Nix is a functional package manager that isolates and sandboxes dependencies.
Tools
nixos-infect: install nixos over an existing os on digitalocean and other vps systems devshell: universally compatible nix-shell
Tutorials
Resources for learning more about the Nix ecosystem The de-facto introduction to NixOS Another great introduction to the Nix ecosystem. This has better overviews of technology like overlays than the official documentation. Using Nix to manage Emacs packages (Emacs). Rycee's configuration is a good start or source of inspiration for this. Why Nix: Cachix, niv and nix-build overview Set up a basic git server with NixOS Set up Nix with preconfigured SSH
Setting up GnuPG + Yubikey on NixOS for SSH authentication: Super useful article for getting GPG to function with a yubikey and all of that. Subkeys - Debian Wiki is another great guide for creating and managing these keys.
Nix shorts: Lots of quick and helpful Nix tips to check out.
- Building derivations at the Nix REPL
- Installing packages from files and derivation expressions
- Working with Nix shells
- Creating derivations
NixOps
An evaluation of and tutorial for Disnix and NixOps nixops-tutorial: development with NixOps Hydra (and nixops) manual nixops user guide
MacOS
Provisioning a Nix server from MacOS
Server
nixos router for the homelab – useful for learning to set everything up installing and configuring nixos on linode Running NixOS on a consumer NAS
Evaluation
Why NixOS?
- It's the simplest way to quickly iterate and try new programs. From `nix-shell` to `nix-env` to configuration options like `windowManager.xmonad.enable`, it's incredibly easy to swap parts of your system in very few lines of code. A lot of the grunt work has been done already to ensure that common configurations are perfectly functional and reproducible out of the box.
- It's trivial to revert the state of your system. All it takes is booting to a previous NixOS interation.
- Declaring SystemD services happens in one place and is incredibly simple! No more managing configuration files scattered throughout your computer - you can 'metaprogram' them in Nix and serialize the files out to disk. This applies to lots of other types of files, too; I use templates to manage color schemes for all of my applications, for example.
- It's incredibly simple to set up reproducible build environments for writing and running code, especially in sandboxes when you don't want to confuse your globally installed programs.
Building within Nix
Gemini Portal: An evaluation of building an operating system "underneath" Nix/OS; building bottom-up to provide some interface that adheres to the Nix project expectations and specifications. (It failed and this is an evaluation of why).
Nix vs. Docker
src src2 src3 (has good NixOps tutorial too) Nix vs Docker for local development
- Docker image is a snapshot of a machine that was assembled by running commands in a particular fashion
- Making changes to the machine introduces nondeterminism; shell commands typically fetch information from outside sources that aren't pinned, so they change over time, and the functionality of your container will change as time progresses. Builds in Nix when properly pinned will not diverge the same way other deployment systems do.
- There is no absolute guarantee that your Docker image produces the same image every rebuild
- Nix runs natively, while Docker requires a Linux virtual machine
- Nix can run as any user without particular privileges
Configs
- Wayland enabled
- Incredibly modular with thorough abstractions (in progress…)
- Robust configuration of many programs, including mail server
- Heavily inspires mine - I forked his
- Incredibly modular and allows for easy, opinionated program configuration
- Some basic modular support and great library utilities
- Consistent and comprehensive theme work
- ZFS with remote backups
- Wayland dedicated
- Start all programs in SystemD cgroups
- Erase systems on every boot
- Lots of home automation utility configuration; zigbee, home audio management, etc.
- Custom derivations for tons of obscure programs corresponding to the above
- Backup service infrastructure across multiple devices
- Wonky configuration for chromium, networking, VPNs, etc. Very thorough management of loads of different devices.
- Has pirate radio and torrent setups as well if you're into that
bqv:
- Makes substantial use of nix flakes, properly managing them as overlays
- Way over my head… come back to this later! I haven't fully looked through this one.
- A modular NixOS configuration system and language
- (How can I improve upon these ideas?)
- I haven't fully examined this one.
- I haven't fully examined this one either. Looks thorough, uses flakes and is constantly updated.
- Sourcehut-based CI configuration. Tons of good networking to inspire, plus a decent organization system. The system has IPFS, MacOS configuration, tons of default packages, and more. Could be used as a flake to install some of their packages; looks like it's compatible with NUR.
Installation
Good practices
- Create a separate partition for all of your nix derivations, /nix
- Label all of your disks so that `hardware-configuration.nix` is reproducible
initial installation
worth noting that what i found the most confusing was:
- user configuration
- vps specific, ensuring that i could remove the virtual disk (not delete it)
and log in as an unprivileged user without booting to the installation disk
partition
partition for space for nixos sudo fdisk /dev/sda new partition sector1 no selection for start of partition no selection for last sector w to write to disk
sudo mkfs.ext4 -j -L nixos /dev/sda1
Installation Outline
Make sure to name your disks; some configurations use some disk names by default.
nixos-generate-config –root /mnt
Edit /mnt/etc/nixos/configuration.nix.
Uncomment:
- localization for us
- terminal font and keymap
- timezone = America/NewYork, America/LosAngeles, etc. These are defined somewhere on your system.
UEFI systems:
- You must set the option boot.loader.systemd-boot.enable to true. nixos-generate-config should do this automatically for new configurations when booted in UEFI mode.
- Look at options with boot.loader.efi and boot.loader.systemd as well.
To dual boot, supposedly boot.loader.grub.useOSProber can be set to true to add other OS to the grub menu. This failed when I tried it (I may have accidentally damaged the partition table, though) but it might work for you.
You may have to manually start the SSH daemon: `sudo systemctl start sshd`
Pro tips
- If the configuration isn't running properly after successfully refreshing it, you can use `nixos-rebuild boot` instead of `… refresh` to use the new configuration on the next boot but not enable it immediately. The `nixos-rebuild` utilities aside from `switch` all come in handy when fixing a broken configuration.
- Write your own script to wrap common Nix commands. The command-line utilities aren't great, but you can just wrap others to create your own! (Who in their right mind would provide so many different names for programs `nixos-rebuild`, `nix-env`, `nix-shell` – it's difficult to know which one to even query the manpage for unless you're very familiar with Nix(OS) already.)
Future configuration ideas
Adjust system volume based on context Thunderbolt system utility; investigate if any issues arise cool config trick for installing chrome extensions set up software defined radio! Run programs in systemd cgroups (check out grahamc's config) this does some crazy things with subvolumes to automatically set up a btrfs system with nixos, including initial mounts
Nix tools
Swiss knife for updating nix packages. SSH Completions for Nix ssh plugin that lets you use zsh in nix-shell shell. cleverca22/not-os: An operating system generator, based on NixOS, that, giv Make a service abstraction layer · Issue #26067 · NixOS/nixpkgs: Abstract over systemd dustinlacewell/dotfiles: Nix configuration for all my workstations and serv workstation ux brainrape/nixform: define terraform infrastructure in nix brainrape/nixos-tutorial: one hour, hands-on Sander van der Burg's blog: Using Disnix as a simple and minimalistic depen Building static Haskell binary with Nix on Linux · PatchGirl Neuron 0.6 released: future-proof note-taking tool written in Haskell, Nix Searching and installing packages in NixOS - NixOS stites/haskell.nix-niv NixOS on ZFS - NixOS Wiki Encrypted /boot on ZFS with NixOS brainrape/nixform Discovering Nix: Provisioning a static webserver with NixOps Continuously Delivering this Blog with Nix, Hugo and CircleCI configuring infra in nix https://davedellacosta.com/posts/2019-03-29-why-nixos-is-hard-and-how-to-fix.html https://github.com/dustinlacewell/dotfiles https://github.com/nix-community/nixos-generators image builders for nix https://github.com/nix-community/todomvc-nix: canonical example for nix, works with or without flakes apparently. https://lemire.me/blog/2020/05/22/programming-inside-a-container/ programming inside of containers https://unix.stackexchange.com/questions/522822/different-methods-to-run-a-non-nixos-executable-on-nixos https://github.com/NixOS/nixpkgs/issues/26067 making a nix service abstraction layer, abstracting over systemd to produce a more generic solution https://grahamc.com/blog/erase-your-darlings https://gitlab.com/vdemeester/home this seems like a config worth looking through! debugging a dynamic linking bug in a nix project danielfullmer/robotnix: Build Android (AOSP) using Nix Mobile
TODO RSS reader written in Haskell and Ur/Web : haskell
Captured On: [2020-10-18 Sun 15:12]
Flake tips
Do not be afraid to use the –help flag! I've learned a lotfrom it.
- Update a specific input: `nix flake update –update-input spicetify-nix` do
Go
{ lib, buildGoModule, fetchFromGithub }:
# buildGoModule can be pulled in from the package
buildGoModule rec {
pname = "mangadesk";
version = "0.0.1";
# fetch the derivation from wherever
src = pkgs.fetchFromGitHub {
owner = "darylhjd";
repo = "mangadesk";
rev = "v${version}";
sha256 = "1kgb5k55fxjcf1829fkp7wyd162391am9zhfgl50a606rlsfsh7h";
};
# this is an intermediate sha256 that is spit out when the derivation fails, somehow. needs more work!
# vendorSha256 = "1879j77k96684wi554rkjxydrj8g3hpp0kvxz03sd8dmwr3lh83j";
subPackages = [ "." ];
deleteVendor = true;
runVend = true;
meta = with lib; {
homepage = "https://github.com/darylhjd/mangadesk";
description = "Terminal client for MangaDex";
license = licenses.mit;
maintainers = with maintainers; [ jakeisnt ];
platforms = platforms.linux ++ platforms.darwin;
};
}
void overlays for optimisation
Rationale: overlays end up creating additional copies of `nixpkgs` every time they're applied to `nixpkgs` and we retrieve a new package store. It's apparently currently impossible to understand what exactly this overlay has changed to create the new package set, so this new variable is declated as a new instance of nixpkgs being evaluted.
Instead, directly forward your inputs to your outputs, making sure that all dependencies follow nixpkgs, and declaring in flakes that they all follow the same nixpkgs deps.
- public document at doc.anagora.org/nix
- video call at meet.jit.si/nix
(none)
(none)
(none)