NixOS

tags : Linux - See Nix from the bottom up (Best explanation) - https://zaynetro.com/explainix

FAQ §

TODO NixOS Module vs Flake §

• NixOS module is a function: output is an attribute set `imports`, `options`, and `config`.
• Flake we have inputs and outputs

Flakes? §

/u/ElvishJerricco gave a explanation that finally clicked it for me.

and

Flakes for noobs - Help - NixOS Discourse

Pain points §

• Installing ruff via pip on NixOs does not work · Issue #1699 · astral-sh/ruff · GitHub
• Thankful for autoPatchelfHook for library dependency tweaks - Development - NixOS Discourse

NixOS §

• NixOS does away with FHS with nix-store
  • nix-store output = hash of recipie + package name + package version
  • This allows nix-store
    • to have different versions of the same software package
    • to have same version but compiled with different flags aswell!
• Has some FHS stuff to keep things posix compliant, eg /bin/sh, /usr/bin/env, all other stuff goes into /nix/store and everything else gets symlinked from /run/current-system

Module system §

Tools §

• nixos-option services.interception-tools.plugins to dig down on options available
• home manager options: https://mipmip.github.io/home-manager-option-search/?query=keychain
• https://lazamar.co.uk/nix-versions/

Installing NixOS §

Q: With or without flakes? / channels OR flakes? flakes also seem to use channels? WHAT! A: We will choose flakes at whatever points we can. Team flakes.

• Move your NixOS into a Flake! - YouTube
• Help with transitioning /etc/nixos to a flake setup - Help - NixOS Discourse

Personal machines §

Installing on laptop §

Installing on PC w GPU §

Dual booting with windows §

Remote machines (Servers/VMs etc) §

Meta §

• Options we have

  Option	Description	Pros	Cons
  nixinfect
  nixosanywhere
  official nixos ami	Simple installation, management via something like colmena
  official nixos ami + user-data			config at max can be 16k, on every boot it’ll build
  official nixos ami + customized via packer	See this and this	This will prevent nixos-rebuild on every boot and make boot faster	Have to store the AMI somewhere, S3?
  official nixos ami + customized via nixos-generator	it’s packer vs doing via nixos-generator, example w flakes	Official way of doing it for nixos compared to using packer
  custom iso	nixos-generator helps generate iso/ami

• cloud-init / user-data

  • Seems cloud-init (See LXC & LXD) is not preferred/supported in nixos
  • But we need user-data when launching new scripts!
  • For that reason we have amazon-init but it has limitations like it doesn’t support gzip like cloud-init. So your configuration.nix has to be <16k for now.
    • The fetch-ec2-metadata service in NixOS fetches user data from IMDS and stores in /etc/ec2-metadata/user-data.
    • The amazon-init service inspects the downloaded user data and tries to detect a script or Nix expression.
    • So basically we can have nix expression as user-data in aws and things should work.
    • If you’re using secrets here, can use something like sops w/ kms.

• Managing secrets with user-data

  • Secrets manager can be used, but parameter store is free so that can be used as-well, the instance just has to be started with the correct iam roles etc. Then use aws cli to pull in secrets.
  • See What is the best possible way to pass API key for AWS EC2 user data script - Stack Overflow
  • For something like nixos, it can be a one-off systemd unit file and script

• Installing to a different architecture

  • Cross Build x86_64-ami on aarch64 using nixos-generators - #5 by McRaeAlex - Help - NixOS Discourse

Hetzner §

• nix-parts vs nix-utils

  • vanilla: I’m a big fan of this pattern: devShells = builtins.mapAttrs (system: pkgs: { default = adsfasdf asdfsadfa asdfasdf; }) inputs.nixpkgs.legacyPackages; No framework required.

• Installing nixos on hetzner

  • way1: ssh into ubuntu and manually install nixos
  • way2: hetzner cloud provides nixos iso, we can mount it and install it
  • way3: nix infect
  • way4: nix anywhere, example repo
  • way5: nix anywhere with terraform

• way5: nix-anywhere with terraform

  • First we need to setup a fresh ubuntu server using normal hcloud tf modules
  • Build on remote was not working
    • So I was like fuck it, nix-everywhere and tf is out of the syllabus. I also don’t like how tf is being used to provision, i’d much prefer using nix-everywhere directly via makefile/bashscript or via ansible
    • Catch is that we’re using ARM here
    • Installing using the --build-on-remote flag worked. Butt switch had issues
    • So i tried doing rebuild switch
      • issues: https://github.com/NixOS/nixpkgs/issues/177873
      • nixos-rebuild switch --flake .#hetzner-cloud-aarch64 --build-host 0x0 --target-host 0x0 --fast is taking a looong time idk why
  • ERRR: Seems like issues :(
  • VERDICT: I think we can use this only for install?
    • I still want to be controlling the nix-rebuild for a remote machine from my local machine

• Notes

  • Seems like the book nixos-in-production is using AMI ? from: https://github.com/NixOS/nixpkgs/tree/master/nixos/modules/virtualisation

AWS §

• AWS EC2

• AWS when using Auto Scaling Group (Need complete automation)

Package manager usage §

nix-env §

• nix-env tool manages environments, profiles and their generations.
• nix-env -i installs stuff
• Using this is an anti-pattern, we go back to what we had before in non nixos. One global package for everything.

nix-shell §

• It only provides a bash shell, but that’s mostly all you need.
• Ephemeral
  • This allows us to do shit like nix-shell -p go1.16 -p nodejs23 and then nix-shell -p go1.20 -p ruby3 and it’ll just spin up those environments for us without polluting them in the global namespace.
• Reusable environments
  • This is nice, picks shell.nix / default.nix from current directory
  • Same idea of ephemeral but now into a file and now can be re-produced anywhere

Ref links §

• 2. Run a program with Nix (zero 2 nix)
• Nix revisited - Charlotte’s notes
• Introduction to Nix & NixOS | NixOS & Flakes Book (Book)
• Erase your darlings: immutable infrastructure for mutable systems
• Packaging/Quirks and Caveats - NixOS Wiki
• Nix By Example | <fun>
• Nix shell template | Lobsters
• Packaging/Binaries - NixOS Wiki
• Jonathan Lorimer
• Understanding Nix Inputs #nix · GitHub
• https://github.com/nix-community/disko
• https://galowicz.de/2023/04/05/single-command-server-bootstrap/
• Setup
  • C++ with Nix in 2023, Part 1: Developer Shells
  • Nix: my workflow Brian McGee
  • Process Compose: a scheduler/orchestrator to manage non-containerized applica…
  • An Overview of Nix in Practice | Hacker News
  • Organizing system configs with NixOS
• Flakes
  • [-] Some notes on nix flakes | Lobsters
  • [-] Nix Flakes is an experiment that did too much at once… | Lobsters
  • [-] Flakes aren’t real and cannot hurt you: a guide to using Nix flakes the non-flake way - jade’s www site
• Devops
  • [-] https://github.com/pdtpartners/nix-snapshotter
  • [-] https://nixery.dev/
  • [-] Making NixOS modules for fun and (hopefully) profit - Xe Iaso
  • [-] Strategies for deploying things on NixOS | Lobsters

Nix in Infra and Devops §

Resources §

• A Comprehensive Guide to End-to-End-Declarative Deployment with Terraform and Nix (NixOS and Terraform)
• Some notes on NixOS | Lobsters
• A faster dockerTools.buildImage prototype ·
• Self-hosting Mastodon on NixOS, a proof-of-concept
• Grafana + Prometheus + Grafana Loki with Nixops example
• Managing infrastructure with Terraform, CDKTF, and NixOS

Libraries/Tools §

• nix-community/nixos-generators
• Mic92/sops-nix
• GitHub - DBCDK/morph: NixOS deployment tool
• NixOS/nixops
  • GitHub - NixOS/nixops-aws
• nix-community/vulnix

TODO NixOS, Flakes and Home-manager for laptop §

Want to do it proper this time around, will need a day or two.

• https://github.com/maralorn/nix-output-monitor
• https://github.com/yelite/lite-system/blob/main/flake-module.nix
• https://github.com/fufexan/dotfiles/tree/main
• https://www.reddit.com/r/NixOS/comments/11zm210/splitting_nix_flake_into_modules/
• https://www.reddit.com/r/NixOS/comments/10jikmp/looking_for_a_nixos_tutorial_starting_with_home/
• https://www.reddit.com/r/NixOS/comments/v2xpjm/big_list_of_flakes_tutorials/
• https://tonyfinn.com/blog/nix-from-first-principles-flake-edition/
• https://www.youtube.com/watch?v=AGVXJ-TIv3Y
• This very nice
  • https://github.com/hawkw/flake/tree/main

Combinations §

Nix and Nvidia §

https://github.com/NixOS/nixpkgs/issues/254614 https://nixos.wiki/wiki/Nvidia (nixos specialization kde/sway)

Nix and Playwright §

Which playeight to go with? §

• According to this thread, playwright-node is more feature-full than playwright-python.
• I personally would prefer to use the node version because eitheway you’d need to interfact with the page and you’ll need js for that reason etc.

nixpkgs playwright vs npm install & browser §

• Two things
  • Installing playwright
  • Installing playwright browsers
• Installing playwright
  • Both cases would work, installing playwright from nixpkgs, which installs the python version of playwright. i.e playwright-python instead of playroght-node
  • If you want playwright-node you can install using npm just like you’d install any other package. But only thing you need to make sure is to NOT install the browsers though this npm installed version of playwright.
    • i.e playwright install won’t work
• Installing playwright browsers
  • If you try to install the browsers using the playwright cli installed using npm, it’ll not work because playwright doesn’t know how to install things in nixos.
  • So you install playwright-browser from nixpkgs
• Final working setup for me
  • Install browsers via playwirght-browser nixpkgs
  • Make sure it’s the same version that i’ve installed via npm for the playwright npm package. (Here I installed the node variant of playwright)
  • Everything works now.
  • Additionally I’ve to figure out Typescript setup for playwright now.