How to run shopify app dev on NixOS? (Cloudflare EROFS & Rate Limiting)

Shopify CLI and Libraries
,
1

I have reproduced the issue on the latest CLI version.

Yes, I am on the latest version

I have searched existing posts and this report is not a duplicate.

Yes, this isn’t a duplicate

In which of these areas are you experiencing a problem?

Other

Expected behavior

When running npm run dev on a read-only file system (like NixOS), the Shopify CLI should:

Respect the SHOPIFY_CLI_CLOUDFLARED_PATH environment variable to use the system-installed cloudflared binary without crashing.

OR, attempt to download/write the bundled cloudflared binary to a standard writable user directory (e.g., $XDG_CACHE_HOME or ~/.cache/shopify) instead of trying to write directly into node_modules (which is immutable on NixOS).

Actual behavior

The CLI attempts to download and write cloudflared into the node_modules folder inside /nix/store/…, resulting in an EROFS: read-only file system error.

When attempting to bypass this by setting SHOPIFY_CLI_CLOUDFLARED_PATH=$(which cloudflared), the CLI fails with an “Unknown error” and cannot manage the tunnel process.

Consequence: I am forced to run a manual anonymous tunnel (cloudflared tunnel --url …), but this triggers Cloudflare Rate Limits (HTTP 429) very quickly because it lacks the authenticated context that the Shopify CLI normally provides.

Reproduction steps

On a NixOS machine, install a Shopify app project.

Run npm run dev.

Error 1: The process crashes immediately with EROFS when trying to write the cloudflared binary to node_modules.

Install cloudflared via Nixpkgs.

Run SHOPIFY_CLI_CLOUDFLARED_PATH=$(which cloudflared) npm run dev.

Error 2: The CLI fails to start the tunnel with an “Unknown error” or fails to parse the output of the system binary.

Verbose output

[daniel@nixos:~/blockchain-warranty-app/nft-warranty]$ npm run dev

dev
shopify app dev

╭─ error ──────────────────────────────────────────────────────────────────────╮
│ │
│ EROFS: read-only file system, open ‘/nix/store/…/node_modules/@shopify/ │
│ cli/bin/cloudflared’ │
│ │
╰──────────────────────────────────────────────────────────────────────────────╯

Operating system

NixOS (linux)

CLI version

3.86.1

Shell

Bash / Nix Shell

Nodejs version

v22.21.1

What language and version are you using in your application?

nodejs v22.21.1

2

Hi @Daniel_Main

I haven’t encountered devs using the CLI in the context of NixOS yet - ideally it should respect the SHOPIFY_CLI_CLOUDFLARED_PATH or use a writable cache directory for bundled binaries, which doesn’t appear to be happening here. I’ll dig into this my side for for now, you may need to run the CLI in an environment where the node_modules directory is writable, or continue using a manual tunnel (noting the rate limit issue).

3

@Daniel_Main - is this the first time you’re running npm run dev on NixOS, or was this working previously? Also if you’re working with Functions, the CLI will attempt to download a custom binary, which could cause a crash.

4

Hi Liam thank you so much for your reply!

Thanks for the reply, @Liam-Shopify I saw here Shopify uses internally Nix too: What Is Nix - Shopify

To answer your question: Yes, I developed the entire application on my macOS laptop (aarch64-darwin) without any issues, as the filesystem there allows standard write access to node_modules. Mac is in other words impure/non-deterministic :sweat_smile:

The issue began when I moved the project to my NixOS server. I am using the shopify-cli package directly from Nixpkgs (https://github.com/NixOS/nixpkgs/blob/nixos-25.05/pkgs/by-name/sh/shopify-cli/package.nix).

Since NixOS mounts package directories as read-only (immutable), the CLI crashes when it attempts to download or write the cloudflared binary into that locked location.

Please check the attached screenshot for the specific error output.

CleanShot 2025-11-20 at 21.24.53@2x
CleanShot 2025-11-20 at 21.24.53@2x3430×1328 223 KB