Nix / NixOS

Hi! I ran into the issue that my kube config, which I manage with home-manager is world read- and writable. I hoped that there is an easy option to set file permissions with home-manager, e.g. home.file."foo".permissions = 0644 but something like this does not exist. All solutions a short web search turns up are overly complicated for something that seems to be a trivial task.

What is the easiest way to set permissions for a file with home-manager?

I've heard cosmic is in the process of being packaged for nix, but on the tracking issue the only things not complete are the video player and the app store, neither of which I care about

Is there any halfway sensible way to get the bits that do work running on nixos? Would quite like to try this desktop out

So Ive been using nixos with gnome for almost a year now and things have been pretty smooth, it's just amazing, I never looked back since I started using it. So to make things more interesting and learn stuff I am trying to install hyprland, Ive no idea what window manager, compositor etc are, I have few questions Will installing hyprland delete gnome? Is hyprland not a desktop environment but something else? If yes, then how does it differ from one and what are its pros/cons? Would you suggest a clean installation to reduce bloating, or install on an existing system?

Is it possible to mount a Nextcloud folder into the filesystem within the nix config that other services can use it? For example have a jellyfin server use the a family shared nextcloud folder

I'm trying to switch my home server over to nix and currently I'm struggling a bit with k3s. In a "regular" distro I would just create a registries.yaml in /etc/rancher and the rest happens on its own - that's not really how nix is supposed to work, though.

So how would I do that? There seems to be no way to create a registry using the command line (so the ConfigFlags option won't work), so pointing to the config file directly seems to be the way to go.

But how do I do that in a "nixy" way? Can I somehow say "this string here is actually a config file that's supposed to be in that dir"?

cross-posted from: https://lemmy.world/post/14160134

I want to reset my server soon and I'm toying with the idea of using a different operating system. I am currently using Ubuntu Server LTS. However, I have been toying with the idea of using Fedora Server (I use Fedora on my laptop and made good experiences with it) or even Fedora CoreOS. I also recently installed NixOS on my desktop computer and find the declarativeness pretty cool (but I'm still a complete beginner) and could imagine that it would fit well into a server setup.

I have quite a few services running on my server, such as Nextcloud, Conduit (Matrix), Jellyfin, etc. and all in containers. I would also rather not install programs without containers, because 1. compose is super easy to maintain and set up, 2. it remains very clear with containers (and compose) and 3. I believe that containers are more secure. But since I also want to make the services inside the containers available, I currently have Nginx installed as a reverse proxy (not in the container, but on the system) and always create certificates with certbot so that I can use HTTPS encryption.

In the paragraph above I actually described exactly the use-case of Fedora CoreOS, but I have no experience with the system and how it works. That's why I'm still a bit hesitant at considering the OS at the moment. I can imagine that NixOS with its declarative nature seems well suited, since, as I have heard, you can configure containers as well as Nginx and with Nginx also https certificates declaratively. But I could also use a base system like before (Fedora Server or Ubuntu Server) and simply install podman, nginx and certbot and manage everything that way.

Have you had any experience with Fedora Server, Fedora CoreOS, NixOS or a completely different operating system for servers and what are/were your impressions with this setup? Or do you just want to share your knowledge here? I would be delighted.

Hi, everybody!

I've been toying with the idea of switching to NixOS for some time. I'm currently on arch (6 months), and while I like the idea of a minimal, only-what-I-want-installed, hackable system with the newest packages, I think having a system that always works, even if an update goes south, is more important to me.

Now, I'm still not sure if I should switch. There are some issues I'm worried about, maybe unnecessarily.

For one, what are the trade-offs of switching from Arch? Anything I have to watch out for? I've heard there are some issues with regard to the FSH and gaming, or just FSH in general, or just gaming in general. Secondly, the dotfiles. I hear there is the Home Manager for that, but it doesn't have support for everything, so some files would need to be managed in other ways. Is there a way to manage everything at the same time? Even better if everything is in configuration.nix. I thought of using env.etc.xxx.source and .text to link the dotlifes to the etc folder and change the contents, but it feels… cheap and unsafe to do that. Third, are flakes really that important? I hear about them everywhere, I haven't researched them yet, but I'm curious what the fuss is about.

Let me know if there is anything else I should consider. I mainly game, watch videos and sometimes play with the system if needed. I'm not sure if I really want to switch, or is it just "oooo, new shiny and cool" thing lol

Thanks :)

Talk starting in 10 min! If you want to hear about one of my longest term special interests and the new experiment I am trying with @nix and Python come join!
#pycascades #python
https://mathstodon.xyz/@crazy4pi314/112225369658338054

Hi all,

For my sins I've been attempting to build my nix configuration on my build server and subsequently push it into a binary cache.

I'm having an issue where the build is currently failing with the following error

error: home directory '/homeless-shelter' exists; please remove it to assure purity of builds without sandboxing

The build is being run on a docker image node:20-bullseye to be precise with the following command.

nix build .#nixosConfigurations.${{ matrix.machine.host }}.config.system.build.toplevel

Any thoughts would be greatly appreciated.

Edit.

Should have mentioned I've ran up the image with docker run and the directory didn't exist

Edit 2.

This is also about 23 minutes into the build when it throws this error; after having built a lot of packages and derivations already. I'm also using cachix/nix-install-action to get nix on the running container.

Edit 3.

Finally got it building this morning, I haven't dug into it but switching from the cachix/nix-install-action to manually installing the determinate systems nix installer (action didn't work for a strange reason).

Hi All,
I'm still very new to Nix but trying to daily-drive NixOS.

What I'm currently stuck on is injecting Python packages into a Jupyterlab service. What I have at the moment in the home-manager.home portion of my system flake is the following:

  systemd.user.services.jupyter = let
    jupyter = pkgs.jupyter-all.override {
      python3 = pkgs.python311.withPackages (python-pkgs: with python-pkgs; [
        numpy
        matplotlib
      ]);
    };
  in {
    Service = {
      Type = "simple";
      WorkingDirectory = "${home.homeDirectory}/notebooks";
      ExecStart = "${jupyter}/bin/jupyter-lab --no-browser";
    };
  };

This fires up a JupyterLab process that I can connect to and which runs fine, but numpy etc. can't be imported. From a devshell, I see that the python.withPackages mechanism seems to rely on $PYTHONPATH to pass in a python3-3.11.8-env package that contains a lib/python3.11/site-packages. I'm guessing that the systemd service just needs to have an Environment key, but where do I get the python3-3.11.8-env path from?

The Jupiter executable is in a /nix/store/#-python3-3.11.8-env/bin location, but the site-packages only include the modules for Jupyter so I assume there's another python3-3.11.8-env in the nix-store that does have the python packages I'm trying to get. Trying things like jupyter.env gives errors like *** Python 'env' attributes are intended for interactive nix-shell sessions, not for building! *** but I'm just taking a stab in the dark here.

I'd appreciate any pointers on this. I see there are helpers like JupyEnv, but these seem focused on setting up ephemeral devshells, not running a service for long-term notes and seem like overkill for what I want.

cross-posted from: https://programming.dev/post/12228684

April fool's!

Basically the title. I have Nixos running on a server that runs completely headless and while playing around today, I noticed that the rebuild takes longer than expected and apparently that's because firefox gets compiled.

Now, I don't have any GUI installed, and even if I had, I don't see a reason to compile FF from source.

My packages are just Jellyfin, Samba, Gitea, Nextcloud, virt-manager. None of these should depend on FF.

I have found those options for setting up iscsi, but since I am new to nixos (started yesterday) I don't have any idea how to configure the configuration.nix file to setup iscsi.

I already installed open-iscsi but it doesn't work on nixos it seems

Hi! It's my first day with nixos. I tried to compile a rust project. To do so, I used a nix-shell with the content from here: https://nixos.wiki/wiki/Rust with the "Installation via rustup" option.

Unfortunately the compilation fails:

$ cargo check
   Compiling libc v0.2.151
   Compiling proc-macro2 v1.0.73
   Compiling serde v1.0.193
    Checking once_cell v1.19.0
   Compiling thiserror v1.0.53
error: linker `aarch64-linux-gnu-gcc` not found
  |
  = note: No such file or directory (os error 2)

error: could not compile `proc-macro2` (build script) due to 1 previous error
warning: build failed, waiting for other jobs to finish...
error: could not compile `serde` (build script) due to 1 previous error
error: could not compile `libc` (build script) due to 1 previous error
error: could not compile `thiserror` (build script) due to 1 previous error

I run NixOS 23.11 stable on a VM on a Macbook with M1 (arm64) CPU.

Any ideas how to fix that?

It took me some time to work out how to get my ssh agent set up in Niri so I though I would share what I did. I'm using NixOS and Home Manager. I put this in my Home Manager config:

services.gnome-keyring = {
  enable = true;
  components = [ "pkcs11" "secrets" "ssh" ];
};
home.sessionVariables.SSH_AUTH_SOCK = "$XDG_RUNTIME_DIR/keyring/ssh";

I'm using GDM according to NixOS' default configuration which I think runs gnome-keyring (I thought I saw it in the process list before I set up the user unit), and I think that configuration is automatically unlocking gnome-keyring when I log in via PAM integration. But apparently I need to run gnome-keyring again in my window manager session. Home Manager's services.gnome-keyring adds a systemd user unit that does that.

After learning how to add an unstable overlay to nixpkgs, being able to override individual service modules from unstable was something that I still struggled with until fairly recently. Hopefully this helps someone else looking to do common-but-not-very-obvious operation.

just realized that one thing that NixOS could use is an update changelog of what packages were updated after running sudo nixos-rebuild switch --upgrade

tbh maybe there's a verbose option that I haven't discovered yet