From 315a3e573bb11eb89aa95cef354c876843ed94ee Mon Sep 17 00:00:00 2001 From: Daniel Langbein Date: Mon, 20 Nov 2023 16:17:35 +0100 Subject: [PATCH] refactor and improve README --- NixOS.md | 252 +++++++++++++++++++++++++++++++++++++++++++++++++ README.md | 277 ++---------------------------------------------------- TODO.md | 19 ++++ 3 files changed, 279 insertions(+), 269 deletions(-) create mode 100644 NixOS.md create mode 100644 TODO.md diff --git a/NixOS.md b/NixOS.md new file mode 100644 index 0000000..dfd1768 --- /dev/null +++ b/NixOS.md @@ -0,0 +1,252 @@ +# NixOS + +This document contains general notes about NixOS that are independent of my NixOS configuration. + +## Misc + +* There is controversy about flakes, rather use channels (e.g. with niv) +* Prins, P., Suresh, J. and Dolstra, E., "Nix fixes dependency hell on all Linux distributions," [Archived](https://web.archive.org/web/20081226010942/http://www.linux.com/feature/155922) December 26, 2008, at the Wayback Machine linux.com, December 22, 2008 + +## Nix Pills + +* https://nixos.org/guides/nix-pills/pr01 + +It provides a tutorial introduction into the Nix package manager and Nixpkgs package collection, in the form of short +chapters called 'pills'. + +## Papers + +Papers about Nix: + +* The Purely Functional Software Deployment Model (2006). http://nixos.org/~eelco/pubs/phd-thesis.pdf, https://edolstra.github.io/pubs/phd-thesis.pdf, https://github.com/edolstra/edolstra.github.io/blob/master/pubs/phd-thesis.pdf + * May 2023: Some insights from the thesis in short form. https://jonathanlorimer.dev/posts/nix-thesis.html +* NixOS: A Purely Functional Linux Distribution (2008): https://github.com/edolstra/edolstra.github.io/blob/master/pubs/nixos-icfp2008-final.pdf, https://github.com/edolstra/edolstra.github.io/blob/master/pubs/nixos-jfp-final.pdf +* Nix: A Safe and Policy-Free System for Software Deployment (2004): https://edolstra.github.io/pubs/nspfssd-lisa2004-final.pdf + +## System information + +```shell +nix-info -m +``` +``` + - system: `"x86_64-linux"` + - host os: `Linux 6.1.51, NixOS, 23.05 (Stoat), 23.05.3242.da5adce0ffaf` + - multi-user?: `yes` + - sandbox: `yes` + - version: `nix-env (Nix) 2.13.5` + - channels(root): `"nixos-23.05"` + - nixpkgs: `/nix/var/nix/profiles/per-user/root/channels/nixos` +``` + +## Search for packages + +* https://search.nixos.org/packages?channel=23.05 + +## Search for options + +* https://search.nixos.org/options?channel=23.05 + * Or `man configuration.nix` +* https://mipmip.github.io/home-manager-option-search + * Or `man home-configuration.nix` + +## Search which package owns a file + +```shell +# Note how your shell prefix changes. +nix-shell -p nix-index +``` +```shell +# Either build the index manually (requires >12GB RAM): +nix-index +# Or download weekly build: +mkdir -p ~/.cache/nix-index/ && wget -q -N https://github.com/nix-community/nix-index-database/releases/latest/download/index-x86_64-linux -O ~/.cache/nix-index/files + +# Then search for a file +nix-locate --whole-name '/bash' +``` + +## List files of package + +* https://discourse.nixos.org/t/list-files-of-package/25830/2?u=langfingaz + +Example for `nano`: + +```shell +find $(nix-build '' -A nano --no-link) +``` + +Excerpt of the result: + +``` +/nix/store/jqvxmx65mfinbsm6db9kmcqmphl44xhp-nano-7.2/share/nano +/nix/store/jqvxmx65mfinbsm6db9kmcqmphl44xhp-nano-7.2/share/nano/asm.nanorc +/nix/store/jqvxmx65mfinbsm6db9kmcqmphl44xhp-nano-7.2/share/nano/autoconf.nanorc +``` + +## Compare two versions of NixOS system profile + +Get latest system profile. This is the profile (usually) being active after booting the system: + +```shell +ls -1 /nix/var/nix/profiles/ | sort -t'-' -n -k2 | tail -n 1 +#=> 120 +``` + +Compare current with previous profile: + +```shell +# https://stackoverflow.com/a/36641298 +prev="$(ls -1 /nix/var/nix/profiles/ | sort -t'-' -n -k2 | tail -n 2 | head -n 1)" +curr="$(ls -1 /nix/var/nix/profiles/ | sort -t'-' -n -k2 | tail -n 1)" +nix --extra-experimental-features nix-command store diff-closures /nix/var/nix/profiles/"${prev}" /nix/var/nix/profiles/"${curr}" +``` + +Compare two arbitrary system profiles: + +```shell +nix --extra-experimental-features nix-command store diff-closures /nix/var/nix/profiles/system-110-link /nix/var/nix/profiles/system-116-link +``` +``` +cpupower: 6.1.47 → 6.1.51 +element-desktop: 1.11.38 → 1.11.40, +2218.9 KiB +element-web: 1.11.38 → 1.11.40, -73.1 KiB +exempi: 2.6.3 → 2.6.4 +firefox: 116.0.3 → 117.0 +firefox-unwrapped: 116.0.3 → 117.0, -292.6 KiB +gnome-shell-extension-openweather: ∅ → 121, +590.5 KiB +hm_fontconfigconf.d10hmfonts.conf: ∅ → ε +initrd: ∅ → ε +initrd-linux: 6.1.47 → 6.1.51 +libcap: 2.68 → 2.69 +linux: 6.1.47, 6.1.47-modules → 6.1.51, 6.1.51-modules, -11.8 KiB +meld: ∅ → 3.22.0, +3858.5 KiB +net-snmp: 5.9.3 → 5.9.4 +nixos-system-yodaTab: 23.05.3085.2ab91c8d65c0 → 23.05.3242.da5adce0ffaf +openjdk: +19.5 KiB +python3.10-pygobject: +27.0 KiB +stage: ∅ → 1-init.sh, +29.5 KiB +tor-browser-bundle-bin: 12.5.2 → 12.5.3, +18.1 KiB +user: +2885.0 KiB +``` + +## NixOS configuration debugging + +* https://nixos.wiki/wiki/Nix_command/repl + +Evaluating parts of the configuration. + +First, start `nix repl`: + +```shell +nix repl --file '' -I nixos-config=hosts/$(hostname)/configuration.nix +``` + +Example: `config.home-manager` + +```shell +config.home-manager. +# Press `TAB` +#=> config.home-manager.backupFileExtension config.home-manager.useUserPackages +#=> config.home-manager.extraSpecialArgs config.home-manager.users +#=> config.home-manager.sharedModules config.home-manager.verbose +#=> config.home-manager.useGlobalPkgs +``` + +Example: The `home` variable: + +```shell +config.home-manager.users.yoda.home +``` + +Example: The value of one config option + +```shell +# The following option is set to `"${config.xdg.dataHome}/.histfile";` +# where `config` is the Home Manager configuration. + +config.home-manager.users.yoda.programs.zsh.history.path +#=> "/home/yoda/.local/share/.histfile" +``` + +## Show Nix configuration + +* https://nixos.org/manual/nix/stable/command-ref/new-cli/nix3-show-config.html + +```shell +nix --extra-experimental-features nix-command show-config +``` + +## Evaluate NixOS configuration to JSON + +See also section "NixOS Configuration Debugging"! + +* https://discourse.nixos.org/t/can-i-run-nix-instantiate-eval-strict-on-my-configuration-nix/7105/4 + +This evaluates `configuration.nix` (single module): + +```shell +NIXPKGS_ALLOW_UNFREE=1 nix-instantiate --strict --json --eval -E ' +import ./hosts/yodaTab/configuration.nix { + config = {}; + pkgs = import {}; + lib = import ; +} +' > evaluated-config.json +``` + +Then open `evaluated-config.json`. + +## Evaluate expressions + +* https://discourse.nixos.org/t/eval-nix-expression-from-the-command-line/8993/6 + +```shell +nix-instantiate --eval -E 'with import { }; vscode.version' +#=> "1.78.2" +``` + +Shell wrapper: + +```shell +nix-eval() { nix-instantiate --eval -E "with import {}; ${*}"; } +``` + +Examples: + +```shell +nix-eval 'vscode.version' +#=> "1.78.2" +nix-eval 'lib.forEach [ 1 2 ] (x: toString x)' +#=> [ "1" "2" ] +nix-eval 'lib.head [1 2]' +#=> 1 +nix-eval 'lib.head ( + lib.forEach [ 1 2 ] (x: toString x) +)' +#=> "1" +nix-eval 'lib.head ( + lib.forEach [ {a=1;} {a=2;} ] (x: x.a) +)' +#=> 1 +nix-eval 'lib.attrsets.mergeAttrsList [{a=1;} {b=2;}]' +#=> { a = 1; b = 2; } +nix-eval '{ a=1; }.b or 2' +#=> 2 +nix-eval '{ a=false; }.a or true' +#=> false +nix-eval '{ a=1; }?a' +#=> true +``` + +## Run AppImages + +* https://nixos.wiki/wiki/Appimage + +```shell +# Note how your shell prefix changes. +nix-shell -p appimage-run +``` +```shell +# Inside the shell, you can run an AppImage: +appimage-run ~/Downloads/ubports-installer_0.10.0_linux_x86_64.AppImage +``` \ No newline at end of file diff --git a/README.md b/README.md index ad1e49c..94a0ba2 100644 --- a/README.md +++ b/README.md @@ -1,46 +1,10 @@ -# NixOS +# nix-git -- [NixOS](#nixos) - - [NixOS installation](#nixos-installation) - - [Graphical installation](#graphical-installation) - - [Remote installation: disko and nixos-anywhere](#remote-installation-disko-and-nixos-anywhere) - - [ARM device: SD image for the Raspberry Pi 3B+](#arm-device-sd-image-for-the-raspberry-pi-3b) - - [ISO](#iso) - - [Default configuration](#default-configuration) - - [Apply modified configuration](#apply-modified-configuration) - - [ARM device: Vanilla UEFI boot loader for the Raspberry Pi 3B+](#arm-device-vanilla-uefi-boot-loader-for-the-raspberry-pi-3b) - - [Update, build and switch](#update-build-and-switch) - - [Update](#update) - - [Build and switch: Using Colmena](#build-and-switch-using-colmena) - - [Build and switch: Manually](#build-and-switch-manually) - - [Option I: Build new config and activate it:](#option-i-build-new-config-and-activate-it) - - [Option II: Build new config and activate it during next boot:](#option-ii-build-new-config-and-activate-it-during-next-boot) - - [Option III: Build config and view changes:](#option-iii-build-config-and-view-changes) - - [niv: Dependency management](#niv-dependency-management) - - [Add Home Manager with niv](#add-home-manager-with-niv) - - [Add NUR with niv](#add-nur-with-niv) - - [Colmena: Deployment and secret management](#colmena-deployment-and-secret-management) - - [BTRFS swap file](#btrfs-swap-file) - - [LUKS Parameters](#luks-parameters) - - [Automount encrypted drive](#automount-encrypted-drive) - - [Failed services](#failed-services) - - [Garbage collection](#garbage-collection) - - [Run AppImages](#run-appimages) - - [General Notes](#general-notes) - - [Nix Pills](#nix-pills) - - [Papers](#papers) - - [System information](#system-information) - - [Search for packages](#search-for-packages) - - [Search for options](#search-for-options) - - [Search wich package owns a file](#search-wich-package-owns-a-file) - - [List files of package](#list-files-of-package) - - [Compare two versions of NixOS system profile](#compare-two-versions-of-nixos-system-profile) - - [NixOS configuration debugging](#nixos-configuration-debugging) - - [Show Nix configuration](#show-nix-configuration) - - [Evaluate NixOS configuration to JSON](#evaluate-nixos-configuration-to-json) - - [References](#references) - - [TODOs](#todos) +This repository contains my NixOS configuration files with some guidance on how to use them. +See also: +- [TODO.md](./TODO.md) +- [NixOS.md](./NixOS.md) ## NixOS installation @@ -408,234 +372,9 @@ Remove leftover EFI entries of removed generations: sudo /run/current-system/bin/switch-to-configuration boot ``` -## Run AppImages - -* https://nixos.wiki/wiki/Appimage - -```shell -# Note how your shell prefix changes. -nix-shell -p appimage-run -``` -```shell -# Inside the shell, you can run an AppImage: -appimage-run ~/Downloads/ubports-installer_0.10.0_linux_x86_64.AppImage -``` - -## General Notes - -* There is controversy about flakes, rather use channels (e.g. with niv) -* Prins, P., Suresh, J. and Dolstra, E., "Nix fixes dependency hell on all Linux distributions," [Archived](https://web.archive.org/web/20081226010942/http://www.linux.com/feature/155922) December 26, 2008, at the Wayback Machine linux.com, December 22, 2008 - -### Nix Pills - -* https://nixos.org/guides/nix-pills/pr01 - -It provides a tutorial introduction into the Nix package manager and Nixpkgs package collection, in the form of short -chapters called 'pills'. - -### Papers - -Papers about Nix: - -* The Purely Functional Software Deployment Model (2006). http://nixos.org/~eelco/pubs/phd-thesis.pdf, https://edolstra.github.io/pubs/phd-thesis.pdf, https://github.com/edolstra/edolstra.github.io/blob/master/pubs/phd-thesis.pdf - * May 2023: Some insights from the thesis in short form. https://jonathanlorimer.dev/posts/nix-thesis.html -* NixOS: A Purely Functional Linux Distribution (2008): https://github.com/edolstra/edolstra.github.io/blob/master/pubs/nixos-icfp2008-final.pdf, https://github.com/edolstra/edolstra.github.io/blob/master/pubs/nixos-jfp-final.pdf -* Nix: A Safe and Policy-Free System for Software Deployment (2004): https://edolstra.github.io/pubs/nspfssd-lisa2004-final.pdf - -### System information - -```shell -nix-info -m -``` -``` - - system: `"x86_64-linux"` - - host os: `Linux 6.1.51, NixOS, 23.05 (Stoat), 23.05.3242.da5adce0ffaf` - - multi-user?: `yes` - - sandbox: `yes` - - version: `nix-env (Nix) 2.13.5` - - channels(root): `"nixos-23.05"` - - nixpkgs: `/nix/var/nix/profiles/per-user/root/channels/nixos` -``` - -### Search for packages - -* https://search.nixos.org/packages?channel=23.05 - -### Search for options - -* https://search.nixos.org/options?channel=23.05 - * Or `man configuration.nix` -* https://mipmip.github.io/home-manager-option-search - * Or `man home-configuration.nix` - -### Search which package owns a file - -```shell -# Note how your shell prefix changes. -nix-shell -p nix-index -``` -```shell -# Either build the index manually (requires >12GB RAM): -nix-index -# Or download weekly build: -mkdir -p ~/.cache/nix-index/ && wget -q -N https://github.com/nix-community/nix-index-database/releases/latest/download/index-x86_64-linux -O ~/.cache/nix-index/files - -# Then search for a file -nix-locate --whole-name '/bash' -``` - -### List files of package - -* https://discourse.nixos.org/t/list-files-of-package/25830/2?u=langfingaz - -Example for `nano`: - -```shell -find $(nix-build '' -A nano --no-link) -``` - -Excerpt of the result: - -``` -/nix/store/jqvxmx65mfinbsm6db9kmcqmphl44xhp-nano-7.2/share/nano -/nix/store/jqvxmx65mfinbsm6db9kmcqmphl44xhp-nano-7.2/share/nano/asm.nanorc -/nix/store/jqvxmx65mfinbsm6db9kmcqmphl44xhp-nano-7.2/share/nano/autoconf.nanorc -``` - -### Compare two versions of NixOS system profile - -Get latest system profile. This is the profile (usually) being active after booting the system: - -```shell -ls -1 /nix/var/nix/profiles/ | sort -t'-' -n -k2 | tail -n 1 -#=> 120 -``` - -Compare current with previous profile: - -```shell -# https://stackoverflow.com/a/36641298 -prev="$(ls -1 /nix/var/nix/profiles/ | sort -t'-' -n -k2 | tail -n 2 | head -n 1)" -curr="$(ls -1 /nix/var/nix/profiles/ | sort -t'-' -n -k2 | tail -n 1)" -nix --extra-experimental-features nix-command store diff-closures /nix/var/nix/profiles/"${prev}" /nix/var/nix/profiles/"${curr}" -``` - -Compare two arbitrary system profiles: - -```shell -nix --extra-experimental-features nix-command store diff-closures /nix/var/nix/profiles/system-110-link /nix/var/nix/profiles/system-116-link -``` -``` -cpupower: 6.1.47 → 6.1.51 -element-desktop: 1.11.38 → 1.11.40, +2218.9 KiB -element-web: 1.11.38 → 1.11.40, -73.1 KiB -exempi: 2.6.3 → 2.6.4 -firefox: 116.0.3 → 117.0 -firefox-unwrapped: 116.0.3 → 117.0, -292.6 KiB -gnome-shell-extension-openweather: ∅ → 121, +590.5 KiB -hm_fontconfigconf.d10hmfonts.conf: ∅ → ε -initrd: ∅ → ε -initrd-linux: 6.1.47 → 6.1.51 -libcap: 2.68 → 2.69 -linux: 6.1.47, 6.1.47-modules → 6.1.51, 6.1.51-modules, -11.8 KiB -meld: ∅ → 3.22.0, +3858.5 KiB -net-snmp: 5.9.3 → 5.9.4 -nixos-system-yodaTab: 23.05.3085.2ab91c8d65c0 → 23.05.3242.da5adce0ffaf -openjdk: +19.5 KiB -python3.10-pygobject: +27.0 KiB -stage: ∅ → 1-init.sh, +29.5 KiB -tor-browser-bundle-bin: 12.5.2 → 12.5.3, +18.1 KiB -user: +2885.0 KiB -``` - -### NixOS configuration debugging - -* https://nixos.wiki/wiki/Nix_command/repl - -Evaluating parts of the configuration. - -First, start `nix repl`: - -```shell -nix repl --file '' -I nixos-config=hosts/$(hostname)/configuration.nix -``` - -Example: `config.home-manager` - -```shell -config.home-manager. -# Press `TAB` -#=> config.home-manager.backupFileExtension config.home-manager.useUserPackages -#=> config.home-manager.extraSpecialArgs config.home-manager.users -#=> config.home-manager.sharedModules config.home-manager.verbose -#=> config.home-manager.useGlobalPkgs -``` - -Example: The `home` variable: - -```shell -config.home-manager.users.yoda.home -``` - -Example: The value of one config option - -```shell -# The following option is set to `"${config.xdg.dataHome}/.histfile";` -# where `config` is the Home Manager configuration. - -config.home-manager.users.yoda.programs.zsh.history.path -#=> "/home/yoda/.local/share/.histfile" -``` - -### Show Nix configuration - -* https://nixos.org/manual/nix/stable/command-ref/new-cli/nix3-show-config.html - -```shell -nix --extra-experimental-features nix-command show-config -``` - -### Evaluate NixOS configuration to JSON - -See also section "NixOS Configuration Debugging"! - -* https://discourse.nixos.org/t/can-i-run-nix-instantiate-eval-strict-on-my-configuration-nix/7105/4 - -This evaluates `configuration.nix` (single module): - -```shell -NIXPKGS_ALLOW_UNFREE=1 nix-instantiate --strict --json --eval -E ' -import ./hosts/yodaTab/configuration.nix { - config = {}; - pkgs = import {}; - lib = import ; -} -' > evaluated-config.json -``` - -Then open `evaluated-config.json`. - -### References +## References Some references to websites that helped me create this repository: -* https://github.com/Misterio77/nix-starter-configs -* https://github.com/mikeroyal/NixOS-Guide#getting-started - -## TODOs - -* Nitrokey LUKS unlock - * Yubikey LUKS: https://nixos.wiki/wiki/Yubikey_based_Full_Disk_Encryption_(FDE)_on_NixOS - * Yubikey LUKS: https://github.com/georgewhewell/nixos-host/blob/master/profiles/luks-yubi.nix - * Old wiki entry, initramfs smartcard LUKS unlock: https://wiki.ubuntu.com/SmartCardLUKSDiskEncryption#SmartCard_Setup -* Nitrokey PAM log-in - * https://docs.nitrokey.com/pro/linux/login-with-pam - * You have two options: `pam_p11` or `PAM Poldi`. - * The solution with pam_p11 is more difficult to achieve and is based on S/MIME certificates. - * I could not find pam-poldi for NixOS :/ - -* Impermanence, opt-in to persistence: - https://github.com/Misterio77/nix-starter-configs/tree/main#try-opt-in-persistance -* nix-shell / lorri - * https://ghedam.at/15978/an-introduction-to-nix-shell - * docker-compose.yml for services and nix-shell to run the code +* Simple NixOS flake template for NixOS with HomeManager. https://github.com/Misterio77/nix-starter-configs#readme +* NixOS guide (development enviroment, gaming, etc). https://github.com/mikeroyal/NixOS-Guide#table-of-contents diff --git a/TODO.md b/TODO.md new file mode 100644 index 0000000..d897746 --- /dev/null +++ b/TODO.md @@ -0,0 +1,19 @@ +# TODOs + +This document contains ideas about possible extensions or improvements of my NixOS configuration. + +* Nitrokey LUKS unlock + * Yubikey LUKS: https://nixos.wiki/wiki/Yubikey_based_Full_Disk_Encryption_(FDE)_on_NixOS + * Yubikey LUKS: https://github.com/georgewhewell/nixos-host/blob/master/profiles/luks-yubi.nix + * Old wiki entry, initramfs smartcard LUKS unlock: https://wiki.ubuntu.com/SmartCardLUKSDiskEncryption#SmartCard_Setup +* Nitrokey PAM log-in + * https://docs.nitrokey.com/pro/linux/login-with-pam + * You have two options: `pam_p11` or `PAM Poldi`. + * The solution with pam_p11 is more difficult to achieve and is based on S/MIME certificates. + * I could not find pam-poldi for NixOS :/ + +* Impermanence, opt-in to persistence: + https://github.com/Misterio77/nix-starter-configs/tree/main#try-opt-in-persistance +* nix-shell / lorri + * https://ghedam.at/15978/an-introduction-to-nix-shell + * docker-compose.yml for services and nix-shell to run the code