Nix

Nix is a functional package manager that isolates and sandboxes dependencies.

Tools

[nixos-infect] : install nixos over an existing os on digitalocean and other vps systems

[devshell] : universally compatible nix-shell

Tutorials

[Resources for learning more about the Nix ecosystem]

[The de-facto introduction to NixOS]

[Another great introduction to the Nix ecosystem]. This has better overviews of technology like overlays than the official documentation.

[Using Nix to manage Emacs packages] ({Emacs}). [Rycee's configuration] is a good start or source of inspiration for this.

[Why Nix: Cachix, niv and nix-build overview]

[Set up a basic git server with NixOS]

[Set up Nix with preconfigured SSH]

[Setting up GnuPG + Yubikey on NixOS for SSH authentication]: Super useful article for getting GPG to function with a yubikey and all of that. [Subkeys - Debian Wiki] is another great guide for creating and managing these keys.

[Nix shorts] : Lots of quick and helpful Nix tips to check out.

  • Building derivations at the Nix REPL
  • Installing packages from files and derivation expressions
  • Working with Nix shells
  • Creating derivations

NixOps

[An evaluation of and tutorial for Disnix and NixOps]

[nixops-tutorial] : development with NixOps

[Hydra (and nixops) manual]

[nixops user guide]

MacOS

[Provisioning a Nix server from MacOS]

Server

[nixos router for the homelab] -- useful for learning to set everything up

[installing and configuring nixos on linode]

[Running NixOS on a consumer NAS]

Evaluation

Why NixOS?

[src] [src2] [what is nix?]

  • It's the simplest way to quickly iterate and try new programs. From
     to 
             
     to configuration options like 
             
    , it's incredibly easy to swap parts of your system in very 
              few lines of code. A lot of the grunt work has been done already to ensure that 
              common configurations are perfectly functional and reproducible out of the box.
            
  • It's trivial to revert the state of your system. All it takes is booting to a previous NixOS interation.
  • Declaring SystemD services happens in one place and is incredibly simple! No more managing configuration files scattered throughout your computer - you can 'metaprogram' them in Nix and serialize the files out to disk. This applies to lots of other types of files, too; I use templates to manage color schemes for all of my applications, for example.
  • It's incredibly simple to set up reproducible build environments for writing and running code, especially in sandboxes when you don't want to confuse your globally installed programs.

Building within Nix

[Gemini Portal]: An evaluation of building an operating system "underneath" Nix/OS; building bottom-up to provide some interface that adheres to the Nix project expectations and specifications. (It failed and this is an evaluation of why).

Nix vs. Docker

[src] [src2] [src3 (has good NixOps tutorial too)]

[Nix vs Docker for local development]

  • Docker image is a snapshot of a machine that was assembled by running commands in a particular fashion
  • Making changes to the machine introduces nondeterminism; shell commands typically fetch information from outside sources that aren't pinned, so they change over time, and the functionality of your container will change as time progresses. Builds in Nix when properly pinned will not diverge the same way other deployment systems do.
  • There is no absolute guarantee that your Docker image produces the same image every rebuild
  • Nix runs natively, while Docker requires a Linux virtual machine
  • Nix can run as any user without particular privileges

Configs

[My personal configuration]:

  • Wayland enabled
  • Incredibly modular with thorough abstractions (in progress...)
  • Robust configuration of many programs, including mail server

[hlissner's config]

  • Heavily inspires mine - I forked his
  • Incredibly modular and allows for easy, opinionated program configuration
  • Some basic modular support and great library utilities
  • Consistent and comprehensive theme work

[Graham's NixOS config]:

  • ZFS with remote backups
  • Wayland dedicated
  • Start all programs in SystemD cgroups
  • Erase systems on every boot

[bjornfor config]:

  • Lots of home automation utility configuration; zigbee, home audio management, etc.
  • Custom derivations for tons of obscure programs corresponding to the above
  • Backup service infrastructure across multiple devices
  • Wonky configuration for chromium, networking, VPNs, etc. Very thorough management of loads of different devices.
  • Has pirate radio and torrent setups as well if you're into that

[bqv]:

  • Makes substantial use of nix flakes, properly managing them as overlays
  • Way over my head... come back to this later! I haven't fully looked through this one.

[Soxin] and [cfg] :

  • A modular NixOS configuration system and language
  • (How can I improve upon these ideas?)
  • I haven't fully examined this one.

[colemickens] :

  • I haven't fully examined this one either. Looks thorough, uses flakes and is constantly updated.

[nixexprs] :

  • Sourcehut-based CI configuration. Tons of good networking

to inspire, plus a decent organization system. The system has

IPFS, MacOS configuration, tons of default packages, and more. Could be used as a flake to install some of their packages; looks like it's compatible with NUR.

Installation

Good practices

  • Create a separate partition for all of your nix derivations, /nix
  • Label all of your disks so that
     is reproducible
           

initial installation

worth noting that what i found the most confusing was:

  • user configuration
  • vps specific, ensuring that i could remove the virtual disk (not delete it)

and log in as an unprivileged user without booting to the installation disk

partition

partition for space for nixos

sudo fdisk devsda

new

partition

sector1

no selection for start of partition

no selection for last sector

w to write to disk

sudo mkfs.ext4 -j -L nixos devsda1

Installation Outline

Make sure to name your disks; some configurations use some disk names by default.

nixos-generate-config --root /mnt

Edit mntetcnixos configuration.nix.

Uncomment:

  • localization for us
  • terminal font and keymap
  • timezone = AmericaNewYork, AmericaLos_Angeles, etc. These are defined somewhere on your system.

UEFI systems:

  • You must set the option boot.loader.systemd-boot.enable to true. nixos-generate-config should do this automatically for new configurations when booted in UEFI mode.
  • Look at options with boot.loader.efi and boot.loader.systemd as well.

To dual boot, supposedly boot.loader.grub.useOSProber can be set to true to add other OS to the grub

menu. This failed when I tried it (I may have accidentally damaged the partition table, though) but it might work for you.

You may have to manually start the SSH daemon:


      

Pro tips

  • If the configuration isn't running properly after successfully refreshing it,

you can use

 instead of 
       
 to use the new configuration
      

on the next boot but not enable it immediately. The

 utilities aside from 
       
 all come in handy when fixing a broken configuration.
      
  • Write your own script to wrap common Nix commands. The command-line utilities aren't great, but you can just wrap others to create your own! (Who in their right mind would provide so many different names for programs
    , 
            
    , 
            
     -- it's difficult to know which one to even query the 
             manpage for unless you're very familiar with Nix(OS) already.)
          

Future configuration ideas

[Adjust system volume based on context]

[Thunderbolt system utility; investigate if any issues arise]

[cool config trick for installing chrome extensions]

[set up software defined radio!]

Run programs in systemd cgroups (check out grahamc's config)

[this does some crazy things with subvolumes to automatically set up a btrfs system with nixos, including initial mounts]

Nix tools

[Swiss knife for updating nix packages.]

[SSH Completions for Nix]

[ssh plugin that lets you use zsh in nix-shell shell.]

[cleverca22/not-os: An operating system generator, based on NixOS, that, giv]

[Make a service abstraction layer · Issue #26067 · NixOS/nixpkgs]: Abstract over systemd

[dustinlacewell/dotfiles: Nix configuration for all my workstations and serv] workstation ux

[brainrape/nixform: define terraform infrastructure in nix]

[brainrape/nixos-tutorial: one hour, hands-on]

[Sander van der Burg's blog: Using Disnix as a simple and minimalistic depen]

[Building static Haskell binary with Nix on Linux · PatchGirl]

[Neuron 0.6 released: future-proof note-taking tool written in Haskell, Nix ]

[Searching and installing packages in NixOS - NixOS]

[stites/haskell.nix-niv]

[NixOS on ZFS - NixOS Wiki]

[Encrypted /boot on ZFS with NixOS]

[brainrape/nixform]

[Discovering Nix: Provisioning a static webserver with NixOps]

[Continuously Delivering this Blog with Nix, Hugo and CircleCI]

[configuring infra in nix]

[https://davedellacosta.com/posts/2019-03-29-why-nixos-is-hard-and-how-to-fix.html]

[https://github.com/dustinlacewell/dotfiles]

[https://github.com/nix-community/nixos-generators]image builders for nix

[https://github.com/nix-community/todomvc-nix:]canonical example for nix, works with or without flakes apparently.

[https://lemire.me/blog/2020/05/22/programming-inside-a-container/] programming inside of containers

[https://unix.stackexchange.com/questions/522822/different-methods-to-run-a-non-nixos-executable-on-nixos]

[https://github.com/NixOS/nixpkgs/issues/26067]making a nix service abstraction layer, abstracting over systemd to produce a more generic solution

[https://grahamc.com/blog/erase-your-darlings]

[https://gitlab.com/vdemeester/home]this seems like a config worth looking through!

[debugging a dynamic linking bug in a nix project]

[danielfullmer/robotnix: Build Android (AOSP) using Nix] {Mobile}

TODO [[https://www.reddit.com/r/haskell/comments/1ha5dd/rss_reader_written_in_haskell_and_urweb/][RSS reader written in Haskell and Ur/Web : haskell]]

Captured On: [2020-10-18 Sun 15:12]

const ua = event.request.headers.get('User-Agent');

if (url.pathname === '' && ua.match( \bNix\) != null) {

return new Response('', { status: 302, headers: { location:

 } });
       

}

Flake tips

Do not be afraid to use the --help flag! I've learned a lotfrom it.

  • Update a specific input:
    
          

do

Go

{ lib, buildGoModule, fetchFromGithub }:
# buildGoModule can be pulled in from the package
buildGoModule rec {
  pname = "mangadesk";
  version = "0.0.1";
  # fetch the derivation from wherever
  src = pkgs.fetchFromGitHub {
    owner = "darylhjd";
    repo = "mangadesk";
    rev = "v${version}";
    sha256 = "1kgb5k55fxjcf1829fkp7wyd162391am9zhfgl50a606rlsfsh7h";
  };
  # this is an intermediate sha256 that is spit out when the derivation fails, somehow. needs more work!
  # vendorSha256 = "1879j77k96684wi554rkjxydrj8g3hpp0kvxz03sd8dmwr3lh83j";
  subPackages = [ "." ];
  deleteVendor = true;
  runVend = true;

  meta = with lib; {
    homepage = "https://github.com/darylhjd/mangadesk";
    description = "Terminal client for MangaDex";
    license = licenses.mit;
    maintainers = with maintainers; [ jakeisnt ];
    platforms = platforms.linux ++ platforms.darwin;
  };
}
2022-11-15 336bf40
2022-11-08 3bcc510
2022-11-02 74192a0
2021-09-22 52a677b
2021-09-21 7732812
2021-08-19 87d9551
2021-05-19 618a3d0
2021-05-05 73a7cb9
2021-02-19 296696c
2021-02-18 f6c41ee
2021-02-17 2c88152
2021-02-16 ca1c927
2021-01-23 44b3d15
2021-01-20 dd0ae09
2021-01-19 4e62c15
2021-01-18 af0b1e0
2021-01-17 675fddc
2021-01-15 d1b02d2
2021-01-15 4cf5fb9
2021-01-15 cccf2d4
2021-01-15 5599273
2021-01-15 446991d
2021-01-14 598847e
2021-01-14 cd48d34
2021-01-12 cbfda85
2021-01-11 deee60f
2021-01-11 943726c
2021-01-10 a350239
2021-01-09 d7abfa8
2021-01-07 dd54fd9
2021-01-05 c564d7c
2021-01-04 5011ee3
2021-01-03 533c83e
2021-01-01 bf7d3da
2021-01-01 35e447d
2020-12-30 a72c477
2020-11-23 d83a5ed
2020-11-15 a0eccac