Mirror/nix-git
Mirror/nix-git
1
0
Fork 0
mirror of https://codeberg.org/privacy1st/nix-git synced 2024-11-23 22:19:33 +01:00
Code Issues Packages Projects Releases Wiki Activity

refactor and improve README

Browse Source
This commit is contained in:
Daniel Langbein 2023-11-20 16:17:35 +01:00
parent 34c3d8e964
commit 315a3e573b
Signed by: langfingaz
GPG Key ID: 6C47C753F0823002
3 changed files with 279 additions and 269 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

252
NixOS.md Normal file
View File

@ -0,0 +1,252 @@
# NixOS
This document contains general notes about NixOS that are independent of my NixOS configuration.
## Misc
* There is controversy about flakes, rather use channels (e.g. with niv)
* Prins, P., Suresh, J. and Dolstra, E., "Nix fixes dependency hell on all Linux distributions," [Archived](https://web.archive.org/web/20081226010942/http://www.linux.com/feature/155922) December 26, 2008, at the Wayback Machine linux.com, December 22, 2008
## Nix Pills
* https://nixos.org/guides/nix-pills/pr01
It provides a tutorial introduction into the Nix package manager and Nixpkgs package collection, in the form of short
chapters called 'pills'.
## Papers
Papers about Nix:
* The Purely Functional Software Deployment Model (2006). http://nixos.org/~eelco/pubs/phd-thesis.pdf, https://edolstra.github.io/pubs/phd-thesis.pdf, https://github.com/edolstra/edolstra.github.io/blob/master/pubs/phd-thesis.pdf
* May 2023: Some insights from the thesis in short form. https://jonathanlorimer.dev/posts/nix-thesis.html
* NixOS: A Purely Functional Linux Distribution (2008): https://github.com/edolstra/edolstra.github.io/blob/master/pubs/nixos-icfp2008-final.pdf, https://github.com/edolstra/edolstra.github.io/blob/master/pubs/nixos-jfp-final.pdf
* Nix: A Safe and Policy-Free System for Software Deployment (2004): https://edolstra.github.io/pubs/nspfssd-lisa2004-final.pdf
## System information
```shell
nix-info -m
```
```
- system: `"x86_64-linux"`
- host os: `Linux 6.1.51, NixOS, 23.05 (Stoat), 23.05.3242.da5adce0ffaf`
- multi-user?: `yes`
- sandbox: `yes`
- version: `nix-env (Nix) 2.13.5`
- channels(root): `"nixos-23.05"`
- nixpkgs: `/nix/var/nix/profiles/per-user/root/channels/nixos`
```
## Search for packages
* https://search.nixos.org/packages?channel=23.05
## Search for options
* https://search.nixos.org/options?channel=23.05
* Or `man configuration.nix`
* https://mipmip.github.io/home-manager-option-search
* Or `man home-configuration.nix`
## Search which package owns a file
```shell
# Note how your shell prefix changes.
nix-shell -p nix-index
```
```shell
# Either build the index manually (requires >12GB RAM):
nix-index
# Or download weekly build:
mkdir -p ~/.cache/nix-index/ && wget -q -N https://github.com/nix-community/nix-index-database/releases/latest/download/index-x86_64-linux -O ~/.cache/nix-index/files
# Then search for a file
nix-locate --whole-name '/bash'
```
## List files of package
* https://discourse.nixos.org/t/list-files-of-package/25830/2?u=langfingaz
Example for `nano`:
```shell
find $(nix-build '<nixpkgs>' -A nano --no-link)
```
Excerpt of the result:
```
/nix/store/jqvxmx65mfinbsm6db9kmcqmphl44xhp-nano-7.2/share/nano
/nix/store/jqvxmx65mfinbsm6db9kmcqmphl44xhp-nano-7.2/share/nano/asm.nanorc
/nix/store/jqvxmx65mfinbsm6db9kmcqmphl44xhp-nano-7.2/share/nano/autoconf.nanorc
```
## Compare two versions of NixOS system profile
Get latest system profile. This is the profile (usually) being active after booting the system:
```shell
ls -1 /nix/var/nix/profiles/ | sort -t'-' -n -k2 | tail -n 1
#=> 120
```
Compare current with previous profile:
```shell
# https://stackoverflow.com/a/36641298
prev="$(ls -1 /nix/var/nix/profiles/ | sort -t'-' -n -k2 | tail -n 2 | head -n 1)"
curr="$(ls -1 /nix/var/nix/profiles/ | sort -t'-' -n -k2 | tail -n 1)"
nix --extra-experimental-features nix-command store diff-closures /nix/var/nix/profiles/"${prev}" /nix/var/nix/profiles/"${curr}"
```
Compare two arbitrary system profiles:
```shell
nix --extra-experimental-features nix-command store diff-closures /nix/var/nix/profiles/system-110-link /nix/var/nix/profiles/system-116-link
```
```
cpupower: 6.1.47 → 6.1.51
element-desktop: 1.11.38 → 1.11.40, +2218.9 KiB
element-web: 1.11.38 → 1.11.40, -73.1 KiB
exempi: 2.6.3 → 2.6.4
firefox: 116.0.3 → 117.0
firefox-unwrapped: 116.0.3 → 117.0, -292.6 KiB
gnome-shell-extension-openweather: ∅ → 121, +590.5 KiB
hm_fontconfigconf.d10hmfonts.conf: ∅ → ε
initrd: ∅ → ε
initrd-linux: 6.1.47 → 6.1.51
libcap: 2.68 → 2.69
linux: 6.1.47, 6.1.47-modules → 6.1.51, 6.1.51-modules, -11.8 KiB
meld: ∅ → 3.22.0, +3858.5 KiB
net-snmp: 5.9.3 → 5.9.4
nixos-system-yodaTab: 23.05.3085.2ab91c8d65c0 → 23.05.3242.da5adce0ffaf
openjdk: +19.5 KiB
python3.10-pygobject: +27.0 KiB
stage: ∅ → 1-init.sh, +29.5 KiB
tor-browser-bundle-bin: 12.5.2 → 12.5.3, +18.1 KiB
user: +2885.0 KiB
```
## NixOS configuration debugging
* https://nixos.wiki/wiki/Nix_command/repl
Evaluating parts of the configuration.
First, start `nix repl`:
```shell
nix repl --file '<nixpkgs/nixos>' -I nixos-config=hosts/$(hostname)/configuration.nix
```
Example: `config.home-manager`
```shell
config.home-manager.
# Press `TAB`
#=> config.home-manager.backupFileExtension config.home-manager.useUserPackages
#=> config.home-manager.extraSpecialArgs config.home-manager.users
#=> config.home-manager.sharedModules config.home-manager.verbose
#=> config.home-manager.useGlobalPkgs
```
Example: The `home` variable:
```shell
config.home-manager.users.yoda.home
```
Example: The value of one config option
```shell
# The following option is set to `"${config.xdg.dataHome}/.histfile";`
# where `config` is the Home Manager configuration.
config.home-manager.users.yoda.programs.zsh.history.path
#=> "/home/yoda/.local/share/.histfile"
```
## Show Nix configuration
* https://nixos.org/manual/nix/stable/command-ref/new-cli/nix3-show-config.html
```shell
nix --extra-experimental-features nix-command show-config
```
## Evaluate NixOS configuration to JSON
See also section "NixOS Configuration Debugging"!
* https://discourse.nixos.org/t/can-i-run-nix-instantiate-eval-strict-on-my-configuration-nix/7105/4
This evaluates `configuration.nix` (single module):
```shell
NIXPKGS_ALLOW_UNFREE=1 nix-instantiate --strict --json --eval -E '
import ./hosts/yodaTab/configuration.nix {
config = {};
pkgs = import <nixpkgs> {};
lib = import <nixpkgs/lib>;
}
' > evaluated-config.json
```
Then open `evaluated-config.json`.
## Evaluate expressions
* https://discourse.nixos.org/t/eval-nix-expression-from-the-command-line/8993/6
```shell
nix-instantiate --eval -E 'with import <nixpkgs> { }; vscode.version'
#=> "1.78.2"
```
Shell wrapper:
```shell
nix-eval() { nix-instantiate --eval -E "with import <nixpkgs> {}; ${*}"; }
```
Examples:
```shell
nix-eval 'vscode.version'
#=> "1.78.2"
nix-eval 'lib.forEach [ 1 2 ] (x: toString x)'
#=> [ "1" "2" ]
nix-eval 'lib.head [1 2]'
#=> 1
nix-eval 'lib.head (
lib.forEach [ 1 2 ] (x: toString x)
)'
#=> "1"
nix-eval 'lib.head (
lib.forEach [ {a=1;} {a=2;} ] (x: x.a)
)'
#=> 1
nix-eval 'lib.attrsets.mergeAttrsList [{a=1;} {b=2;}]'
#=> { a = 1; b = 2; }
nix-eval '{ a=1; }.b or 2'
#=> 2
nix-eval '{ a=false; }.a or true'
#=> false
nix-eval '{ a=1; }?a'
#=> true
```
## Run AppImages
* https://nixos.wiki/wiki/Appimage
```shell
# Note how your shell prefix changes.
nix-shell -p appimage-run
```
```shell
# Inside the shell, you can run an AppImage:
appimage-run ~/Downloads/ubports-installer_0.10.0_linux_x86_64.AppImage
```

277
README.md
View File

@ -1,46 +1,10 @@
# NixOS # nix-git
- [NixOS](#nixos) This repository contains my NixOS configuration files with some guidance on how to use them.
- [NixOS installation](#nixos-installation)
- [Graphical installation](#graphical-installation)
- [Remote installation: disko and nixos-anywhere](#remote-installation-disko-and-nixos-anywhere)
- [ARM device: SD image for the Raspberry Pi 3B+](#arm-device-sd-image-for-the-raspberry-pi-3b)
- [ISO](#iso)
- [Default configuration](#default-configuration)
- [Apply modified configuration](#apply-modified-configuration)
- [ARM device: Vanilla UEFI boot loader for the Raspberry Pi 3B+](#arm-device-vanilla-uefi-boot-loader-for-the-raspberry-pi-3b)
- [Update, build and switch](#update-build-and-switch)
- [Update](#update)
- [Build and switch: Using Colmena](#build-and-switch-using-colmena)
- [Build and switch: Manually](#build-and-switch-manually)
- [Option I: Build new config and activate it:](#option-i-build-new-config-and-activate-it)
- [Option II: Build new config and activate it during next boot:](#option-ii-build-new-config-and-activate-it-during-next-boot)
- [Option III: Build config and view changes:](#option-iii-build-config-and-view-changes)
- [niv: Dependency management](#niv-dependency-management)
- [Add Home Manager with niv](#add-home-manager-with-niv)
- [Add NUR with niv](#add-nur-with-niv)
- [Colmena: Deployment and secret management](#colmena-deployment-and-secret-management)
- [BTRFS swap file](#btrfs-swap-file)
- [LUKS Parameters](#luks-parameters)
- [Automount encrypted drive](#automount-encrypted-drive)
- [Failed services](#failed-services)
- [Garbage collection](#garbage-collection)
- [Run AppImages](#run-appimages)
- [General Notes](#general-notes)
- [Nix Pills](#nix-pills)
- [Papers](#papers)
- [System information](#system-information)
- [Search for packages](#search-for-packages)
- [Search for options](#search-for-options)
- [Search wich package owns a file](#search-wich-package-owns-a-file)
- [List files of package](#list-files-of-package)
- [Compare two versions of NixOS system profile](#compare-two-versions-of-nixos-system-profile)
- [NixOS configuration debugging](#nixos-configuration-debugging)
- [Show Nix configuration](#show-nix-configuration)
- [Evaluate NixOS configuration to JSON](#evaluate-nixos-configuration-to-json)
- [References](#references)
- [TODOs](#todos)
See also:
- [TODO.md](./TODO.md)
- [NixOS.md](./NixOS.md)
## NixOS installation ## NixOS installation
@ -408,234 +372,9 @@ Remove leftover EFI entries of removed generations:
sudo /run/current-system/bin/switch-to-configuration boot sudo /run/current-system/bin/switch-to-configuration boot
``` ```
## Run AppImages ## References
* https://nixos.wiki/wiki/Appimage
```shell
# Note how your shell prefix changes.
nix-shell -p appimage-run
```
```shell
# Inside the shell, you can run an AppImage:
appimage-run ~/Downloads/ubports-installer_0.10.0_linux_x86_64.AppImage
```
## General Notes
* There is controversy about flakes, rather use channels (e.g. with niv)
* Prins, P., Suresh, J. and Dolstra, E., "Nix fixes dependency hell on all Linux distributions," [Archived](https://web.archive.org/web/20081226010942/http://www.linux.com/feature/155922) December 26, 2008, at the Wayback Machine linux.com, December 22, 2008
### Nix Pills
* https://nixos.org/guides/nix-pills/pr01
It provides a tutorial introduction into the Nix package manager and Nixpkgs package collection, in the form of short
chapters called 'pills'.
### Papers
Papers about Nix:
* The Purely Functional Software Deployment Model (2006). http://nixos.org/~eelco/pubs/phd-thesis.pdf, https://edolstra.github.io/pubs/phd-thesis.pdf, https://github.com/edolstra/edolstra.github.io/blob/master/pubs/phd-thesis.pdf
* May 2023: Some insights from the thesis in short form. https://jonathanlorimer.dev/posts/nix-thesis.html
* NixOS: A Purely Functional Linux Distribution (2008): https://github.com/edolstra/edolstra.github.io/blob/master/pubs/nixos-icfp2008-final.pdf, https://github.com/edolstra/edolstra.github.io/blob/master/pubs/nixos-jfp-final.pdf
* Nix: A Safe and Policy-Free System for Software Deployment (2004): https://edolstra.github.io/pubs/nspfssd-lisa2004-final.pdf
### System information
```shell
nix-info -m
```
```
- system: `"x86_64-linux"`
- host os: `Linux 6.1.51, NixOS, 23.05 (Stoat), 23.05.3242.da5adce0ffaf`
- multi-user?: `yes`
- sandbox: `yes`
- version: `nix-env (Nix) 2.13.5`
- channels(root): `"nixos-23.05"`
- nixpkgs: `/nix/var/nix/profiles/per-user/root/channels/nixos`
```
### Search for packages
* https://search.nixos.org/packages?channel=23.05
### Search for options
* https://search.nixos.org/options?channel=23.05
* Or `man configuration.nix`
* https://mipmip.github.io/home-manager-option-search
* Or `man home-configuration.nix`
### Search which package owns a file
```shell
# Note how your shell prefix changes.
nix-shell -p nix-index
```
```shell
# Either build the index manually (requires >12GB RAM):
nix-index
# Or download weekly build:
mkdir -p ~/.cache/nix-index/ && wget -q -N https://github.com/nix-community/nix-index-database/releases/latest/download/index-x86_64-linux -O ~/.cache/nix-index/files
# Then search for a file
nix-locate --whole-name '/bash'
```
### List files of package
* https://discourse.nixos.org/t/list-files-of-package/25830/2?u=langfingaz
Example for `nano`:
```shell
find $(nix-build '<nixpkgs>' -A nano --no-link)
```
Excerpt of the result:
```
/nix/store/jqvxmx65mfinbsm6db9kmcqmphl44xhp-nano-7.2/share/nano
/nix/store/jqvxmx65mfinbsm6db9kmcqmphl44xhp-nano-7.2/share/nano/asm.nanorc
/nix/store/jqvxmx65mfinbsm6db9kmcqmphl44xhp-nano-7.2/share/nano/autoconf.nanorc
```
### Compare two versions of NixOS system profile
Get latest system profile. This is the profile (usually) being active after booting the system:
```shell
ls -1 /nix/var/nix/profiles/ | sort -t'-' -n -k2 | tail -n 1
#=> 120
```
Compare current with previous profile:
```shell
# https://stackoverflow.com/a/36641298
prev="$(ls -1 /nix/var/nix/profiles/ | sort -t'-' -n -k2 | tail -n 2 | head -n 1)"
curr="$(ls -1 /nix/var/nix/profiles/ | sort -t'-' -n -k2 | tail -n 1)"
nix --extra-experimental-features nix-command store diff-closures /nix/var/nix/profiles/"${prev}" /nix/var/nix/profiles/"${curr}"
```
Compare two arbitrary system profiles:
```shell
nix --extra-experimental-features nix-command store diff-closures /nix/var/nix/profiles/system-110-link /nix/var/nix/profiles/system-116-link
```
```
cpupower: 6.1.47 → 6.1.51
element-desktop: 1.11.38 → 1.11.40, +2218.9 KiB
element-web: 1.11.38 → 1.11.40, -73.1 KiB
exempi: 2.6.3 → 2.6.4
firefox: 116.0.3 → 117.0
firefox-unwrapped: 116.0.3 → 117.0, -292.6 KiB
gnome-shell-extension-openweather: ∅ → 121, +590.5 KiB
hm_fontconfigconf.d10hmfonts.conf: ∅ → ε
initrd: ∅ → ε
initrd-linux: 6.1.47 → 6.1.51
libcap: 2.68 → 2.69
linux: 6.1.47, 6.1.47-modules → 6.1.51, 6.1.51-modules, -11.8 KiB
meld: ∅ → 3.22.0, +3858.5 KiB
net-snmp: 5.9.3 → 5.9.4
nixos-system-yodaTab: 23.05.3085.2ab91c8d65c0 → 23.05.3242.da5adce0ffaf
openjdk: +19.5 KiB
python3.10-pygobject: +27.0 KiB
stage: ∅ → 1-init.sh, +29.5 KiB
tor-browser-bundle-bin: 12.5.2 → 12.5.3, +18.1 KiB
user: +2885.0 KiB
```
### NixOS configuration debugging
* https://nixos.wiki/wiki/Nix_command/repl
Evaluating parts of the configuration.
First, start `nix repl`:
```shell
nix repl --file '<nixpkgs/nixos>' -I nixos-config=hosts/$(hostname)/configuration.nix
```
Example: `config.home-manager`
```shell
config.home-manager.
# Press `TAB`
#=> config.home-manager.backupFileExtension config.home-manager.useUserPackages
#=> config.home-manager.extraSpecialArgs config.home-manager.users
#=> config.home-manager.sharedModules config.home-manager.verbose
#=> config.home-manager.useGlobalPkgs
```
Example: The `home` variable:
```shell
config.home-manager.users.yoda.home
```
Example: The value of one config option
```shell
# The following option is set to `"${config.xdg.dataHome}/.histfile";`
# where `config` is the Home Manager configuration.
config.home-manager.users.yoda.programs.zsh.history.path
#=> "/home/yoda/.local/share/.histfile"
```
### Show Nix configuration
* https://nixos.org/manual/nix/stable/command-ref/new-cli/nix3-show-config.html
```shell
nix --extra-experimental-features nix-command show-config
```
### Evaluate NixOS configuration to JSON
See also section "NixOS Configuration Debugging"!
* https://discourse.nixos.org/t/can-i-run-nix-instantiate-eval-strict-on-my-configuration-nix/7105/4
This evaluates `configuration.nix` (single module):
```shell
NIXPKGS_ALLOW_UNFREE=1 nix-instantiate --strict --json --eval -E '
import ./hosts/yodaTab/configuration.nix {
config = {};
pkgs = import <nixpkgs> {};
lib = import <nixpkgs/lib>;
}
' > evaluated-config.json
```
Then open `evaluated-config.json`.
### References
Some references to websites that helped me create this repository: Some references to websites that helped me create this repository:
* https://github.com/Misterio77/nix-starter-configs * Simple NixOS flake template for NixOS with HomeManager. https://github.com/Misterio77/nix-starter-configs#readme
* https://github.com/mikeroyal/NixOS-Guide#getting-started * NixOS guide (development enviroment, gaming, etc). https://github.com/mikeroyal/NixOS-Guide#table-of-contents
## TODOs
* Nitrokey LUKS unlock
* Yubikey LUKS: https://nixos.wiki/wiki/Yubikey_based_Full_Disk_Encryption_(FDE)_on_NixOS
* Yubikey LUKS: https://github.com/georgewhewell/nixos-host/blob/master/profiles/luks-yubi.nix
* Old wiki entry, initramfs smartcard LUKS unlock: https://wiki.ubuntu.com/SmartCardLUKSDiskEncryption#SmartCard_Setup
* Nitrokey PAM log-in
* https://docs.nitrokey.com/pro/linux/login-with-pam
* You have two options: `pam_p11` or `PAM Poldi`.
* The solution with pam_p11 is more difficult to achieve and is based on S/MIME certificates.
* I could not find pam-poldi for NixOS :/
* Impermanence, opt-in to persistence:
https://github.com/Misterio77/nix-starter-configs/tree/main#try-opt-in-persistance
* nix-shell / lorri
* https://ghedam.at/15978/an-introduction-to-nix-shell
* docker-compose.yml for services and nix-shell to run the code

19
TODO.md Normal file
View File

@ -0,0 +1,19 @@
# TODOs
This document contains ideas about possible extensions or improvements of my NixOS configuration.
* Nitrokey LUKS unlock
* Yubikey LUKS: https://nixos.wiki/wiki/Yubikey_based_Full_Disk_Encryption_(FDE)_on_NixOS
* Yubikey LUKS: https://github.com/georgewhewell/nixos-host/blob/master/profiles/luks-yubi.nix
* Old wiki entry, initramfs smartcard LUKS unlock: https://wiki.ubuntu.com/SmartCardLUKSDiskEncryption#SmartCard_Setup
* Nitrokey PAM log-in
* https://docs.nitrokey.com/pro/linux/login-with-pam
* You have two options: `pam_p11` or `PAM Poldi`.
* The solution with pam_p11 is more difficult to achieve and is based on S/MIME certificates.
* I could not find pam-poldi for NixOS :/
* Impermanence, opt-in to persistence:
https://github.com/Misterio77/nix-starter-configs/tree/main#try-opt-in-persistance
* nix-shell / lorri
* https://ghedam.at/15978/an-introduction-to-nix-shell
* docker-compose.yml for services and nix-shell to run the code