy]
allow_unfree = true
allow_insecure = true
[nix-portable]
runtime = "proot"
Sections
[nixpkgs]
Pins the nixpkgs revision used to evaluate every package’s [build] inputs. Pinning is what makes builds reproducible across machines and
across time.
| Key | Type | Required | Description |
|---|---|---|---|
channel | string | yes | Nixpkgs channel name, e.g. "nixos-25.05". |
rev | string | no | Specific commit hash. Required for full lock. |
[policy]
Workspace-wide gates for permissive build flags. Each gate is checked
when a package’s [build] requests the matching flag.
| Key | Type | Default | Description |
|---|---|---|---|
allow_unfree | bool | false | Permit packages whose inputs include unfree licenses. |
allow_insecure | bool | false | Permit packages whose inputs include insecure-marked deps. |
[nix-portable]
Configures the nix-portable backend.
| Key | Type | Default | Description |
|---|---|---|---|
runtime | string | (auto) | One of proot, bwrap. Pins the sandbox runtime. |