Nix / NixOS

• https://github.com/notthebee/nix-config
• https://github.com/notthebee/nix-config/tree/main/homelab/services

As the title says. Want that i can have a single config for my systems and just require a single line to install and configure software which i always use in a bundle(office, specific programming applications, server applications,...).

https://pastebin.com/30Bh23EV and this:

  DVfio.configuration = {
        systemd.tmpfiles.rules = [
          "f /tmp/enable-vfio-switch 0644 spiderunderurbed users -"
        ];
        environment.variables = {
          KWIN_DRM_DEVICES = lib.mkForce "";
        };
        environment.extraInit = ''
                export KWIN_DRM_DEVICES=$(${vfio}/bin/vfio)
        '';
  };

So there is a issue with my configuration, so, you dont really need to understand nix, just like, look at my qemu hook script, its in plain sh, and the stuff above might be self explanitory, the issue is, my nvidia drivers are still being used, despite, setting KWIN_DRM_DEVICES to card0 so the logs of libvirtd looks something like this: https://pastebin.com/TaKrsY9S if setting kwin_drm_devices to my gpu card does not work, i dont know what does and can use help

The situation: you're trying to build something, but one of your configured substituters (a.k.a binary caches) is either offline, or having a moment of being very slow. Nix doesn't automatically time out, and skip that cache. No, you just can't build. You want to disable the problem cache so you can get on with your life. But since you use NixOS you need to run nixos-rebuild to update your substituter settings. A rebuild means hitting the problem cache...

When I've run into this problem I've thought, "I really need a way to selectively disable a cache in the nix build command." Previously I've had a hard time searching for such an option. Today I found it! Here it is:

$ nix build --option substituters "https://cache.nixos.org/ https://nix-community.cachix.org/"

or

$ nixos-rebuild build --option substituters "https://cache.nixos.org/ https://nix-community.cachix.org/"

The flag --option overrides settings that are normally read from /etc/nix/nix.conf. The idea here is instead of specifying a cache to disable, you list all of the caches that you do want to use.

Unless you are running as a "trusted user" you can't use this method to use substituters that aren't already configured because that would be a security problem. That means that substituter URLs need to be exactly the same as they are specified in /etc/nix/nix.conf including query parameters like ?priority.

I run into the misbehaving cache problem in two situations:

• From time to time I get an error from cachix. I think it might be something like the cache claims to have a store path, but then actually downloading it fails. I'm not sure. Anyway the cache error makes the whole build command fail.
• Sometimes garnix, as helpful as it is for avoiding expensive rebuilds on my slow laptop, gets very slow serving large packages like slack and google-chrome. These are unfree so they aren't cached on cache.nixos.org which usually takes precedence over garnix for unmodified nixpkgs packages. But since I build my nixos config on garnix the unfree packages do get cached there. I could wait all day for my nixos rebuild, or I could bypass the cache, download binaries from their original URLs, and be done in seconds.

Hello!

I'm getting back into NixOS again and i want to refactor my config heavily. Does anyone have any tips, advice or criticism on it? TIA.

https://codeberg.org/fxomt/nixos

cross-posted from: https://lemmy.world/post/27854420

On fediverse at @[email protected]

cross-posted from: https://lemmy.world/post/27825913

Click for comprehensive shownotes with detailed links

• Linuxfest Northwest
• Audience Suggestion - Forgejo
• Television Fuzzy Finder
• Uptime Kuma- Monitoring
• Dockje - Docker Compose Manager
• Homebox - Inventory Management
• Ameridroid Sponsor
• Whisper AI - Speech to Text
• Themio Stereotool
• scp - SSH based Copy
• ffmpeg audio extraction
• Getting a New Laptop
• Ubuntu adopting uutils
• Podcasting 2.0 support - State of the Podcast
• Spread the Word! Help promote the show. Send in feedback.

If you enjoy the show, please help spread the word. Thanks!

Edit: It was a portal error. needed to add xdg-portal-hyprland to extraPortals option. [nixos + hyprland user]

Plz help! I am enclosing related files

dotfiles - contain all nixos and firefox configs

firefox file - I don't think this file is the problem

In very short, I have a NixOS install with an /etc/fstab using UUIDs. However, my bulk drive died. I have backups, the data is not the problem.

But I can't boot NixOS without the drive. It throws me into an emergency shell, in which I can't edit /etc/fstab (read-only FS) and since I'm in emergeny mode, nixos rebuild doesn't work either (seems to be mostly a network issue).

So, what's the best, non-reinstalling way to fix that?

I’ve recently discovered nixos containers and was wondering if there where any pros/cons of running them vs. Docker containers. Like if one needs to run a containerised service, would it be better to run it as a nixos container or a docker container in terms of resource consumption? And are there any limitations of each approach?

I am attempting to configure the Tor daemon on nix-darwin. There is unfortunately no services.tor on this platform (yet ! maybe I'll port it from nixOS once I know enough Nix to do that)

I could manage it with homebrew, however, that seems like a sub-par solution, effectively moving tor entirely out of the nix store.

I have installed the package in my flake, and I would like to link a torrc config file to the right directory /etc/tor. However, when done with environment.etc, the file is linked to the general /etc outside of the store, where tor cannot find it.

How can I link this file inside tor's own /etc in the store, so it can use the configuration ?

Link to my config repo fixed at the current commit

Really cool Nix idea which could improve incremental builds and replaces IFD (import from derivation) in some instances.

The article poses it as an alt to the lang2nix pattern, but some of functions look rather challenging to understand? Do you think this might allow nixpkgs upstream to support more languages / build systems performantly out of the box, abstracting away the complexity from Nix users?

I'm on unstable and updated my flake.lock and 2 of my Steam games stopped working: Tiny Tina's Wonderlands and Elden Ring. Rolled back to my previous generation and they work again.

Is there a way to roll through nixpkgs commits to find the breaking commit? How do I gather the logs they will need and where should I report it to?

Hello, everyone! I'm a long time Linux user who has warily stared at NixOS from the safe distance one might give to wild animals on a safari for quite some time now... And I finally decided, "fuck it, I'm gonna poke it with a stick."

I absolutely adore this system, even as strange a paradigm as it is coming from a decade of "traditional" management systems. I haven't been this excited about a Linux distro since... Well, ever really. Maybe OpenSUSE Tumbleweed? I can't recall.

Anyway, I wanted to introduce myself and preach to the choir for a second, so to speak. As someone totally new to this paradigm of system management, what are your #1 must read/watch resources you would recommend? I've perused through the NixOS Learn website over the last couple of days, and I'm itching for more. I can't wait to see what all this system is capable of!

cross-posted from: https://infosec.pub/post/24675194

I think I’ll use this for custom setups for non-techies.

Hi all! I'm new to NixOS and so far I'm loving it! I'm in the middle of the process of "nixifying" all my stuff, and I've found a problem that I've not been able to solve yet: When using LibreWolf on my Mac OS laptop, I can easily add exceptions to store cookies from the padlock icon in the search bar, as you can see in the screenshot, so I don't have to re-login to some sites every time I open my browser. The problem is that on my NixOS laptop there is not such an option. I have compared settings in both setups, and they both look the same. I even tried explicitly setting pref.privacy.disable_button.cookie_exceptions to false, but no luck. The option is still not showing in the padlock menu. Here's my LibrefWolf config, in case you are curious.

I know I can manually add exceptions in the settings page, but doing it directly from the search bar is way more convenient.

I searched all around the interwebs before writing this post, but I found nothing. Does anyone know how can I enable this option? Thanks a lot!

I'm rebuilding my home server in nixos.

Rather that configuring the various services natively in nixos, I decided to run containers via virtualisation.oci-containers whenever possible, mostly to be able to independently update the system and the various services.

Everything is going smoothly, but whenever I (for whatever reason) do nixos-rebuild boot and reboot after adding a container instead of nixos-rebuild switch, I run into this issue where podman isn't able to resolve the host (below you see the docker hub host, but it also happened with ghcr.io):

podman-apprise-start[1352]: Trying to pull docker.io/caronc/apprise:1.1.8...
podman-apprise-start[1352]: Pulling image //caronc/apprise:1.1.8 inside systemd: setting pull timeout to 5m0s
podman-apprise-start[1352]: Error: initializing source docker://caronc/apprise:1.1.8: pinging container registry registry-1.docker.io: Get "https://registry-1.docker.io/v2/": dial tcp: lookup registry-1.docker.io: no such host

I thought that my podman-* services were missing a dependency on network-online and that they were started before the network was available, but it is't the case:

# systemctl list-dependencies podman-apprise.service 
podman-apprise.service
● ├─system.slice
● ├─network-online.target
● │ └─systemd-networkd-wait-online.service
● └─sysinit.target
●   ├─dev-hugepages.mount
[...snip...]

Do you happen to know what the issue is?

PS: Manually running systemctl start podman-whatever once fixes the issue, of course, but I wonder if there's a more robust solution?

update:

After investigating based on balsoft input below, the issue seems to be that systemd-networkd-wait-online doesn't behave as expected (by me).

Basically, systemd-networkd-wait-online waits for network interfaces to have a carrier (working ethernet cable) and an IP address. This is what in systemd-networkd docs is called the "degraded" state (no, it doesn't mean that something got worse than before... don't think too much of what "degraded" implies in English).

In my case, I have an interface that is setup via DHCP and that also has static IPs assigned:

$ cat /etc/systemd/network/00-lan1.network 
[Match]
Name=lan1

[Network]
DHCP=ipv4
IPv6AcceptRA=no
LinkLocalAddressing=no

[Address]
Address=192.168.10.10/24

[Address]
Address=192.168.10.99/24

If you are wondering, the reason I do this is that I want static IPs for my dns server and reverse proxy, but I also want my home server to use DHCP to fetch some network-wide configuration which, critically, includes the default route.

Back to the issue: IIUC, since the interface has a non-link-local address (which systemd-networkd confusingly calls a "routable" address), it is immediately considered "routable" (a state that is moar better than "degraded") and so not only it's basically ignored by the default systemd-networkd-wait-online configuration, but even adding

[Link]
RequiredForOnline=routable

to /etc/systemd/network/00-lan1.network doesn't make a difference whatsoever.

For now, my stopgap solution is to explicitly set the default route for the "lan1" network:

[Network]
Gateway=192.168.10.1

this seems to solve the issue with podman and, while the system still thinks to be "online" before being fully configured, it will suffice until I find a more elegant/robust way (ping me in a while if you are interested).

refs:
systemd-networkd-wait-online man page
systemd-networkd docs on "RequiredForOnline"
networkctl man page

Does anyone know of any blogs that center around, or frequently discuss nix? My only subscription in freshRSS is NixOS weekly...and thats long since been abondoned.

It'd be really nice if there was some kind of news or ecosystem summary, so I could know about the newest nix projects as well as official sources.

After about a month of using Nixos, I realized my apps don't use my discrete gpu. I have an intel cpu with integrated graphics and a discrete amd gpu. On windows I had set all apps to use discrete gpu when the laptop was on power. Before I say more, some info for my system:

My main issue is that my bottles apps (bottles is a wine prefix manager) can't run its wine prefixes with a discrete gpu. I have the nixpkgs version of bottles (not the flatpak one which the developer suggests using). Things I've tried:

• Enabling/Disabling the "use discrete graphics" option inside the bottle (only the integrated gpu is being used)
• Launching bottles from command line with DRI_PRIME=1 and bottles opened for a little and then closed, by reporting this:
  terminal output

(process:4413): Gtk-WARNING **: 10:35:38.358: Unknown key gtk-modules in /home/bs/.config/gtk-4.0/settings.ini

(process:4413): Adwaita-WARNING **: 10:35:38.384: Using GtkSettings:gtk-application-prefer-dark-theme with libadwaita is unsupported. Please use AdwStyleManager:color-scheme instead.

(bottles:4413): Gtk-WARNING **: 10:35:39.395: Theme parser warning: style.css:184:3-185:1: Expected ';' at end of block

(bottles:4413): Gtk-WARNING **: 10:35:39.395: Theme parser warning: style-dark.css:23:3-24:1: Expected ';' at end of block
10:35:39 (INFO) Launching with URI: None 
10:35:39 (INFO) [Activate] request received. 
10:35:39 (WARNING) Bottles is only supported within a sandboxed format. Official sources of Bottles are available at: 
10:35:39 (WARNING) https://usebottles.com/download/ 
10:35:39 (WARNING) Please report any issues at: https://github.com/NixOS/nixpkgs/issues 
10:35:39 (INFO) Bottles Started! 

• Launching the game from command line with DRI_PRIME=1 bottles-cli run -p OuterWilds -b Outer_Wilds after having enabled/disabled the "use discrete graphics" option inside the bottle (kept using the integrated graphics instead)
• Launching the game from bottles gui, after using the enviroment variable DRI_PRIME=1 and enabling/disabling the "use discrete gpu" option (kept using the integrated graphics instead)
• Adding the following code to my configuration.nix:

  hardware.graphics = {
  enable = true;
  enable32Bit = true;
  };
  

• Launching the game from bottles gui, after using the enviroment variable DRI_PRIME=1 DXVK_FILTER_DEVICE_NAME="AMD Radeon R5 M445 Series (RADV ICELAND)" and enabling/disabling the "use discrete gpu" option (it told me that I don't have directX11 installed, but the game should run without it according to steamdb)
• Setting KDE power profile from "Balanced" to "Performance"

Note that I can launch native apps with discrete gpu by typing in the terminal DRI_PRIME=1 $program_name, where $program_name is the name of the program I want to launch (like SuperTuxKart).

Is there a way to launch bottle apps with my discrete gpu or at least run all of my apps with my discrete gpu? Some extra related links I found, but didn't solve my issue:

Cross-posted it at the discourse forum

I'm a fan of gaming - my main game is Overwatch. Until this week I've been using xwayland or gamescope to run Wine games which comes with downsides. Xwayland's window management can be buggy - in Gnome I can end up unable to switch back to a game window. Gamescope has some latency and visual artifact issues in my preferred window manager.

But now with the Wine 10 release candidates you can run Wine in native Wayland mode without any special registry settings or anything. And it works very well as far as I can tell! I went through the trouble of figuring out how to get Wine 10 set up on NixOS so I thought I would share.

Wine 10 is currently available in nixos-unstable. The simplest way I've found to get it working for games is to use Lutris, and to install both Lutris and Wine from unstable. To get a complete Wine setup for Lutris use wineWowPackages - for example wineWowPackages.stagingFull. The Full variant includes wine-mono which you'll probably want, and the staging package is the one that worked for me.

I have an overlay that lets me reference unstable packages via pkgs.unstable.${package-name}. With that in place I have this in my NixOS settings:

environment.systemPackages = [
  (pkgs.unstable.lutris.override {
    extraPkgs = pkgs: [
#               ----
#      ↓ same var ↑ 
#     ---- 
      pkgs.wineWowPackages.stagingFull
      pkgs.winetricks
    ];
  })
];

Note that you'll want to use the shadowed pkgs variable introduced in the function given to extraPkgs to reference the wine packages. I think that package set has some extra FHS stuff done to it or something.

If you don't have it already the shortcut for enabling necessary system settings for running games with Vulkan is to enable steam:

programs.steam.enable = true;

You can presumably put the Lutris configuration in Home Manager instead of NixOS by setting home.packages instead of environment.systemPackages. The steam setting needs to be set in NixOS.

When you run Lutris change the Wine runner settings to use the "system default" Wine version, and check the "use system winetricks" toggle.

To make sure that Wine uses Wayland you can unset the DISPLAY environment variable, or set it to an empty string. To do that in Lutris go into the game configuration settings. Under the "System options" tab add an environment variable named DISPLAY, and leave its value empty.

And that's it!

The one issue I've run into is that the Battle.net launcher is a blank black rectangle. The workaround is to run the launcher in gamescope or xwayland, install the game you want, and then re-launch without gamescope in native Wayland. You can start the game you want using the menu from Battle.net's system tray icon so that you don't need to use the launcher UI.

Edit: Thanks @[email protected] for the point about unsetting DISPLAY!

Edit: @[email protected] pointed out that all of the Wine packages on unstable are updated to v10 so I changed the instructions to use stableFull instead of stagingFull.

Edit: stableFull wasn't actually working for me so I switched the instructions back to stagingFull

I've been working on my configuration for a while now using flakes. I can already understand the appeal of flake-parts, and my configuration has always been spread out across multiple files according to specific features. ATM I don't really have any good modules to share, but what's your opinion?

I'm working on small nix flake to standardize the developer environments at my job.

What I'm still missing, however, is a way to clean up after leaving the shell. Some hook to call a shell script, when the shell is closed.

Is there something like this? I thought about wrapping the actual nix develop call inside a bash script and waiting for nix to terminate, but that seems rather hacky.