1
16
submitted 3 days ago* (last edited 3 days ago) by [email protected] to c/nix

To increase the security of my NAT configuration, I opted to implement port triggering instead of the traditional port forwarding on my router. I chose this approach in order to configure it from my nix configuration.

Specifically, I have enabled port 443 triggering on my router and included the following configuration:

 nftables = {
   enable = true;
   ruleset = ''
     table ip nat {
       chain PREROUTING {
         type nat hook prerouting priority dstnat; policy accept;
         iifname "wlp2s0" tcp dport 443 dnat to 10.100.0.3:443
       }
     }
   '';
 };
 nat = {
   enable = true;
   internalInterfaces = ["lo"];
   externalInterface = "wlp2s0";
   forwardPorts = [
     {
       sourcePort = 443;
       proto = "tcp";
       destination = "10.100.0.3:443";
     }
   ];
 };

Now, after rebuilding, it still does not work and I'm left to wonder why. Are both the NAT and nftables settings even meant to run at the same time?

2
18
submitted 5 days ago* (last edited 3 days ago) by [email protected] to c/nix

I've been trying to create a public instance of SearXNG by using NixOS, Cloudflare and Nginx, but I can't seem to make it open to the internet and I've ran out of ideas. Is there anything I'm overlooking?

services.searx = {
    enable = true;
    redisCreateLocally = true;
        limiterSettings = {
      real_ip = {
        x_for = 1;

        ipv4_prefix = 32;
        ipv6_prefix = 56;
      };
    botdetection = {
        ip_limit = {
          filter_link_local = true;
          link_token = true;
        };
        ip_lists = {
          pass_ip = [
            "192.168.0.0/16"
            "fe80::/10"
          ];
          pass_searxng_org = true;
        };
      };
    };
    runInUwsgi = true;
    uwsgiConfig = {
      socket = "/run/searx/searx.sock";
      http = ":8888";
      chmod-socket = "660";
      disable-logging = true;
    };
    settings = {
      general = {
        debug = false;
        instance_name = "SearXNG Instance";
        donation_url = false;
        contact_url = false;
        enable_metrics = false;
      };

      ui = {
        static_use_hash = true;
        theme_args.simple_style = "dark";
        query_in_title = true;
        center_alignment = true;
        results_on_new_tab = false;
      };

      search = {
        safe_search = 2;
        autocomplete_min = 2;
        autocomplete = "duckduckgo";
      };

      server = {
        port = 8888;
        bind_address = "0.0.0.0";
        secret_key = config.sops.secrets.searx.path;
        image_proxy = true;
        method = "GET";

        default_locale = "en";
        default_lang = "en-US";
        base_url = "https://myinstance.org";
        public_instance = true;
      };
      engines = lib.mapAttrsToList (name: value: {inherit name;} // value) {
        "duckduckgo".disabled = false;
        "brave".disabled = true;
      };
      outgoing = {
        request_timeout = 5.0;
        max_request_timeout = 15.0;
        pool_connections = 100;
        pool_maxsize = 15;
        enable_http2 = true;
      };
    };
  };
  services.nginx = {
    enable = true;
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
    virtualHosts = {
      "myinstance.org" = {
        forceSSL = true;
        sslCertificate = config.sops.secrets."SSL-Certificates/Cloudflare/Cert".path;
        sslCertificateKey = config.sops.secrets."SSL-Certificates/Cloudflare/Key".path;
        locations = {
          "/" = {
            extraConfig = ''
              uwsgi_pass unix:${config.services.searx.uwsgiConfig.socket};
            '';
          };
        };
      };
    };
  };
3
15
submitted 6 days ago* (last edited 6 days ago) by [email protected] to c/nix

https://github.com/NixNeovim/NixNeovim

I'm getting back into my setup after dualbooting and not touching it for a while. Flakes, home-manager, all that jazz. I was in the middle of messing around with my neovim config, bouncing between nixvim and nixneovim. Can't really remember why I was landing on nixneovim, but I think it had to do with having more 1-to-1 vim options through nix and more available plugins.

Part of this post is just to see what everyone's using, but I also can't copy to the system clipboard for the life of me! No ctrl-shift-v or anything. Oddly enough, ctrl-click-drag will copy a cut-off box of text. In nixneovim there's an option for clipboard, but that's just a string like 'unnamed' or 'unnamedplus', straight from the vim options. Nixvim has the option abstracted in a way that has the register and a provider for the functionality like wl-copy. I don't remember it not working with nixneovim before. That was months ago, though. Hoping someone would have an insight as I've been too deep in the weeds.

Edit: sooooo I just needed xclip in home.packages. I had tried installing it in a nix shell, but maybe that wasn't the right way to test. Doesn't seem to work with wl-clipboard, but I think neovim looks for xclip by default and nixneovim doesn't seem to have a way to give a different provider.

But still, how's everyone doing their neovim shenanigans?

4
5
submitted 5 days ago by [email protected] to c/nix

I download and store music in my home folder for my desktop user, but also would like to share it with my jellyfin server, but obviously I cannot select a folder from my home folder as a library folder.

Is there any simple and clean way to make this folder available on a server?

5
10
submitted 1 week ago by [email protected] to c/nix

Synology drive doesn't start on boot even though I have it in my bash script like all my other startup programs which load fine. I get the following debug messages when I run synology-drive from terminal:

debug.message: Cannot find path by key "user_cloud_station_app_path"
debug.message: Cannot find path by key "user_cloud_station_data_path"
debug.message: Cannot find path by key "user_cloud_station_working_dir_path"
debug.message: Cannot find path by key "user_cloud_station_drive_ui_path"
QApplication: invalid style override passed, ignoring it.
    Available styles: Windows, Fusion

Mynixos.com doesn't say that I need to include anything special in my configuration.nix file for the synology-drive-client. What am I doing wrong? Are these debug message related to why it's not loading on startup?

Running nixos 24.05 with Hyprland

6
25
submitted 1 week ago* (last edited 1 week ago) by [email protected] to c/nix

I updated my NixOS on WSL starter template for NixOS 24.05 and created a fresh walkthrough video.

WSL is how I first got started with NixOS (and now I use it to manage more servers and machines than I can keep track of!) and I'm a big proponent of being able to quickly spin up a simple flake with a relatively flat structure where people can play around with settings to come up with something they feel comfortable applying to a bare metal machine at a later point in time.

7
8
submitted 1 week ago by [email protected] to c/nix

I am arch user by now. Tried nix package manager on it and learning nix thee days. I was thinking of switching to nix as I was not able to replicate that much Declarativeness on my setup. But barrier is almost Everything Nix is on Github,Something which somehow belong to Microsoft and is not good for privacy.

So can Nix community host a Gitlab or forgejo or Something else as an alternative or maybe permanently move it (so that I can switch to nix)?

8
47
submitted 1 week ago by [email protected] to c/nix

I recently tried switching from Arch to NixOS and the experience I had can best be described as apalling. I have not had a new user experience this bad since my first dip into Ubuntu dependency hell back in 2016. I'd like to preface this by saying I've been a Linux user in one form or another for almost half my life at this point, and in that time this may well be the most I've struggled to get things to work.

Apparently they have this thing called home-manager which looks pretty cool. I'd like to give that a shot. Apparently I have to enable a new Nix channel before I can install it. I'm guessing that's the equivalent of a PPA? Well, alright. nix-channel --add ..., nix-channel --update (oh, so it waits until now to tell me I typo'd the URL. Alright), and now to run the installation command and... couldn't find home-manager? Huh?? I just installed it. I google the error message and apparently you have to reboot after adding a new nix-channel and doing nix-channel --update before it will actually take effect, and the home-manager guide didn't tell me that. Ah well, at least it works now.

I didn't want to wait for KDE and its 6 morbillion dependencies to download, so I opted for Weston. It wasn't a thing in configuration.nix (programs.weston.enable=true; threw an error and there was no page for it on the NixOS wiki), but it was available in nix-env (side note: why does nix-env -i take upwards of 30 seconds just to locate a package?), so I installed it, tried to run it, and promptly got an inscrutable "Permission denied" error with one Google result that had gone unresolved. Oh well, that's alright, I guess that's not supported just yet -- I'll install Sway instead. Great, now I have a GUI and all I need is a browser. nix-env -i firefox gave me the firefox-beta binary which displayed the crash reporter before even opening a browser window. Okay, note to self: always use configuration.nix. One programs.firefox.enable=true; and one nixos-rebuild switch later, I'm off to the races. Browser is up and running. Success! Now I'd like to install a Rust development environment so I can get back to work. According to NixOS wiki, I can copy paste this incantation into a shell.nix file and have rustup in there. Cool. After resolving a few minor hangups regarding compiler version, manually telling rustc where the linker is, and telling nix-shell that I also need cmake (which was thankfully pretty easy), I'm met with a "missing pkg-config file for openssl" error that I have absolutely no idea how to begin to resolve.

I'm trying to stick with it, I really am -- I love the idea that I can just copy my entire configuration to a brand new install by copying one file and the contents of my home directory and have it be effectively the same machine -- but I'm really struggling here. Surely people wouldn't rave about NixOS as much as they do if it was really this bad? What am I doing wrong?

Also unrelated but am I correct in assuming that I cannot install KDE without also installing the X server?

9
45
submitted 1 week ago by [email protected] to c/nix
10
10
submitted 2 weeks ago* (last edited 1 week ago) by [email protected] to c/nix

My solution:

let

  nixFilesInDirectory = directory:
    (
      map (file: "${directory}/${file}")
      (
        builtins.filter
          (
            nodeName:
              (builtins.isList (builtins.match ".+\.nix$" nodeName)) &&
              # checking that it is NOT a directory by seeing
              # if the node name forcefully used as a directory is an invalid path
              (!builtins.pathExists "${directory}/${nodeName}/.")
          )
          (builtins.attrNames (builtins.readDir directory))
      )
    );

  nixFilesInDirectories = directoryList:
    (
      builtins.concatMap
        (directory: nixFilesInDirectory directory)
        (directoryList)
    );
  # ...
in {
  imports = nixFilesInDirectories ([
      "${./programs}"
      "${./programs/terminal-niceties}"
  ]);
  # ...
}

snippet from the full source code: quazar-omega/home-manager-config (L5-L26)

credits:


I'm trying out Nix Home Manager and learning its features little by little.
I've been trying to split my app configurations into their own files now and saw that many do the following:

  1. Make a directory containing all the app specific configurations:
programs/
└── helix.nix
  1. Make a catch-all file default.nix that selectively imports the files inside:
programs/
├── default.nix
└── helix.nix

Content:

{
  imports = [
    ./helix.nix
  ];
}
  1. Import the directory (picking up the default.nix) within the home-manager configuration:
{
  # some stuff...
  imports = [
    ./programs
  ];
 # some other stuff...
}

I'd like to avoid having to write each and every file I'll create into the imports of default.nix, that kinda defeats the point of separating it if I'll have to specify everything anyway, so is there a way to do so? I haven't found different ways to do this in various Nix discussions.


Example I'm looking at: https://github.com/fufexan/dotfiles/blob/main/home/terminal/default.nix

My own repository: https://codeberg.org/quazar-omega/home-manager-config

11
9
submitted 4 weeks ago by secana to c/nix

Hi,

I want to sort my bookmarks in Firefox with home-manager into folders, but fail.

Simple example:

firefox = {
      profiles."user" = {
        bookmarks = [
          {
            name = "Nix";
            toolbar = true;
            bookmarks = [
              {
                name = "NixOS Search";
                url = "https://search.nixos.org/packages";
              }
              {
                name = "NixOS Options";
                url = "https://nixos.org/manual/nixos/unstable/options";
              }
              {
                name = "Home-Manager Options";
                url = "https://nix-community.github.io/home-manager/options.xhtml";
              }
              {
                name = "Home-Manager Options Search";
                url = "https://home-manager-options.extranix.com/";
              }
            ];
          }
        ];
      };

My assumption was that I get a folder "Nix" in the bookmarks toolbar that contains the four bookmarks. But instead the four bookmarks are added to the toolbar side-by-side without being in a folder.

How can I achieve that?

12
10
submitted 1 month ago by [email protected] to c/nix

Hello you all, so basically i installed Nix in my machine, and i wanted a way to install packages, with nix-env --install, and those packages share with the root account, i was reading about nix multi-user and i'm gonna be honest, i didn't understood shit, i need to enable daemon for both root and my user?, or this only works between users, not root?, etc. thanks for any answer!

13
20
submitted 1 month ago by [email protected] to c/nix

Power on my dell laptop is getting wonky so I'm pulling the thinkpad x201 out of retirement. Hadn't booted it since 2019! For some reason the wifi wasn't working so connected it to wired ethernet.

Updated the channel to 23.11 and did nixos-rebuild switch. Had to fix a few things where packages no longer exist or options have changed. Rebooted and wifi is working now!

What other OS could you upgrade like that?

14
20
submitted 1 month ago by Shareni to c/nix

cross-posted from: https://programming.dev/post/14020506

The product of a chat with @[email protected]

15
29
submitted 1 month ago* (last edited 1 month ago) by [email protected] to c/nix

You can change the color theme of your whole desktop with a single line of code.

Currently supported adapters:

  • Adwaita (GTK3, GTK4)
  • Alacritty
  • dunst
  • Firefox (hijacking the default theme with userchrome.css)
  • GTK2
  • Kvantum
  • Rofi
  • swaylock
  • Wezterm

repo: https://gitlab.com/vfosnar/nix-colors-adapters / https://github.com/vfosnar/nix-colors-adapters

16
28
Nix 2.22 released (releases.nixos.org)
submitted 1 month ago by mac to c/nix
17
35
SnowflakeOS (snowflakeos.org)
submitted 1 month ago by starman to c/nix
18
14
submitted 1 month ago by [email protected] to c/nix

I'm very, very new to nix and nixOS both - I come from imperative workflows and very very rarely anything determinative, so this is all brand new to me.

As an example of the kind of thing I don't understand how to do, let's take an example repo I've been bouncing off: https://github.com/GideonWolfe/Chameleon

On a "normal" system, I can get pip and python ready, and then make install and I'm off to the races.

With NixOS, I've got as far as adding python3 and gnumake to my configuration.nix packages. (I have also discovered that putting python in my system packages was the wrong move, so some advice on how better to go about this would be cool too.)

I can't for the life of me wrap my head around what I'm supposed to do, and so many people online are using flakes but I'm on stable 23.11 (and quite daunted by flakes) so I'd prefer if this was from that POV.

Can anyone speak to any of these points? I've tried reading the docs but it's very confusing for some reason.

19
13
submitted 1 month ago* (last edited 1 month ago) by [email protected] to c/nix

Yes I know that there are workarounds for them to set to use the flake inputs but still.. I have set nixpkgs version to 23.11 stable release and that's good, but if I try to use nix shell, nix profile or even nix-env, they all seem to use the latest master/unstable branch to install the packages by default.

Just want to know why aren't they just default to use whatever is defined in flake.nix file? will it be implemented to use it by default in the near future?

Reason as to why I am asking -> This is what I am using to match nix shell and flake inputs, but as you can see they are just workarounds, plus seem to cause more errors and whatnot, plus by ideology one shouldn't need to specially define it to use some version when everything is already defined.

20
33
submitted 1 month ago by uthredii to c/nix

cross-posted from: https://programming.dev/post/13537798

Exciting Partnership Announcement: Framework Community & NixOS Communities Join Forces!

21
5
submitted 1 month ago* (last edited 1 month ago) by [email protected] to c/nix

See I use wofi-emoji but this issue #308357 is haunting me. So I just wanted to know what my fellow users use cuz I guess not a lot of people use wofi-emoji.

22
1
submitted 1 month ago* (last edited 1 month ago) by [email protected] to c/nix

I know that if using flakes nix shell is the right command. But I just want to know that is it normal for legacy commands to not work like that one? nix-env works tho.

  • Dotfiles

  • One thing to note is that, what I am doing temporarily is running it using this

nix shell nixpkgs#nix-info
nix-info
  • And the output value is this
 - system: `"x86_64-linux"`
 - host os: `Linux 6.1.86, NixOS, 23.11 (Tapir), 23.11.20240417.e402c3e`
 - multi-user?: `no`
 - sandbox: `yes`
 - version: `nix-env (Nix) 2.18.1`
 - nixpkgs: `not found`
  • Notice the nixpkgs: not found, This is also weird to me.

  • logs ->

error:
       … while calling anonymous lambda

         at «string»:1:1:

            1| {...}@args: with import <nixpkgs> args; (pkgs.runCommandCC or pkgs.runCommand) "shell" { buildInputs = [ (nix-info) ]; } ""
             | ^

       error: file 'nixpkgs' was not found in the Nix search path (add it using $NIX_PATH or -I)

       at «none»:0: (source not available)
23
97
submitted 1 month ago by [email protected] to c/nix

Eelco has agreed to step down from the NixOS foundation board. Over the next two weeks, a constitutional assembly will be appointed to draft a constitution to democratically govern Nix/NixOS.

24
3
submitted 1 month ago* (last edited 1 month ago) by starman to c/nix
25
58
submitted 1 month ago* (last edited 1 month ago) by recursive_recursion to c/nix

I just saw the news of the soft fork announcement over on the IceShrimp instance and thought I should share here


Background Context for Anyone Out of the Loop

(newest to oldest news - top to bottom):


As mentioned (by u/steventrouble in the previous post here):

view more: next ›

Nix / NixOS

1434 readers
2 users here now

Main links

Videos

founded 1 year ago
MODERATORS