nixos

So after being a long-time Fedora/RHEL/CentOS/Rocky/etc user, I finally decided to give NixOS a try after the recent RHEL news.

And BOY and I blown away. You can do so much more than I thought possible with automation on NixOS. It's incredible!

Since I"m so new, I do have a question for you all: What's your go-to resource for learning Nix/NixOS?

Thanks!

Hi, I'm new to nix and NixOS and would like to try out the package manager first on a different host OS (I use OpenSUSE Tumbleweed). I want to build KDE Plasma desktop in its own nix environment isolated from the rest of the system and be able to launch a graphical desktop session (requires integration from systemd and d-bus). Do you think that should be possible with nix?

I'm new to Nix and wanted to get my feet wet by using the Nix package manager. However, I wasn't sure how these packages were made. Are these packaged by the community? Who do I need to "trust" when installing these packages? In general, I was looking for info on how nix packages are made and maintained.

Example config linked in readme! My ISP doesn't offer IPv6, so it might not fit your use case well, but it's a setup with multiple routing tables (one for vpn, one for direct internet access, one for no internet access)+multiple network namespaces (default namespace has the vpn interface, wan namespace has the vpn socket)+configured dnat/port forwarding which is hard to get right in such setups. It also takes port forwarding rules from another system's config, which was always my dream before even starting this project lol

"framework" is really the right choice of words because while it's well integrated with itself, it forces you to use itself, it doesn't integrate with networking.interfaces because it itself is a more featureful variant of networking.interfaces.

In my experience, this let me focus on writing the router itself, while previously half the time I felt that NixOS just doesn't provide enough customizability for routers. However, I don't offer many features right now, only device config/network namespace management/bridge creation/veth pair creation/dhcp/router advertisement/wireless access point creation. Obviously, there are many cases for which this won't be enough. If this isn't enough for you, open an issue and I'll try to add what you want (or better yet, do it yourself, as I probably wouldn't be able to test it).

I'm trying to set up Lutris to play games with Wine. I don't understand how I am supposed to install wine runners? Can anyone help?

Edit:* It seems the answer is to install runners through the Lutris UI as usual. The Lutris package runs in an FHS which makes everything work even though the runners are not built for NixOS.

It turns out that what I was missing (I think) was 32-bit DRI support. I enabled that with these lines in my NixOS configuration:

# in /etc/nix/configuration.nix

hardware.opengl = {
  driSupport = true;
  driSupport32Bit = true;
};

Everything below this edit is red herrings.

/end of edit*

I tried installing a runner, lutris-GE-Proton8, through Lutris itself as I do in another distro. That crashed with some sort of error - instead of spending time investigating that I thought I'm probably supposed to install things the Nix way so that dependencies are set up correctly.

I tried installing Wine from nixpkgs like this, and configuring Lutris to use the system Wine:

home.packages = with pkgs; [
  (lutris.override {
    extraPkgs = lutrisPkgs: [
      wine
    ];
  })
];

But when I start up a game I get a warning telling me that I need a version of Wine with esync.

I found a Nix expression for wine-ge in the nix-gaming repo. So I tried building Lutris with that. Here is an excerpt of my Home Manager flake.nix:

{
  inputs = {
    # ...
    nix-gaming = {
      url = "github:fufexan/nix-gaming";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };

  outputs = { nixpkgs, home-manager, nix-gaming, ... }:
    let
      system = "x86_64-linux";
      pkgs = nixpkgs.legacyPackages.${system};
    in
    {
      homeConfigurations."jesse" = home-manager.lib.homeManagerConfiguration {
        # ...
        modules = [
          ./home.nix
          # ...
        ];
        extraSpecialArgs.inputs = { inherit nix-gaming; };
      };
    };
}

And the my attempt at a Lutris config in home.nix:

home.packages = with pkgs; [
  (lutris.override {
    extraPkgs = lutrisPkgs: [
      wine
      inputs.nix-gaming.packages.${pkgs.system}.wine-ge
    ];
  })
];

After a great deal of compiling I believe that I have wine-ge installed... somewhere. (I did try to use the nix-gaming binary cache. I probably messed that up by forcing my version of nixpkgs. I'll probably let nix-gaming use its own nixpkgs version next time.)

I've read that the lutris package creates an FHS (Filesystem Hierarchy Standard) environment. That is a filesystem somewhere with the directory layout you see in other distros. I expected that wine-ge would be linked into the FHS somewhere. I had the thought that I would configure Lutris with the path to wine-ge. But the file browser that I get in Lutris seems to show me the host file system, not the FHS.

I thought that maybe I could give Lutris the store path to wine-ge. Then if when I upgrade I'll have to track that down and set the path again. Is there a better way?

i use arch (btw), and i hate how much i depend on the AUR, its very unstable. I switched to flatpak for my gui programs since the cli experience sucks. nix on the other hand works like a native package manager, and thats great for me. but i see that nix also includes stuff like coreutils (because of nixos im guessing). do i install everything with nix? if not what packages do i install with pacman and which with nix?

I use agenix for managing some secrets on my nixos-configs. Agenix deploys the unencrypted secrets in the live system, so the secrets cannot be accesed when evaluating the nixos config.

Do you know any way or hack to have secrets inside of nix expressions?

It would be great if that solution would be pure and compatible with nix flakes.

Thanks :)

Honestly I don't know why I made this, it clearly isn't worth it lol (Jesus, 5000kloc for this), but it was interesting to learn more about nftables (I also found a bug in Nix in the process). I will contribute to nftables docs some time later, as I found many undocumented or poorly documented parts, and some documentation that's flat out wrong.

Currently this can only export rules in json, but it shouldn't be too hard to write a transpiler into the nftables language.

Note: these are not my first impressions, that's just the blog's title. I came across the post and thought it was interesting and you all might too :)

Hello, does anyone know about how to run a kbin instance on NixOS? Will the steps on https://codeberg.org/Kbin/kbin-core/wiki#admin-guide (but replacing the apt installs with adding packages in configuration.nix) just work, or is there a better, more reproducible way?

Thanks.

EDIT: I meant a kbin instance, not lemmy.

I was looking to manage my server through Cockpit project.

I would like to also be able to use cockpit-machines to manage VMs on my server. However, that module is not present in nixpkgs.

I know how to deploy simple-ish packages, however, JS based projects seem a bit complicated.

https://github.com/cockpit-project/cockpit-machines

Could you suggest a starting point with this project? Any similar modules I can refer to?

cross-posted from: https://beehaw.org/post/551377

Recently my kernel started to panic every time I awoke my monitors from sleep. This seemed to be a regression; it worked one day, then I received a kernel upgrade from upstream, and the next time I was operating my machine it would crash when I came back to it.

After being annoyed for a bit, I realized this was a great time to learn how to bisect the git kernel, find the problem, and either report it upstream, or, patch it out of my kernel! I thought this would be useful to someone else in the future, so here we are.

Step #1: Clone the Kernel; I grabbed Linus' tree from https://github.com/torvalds/linux with git clone git@github.com:torvalds/linux.git

Step #2: Start a bisect.

If you're not familiar with a bisect, it's a process by which you tell git, "this commit was fine", and "this commit was broken", and it will help you test the commits in-between to find the one that introduced the problem.

You start this by running git bisect start, and then you provide a tag or commit ID for the good and the bad kernel with git bisect good ... and git bisect bad ....

I knew my issue didn't occur on the 5.15 kernel series, but did start with my NixOS upgrade to 6.1. But I didn't know precisely where, so I aimed a little broader... I figured an extra test or two would be better than missing the problem. 😬

git bisect start
git bisect good v5.15
git bisect bad master 

Step #3: Replace your kernel with that version

In an ideal world, I would have been able to test this in a VM. But it was a graphics problem with my video card and connected monitors, so I went straight for testing this on my desktop to ensure it was easy to reproduce and accurate.

Testing a mid-release kernel with NixOS is pretty easy! All you have to do is override your kernel package, and NixOS will handle building it for you... here's an example from my bisect:

boot.kernelPackages = pkgs.linuxPackagesFor (pkgs.linux_6_2.override { # (#4) make sure this matches the major version of the kernel as well
  argsOverride = rec {
    src = pkgs.fetchFromGitHub {
      owner = "torvalds";
      repo = "linux";
      # (#1) -> put the bisect revision here
      rev = "7484a5bc153e81a1740c06ce037fd55b7638335c";
      # (#2) -> clear the sha; run a build, get the sha, populate the sha
      sha256 = "sha256-nr7CbJO6kQiJHJIh7vypDjmUJ5LA9v9VDz6ayzBh7nI=";
    };
    dontStrip = true;
    # (#3) `head Makefile` from the kernel and put the right version numbers here
    version = "6.2.0";
    modDirVersion = "6.2.0-rc2";
    # (#4) `nixos-rebuild boot`, reboot, test.
  };
});

Getting this defined requires a couple intermediate steps... Step #3.1 -- put the version that git bisect asked me to test in (#1) Step #3.2 -- clear out sha256 Step #3.3 -- run a nixos-rebuild boot Step #3.4 -- grab the sha256 and put it into the sha256 field (#2) Step #3.5 -- make sure the major version matches at (#3) and (#4)

Then run nixos-rebuild boot.

Step #4: Test!

Reboot into the new kernel, and test whatever is broken. For me I was able to set up a simple test protocol: xset dpms force off to blank my screens, wait 30 seconds, and then wake them. If my kernel panicked then it was a fail.

Step #5: Repeat the bisect

Go into the linux source tree and run git bisect good or git bisect bad depending on whether the test succeeded. Return to step #3.

Step #6: Revert it!

For my case, I eventually found a single commit that introduced the problem, and I was able to revert it from my local kernel. This involves leaving a kernel patch in my NixOS config like this:

  boot.kernelPatches = [
    { patch = ./revert-bb2ff6c27b.patch; name = "revert-bb2ff6c27b"; }
  ];

This probably isn't the greatest long-term solution, but it gets my desktop stable and I'm happy with that for now.

Profit!

I used to have a VPS running a traditional OS (CentOS) that I eventually got rid of. One of the reasons I tried to migrate away from it was from the sysadmin perspective, I felt like the server once everything was configured was a bit of a snowflake.

Obviously configuring everything through nix and being able to easily rollback changes sound very compelling.

Have folks used nix as a server OS? How's your experience been?

Hello, I was wondering what version (23.05, 22.11, unstable, etc) of nixpkgs you use. I personally use unstable, and it's never broken.

Edit: I also have a master input in my flake, which I added just for XIVLauncher (context: someone made a PR to fix it not building, and it got merged into master, but last time I checked it wasn't backported to unstable)

I recently migrated my main machine to NixOS and the overall experience has been good, but I have a few snags remaining on which I'm looking for advice.

One of these is the option to switch between desktop managers easily. I know the question is a bit hard because at least Plasma and Gnome have a preference for their own login manager. But there are also other aspects that don't easily match between those two, like both having different options for ssh-askpass (again, this makes sense and one could mkForce a selection) or Plasma setting Noto as a default system font which might not be wanted for Gnome.

I have created specialisations for these environments (Plasma being part of the default one only) which works really well, especially since this also allows filtering applications by environment without modifying the desktop entries. However, to activate a specialisations, I need to reboot in practice. This seems to be because sddm is not part of the Gnome specialisation and when switching to it, reloading sddm's units fails because the user no longer exists.

Does anyone have an easier way to have both of these environments available and switch easily? Maybe something greetd-based? Could switching into a given specialisation be automated?