Nix / NixOS

1777 readers
1 users here now

Main links

Videos

founded 1 year ago
MODERATORS
51
52
 
 

If given the option, which route do you go? I have services running in both, and I'll often just do whats easier. I dont really notice a different in performance the configuration for containers is simple enough I don't mind it.

I also wish there was a nix function that parsed a docker compose and used it for the oci-container config. Then I could use my existing compose files or the ones I find in docs online.

53
9
submitted 4 months ago* (last edited 4 months ago) by [email protected] to c/nix
 
 

I'm attempting to configure an anonymized DNS service using dnscrypt-proxy2, routed through the Tor network. I believe I have everything needed for it to work, but that does not seem to be the case. The DNS resolution is fine, but it's not being proxied through Tor as desired.

 services.resolved.enable = false;
 services.dnscrypt-proxy2 = {
   enable = true;
   settings = {
     ipv6_servers = config.networking.enableIPv6;
     block_ipv6 = !(config.networking.enableIPv6);
     listen_addresses = ["127.0.0.1:53" "[::1]:53"];
     force_tcp = true;

     use_syslog = false;
     odoh_servers = true;
     require_dnssec = true;
     require_nolog = false;
     require_nofilter = true;

     anonymized_dns = {
       routes = [
         {
           server_name = "*";
           via = ["anon-plan9-dns" "anon-v.dnscrypt.up-ipv4"];
         }
       ];
       skip_incompatible = true;
     };

     sources.public-resolvers = {
       urls = [
         "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
         "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
       ];
       cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
       minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
     };

     block_unqualified = true;
     block_undelegated = true;
     proxy = "socks5://127.0.0.1:9050";
   };
 };

 systemd.services.dnscrypt-proxy2.serviceConfig = {
   StateDirectory = "dnscrypt-proxy";
 };
    useDHCP = false;
    enableIPv6 = true;
    nameservers = [
      "127.0.0.1"
      "::1"
    ];
    networkmanager.enable = true;
    networkmanager.dns = "none";
  services.tor = {
    enable = true;
    enableGeoIP = false;
    torsocks.enable = true;
    client = {
      enable = true;
    };
  };
54
 
 

This idea is inspired by nixos-mailserver. It was so easy to spin up the mailserver after changing some DNS records and putting in some settings. I thought it might be a good idea to do the same for services that need public, decentralized infrastructure to support. Some ideas include

  • Tor relay, or exit node
  • Encrypted messaging nodes. It looks like SimpleX chat relies on SMP servers to relay communication
  • Crypto miners (I know, I know, but you understand how it fits the “public contribution” usecase)
  • Search engines like searxng (I currently use a public instance)
  • Libredirect services, like proxy clients for social media

Maybe federated services, but those require more than just the software running on the public internet. Those require moderation and long term maintenance. Ideally, the services in this config would be ephemeral.

Does this sound like a good idea? Would you spin one of these up on a $10 VPS? I understand that this is the NixOS community, not necessarily the privacy community, but I figured thered be overlap.

What other services do you think would be applicable?

55
 
 

I want to install a package, I lookup for the package here https://search.nixos.org/packages? I can find multiple versions. two that sound right, two sound like rubbish and one is a plugin for something. How do I decide which of the two good sounding packages I should choose? What if the package or even both not work? How do I know that it is up to date? How do I know that it will be updated in a timely manner? Can I update it?

56
19
submitted 4 months ago* (last edited 4 months ago) by [email protected] to c/nix
 
 

I've tried just about every type of setup I can find for a nix shell with python.

I don't want to purely use nixpkgs for a lack of some packages and broken packages. I'm trying to use pyside6, but not everything in pyside6 is provided by the package, e.g. tools like uic.

Attempting to use a venv as normal leads to a disconnect between the env and system with libstdc++.so.6 unable to be found. There are a various different flakes I've tried to use like the-nix-way/dev-templates#python and others from forum discussions which add stdenv.cc.cc.lib to no avail.

I think the farthest I've gotten is with poetry/poetry2nix, where auto-patchelf warns about missing libQt6 libraries. Running with nix run fails to 'find all the required dependencies' even when adding qt6.qtbase or qt6.full to the packages. This is that flake, taken from the poetry2nix github with an added devshell:

{
  description = "Python application packaged using poetry2nix";

  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
    poetry2nix.url = "github:nix-community/poetry2nix";
  };

  outputs = { self, nixpkgs, poetry2nix }:
    let
      system = "x86_64-linux";  # Adjust for your system
      pkgs = nixpkgs.legacyPackages.${system};
      inherit (poetry2nix.lib.mkPoetry2Nix { inherit pkgs; }) mkPoetryApplication;
    in {
      packages.${system}.default = mkPoetryApplication {
        projectDir = ./.;
      };

      apps.${system}.default = {
        type = "app";
        program = "${self.packages.${system}.default}/bin/app";
      };

      devShells.${system}.default = pkgs.mkShell {
        packages = [ pkgs.poetry ];
        buildInputs = [ pkgs.qt6.qtbase pkgs.qt6.full pkgs.qt6.wrapQtAppsHook ];
      };
    };
}

It seems kind of hopeless to get it working on NixOS. Does anyone have a working setup I could use for inspiration, or any other tips? I love the nix paradigm, but I'm honestly considering distrohopping with all of the trouble.

57
58
 
 

And others like him that have been ostracized. His mere presence seems to bring out quite negative emotions in people.

Anti Commercial-AI license

59
-5
submitted 5 months ago* (last edited 5 months ago) by recursive_recursion to c/nix
 
 

cross-posted from: https://awful.systems/post/1746256

Nix project: ban? What ban?

They invited that guy back. I do have to admit, I admire his inability to read a room.

60
 
 

I'm a beginner/intermediate in NixOS and my flake rebuild takes about 25 seconds to be finished. Most of the time is evaluating derivation for some reason and it's getting kinda frustrating having to wait when I want to add a package to my config. Has anyone the same problem or is it normal that it takes this long in Nix?

61
 
 

I've been trying to achieve a working mail setup on nixos by using simple-nixos-mailserver.

  mailserver = {
    enable = true;
    certificateScheme = "acme-nginx";
    enableManageSieve = true;
    fqdn = "email.teatastic.org";
    domains = ["teatastic.org"];
    mailboxes = {
      Drafts = {
        auto = "subscribe";
        specialUse = "Drafts";
      };
      Junk = {
        auto = "subscribe";
        specialUse = "Junk";
      };
      Sent = {
        auto = "subscribe";
        specialUse = "Sent";
      };
      Trash = {
        auto = "no";
        specialUse = "Trash";
      };
    };

    loginAccounts = {
      "[email protected]" = {
        hashedPasswordFile = config.sops.secrets.password.path;
        aliases = ["[email protected]"];
      };
    };

    fullTextSearch = {
      enable = false;
      enforced = "body";
      indexAttachments = true;
      memoryLimit = 512;
    };

    enableImap = true;
    enablePop3 = true;
    enableImapSsl = true;
    enablePop3Ssl = true;

    virusScanning = false;
  };
  services.roundcube = {
    enable = true;
    package = pkgs.roundcube.withPlugins (
      plugins: [
        plugins.carddav
        plugins.contextmenu
        plugins.custom_from
        plugins.persistent_login
        plugins.thunderbird_labels
      ]
    );
    plugins = [
      "attachment_reminder" # Roundcube internal plugin
      "carddav"
      "contextmenu"
      "custom_from"
      "managesieve" # Roundcube internal plugin
      "newmail_notifier" # Roundcube internal plugin
      "persistent_login"
      "thunderbird_labels"
      "zipdownload" # Roundcube internal plugin
    ];
    #dicts = with pkgs.aspellDicts; [en];
    hostName = config.mailserver.fqdn;
    maxAttachmentSize = 100;
    extraConfig = ''
      $config['smtp_server'] = "tls://${config.mailserver.fqdn}";
      $config['smtp_user'] = "%u";
      $config['smtp_pass'] = "%p";
    '';
  };

  security.acme = {
    acceptTerms = true;
    defaults.email = "[email protected]";
  };
    firewall = {
      enable = true;
      allowedTCPPorts = [
        25 587 143 993 110 995 # Email
        80 # Nginx
      ];
    };

I'm logging in through roundcube, which works as expected. However, when I get to the point of composing an email to somebody, it just starts a "Sending message..." loop without actually sending anything.

I've forwarded the aforementioned ports on my router, yet it fails.

62
19
Nix as a WebAssembly build tool (determinate.systems)
submitted 5 months ago by starman to c/nix
63
17
submitted 5 months ago* (last edited 5 months ago) by [email protected] to c/nix
 
 

To increase the security of my NAT configuration, I opted to implement port triggering instead of the traditional port forwarding on my router. I chose this approach in order to configure it from my nix configuration.

Specifically, I have enabled port 443 triggering on my router and included the following configuration:

 nftables = {
   enable = true;
   ruleset = ''
     table ip nat {
       chain PREROUTING {
         type nat hook prerouting priority dstnat; policy accept;
         iifname "wlp2s0" tcp dport 443 dnat to 10.100.0.3:443
       }
     }
   '';
 };
 nat = {
   enable = true;
   internalInterfaces = ["lo"];
   externalInterface = "wlp2s0";
   forwardPorts = [
     {
       sourcePort = 443;
       proto = "tcp";
       destination = "10.100.0.3:443";
     }
   ];
 };

Now, after rebuilding, it still does not work and I'm left to wonder why. Are both the NAT and nftables settings even meant to run at the same time?

64
21
submitted 5 months ago* (last edited 5 months ago) by [email protected] to c/nix
 
 

I've been trying to create a public instance of SearXNG by using NixOS, Cloudflare and Nginx, but I can't seem to make it open to the internet and I've ran out of ideas. Is there anything I'm overlooking?

services.searx = {
    enable = true;
    redisCreateLocally = true;
        limiterSettings = {
      real_ip = {
        x_for = 1;

        ipv4_prefix = 32;
        ipv6_prefix = 56;
      };
    botdetection = {
        ip_limit = {
          filter_link_local = true;
          link_token = true;
        };
        ip_lists = {
          pass_ip = [
            "192.168.0.0/16"
            "fe80::/10"
          ];
          pass_searxng_org = true;
        };
      };
    };
    runInUwsgi = true;
    uwsgiConfig = {
      socket = "/run/searx/searx.sock";
      http = ":8888";
      chmod-socket = "660";
      disable-logging = true;
    };
    settings = {
      general = {
        debug = false;
        instance_name = "SearXNG Instance";
        donation_url = false;
        contact_url = false;
        enable_metrics = false;
      };

      ui = {
        static_use_hash = true;
        theme_args.simple_style = "dark";
        query_in_title = true;
        center_alignment = true;
        results_on_new_tab = false;
      };

      search = {
        safe_search = 2;
        autocomplete_min = 2;
        autocomplete = "duckduckgo";
      };

      server = {
        port = 8888;
        bind_address = "0.0.0.0";
        secret_key = config.sops.secrets.searx.path;
        image_proxy = true;
        method = "GET";

        default_locale = "en";
        default_lang = "en-US";
        base_url = "https://myinstance.org";
        public_instance = true;
      };
      engines = lib.mapAttrsToList (name: value: {inherit name;} // value) {
        "duckduckgo".disabled = false;
        "brave".disabled = true;
      };
      outgoing = {
        request_timeout = 5.0;
        max_request_timeout = 15.0;
        pool_connections = 100;
        pool_maxsize = 15;
        enable_http2 = true;
      };
    };
  };
  services.nginx = {
    enable = true;
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
    virtualHosts = {
      "myinstance.org" = {
        forceSSL = true;
        sslCertificate = config.sops.secrets."SSL-Certificates/Cloudflare/Cert".path;
        sslCertificateKey = config.sops.secrets."SSL-Certificates/Cloudflare/Key".path;
        locations = {
          "/" = {
            extraConfig = ''
              uwsgi_pass unix:${config.services.searx.uwsgiConfig.socket};
            '';
          };
        };
      };
    };
  };
65
 
 

I download and store music in my home folder for my desktop user, but also would like to share it with my jellyfin server, but obviously I cannot select a folder from my home folder as a library folder.

Is there any simple and clean way to make this folder available on a server?

66
19
submitted 5 months ago* (last edited 5 months ago) by [email protected] to c/nix
 
 

https://github.com/NixNeovim/NixNeovim

I'm getting back into my setup after dualbooting and not touching it for a while. Flakes, home-manager, all that jazz. I was in the middle of messing around with my neovim config, bouncing between nixvim and nixneovim. Can't really remember why I was landing on nixneovim, but I think it had to do with having more 1-to-1 vim options through nix and more available plugins.

Part of this post is just to see what everyone's using, but I also can't copy to the system clipboard for the life of me! No ctrl-shift-v or anything. Oddly enough, ctrl-click-drag will copy a cut-off box of text. In nixneovim there's an option for clipboard, but that's just a string like 'unnamed' or 'unnamedplus', straight from the vim options. Nixvim has the option abstracted in a way that has the register and a provider for the functionality like wl-copy. I don't remember it not working with nixneovim before. That was months ago, though. Hoping someone would have an insight as I've been too deep in the weeds.

Edit: sooooo I just needed xclip in home.packages. I had tried installing it in a nix shell, but maybe that wasn't the right way to test. Doesn't seem to work with wl-clipboard, but I think neovim looks for xclip by default and nixneovim doesn't seem to have a way to give a different provider.

But still, how's everyone doing their neovim shenanigans?

67
 
 

Synology drive doesn't start on boot even though I have it in my bash script like all my other startup programs which load fine. I get the following debug messages when I run synology-drive from terminal:

debug.message: Cannot find path by key "user_cloud_station_app_path"
debug.message: Cannot find path by key "user_cloud_station_data_path"
debug.message: Cannot find path by key "user_cloud_station_working_dir_path"
debug.message: Cannot find path by key "user_cloud_station_drive_ui_path"
QApplication: invalid style override passed, ignoring it.
    Available styles: Windows, Fusion

Mynixos.com doesn't say that I need to include anything special in my configuration.nix file for the synology-drive-client. What am I doing wrong? Are these debug message related to why it's not loading on startup?

Running nixos 24.05 with Hyprland

68
26
submitted 5 months ago* (last edited 5 months ago) by [email protected] to c/nix
 
 

I updated my NixOS on WSL starter template for NixOS 24.05 and created a fresh walkthrough video.

WSL is how I first got started with NixOS (and now I use it to manage more servers and machines than I can keep track of!) and I'm a big proponent of being able to quickly spin up a simple flake with a relatively flat structure where people can play around with settings to come up with something they feel comfortable applying to a bare metal machine at a later point in time.

69
 
 

I am arch user by now. Tried nix package manager on it and learning nix thee days. I was thinking of switching to nix as I was not able to replicate that much Declarativeness on my setup. But barrier is almost Everything Nix is on Github,Something which somehow belong to Microsoft and is not good for privacy.

So can Nix community host a Gitlab or forgejo or Something else as an alternative or maybe permanently move it (so that I can switch to nix)?

70
 
 

I recently tried switching from Arch to NixOS and the experience I had can best be described as apalling. I have not had a new user experience this bad since my first dip into Ubuntu dependency hell back in 2016. I'd like to preface this by saying I've been a Linux user in one form or another for almost half my life at this point, and in that time this may well be the most I've struggled to get things to work.

Apparently they have this thing called home-manager which looks pretty cool. I'd like to give that a shot. Apparently I have to enable a new Nix channel before I can install it. I'm guessing that's the equivalent of a PPA? Well, alright. nix-channel --add ..., nix-channel --update (oh, so it waits until now to tell me I typo'd the URL. Alright), and now to run the installation command and... couldn't find home-manager? Huh?? I just installed it. I google the error message and apparently you have to reboot after adding a new nix-channel and doing nix-channel --update before it will actually take effect, and the home-manager guide didn't tell me that. Ah well, at least it works now.

I didn't want to wait for KDE and its 6 morbillion dependencies to download, so I opted for Weston. It wasn't a thing in configuration.nix (programs.weston.enable=true; threw an error and there was no page for it on the NixOS wiki), but it was available in nix-env (side note: why does nix-env -i take upwards of 30 seconds just to locate a package?), so I installed it, tried to run it, and promptly got an inscrutable "Permission denied" error with one Google result that had gone unresolved. Oh well, that's alright, I guess that's not supported just yet -- I'll install Sway instead. Great, now I have a GUI and all I need is a browser. nix-env -i firefox gave me the firefox-beta binary which displayed the crash reporter before even opening a browser window. Okay, note to self: always use configuration.nix. One programs.firefox.enable=true; and one nixos-rebuild switch later, I'm off to the races. Browser is up and running. Success! Now I'd like to install a Rust development environment so I can get back to work. According to NixOS wiki, I can copy paste this incantation into a shell.nix file and have rustup in there. Cool. After resolving a few minor hangups regarding compiler version, manually telling rustc where the linker is, and telling nix-shell that I also need cmake (which was thankfully pretty easy), I'm met with a "missing pkg-config file for openssl" error that I have absolutely no idea how to begin to resolve.

I'm trying to stick with it, I really am -- I love the idea that I can just copy my entire configuration to a brand new install by copying one file and the contents of my home directory and have it be effectively the same machine -- but I'm really struggling here. Surely people wouldn't rave about NixOS as much as they do if it was really this bad? What am I doing wrong?

Also unrelated but am I correct in assuming that I cannot install KDE without also installing the X server?

71
46
submitted 5 months ago by [email protected] to c/nix
72
 
 

My solution:

let

  nixFilesInDirectory = directory:
    (
      map (file: "${directory}/${file}")
      (
        builtins.filter
          (
            nodeName:
              (builtins.isList (builtins.match ".+\.nix$" nodeName)) &&
              # checking that it is NOT a directory by seeing
              # if the node name forcefully used as a directory is an invalid path
              (!builtins.pathExists "${directory}/${nodeName}/.")
          )
          (builtins.attrNames (builtins.readDir directory))
      )
    );

  nixFilesInDirectories = directoryList:
    (
      builtins.concatMap
        (directory: nixFilesInDirectory directory)
        (directoryList)
    );
  # ...
in {
  imports = nixFilesInDirectories ([
      "${./programs}"
      "${./programs/terminal-niceties}"
  ]);
  # ...
}

snippet from the full source code: quazar-omega/home-manager-config (L5-L26)

credits:


I'm trying out Nix Home Manager and learning its features little by little.
I've been trying to split my app configurations into their own files now and saw that many do the following:

  1. Make a directory containing all the app specific configurations:
programs/
└── helix.nix
  1. Make a catch-all file default.nix that selectively imports the files inside:
programs/
├── default.nix
└── helix.nix

Content:

{
  imports = [
    ./helix.nix
  ];
}
  1. Import the directory (picking up the default.nix) within the home-manager configuration:
{
  # some stuff...
  imports = [
    ./programs
  ];
 # some other stuff...
}

I'd like to avoid having to write each and every file I'll create into the imports of default.nix, that kinda defeats the point of separating it if I'll have to specify everything anyway, so is there a way to do so? I haven't found different ways to do this in various Nix discussions.


Example I'm looking at: https://github.com/fufexan/dotfiles/blob/main/home/terminal/default.nix

My own repository: https://codeberg.org/quazar-omega/home-manager-config

73
 
 

Hi,

I want to sort my bookmarks in Firefox with home-manager into folders, but fail.

Simple example:

firefox = {
      profiles."user" = {
        bookmarks = [
          {
            name = "Nix";
            toolbar = true;
            bookmarks = [
              {
                name = "NixOS Search";
                url = "https://search.nixos.org/packages";
              }
              {
                name = "NixOS Options";
                url = "https://nixos.org/manual/nixos/unstable/options";
              }
              {
                name = "Home-Manager Options";
                url = "https://nix-community.github.io/home-manager/options.xhtml";
              }
              {
                name = "Home-Manager Options Search";
                url = "https://home-manager-options.extranix.com/";
              }
            ];
          }
        ];
      };

My assumption was that I get a folder "Nix" in the bookmarks toolbar that contains the four bookmarks. But instead the four bookmarks are added to the toolbar side-by-side without being in a folder.

How can I achieve that?

74
 
 

Hello you all, so basically i installed Nix in my machine, and i wanted a way to install packages, with nix-env --install, and those packages share with the root account, i was reading about nix multi-user and i'm gonna be honest, i didn't understood shit, i need to enable daemon for both root and my user?, or this only works between users, not root?, etc. thanks for any answer!

75
 
 

Power on my dell laptop is getting wonky so I'm pulling the thinkpad x201 out of retirement. Hadn't booted it since 2019! For some reason the wifi wasn't working so connected it to wired ethernet.

Updated the channel to 23.11 and did nixos-rebuild switch. Had to fix a few things where packages no longer exist or options have changed. Rebooted and wifi is working now!

What other OS could you upgrade like that?

view more: ‹ prev next ›