Nix / NixOS

cross-posted from: https://lemmy.world/post/14160134

I want to reset my server soon and I'm toying with the idea of using a different operating system. I am currently using Ubuntu Server LTS. However, I have been toying with the idea of using Fedora Server (I use Fedora on my laptop and made good experiences with it) or even Fedora CoreOS. I also recently installed NixOS on my desktop computer and find the declarativeness pretty cool (but I'm still a complete beginner) and could imagine that it would fit well into a server setup.

I have quite a few services running on my server, such as Nextcloud, Conduit (Matrix), Jellyfin, etc. and all in containers. I would also rather not install programs without containers, because 1. compose is super easy to maintain and set up, 2. it remains very clear with containers (and compose) and 3. I believe that containers are more secure. But since I also want to make the services inside the containers available, I currently have Nginx installed as a reverse proxy (not in the container, but on the system) and always create certificates with certbot so that I can use HTTPS encryption.

In the paragraph above I actually described exactly the use-case of Fedora CoreOS, but I have no experience with the system and how it works. That's why I'm still a bit hesitant at considering the OS at the moment. I can imagine that NixOS with its declarative nature seems well suited, since, as I have heard, you can configure containers as well as Nginx and with Nginx also https certificates declaratively. But I could also use a base system like before (Fedora Server or Ubuntu Server) and simply install podman, nginx and certbot and manage everything that way.

Have you had any experience with Fedora Server, Fedora CoreOS, NixOS or a completely different operating system for servers and what are/were your impressions with this setup? Or do you just want to share your knowledge here? I would be delighted.

Hi, everybody!

I've been toying with the idea of switching to NixOS for some time. I'm currently on arch (6 months), and while I like the idea of a minimal, only-what-I-want-installed, hackable system with the newest packages, I think having a system that always works, even if an update goes south, is more important to me.

Now, I'm still not sure if I should switch. There are some issues I'm worried about, maybe unnecessarily.

For one, what are the trade-offs of switching from Arch? Anything I have to watch out for? I've heard there are some issues with regard to the FSH and gaming, or just FSH in general, or just gaming in general. Secondly, the dotfiles. I hear there is the Home Manager for that, but it doesn't have support for everything, so some files would need to be managed in other ways. Is there a way to manage everything at the same time? Even better if everything is in configuration.nix. I thought of using env.etc.xxx.source and .text to link the dotlifes to the etc folder and change the contents, but it feels… cheap and unsafe to do that. Third, are flakes really that important? I hear about them everywhere, I haven't researched them yet, but I'm curious what the fuss is about.

Let me know if there is anything else I should consider. I mainly game, watch videos and sometimes play with the system if needed. I'm not sure if I really want to switch, or is it just "oooo, new shiny and cool" thing lol

Thanks :)

Talk starting in 10 min! If you want to hear about one of my longest term special interests and the new experiment I am trying with @nix and Python come join!
#pycascades #python
https://mathstodon.xyz/@crazy4pi314/112225369658338054

Hi all,

For my sins I've been attempting to build my nix configuration on my build server and subsequently push it into a binary cache.

I'm having an issue where the build is currently failing with the following error

error: home directory '/homeless-shelter' exists; please remove it to assure purity of builds without sandboxing

The build is being run on a docker image node:20-bullseye to be precise with the following command.

nix build .#nixosConfigurations.${{ matrix.machine.host }}.config.system.build.toplevel

Any thoughts would be greatly appreciated.

Edit.

Should have mentioned I've ran up the image with docker run and the directory didn't exist

Edit 2.

This is also about 23 minutes into the build when it throws this error; after having built a lot of packages and derivations already. I'm also using cachix/nix-install-action to get nix on the running container.

Edit 3.

Finally got it building this morning, I haven't dug into it but switching from the cachix/nix-install-action to manually installing the determinate systems nix installer (action didn't work for a strange reason).

Hi All,
I'm still very new to Nix but trying to daily-drive NixOS.

What I'm currently stuck on is injecting Python packages into a Jupyterlab service. What I have at the moment in the home-manager.home portion of my system flake is the following:

  systemd.user.services.jupyter = let
    jupyter = pkgs.jupyter-all.override {
      python3 = pkgs.python311.withPackages (python-pkgs: with python-pkgs; [
        numpy
        matplotlib
      ]);
    };
  in {
    Service = {
      Type = "simple";
      WorkingDirectory = "${home.homeDirectory}/notebooks";
      ExecStart = "${jupyter}/bin/jupyter-lab --no-browser";
    };
  };

This fires up a JupyterLab process that I can connect to and which runs fine, but numpy etc. can't be imported. From a devshell, I see that the python.withPackages mechanism seems to rely on $PYTHONPATH to pass in a python3-3.11.8-env package that contains a lib/python3.11/site-packages. I'm guessing that the systemd service just needs to have an Environment key, but where do I get the python3-3.11.8-env path from?

The Jupiter executable is in a /nix/store/#-python3-3.11.8-env/bin location, but the site-packages only include the modules for Jupyter so I assume there's another python3-3.11.8-env in the nix-store that does have the python packages I'm trying to get. Trying things like jupyter.env gives errors like *** Python 'env' attributes are intended for interactive nix-shell sessions, not for building! *** but I'm just taking a stab in the dark here.

I'd appreciate any pointers on this. I see there are helpers like JupyEnv, but these seem focused on setting up ephemeral devshells, not running a service for long-term notes and seem like overkill for what I want.

cross-posted from: https://programming.dev/post/12228684

April fool's!

Basically the title. I have Nixos running on a server that runs completely headless and while playing around today, I noticed that the rebuild takes longer than expected and apparently that's because firefox gets compiled.

Now, I don't have any GUI installed, and even if I had, I don't see a reason to compile FF from source.

My packages are just Jellyfin, Samba, Gitea, Nextcloud, virt-manager. None of these should depend on FF.

I have found those options for setting up iscsi, but since I am new to nixos (started yesterday) I don't have any idea how to configure the configuration.nix file to setup iscsi.

I already installed open-iscsi but it doesn't work on nixos it seems

Hi! It's my first day with nixos. I tried to compile a rust project. To do so, I used a nix-shell with the content from here: https://nixos.wiki/wiki/Rust with the "Installation via rustup" option.

Unfortunately the compilation fails:

$ cargo check
   Compiling libc v0.2.151
   Compiling proc-macro2 v1.0.73
   Compiling serde v1.0.193
    Checking once_cell v1.19.0
   Compiling thiserror v1.0.53
error: linker `aarch64-linux-gnu-gcc` not found
  |
  = note: No such file or directory (os error 2)

error: could not compile `proc-macro2` (build script) due to 1 previous error
warning: build failed, waiting for other jobs to finish...
error: could not compile `serde` (build script) due to 1 previous error
error: could not compile `libc` (build script) due to 1 previous error
error: could not compile `thiserror` (build script) due to 1 previous error

I run NixOS 23.11 stable on a VM on a Macbook with M1 (arm64) CPU.

Any ideas how to fix that?

It took me some time to work out how to get my ssh agent set up in Niri so I though I would share what I did. I'm using NixOS and Home Manager. I put this in my Home Manager config:

services.gnome-keyring = {
  enable = true;
  components = [ "pkcs11" "secrets" "ssh" ];
};
home.sessionVariables.SSH_AUTH_SOCK = "$XDG_RUNTIME_DIR/keyring/ssh";

I'm using GDM according to NixOS' default configuration which I think runs gnome-keyring (I thought I saw it in the process list before I set up the user unit), and I think that configuration is automatically unlocking gnome-keyring when I log in via PAM integration. But apparently I need to run gnome-keyring again in my window manager session. Home Manager's services.gnome-keyring adds a systemd user unit that does that.

After learning how to add an unstable overlay to nixpkgs, being able to override individual service modules from unstable was something that I still struggled with until fairly recently. Hopefully this helps someone else looking to do common-but-not-very-obvious operation.

just realized that one thing that NixOS could use is an update changelog of what packages were updated after running sudo nixos-rebuild switch --upgrade

tbh maybe there's a verbose option that I haven't discovered yet

Wow! Didn't know it'd be that simple.

• https://nixos.wiki/wiki/Creating_a_NixOS_live_CD

cross-posted from: https://mander.xyz/post/10671711

Hi, I am a beginner on NixOS and I am confused how to setup fonts on it. I have home-manager working properly and nerd-fonts installed. Now how to setup System,GTK,emoji and Indic fonts.

Any article or part of config please.

I have always been exposed to windows active directory with server controlled logins, server based "home" directories, etc. With the nature of NixOS it seems like it might be easy to deploy something similar by just setting up the configuration.nix as some sort of symlink to one stored on a central server. The only issue would possibly be how to not create home directories on the local machine and instead store them on server. You might be able to make a central passwd file that gets read, but i am not sure just how secure that would be. Thoughts?

How easy would it be to flakify the Lemmy repo to add a fourth build option for those of us in the Nix world?

I had the (perhaps foolishly ambitious) idea of creating a rolling fork of Lemmy with the intent of modifying the codebase for use in an open source pub sub implementation of retail inventory. But I have to get standard Lemmy working first...and I like to use Nix for everything I do in the dev world (where feasible).

So, I forked the repo and was immediately brought into dev environment hell.

They only offer a choice between:

A.) Docker B.) Ansible C.) Building from scratch.

Two hours of fighting with the scratch build instructions and I eventually had to admit defeat due to some vague dependencies (and general malaise). Though I have completely flakified my Purescript and Haskell dev environments, I have found Rust to be a lot more challenging even on simple projects.

Anyway, I decided to come here to ask: **How easy would it be to flakify the Lemmy repo to add a fourth build option for those of us in the Nix world? **

Can I reference the build instructions from nixpkgs to get close to my intended goal? I need all of the help I can get. Be as pedantic or defeatist as you will. I currently have no skin in this game and merely want to help the Lemmy devs welcome people that are more nixy like myself (if nothing else).

edit: here's a naive attempt. I haven't tested anything other than it being a valid flake. Here's the link to my rolling flakification fork.

{
  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
    flake-parts.url = "github:hercules-ci/flake-parts";
    systems.url = "github:nix-systems/default";

    # Dev tools
    treefmt-nix.url = "github:numtide/treefmt-nix";
  };

  outputs = inputs:
    inputs.flake-parts.lib.mkFlake { inherit inputs; } {
      systems = import inputs.systems;
      imports = [
        inputs.treefmt-nix.flakeModule
      ];
      perSystem = { config, self', pkgs, lib, system, ... }:
        let
          cargoToml = builtins.fromTOML (builtins.readFile ./Cargo.toml);
          nonRustDeps = [
            pkgs.libiconv
            # Derived from Documentation on Dev installation for Linux
            pkgs.cacert
            pkgs.postgresql
            pkgs.openssl
            pkgs.pkg-config
            pkgs.libpqxx
          ];
          rust-toolchain = pkgs.symlinkJoin {
            name = "rust-toolchain";
            paths = [ pkgs.rustc pkgs.cargo pkgs.cargo-watch pkgs.rust-analyzer pkgs.rustPlatform.rustcSrc pkgs.cacert pkgs.postgresql pkgs.openssl pkgs.pkg-config pkgs.libpqxx ];
          };
        in
        {
          # Rust package
          packages.default = pkgs.rustPlatform.buildRustPackage {
            inherit (cargoToml.package) name version;
            src = ./.;
            cargoLock.lockFile = ./Cargo.lock;
          };

          # Rust dev environment
          devShells.default = pkgs.mkShell {
            inputsFrom = [
              config.treefmt.build.devShell
            ];
            shellHook = ''
              # For rust-analyzer 'hover' tooltips to work.
              export RUST_SRC_PATH=${pkgs.rustPlatform.rustLibSrc}
              export CARGO_PROFILE_DEV_BUILD_OVERRIDE_DEBUG=true

              echo
              echo "🍎🍎 Run 'just <recipe>' to get started"
              just
            '';
            buildInputs = nonRustDeps;
            nativeBuildInputs = with pkgs; [
              just
              rust-toolchain
            ];
            RUST_BACKTRACE = 1;
          };

          # Add your auto-formatters here.
          # cf. https://numtide.github.io/treefmt/
          treefmt.config = {
            projectRootFile = "flake.nix";
            programs = {
              nixpkgs-fmt.enable = true;
              rustfmt.enable = true;
            };
          };
        };
    };
}

and here's the lemmy-ui flake (which, judging by past forays into tsc with nix last summer, should be a lot easier to create and work with than the Rust library):

{
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
    systems.url = "github:nix-systems/default";
  };

  outputs = {
    systems,
    nixpkgs,
    ...
  } @ inputs: let
    eachSystem = f:
      nixpkgs.lib.genAttrs (import systems) (
        system:
          f nixpkgs.legacyPackages.${system}
      );
  in {
    devShells = eachSystem (pkgs: {
      default = pkgs.mkShell {
        buildInputs = [
          pkgs.nodejs
          # You can set the major version of Node.js to a specific one instead
          # of the default version
          # pkgs.nodejs-19_x

          # You can choose pnpm, yarn, or none (npm).
          pkgs.nodePackages.pnpm
          # pkgs.yarn

          pkgs.nodePackages.typescript
          pkgs.nodePackages.typescript-language-server
        ];
      };
    });
  };
}

Creating infrastructure for supporting Bazel remote execution with rules_nixpkgs