NixOS

tags

Linux

• See Nix from the bottom up  (Best explanation)
  • Possibly flake best explanation: Practical Nix flake anatomy: a guided tour of flake.nix | Vladimir Timofeenko’s blog 
  • Explanation of overlays: Mastering Nixpkgs Overlays: Techniques and Best Practice 
• https://zaynetro.com/explainix

https://nixos-and-flakes.thiscute.world/

Building static binaries in Nix — kokada 

FAQ

TODO NixOS Module vs Flake

• NixOS module is a function: output is an attribute set `imports`, `options`, and `config`.
• Flake we have inputs and outputs

Tools

• https://nixpkgs-tracker.ocfox.me/?pr=358586

Flakes?

/u/ElvishJerricco gave a explanation that finally clicked it for me.

and

Flakes for noobs - Help - NixOS Discourse 

Pain points

• Installing ruff via pip on NixOs does not work · Issue #1699 · astral-sh/ruff · GitHub 
• Thankful for autoPatchelfHook for library dependency tweaks - Development - NixOS Discourse 

NixOS

• NixOS does away with FHS with nix-store
  • nix-store output = hash of recipie + package name + package version
  • This allows nix-store
    • to have different versions of the same software package
    • to have same version but compiled with different flags aswell!
• Has some FHS stuff to keep things posix compliant, eg /bin/sh, /usr/bin/env, all other stuff goes into /nix/store and everything else gets symlinked from /run/current-system

Module system

Tools

• nixos-option services.interception-tools.plugins to dig down on options available
• home manager options: https://mipmip.github.io/home-manager-option-search/?query=keychain
• https://lazamar.co.uk/nix-versions/

Installing NixOS

Q: With or without flakes? / channels OR flakes? flakes also seem to use channels? WHAT! A: We will choose flakes at whatever points we can. Team flakes.

• Move your NixOS into a Flake! - YouTube 
• Help with transitioning /etc/nixos to a flake setup - Help - NixOS Discourse 

Remote machines (Servers/VMs etc)

Meta

• Options we have

  Option	Description	Pros	Cons
  nixinfect
  nixosanywhere
  official nixos ami	Simple installation, management via something like colmena
  official nixos ami + user-data			config at max can be 16k, on every boot it’ll build
  official nixos ami + customized via packer	See this  and this	This will prevent nixos-rebuild on every boot and make boot faster	Have to store the AMI somewhere, S3?
  official nixos ami + customized via nixos-generator	it’s packer vs doing via nixos-generator  , example w flakes	Official way of doing it for nixos compared to using packer
  custom iso	nixos-generator helps generate iso  /ami

• cloud-init / user-data

  • Seems cloud-init (See LXC & LXD ) is not preferred/supported  in nixos
  • But we need user-data when launching new scripts!
  • For that reason we have amazon-init  but it has limitations like it doesn’t support gzip  like cloud-init. So your configuration.nix has to be <16k for now.
    • The fetch-ec2-metadata service in NixOS fetches user data from IMDS and stores in /etc/ec2-metadata/user-data.
    • The amazon-init service inspects the downloaded user data and tries to detect a script or Nix expression.
    • So basically we can have nix expression as user-data in aws  and things should work.
    • If you’re using secrets here, can use something like sops w/ kms.

• Managing secrets with user-data

  • Secrets manager can be used, but parameter store is free so that can be used as-well, the instance just has to be started with the correct iam roles etc. Then use aws cli to pull in secrets.
  • See What is the best possible way to pass API key for AWS EC2 user data script - Stack Overflow 
  • For something like nixos, it can be a one-off systemd unit file and script

• Installing to a different architecture

  • Cross Build x86_64-ami on aarch64 using nixos-generators - #5 by McRaeAlex - Help - NixOS Discourse 

Hetzner

• nix-parts vs nix-utils

  • vanilla: I’m a big fan of this pattern: devShells = builtins.mapAttrs (system: pkgs: { default = adsfasdf asdfsadfa asdfasdf; }) inputs.nixpkgs.legacyPackages; No framework required.

• Installing nixos on hetzner

  • way1: ssh into ubuntu and manually install nixos
  • way2: hetzner cloud provides nixos iso  , we can mount it and install it
  • way3: nix infect 
  • way4: nix anywhere, example repo 
  • way5: nix anywhere with terraform

• way5: nix-anywhere with terraform

  • First we need to setup a fresh ubuntu server using normal hcloud tf modules
  • Build on remote was not working
    • So I was like fuck it, nix-everywhere and tf is out of the syllabus. I also don’t like how tf is being used to provision, i’d much prefer using nix-everywhere directly via makefile/bashscript or via ansible
    • Catch is that we’re using ARM here
    • Installing using the --build-on-remote flag worked. Butt switch had issues
    • So i tried doing rebuild switch
      • issues: https://github.com/NixOS/nixpkgs/issues/177873
      • nixos-rebuild switch --flake .#hetzner-cloud-aarch64 --build-host 0x0 --target-host 0x0 --fast is taking a looong time idk why
  • ERRR: Seems like issues :(
  • VERDICT: I think we can use this only for install?
    • I still want to be controlling the nix-rebuild for a remote machine from my local machine

• Notes

  • Seems like the book nixos-in-production is using AMI ? from: https://github.com/NixOS/nixpkgs/tree/master/nixos/modules/virtualisation

AWS

• AWS EC2

• AWS when using Auto Scaling Group (Need complete automation)

• Custom AMI

  aws ec2 modify-instance-attribute --instance-id "i-07d9ab8e3d893da34" --ena-support
  

NixOs and non-nixos compatibility

• At the Mountains of Madness | Lobsters 

Gotchas

• /tmp
  • https://www.reddit.com/r/NixOS/comments/ozb9ov/does_nixos_cleanup_tmp_by_default/

Package manager usage

nix-env

• nix-env tool manages environments, profiles and their generations.
• nix-env -i installs stuff
• Using this is an anti-pattern, we go back to what we had before in non nixos. One global package for everything.

nix-shell

• It only provides a bash shell, but that’s mostly all you need.
• Ephemeral
  • This allows us to do shit like nix-shell -p go1.16 -p nodejs23 and then nix-shell -p go1.20 -p ruby3 and it’ll just spin up those environments for us without polluting them in the global namespace.
• Reusable environments
  • This is nice, picks shell.nix / default.nix from current directory
  • Same idea of ephemeral but now into a file and now can be re-produced anywhere

Packaging

Golang packages

• How do I use buildGoModule? Maybe I’m dumb but I can’t figure it out - Help - NixOS Discourse 
  • Summary: use buildGoModule and use lib.fakeHash when we don’t know the hash

Ref links

• An unordered list of hidden gems inside NixOS | Lobsters 
• 2. Run a program with Nix  (zero 2 nix)
• Nix revisited - Charlotte’s notes 
• Introduction to Nix & NixOS | NixOS & Flakes Book  (Book)
• Erase your darlings: immutable infrastructure for mutable systems 
• Packaging/Quirks and Caveats - NixOS Wiki 
• Nix By Example | <fun> 
• Nix shell template | Lobsters 
• Packaging/Binaries - NixOS Wiki 
• Jonathan Lorimer 
• Understanding Nix Inputs #nix · GitHub 
• https://github.com/nix-community/disko
• https://galowicz.de/2023/04/05/single-command-server-bootstrap/
• Setup
  • C++ with Nix in 2023, Part 1: Developer Shells 
  • Nix: my workflow Brian McGee 
  • Process Compose: a scheduler/orchestrator to manage non-containerized applica… 
  • An Overview of Nix in Practice | Hacker News 
  • Organizing system configs with NixOS 
• Flakes
  • [-] Some notes on nix flakes | Lobsters 
  • [-] Nix Flakes is an experiment that did too much at once… | Lobsters 
  • [-] Flakes aren’t real and cannot hurt you: a guide to using Nix flakes the non-flake way - jade’s www site 
• Devops
  • [-] https://github.com/pdtpartners/nix-snapshotter
  • [-] https://nixery.dev/
  • [-] Making NixOS modules for fun and (hopefully) profit - Xe Iaso 
  • [-] Strategies for deploying things on NixOS | Lobsters 

Nix in Infra and Devops

Resources

• A Comprehensive Guide to End-to-End-Declarative Deployment with Terraform and Nix  (NixOS and Terraform )
• Some notes on NixOS | Lobsters 
• A faster dockerTools.buildImage prototype · 
• Self-hosting Mastodon on NixOS, a proof-of-concept 
• Grafana + Prometheus + Grafana Loki with Nixops example 
• Managing infrastructure with Terraform, CDKTF, and NixOS 

Libraries/Tools

• nix-community/nixos-generators 
• Mic92/sops-nix 
• GitHub - DBCDK/morph: NixOS deployment tool 
• NixOS/nixops 
  • GitHub - NixOS/nixops-aws 
• nix-community/vulnix 

Testing

• Saved by NixOS Integration Tests, Surprisingly - Andreas Fuchs’ Journal 

TODO NixOS, Flakes and Home-manager for laptop

Want to do it proper this time around, will need a day or two.

• https://github.com/maralorn/nix-output-monitor
• https://github.com/yelite/lite-system/blob/main/flake-module.nix
• https://github.com/fufexan/dotfiles/tree/main
• https://www.reddit.com/r/NixOS/comments/11zm210/splitting_nix_flake_into_modules/
• https://www.reddit.com/r/NixOS/comments/10jikmp/looking_for_a_nixos_tutorial_starting_with_home/
• https://www.reddit.com/r/NixOS/comments/v2xpjm/big_list_of_flakes_tutorials/
• https://tonyfinn.com/blog/nix-from-first-principles-flake-edition/
• https://www.youtube.com/watch?v=AGVXJ-TIv3Y
• This very nice
  • https://github.com/hawkw/flake/tree/main

Flake

• Making a dev shell with nix flakes 

Nix & WebAssembly

• Nix as a WebAssembly build tool | Lobsters 

Combinations

Nix and Nvidia

https://github.com/NixOS/nixpkgs/issues/254614 https://nixos.wiki/wiki/Nvidia (nixos specialization kde/sway)

Nix and Playwright

Which playeight to go with?

• According to this  thread, playwright-node is more feature-full than playwright-python.
• I personally would prefer to use the node version because eitheway you’d need to interfact with the page and you’ll need js for that reason etc.

nixpkgs playwright vs npm install & browser

• Two things
  • Installing playwright
  • Installing playwright browsers
• Installing playwright
  • Both cases would work, installing playwright from nixpkgs  , which installs the python version of playwright. i.e playwright-python instead of playroght-node
  • If you want playwright-node you can install using npm just like you’d install any other package. But only thing you need to make sure is to NOT install the browsers though this npm installed version of playwright.
    • i.e playwright install won’t work
• Installing playwright browsers
  • If you try to install the browsers using the playwright cli installed using npm, it’ll not work because playwright doesn’t know how to install things in nixos.
  • So you install playwright-browser from nixpkgs 
• Final working setup for me
  • Install browsers via playwirght-browser nixpkgs
  • Make sure it’s the same version that i’ve installed via npm for the playwright npm package. (Here I installed the node variant of playwright)
  • Everything works now.
  • Additionally I’ve to figure out Typescript setup for playwright now.

Windows x NixOS

{config, pkgs, ... }: {
  programs.dconf.enable = true;
  users.users.gcis.extraGroups = [ "libvirtd" ];
  environment.systemPackages = with pkgs; [ virt-manager virt-viewer spice spice-gtk spice-protocol win-virtio win-spice gnome.adwaita-icon-theme ];
  services.spice-vdagentd.enable = true;

  virtualisation = {
    libvirtd = {
      enable = true;
      qemu = { swtpm.enable = true; ovmf.enable = true; ovmf.packages = [ pkgs.OVMFFull.fd ]; };
    };
    spiceUSBRedirection.enable = true;
  };
}

{ pkgs, username, ... }:
{
  virtualisation = {
    libvirtd = {
      enable = true;
      qemu = {
        package = pkgs.qemu_kvm;
        swtpm.enable = true;
        ovmf.enable = true;
        ovmf.packages = [ pkgs.OVMFFull.fd ];
      };
    };
    spiceUSBRedirection.enable = true;
  };

  users.users.${username}.extraGroups = [ "libvirtd" ];

  environment.systemPackages = with pkgs; [
    spice
    spice-gtk
    spice-protocol
    virt-viewer
    #virtio-win
    #win-spice
  ];
  programs.virt-manager.enable = true;

  home-manager.users.${username} = {
    dconf.settings = {
      "org/virt-manager/virt-manager/connections" = {
        autoconnect = [ "qemu:///system" ];
        uris = [ "qemu:///system" ];
      };
    };
  };
}

Virtualization resources

• See Virtualization
• https://www.reddit.com/r/VFIO/wiki/index
• https://www.reddit.com/r/VFIO/comments/12nfck3/what_is_vfio/
• https://www.reddit.com/r/NixOS/comments/177wcyi/best_way_to_run_a_vm_on_nixos/
• https://nixos.mayflower.consulting/blog/2020/06/17/windows-vm-performance/
• https://www.google.com/search?q=nix+windows+vifo+quemu&sca_upv=1
• https://www.reddit.com/r/kvm/comments/xuvdm4/virtio_with_opengl_video_is_slower_than_qxl_on/
• https://discourse.nixos.org/t/nix-on-windows/1113
• https://github.com/quickemu-project/quickemu?tab=readme-ov-file
• https://astrid.tech/2022/09/22/0/nixos-gpu-vfio/