Nix is a functional package manager that isolates and sandboxesdependencies.


nixos-infect: install nixosover an existing os on digitalocean and other vps systemsdevshell: universally compatiblenix-shell


Resources for learning more about the Nix ecosystemThe de-facto introduction toNixOS Another greatintroduction to the Nix ecosystem. This hasbetter overviews of technology like overlays than the officialdocumentation. Using Nix to manage Emacspackages(Emacs). Rycee'sconfigurationis a good start or source of inspiration for this. Why Nix: Cachix, nivand nix-buildoverviewSet up a basic git server withNixOSSet up Nix with preconfiguredSSH

Setting up GnuPG + Yubikey on NixOS for SSHauthentication:Super useful article for getting GPG to function with a yubikey and allof that. Subkeys - DebianWiki isanother great guide for creating and managing these keys.

Nix shorts: Lots of quick andhelpful Nix tips to check out.

  • Building derivations at the Nix REPL
  • Installing packages from files and derivation expressions
  • Working with Nix shells
  • Creating derivations


An evaluation of and tutorial for Disnix andNixOpsnixops-tutorial: developmentwith NixOps Hydra (and nixops)manualnixops userguide


Provisioning a Nix server fromMacOS


nixos router for thehomelab –useful for learning to set everything up installing and configuringnixos onlinodeRunning NixOS on a consumerNAS


Why NixOS?

srcsrc2what isnix?

  • It's the simplest way to quickly iterate and try new programs. From\`nix-shell\` to \`nix-env\` to configuration options like\`windowManager.xmonad.enable\`, it's incredibly easy to swap parts ofyour system in very few lines of code. A lot of the grunt work hasbeen done already to ensure that common configurations are perfectlyfunctional and reproducible out of the box.
  • It's trivial to revert the state of your system. All it takes isbooting to a previous NixOS interation.
  • Declaring SystemD services happens in one place and is incrediblysimple! No more managing configuration files scattered throughout yourcomputer - you can 'metaprogram' them in Nix and serialize the filesout to disk. This applies to lots of other types of files, too; I usetemplates to manage color schemes for all of my applications, forexample.
  • It's incredibly simple to set up reproducible build environments forwriting and running code, especially in sandboxes when you don't wantto confuse your globally installed programs.

Building within Nix

GeminiPortal:An evaluation of building an operating system "underneath" Nix/OS;building bottom-up to provide some interface that adheres to the Nixproject expectations and specifications. (It failed and this is anevaluation of why).

Nix vs. Docker

srcsrc2src3 (has good NixOps tutorialtoo)Nix vs Docker for localdevelopment

  • Docker image is a snapshot of a machine that was assembled by runningcommands in a particular fashion
  • Making changes to the machine introduces nondeterminism; shellcommands typically fetch information from outside sources that aren'tpinned, so they change over time, and the functionality of yourcontainer will change as time progresses. Builds in Nix when properlypinned will not diverge the same way other deployment systems do.
  • There is no absolute guarantee that your Docker image produces thesame image every rebuild
  • Nix runs natively, while Docker requires a Linux virtual machine
  • Nix can run as any user without particular privileges


My personal configuration:

  • Wayland enabled
  • Incredibly modular with thorough abstractions (in progress…)
  • Robust configuration of many programs, including mail server

hlissner's config

  • Heavily inspires mine - I forked his
  • Incredibly modular and allows for easy, opinionated programconfiguration
  • Some basic modular support and great library utilities
  • Consistent and comprehensive theme work

Graham's NixOS config:

  • ZFS with remote backups
  • Wayland dedicated
  • Start all programs in SystemD cgroups
  • Erase systems on every boot

bjornfor config:

  • Lots of home automation utility configuration; zigbee, home audiomanagement, etc.
  • Custom derivations for tons of obscure programs corresponding to theabove
  • Backup service infrastructure across multiple devices
  • Wonky configuration for chromium, networking, VPNs, etc. Very thoroughmanagement of loads of different devices.
  • Has pirate radio and torrent setups as well if you're into that


  • Makes substantial use of nix flakes, properly managing them asoverlays
  • Way over my head… come back to this later! I haven't fully lookedthrough this one.

Soxin andcfg:

  • A modular NixOS configuration system and language
  • (How can I improve upon these ideas?)
  • I haven't fully examined this one.


  • I haven't fully examined this one either. Looks thorough, uses flakesand is constantly updated.


  • Sourcehut-based CI configuration. Tons of good networking to inspire,plus a decent organization system. The system has IPFS, MacOSconfiguration, tons of default packages, and more. Could be used as aflake to install some of their packages; looks like it's compatiblewith NUR.


Good practices

  • Create a separate partition for all of your nix derivations, /nix
  • Label all of your disks so that \`hardware-configuration.nix\` isreproducible

initial installation

worth noting that what i found the most confusing was:

  • user configuration
  • vps specific, ensuring that i could remove the virtual disk (notdelete it)

and log in as an unprivileged user without booting to the installationdisk


partition for space for nixos sudo fdisk /dev/sda new partition sector1no selection for start of partition no selection for last sector w towrite to disk

sudo mkfs.ext4 -j -L nixos /dev/sda1

Installation Outline

Make sure to name your disks; some configurations use some disk names bydefault.

nixos-generate-config –root /mnt

Edit /mnt/etc/nixos/configuration.nix.


  • localization for us
  • terminal font and keymap
  • timezone = America/NewYork, America/LosAngeles, etc. Theseare defined somewhere on your system.

UEFI systems:

  • You must set the option boot.loader.systemd-boot.enable to true.nixos-generate-config should do this automatically for newconfigurations when booted in UEFI mode.
  • Look at options with boot.loader.efi and boot.loader.systemd as well.

To dual boot, supposedly boot.loader.grub.useOSProber can be set to trueto add other OS to the grub menu. This failed when I tried it (I mayhave accidentally damaged the partition table, though) but it might workfor you.

You may have to manually start the SSH daemon: \`sudo systemctl startsshd\`

Pro tips

  • If the configuration isn't running properly after successfullyrefreshing it, you can use \`nixos-rebuild boot\` instead of \`…refresh\` to use the new configuration on the next boot but not enableit immediately. The \`nixos-rebuild\` utilities aside from \`switch\`all come in handy when fixing a broken configuration.
  • Write your own script to wrap common Nix commands. The command-lineutilities aren't great, but you can just wrap others to create yourown! (Who in their right mind would provide so many different namesfor programs \`nixos-rebuild\`, \`nix-env\`, \`nix-shell\` – it'sdifficult to know which one to even query the manpage for unlessyou're very familiar with Nix(OS) already.)

Future configuration ideas

Adjust system volume based oncontextThunderbolt system utility; investigate if any issuesarisecool config trick for installing chromeextensionsset up software definedradio!Run programs in systemd cgroups (check out grahamc's config) this doessome crazy things with subvolumes to automatically set up a btrfs systemwith nixos, including initialmounts

Nix tools

Swiss knife for updating nixpackages. SSH Completions forNix ssh plugin thatlets you use zsh in nix-shellshell. cleverca22/not-os: Anoperating system generator, based on NixOS, that,giv Make a service abstractionlayer · Issue \#26067 ·NixOS/nixpkgs: Abstractover systemd dustinlacewell/dotfiles: Nix configuration for all myworkstations and servworkstation ux brainrape/nixform: define terraform infrastructure innix brainrape/nixos-tutorial:one hour, hands-on Sandervan der Burg 's blog: Using Disnix as a simple and minimalisticdepenBuilding static Haskell binary with Nix on Linux ·PatchGirlNeuron 0.6 released: future-proof note-taking tool written in Haskell,NixSearching and installing packages in NixOS -NixOSstites/haskell.nix-nivNixOS on ZFS - NixOS WikiEncrypted /boot on ZFS withNixOSbrainrape/nixform DiscoveringNix: Provisioning a static webserver withNixOpsContinuously Delivering this Blog with Nix, Hugo andCircleCIconfiguring infra innix image builders fornix canonical examplefor nix, works with or without flakes apparently. inside of containers making a nix serviceabstraction layer, abstracting over systemd to produce a more genericsolution this seems like a config worthlooking through! debugging a dynamic linking bug in a nixprojectdanielfullmer/robotnix: Build Android (AOSP) usingNixMobile

TODO RSS reader written in Haskell and Ur/Web : haskell

Captured On: \[2020-10-18 Sun 15:12\]

Flake tips

Do not be afraid to use the –help flag! I've learned a lotfrom it.

  • Update a specific input: \`nix flake update –update-inputspicetify-nix\` do


{ lib, buildGoModule, fetchFromGithub }:
# buildGoModule can be pulled in from the package
buildGoModule rec {
  pname = "mangadesk";
  version = "0.0.1";
  # fetch the derivation from wherever
  src = pkgs.fetchFromGitHub {
    owner = "darylhjd";
    repo = "mangadesk";
    rev = "v${version}";
    sha256 = "1kgb5k55fxjcf1829fkp7wyd162391am9zhfgl50a606rlsfsh7h";
  # this is an intermediate sha256 that is spit out when the derivation fails, somehow. needs more work!
  # vendorSha256 = "1879j77k96684wi554rkjxydrj8g3hpp0kvxz03sd8dmwr3lh83j";
  subPackages = [ "." ];
  deleteVendor = true;
  runVend = true;

  meta = with lib; {
    homepage = "";
    description = "Terminal client for MangaDex";
    license =;
    maintainers = with maintainers; [ jakeisnt ];
    platforms = platforms.linux ++ platforms.darwin;

void overlays for optimisation

Rationale:overlays end up creating additional copies of \`nixpkgs\` every timethey're applied to \`nixpkgs\` and we retrieve a new package store. It'sapparently currently impossible to understand what exactly this overlayhas changed to create the new package set, so this new variable isdeclated as a new instance of nixpkgs being evaluted.

Instead, directly forward your inputs to your outputs, making sure thatall dependencies follow nixpkgs, and declaring in flakes that they allfollow the same nixpkgs deps.