Nix / NixOS

Does anybody know if there is a website or resource that has NixOS modules you can include in your config?

This is my first FOSS code project. If anyone has any constructive suggestions for improvement, please let me know.

https://github.com/guttermonk/waybar-nixos-updates

Hi, I am considering switching to NixOS and I was wondering what level of hassle I should expect for gaming.

I have been using linux for about 10 months so I don't know a lot yet. I am wondering if it is worth it to try gaming on Nix or if it is going to be way too much of a headache considering my limited knowledge.

I've had wildly different experiences trying gaming on different distros, and very differently from what I expected. It went from fine for a weird niche distro (antiX), to really awful for a distro supposedly "easy" and "good for gaming" (Manjaro 😑), to absolutely amazing gaming distro (Nobara), and finally to surprisingly good for a "don't try unless you are a Level 99 Tech Wizard dual-classed Zen Master you idiot" distro (Arch). So I really have no clue what to expect from Nix.

I really like Arch but my main issue is that I keep forgetting what I have already configured and how and with which settings, or I leave stuff partially configured because adhd then I forget it wasn't finished and where I was at, so using config files instead sound insanely more convenient and I've been wanting to try Nix for a while.

I'd be really glad for anyone willing to share their experience of gaming on Nix 🙂

So I started using nixos as a daily driver several months ago.

At first it was nice using the life disk to install it. I really liked the options you could choose. The only the thing it misses is the information that it will install systemd bootloader and I don't have the option to install grub2.

Then when I used it I had to learn that I needed to switch my flatpaks back to the system packages since nix had almost all of them too. And nix packages work better in nix. Even though flatpak is sandboxed sth. in nixos makes some of them break.

I could usually install my software just by using the existing packages, but if not available I started learning nix-shell amd nix in general.

This is when I realised I can't recommend nixos to normal people. If for any reason you need to install sth. that is not in the packages you are fucked. Usually it is easier to get a docker running than to learn nixos and setup a working nix-shell. However once you have a nix-shell to compile some c program you definitely have a deeper understanding of nixos and the program.

I often break my systems by tinkering around. So this was a great experience in nixos since I could go back several generations to a working one and continue from there.

However the last weeks I managed to break nixos! Even going back several generations didn't help. Probably going back several weeks may have worked, but I decided to reinstall instead.

So my problem was basically that I updated from 23.11 to 24.05.

I wanted to update since I was on unstable for razer stuff since I need current drivers.

However once I managed to get the update working i wasn't able to login into x11 anymore and Wayland seems inperformant in gaming. I also have other issues with Wayland.

The next thing was that I wanted to use an amd gpu for gpu-passthrough in a vm and therefore had a Nvidia and amd gpu present. However the system booted into the amd gpu and only after login switched to the Nvidia one.

If I blacklisted the drivers of amd I would not get a sddm log in screen anymore. Nothing I did fixed that. Removing the amd gpu didn't help. Going back to the novau drivers worked but I couldn't use them since they are broken as well.

After tinkering around a lot I finally decided to reinstall the current nixos image.

So life image it is again. Automatically loads Wayland. If I assume correctly with novau drivers. I installed everything however during the installation process the gui broke. (Wayland and novau don't work well I guess. Fuck Nvidia) And even though through tty I could see when it was finished I couldn't boot into the system.

So I rebooted the life disk and then logged out switched to x11 and reinstalled again. This time it worked. I then used my old configuration and only updated to plasma6 since I already installed that on the new installation.

And to my surprise it just worked. Everything was like before. X11 working and so on.

So while I managed to break nixos it is in fact just as easy to reinstall again and configure like before.

I am just setting up my NixOS config for the first time, and I know that it will be fairly complex. I know it will only be possible and scalable if I have sane conventions.

I have read a number of example configs, but there does not seem to be consistent conventions between them of where to store custom option declarations, how to handle enabling/disabling modules, etc. They all work, but they do it in different ways.

Are there any official or unofficial conventions/style guides to NixOS config structure, and where can I find them?

For example, should I make a lib directory where I put modules that are easily portable and reusable in other people's configs? When should I break modules up into smaller ones? Etc. These are things that I hope to be addressed.

I'm working through some necessary issues in VMs as I work towards dropping Windows, but it occurred to me that I should pick a distro my non-techy partner could use in the event that something catastrophic happens to me. I really like the declarative/immutable distros, but perhaps something more traditional with btrfs snapshots would be better suited to such a use case...?

It's no secret that NixOS has a steep learning curve, but do any of you share a NixOS PC with family/partners/etc.? If so, what has that experience been like? Could they take over admin if you were incapacitated?

I have started using NixOS recently and I am just now creating conventions to use in my config.

One big choice I need to make is whether to include a unique identifier as the most significant attribute in any options that I define for my system.

For example:

Lets say I am setting up my desktop so that I am easily able to switch between light and dark modes system-wide. Therefore, I create the boolean option:

visuals.useDarkMode

Lets say I also want to toggle on/off Tor and other privacy technologies all at once easily, so I create the boolean:

usePrivateMode

Although these options do not do related things, they are still both custom options that I have made. I have the first instinct to somehow segregate them from the builtin NixOS options. Let's say my initials are "RK". I could make them all sub-attributes of the "RK" attribute.

rk.visuals.useDarkMode

rk.usePrivateMode

I feel like this is either a really good idea or an antipattern. I would like your opinions on what you think of it and why.

If given the option, which route do you go? I have services running in both, and I'll often just do whats easier. I dont really notice a different in performance the configuration for containers is simple enough I don't mind it.

I also wish there was a nix function that parsed a docker compose and used it for the oci-container config. Then I could use my existing compose files or the ones I find in docs online.

I'm attempting to configure an anonymized DNS service using dnscrypt-proxy2, routed through the Tor network. I believe I have everything needed for it to work, but that does not seem to be the case. The DNS resolution is fine, but it's not being proxied through Tor as desired.

 services.resolved.enable = false;
 services.dnscrypt-proxy2 = {
   enable = true;
   settings = {
     ipv6_servers = config.networking.enableIPv6;
     block_ipv6 = !(config.networking.enableIPv6);
     listen_addresses = ["127.0.0.1:53" "[::1]:53"];
     force_tcp = true;

     use_syslog = false;
     odoh_servers = true;
     require_dnssec = true;
     require_nolog = false;
     require_nofilter = true;

     anonymized_dns = {
       routes = [
         {
           server_name = "*";
           via = ["anon-plan9-dns" "anon-v.dnscrypt.up-ipv4"];
         }
       ];
       skip_incompatible = true;
     };

     sources.public-resolvers = {
       urls = [
         "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
         "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
       ];
       cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
       minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
     };

     block_unqualified = true;
     block_undelegated = true;
     proxy = "socks5://127.0.0.1:9050";
   };
 };

 systemd.services.dnscrypt-proxy2.serviceConfig = {
   StateDirectory = "dnscrypt-proxy";
 };

    useDHCP = false;
    enableIPv6 = true;
    nameservers = [
      "127.0.0.1"
      "::1"
    ];
    networkmanager.enable = true;
    networkmanager.dns = "none";

  services.tor = {
    enable = true;
    enableGeoIP = false;
    torsocks.enable = true;
    client = {
      enable = true;
    };
  };

This idea is inspired by nixos-mailserver. It was so easy to spin up the mailserver after changing some DNS records and putting in some settings. I thought it might be a good idea to do the same for services that need public, decentralized infrastructure to support. Some ideas include

• Tor relay, or exit node
• Encrypted messaging nodes. It looks like SimpleX chat relies on SMP servers to relay communication
• Crypto miners (I know, I know, but you understand how it fits the “public contribution” usecase)
• Search engines like searxng (I currently use a public instance)
• Libredirect services, like proxy clients for social media

Maybe federated services, but those require more than just the software running on the public internet. Those require moderation and long term maintenance. Ideally, the services in this config would be ephemeral.

Does this sound like a good idea? Would you spin one of these up on a $10 VPS? I understand that this is the NixOS community, not necessarily the privacy community, but I figured thered be overlap.

What other services do you think would be applicable?

I want to install a package, I lookup for the package here https://search.nixos.org/packages? I can find multiple versions. two that sound right, two sound like rubbish and one is a plugin for something. How do I decide which of the two good sounding packages I should choose? What if the package or even both not work? How do I know that it is up to date? How do I know that it will be updated in a timely manner? Can I update it?

I've tried just about every type of setup I can find for a nix shell with python.

I don't want to purely use nixpkgs for a lack of some packages and broken packages. I'm trying to use pyside6, but not everything in pyside6 is provided by the package, e.g. tools like uic.

Attempting to use a venv as normal leads to a disconnect between the env and system with libstdc++.so.6 unable to be found. There are a various different flakes I've tried to use like the-nix-way/dev-templates#python and others from forum discussions which add stdenv.cc.cc.lib to no avail.

I think the farthest I've gotten is with poetry/poetry2nix, where auto-patchelf warns about missing libQt6 libraries. Running with nix run fails to 'find all the required dependencies' even when adding qt6.qtbase or qt6.full to the packages. This is that flake, taken from the poetry2nix github with an added devshell:

{
  description = "Python application packaged using poetry2nix";

  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
    poetry2nix.url = "github:nix-community/poetry2nix";
  };

  outputs = { self, nixpkgs, poetry2nix }:
    let
      system = "x86_64-linux";  # Adjust for your system
      pkgs = nixpkgs.legacyPackages.${system};
      inherit (poetry2nix.lib.mkPoetry2Nix { inherit pkgs; }) mkPoetryApplication;
    in {
      packages.${system}.default = mkPoetryApplication {
        projectDir = ./.;
      };

      apps.${system}.default = {
        type = "app";
        program = "${self.packages.${system}.default}/bin/app";
      };

      devShells.${system}.default = pkgs.mkShell {
        packages = [ pkgs.poetry ];
        buildInputs = [ pkgs.qt6.qtbase pkgs.qt6.full pkgs.qt6.wrapQtAppsHook ];
      };
    };
}

It seems kind of hopeless to get it working on NixOS. Does anyone have a working setup I could use for inspiration, or any other tips? I love the nix paradigm, but I'm honestly considering distrohopping with all of the trouble.

And others like him that have been ostracized. His mere presence seems to bring out quite negative emotions in people.

Anti Commercial-AI license

cross-posted from: https://awful.systems/post/1746256

Nix project: ban? What ban?

They invited that guy back. I do have to admit, I admire his inability to read a room.

I'm a beginner/intermediate in NixOS and my flake rebuild takes about 25 seconds to be finished. Most of the time is evaluating derivation for some reason and it's getting kinda frustrating having to wait when I want to add a package to my config. Has anyone the same problem or is it normal that it takes this long in Nix?

I've been trying to achieve a working mail setup on nixos by using simple-nixos-mailserver.

  mailserver = {
    enable = true;
    certificateScheme = "acme-nginx";
    enableManageSieve = true;
    fqdn = "email.teatastic.org";
    domains = ["teatastic.org"];
    mailboxes = {
      Drafts = {
        auto = "subscribe";
        specialUse = "Drafts";
      };
      Junk = {
        auto = "subscribe";
        specialUse = "Junk";
      };
      Sent = {
        auto = "subscribe";
        specialUse = "Sent";
      };
      Trash = {
        auto = "no";
        specialUse = "Trash";
      };
    };

    loginAccounts = {
      "[email protected]" = {
        hashedPasswordFile = config.sops.secrets.password.path;
        aliases = ["[email protected]"];
      };
    };

    fullTextSearch = {
      enable = false;
      enforced = "body";
      indexAttachments = true;
      memoryLimit = 512;
    };

    enableImap = true;
    enablePop3 = true;
    enableImapSsl = true;
    enablePop3Ssl = true;

    virusScanning = false;
  };
  services.roundcube = {
    enable = true;
    package = pkgs.roundcube.withPlugins (
      plugins: [
        plugins.carddav
        plugins.contextmenu
        plugins.custom_from
        plugins.persistent_login
        plugins.thunderbird_labels
      ]
    );
    plugins = [
      "attachment_reminder" # Roundcube internal plugin
      "carddav"
      "contextmenu"
      "custom_from"
      "managesieve" # Roundcube internal plugin
      "newmail_notifier" # Roundcube internal plugin
      "persistent_login"
      "thunderbird_labels"
      "zipdownload" # Roundcube internal plugin
    ];
    #dicts = with pkgs.aspellDicts; [en];
    hostName = config.mailserver.fqdn;
    maxAttachmentSize = 100;
    extraConfig = ''
      $config['smtp_server'] = "tls://${config.mailserver.fqdn}";
      $config['smtp_user'] = "%u";
      $config['smtp_pass'] = "%p";
    '';
  };

  security.acme = {
    acceptTerms = true;
    defaults.email = "[email protected]";
  };

    firewall = {
      enable = true;
      allowedTCPPorts = [
        25 587 143 993 110 995 # Email
        80 # Nginx
      ];
    };

I'm logging in through roundcube, which works as expected. However, when I get to the point of composing an email to somebody, it just starts a "Sending message..." loop without actually sending anything.

I've forwarded the aforementioned ports on my router, yet it fails.

To increase the security of my NAT configuration, I opted to implement port triggering instead of the traditional port forwarding on my router. I chose this approach in order to configure it from my nix configuration.

Specifically, I have enabled port 443 triggering on my router and included the following configuration:

 nftables = {
   enable = true;
   ruleset = ''
     table ip nat {
       chain PREROUTING {
         type nat hook prerouting priority dstnat; policy accept;
         iifname "wlp2s0" tcp dport 443 dnat to 10.100.0.3:443
       }
     }
   '';
 };
 nat = {
   enable = true;
   internalInterfaces = ["lo"];
   externalInterface = "wlp2s0";
   forwardPorts = [
     {
       sourcePort = 443;
       proto = "tcp";
       destination = "10.100.0.3:443";
     }
   ];
 };

Now, after rebuilding, it still does not work and I'm left to wonder why. Are both the NAT and nftables settings even meant to run at the same time?

I've been trying to create a public instance of SearXNG by using NixOS, Cloudflare and Nginx, but I can't seem to make it open to the internet and I've ran out of ideas. Is there anything I'm overlooking?

services.searx = {
    enable = true;
    redisCreateLocally = true;
        limiterSettings = {
      real_ip = {
        x_for = 1;

        ipv4_prefix = 32;
        ipv6_prefix = 56;
      };
    botdetection = {
        ip_limit = {
          filter_link_local = true;
          link_token = true;
        };
        ip_lists = {
          pass_ip = [
            "192.168.0.0/16"
            "fe80::/10"
          ];
          pass_searxng_org = true;
        };
      };
    };
    runInUwsgi = true;
    uwsgiConfig = {
      socket = "/run/searx/searx.sock";
      http = ":8888";
      chmod-socket = "660";
      disable-logging = true;
    };
    settings = {
      general = {
        debug = false;
        instance_name = "SearXNG Instance";
        donation_url = false;
        contact_url = false;
        enable_metrics = false;
      };

      ui = {
        static_use_hash = true;
        theme_args.simple_style = "dark";
        query_in_title = true;
        center_alignment = true;
        results_on_new_tab = false;
      };

      search = {
        safe_search = 2;
        autocomplete_min = 2;
        autocomplete = "duckduckgo";
      };

      server = {
        port = 8888;
        bind_address = "0.0.0.0";
        secret_key = config.sops.secrets.searx.path;
        image_proxy = true;
        method = "GET";

        default_locale = "en";
        default_lang = "en-US";
        base_url = "https://myinstance.org";
        public_instance = true;
      };
      engines = lib.mapAttrsToList (name: value: {inherit name;} // value) {
        "duckduckgo".disabled = false;
        "brave".disabled = true;
      };
      outgoing = {
        request_timeout = 5.0;
        max_request_timeout = 15.0;
        pool_connections = 100;
        pool_maxsize = 15;
        enable_http2 = true;
      };
    };
  };

  services.nginx = {
    enable = true;
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
    virtualHosts = {
      "myinstance.org" = {
        forceSSL = true;
        sslCertificate = config.sops.secrets."SSL-Certificates/Cloudflare/Cert".path;
        sslCertificateKey = config.sops.secrets."SSL-Certificates/Cloudflare/Key".path;
        locations = {
          "/" = {
            extraConfig = ''
              uwsgi_pass unix:${config.services.searx.uwsgiConfig.socket};
            '';
          };
        };
      };
    };
  };

I download and store music in my home folder for my desktop user, but also would like to share it with my jellyfin server, but obviously I cannot select a folder from my home folder as a library folder.

Is there any simple and clean way to make this folder available on a server?

https://github.com/NixNeovim/NixNeovim

I'm getting back into my setup after dualbooting and not touching it for a while. Flakes, home-manager, all that jazz. I was in the middle of messing around with my neovim config, bouncing between nixvim and nixneovim. Can't really remember why I was landing on nixneovim, but I think it had to do with having more 1-to-1 vim options through nix and more available plugins.

Part of this post is just to see what everyone's using, but I also can't copy to the system clipboard for the life of me! No ctrl-shift-v or anything. Oddly enough, ctrl-click-drag will copy a cut-off box of text. In nixneovim there's an option for clipboard, but that's just a string like 'unnamed' or 'unnamedplus', straight from the vim options. Nixvim has the option abstracted in a way that has the register and a provider for the functionality like wl-copy. I don't remember it not working with nixneovim before. That was months ago, though. Hoping someone would have an insight as I've been too deep in the weeds.

Edit: sooooo I just needed xclip in home.packages. I had tried installing it in a nix shell, but maybe that wasn't the right way to test. Doesn't seem to work with wl-clipboard, but I think neovim looks for xclip by default and nixneovim doesn't seem to have a way to give a different provider.

But still, how's everyone doing their neovim shenanigans?

Synology drive doesn't start on boot even though I have it in my bash script like all my other startup programs which load fine. I get the following debug messages when I run synology-drive from terminal:

debug.message: Cannot find path by key "user_cloud_station_app_path"
debug.message: Cannot find path by key "user_cloud_station_data_path"
debug.message: Cannot find path by key "user_cloud_station_working_dir_path"
debug.message: Cannot find path by key "user_cloud_station_drive_ui_path"
QApplication: invalid style override passed, ignoring it.
    Available styles: Windows, Fusion

Mynixos.com doesn't say that I need to include anything special in my configuration.nix file for the synology-drive-client. What am I doing wrong? Are these debug message related to why it's not loading on startup?

Running nixos 24.05 with Hyprland