11 KiB
NixOS
For each host (server, laptop, etc.), there is a subdirectory inside hosts.
NixOS installation
For beginners, NixOS can be installed with a graphical installer.
Getting the ISO:
- There is no official torrent as they are not needed due to CDN.
- ISO and checksum are available here: https://nixos.org/download#nixos-iso
- There are unofficial torrents. If the checksum is compared with the one from the official website, these can be used as well: https://github.com/AnimMouse/NixOS-ISO-Torrents/releases
During installation, select manual partitioning:
- One 512MB (or larger) Fat32 partition, mounted at
/boot
, "boot" flag enabled - Another partition (e.g. BTRFS) covering the rest of the drive, mounted at
/
, encryption enabled
Update, build and switch
Update
- Updating NixOS. https://superuser.com/a/1604695
Update channel and configuration:
sudo nix-channel --update && niv update
To apply the updates, continue with "Build and switch".
Build and switch
- https://nixos.wiki/wiki/Nixos-rebuild
- https://discourse.nixos.org/t/how-to-get-this-pending-updates-notification-in-gnome/16344/3
- https://discourse.nixos.org/t/how-to-get-this-pending-updates-notification-in-gnome/16344/6
Option I: Build config and view changes:
# This leaves a symlink named `result` in the current directory.
sudo nixos-rebuild -I nixos-config=hosts/$(hostname)/configuration.nix build
nix --extra-experimental-features nix-command store diff-closures /run/current-system ./result
Depending on if there are large kernel changes, either switch to it directly or wait until next boot:
sudo ./result/bin/switch-to-configuration switch
# or
sudo ./result/bin/switch-to-configuration boot
Option II: Build new config and activate it:
sudo nixos-rebuild -I nixos-config=hosts/$(hostname)/configuration.nix switch
Option III: Build new config and activate it during next boot:
sudo nixos-rebuild -I nixos-config=hosts/$(hostname)/configuration.nix boot
Failed services
If there are e.g. file conflicts due to preexisting dotfiles, the Home Manager user service might fail. To list all failed services, run:
systemctl --failed
Garbage collection
- https://nixos.org/manual/nix/stable/package-management/garbage-collection.html
- https://discourse.nixos.org/t/why-doesnt-nix-collect-garbage-remove-old-generations-from-efi-menu/17592/4
For all profiles:
sudo nix-collect-garbage --delete-older-than 14d
Remove old generations from EFI:
sudo /run/current-system/bin/switch-to-configuration boot
Install Home Manager with niv
niv:
Easy dependency management for Nix projects.
Nix is a very powerful tool for building code and setting up environments. niv complements it by making it easy to describe and update remote dependencies (URLs, GitHub repos, etc). It is a simple, practical alternative to Nix flakes.
Niv is an easy dependency management for Nix projects with package pinning.
Home Manager:
[Home Manager] allows declarative configuration of user specific (non-global) packages and dotfiles.
To avoid breaking users' configurations, Home Manager is released in branches corresponding to NixOS releases ( e.g.
release-23.05
).Home Manager provides both the channel-based setup and the flake-based one.
Check your channel:
sudo nix-channel --list
#=> nixos https://nixos.org/channels/nixos-23.05
Use the corresponding branch:
niv add nix-community/home-manager -n home-manager -b release-23.05
disko and nixos-anywhere
- Introductory presentation: https://pad.lassul.us/cccamp-workshop
- disko: https://github.com/nix-community/disko
- nixos-anywhere: https://github.com/numtide/nixos-anywhere/
# TODO (!)
BTRFS Swap file
Summary:
- Create subvolume
@swap
directly below top-level subvolume. - Mount at
/swap
- Create swapfile:
sudo btrfs filesystem mkswapfile --size 8g --uuid clear /swap/swapfile
- Regenerate hardware-configuration:
sudo nixos-generate-config --dir $(hostname)
- Add
swapDevices = [ { device = "/swap/swapfile"; } ];
to hardware configuration and runnixos-rebuild switch
(see above).
Automount encrypted drive
- Generate and add keyfile to LUKS device
- luksOpen and mount drive, e.g. to
/mnt/data1
- Re-generate hardware configuration:
sudo nixos-generate-config --dir hosts/$(hostname)
GNOME extensions
- https://github.com/nix-community/home-manager/issues/284#issuecomment-531384656
- https://github.com/nix-community/home-manager/issues/284#issuecomment-1321199263
- Search for packaged extensions: https://search.nixos.org/packages?channel=23.05&from=0&size=50&sort=relevance&type=packages&query=gnomeExtensions
- One has to re-login after changes: https://github.com/nix-community/home-manager/issues/284#issuecomment-1328269433
# TODO
Run an AppImage
# Note how your shell prefix changes.
nix-shell --packages appimage-run
# Inside the shell, you can run an AppImage:
appimage-run ~/Downloads/ubports-installer_0.10.0_linux_x86_64.AppImage
General Notes
- There is controversy about flakes, rather use channels (e.g. with niv)
- Prins, P., Suresh, J. and Dolstra, E., "Nix fixes dependency hell on all Linux distributions," Archived December 26, 2008, at the Wayback Machine linux.com, December 22, 2008
Nix Pills
It provides a tutorial introduction into the Nix package manager and Nixpkgs package collection, in the form of short chapters called 'pills'.
Papers
Papers about Nix:
- The Purely Functional Software Deployment Model (2006). http://nixos.org/~eelco/pubs/phd-thesis.pdf, https://edolstra.github.io/pubs/phd-thesis.pdf, https://github.com/edolstra/edolstra.github.io/blob/master/pubs/phd-thesis.pdf
- May 2023: Some insights from the thesis in short form. https://jonathanlorimer.dev/posts/nix-thesis.html
- NixOS: A Purely Functional Linux Distribution (2008): https://github.com/edolstra/edolstra.github.io/blob/master/pubs/nixos-icfp2008-final.pdf, https://github.com/edolstra/edolstra.github.io/blob/master/pubs/nixos-jfp-final.pdf
- Nix: A Safe and Policy-Free System for Software Deployment (2004): https://edolstra.github.io/pubs/nspfssd-lisa2004-final.pdf
Search for packages
Search for options
- https://search.nixos.org/options?channel=23.05
- Or
man configuration.nix
- Or
- https://mipmip.github.io/home-manager-option-search
- Or
man home-configuration.nix
- Or
Search wich package owns a file
# Note how your shell prefix changes.
nix-shell --packages nix-index
# Inside the shell:
# Either build the index manually (requires >8GB RAM)
nix-index
# Or download weekly build:
mkdir -p ~/.cache/nix-index/ && wget -q -N https://github.com/nix-community/nix-index-database/releases/latest/download/index-x86_64-linux -O ~/.cache/nix-index/files
# Then search for a file
nix-locate -w '/bash'
List files of package
Example for nano
:
find $(nix-build '<nixpkgs>' -A nano --no-link)
Excerpt of the result:
/nix/store/jqvxmx65mfinbsm6db9kmcqmphl44xhp-nano-7.2/share/nano
/nix/store/jqvxmx65mfinbsm6db9kmcqmphl44xhp-nano-7.2/share/nano/asm.nanorc
/nix/store/jqvxmx65mfinbsm6db9kmcqmphl44xhp-nano-7.2/share/nano/autoconf.nanorc
Compare two versions of NixOS system profile
nix --extra-experimental-features nix-command store diff-closures /nix/var/nix/profiles/system-110-link /nix/var/nix/profiles/system-116-link
cpupower: 6.1.47 → 6.1.51
element-desktop: 1.11.38 → 1.11.40, +2218.9 KiB
element-web: 1.11.38 → 1.11.40, -73.1 KiB
exempi: 2.6.3 → 2.6.4
firefox: 116.0.3 → 117.0
firefox-unwrapped: 116.0.3 → 117.0, -292.6 KiB
gnome-shell-extension-openweather: ∅ → 121, +590.5 KiB
hm_fontconfigconf.d10hmfonts.conf: ∅ → ε
initrd: ∅ → ε
initrd-linux: 6.1.47 → 6.1.51
libcap: 2.68 → 2.69
linux: 6.1.47, 6.1.47-modules → 6.1.51, 6.1.51-modules, -11.8 KiB
meld: ∅ → 3.22.0, +3858.5 KiB
net-snmp: 5.9.3 → 5.9.4
nixos-system-yodaTab: 23.05.3085.2ab91c8d65c0 → 23.05.3242.da5adce0ffaf
openjdk: +19.5 KiB
python3.10-pygobject: +27.0 KiB
stage: ∅ → 1-init.sh, +29.5 KiB
tor-browser-bundle-bin: 12.5.2 → 12.5.3, +18.1 KiB
user: +2885.0 KiB
NixOS configuration debugging
Evaluating parts of the configuration.
First, start nix repl
:
nix repl --file '<nixpkgs/nixos>' -I nixos-config=hosts/$(hostname)/configuration.nix
Example: config.home-manager
config.home-manager.
# Press `TAB`
#=> config.home-manager.backupFileExtension config.home-manager.useUserPackages
#=> config.home-manager.extraSpecialArgs config.home-manager.users
#=> config.home-manager.sharedModules config.home-manager.verbose
#=> config.home-manager.useGlobalPkgs
Example: The home
variable:
config.home-manager.users.yoda.home
Example: The value of one config option
# The following option is set to `"${config.xdg.dataHome}/.histfile";`
# where `config` is the Home Manager configuration.
config.home-manager.users.yoda.programs.zsh.history.path
#=> "/home/yoda/.local/share/.histfile"
Evaluate NixOS configuration to JSON
See also section "NixOS Configuration Debugging"!
TODO: https://nixos.org/manual/nix/stable/command-ref/new-cli/nix3-show-config.html
This evaluates configuration.nix
(single module):
NIXPKGS_ALLOW_UNFREE=1 nix-instantiate --strict --json --eval -E '
import ./hosts/yodaTab/configuration.nix {
config = {};
pkgs = import <nixpkgs> {};
lib = import <nixpkgs/lib>;
}
' > evaluated-config.json
Then open evaluated-config.json.
References
Some references to websites that helped me create this repository:
- https://github.com/Misterio77/nix-starter-configs
- https://github.com/mikeroyal/NixOS-Guide#getting-started
TODOs
- FDE remote SSH unlock: https://nixos.wiki/wiki/Remote_LUKS_Unlocking, https://wiki.archlinux.org/title/Dm-crypt/Specialties#Remote_unlocking_of_root_(or_other)_partition
- Yubikey FDE: https://github.com/georgewhewell/nixos-host/blob/master/profiles/luks-yubi.nix
- Impermanence, opt-in to persistence: https://github.com/Misterio77/nix-starter-configs/tree/main#try-opt-in-persistance
- nix-shell / lorri
- https://ghedam.at/15978/an-introduction-to-nix-shell
- docker-compose.yml for services and nix-shell to run the code
- https://ghedam.at/15978/an-introduction-to-nix-shell