🐏 mogoz

Search

SearchSearch

NixOS

Sep 16, 2024, 9 min read

tags : Linux - See Nix from the bottom up (Best explanation) - Possibly flake best explanation: Practical Nix flake anatomy: a guided tour of flake.nix | Vladimir Timofeenko’s blog - Explanation of overlays: Mastering Nixpkgs Overlays: Techniques and Best Practice - https://zaynetro.com/explainix

https://nixos-and-flakes.thiscute.world/

Building static binaries in Nix — kokada

FAQ

TODO NixOS Module vs Flake

  • NixOS module is a function: output is an attribute set `imports`, `options`, and `config`.
  • Flake we have inputs and outputs

Flakes?

/u/ElvishJerricco gave a explanation that finally clicked it for me.

and

Flakes for noobs - Help - NixOS Discourse

Pain points

NixOS

  • NixOS does away with FHS with nix-store
    • nix-store output = hash of recipie + package name + package version
    • This allows nix-store
      • to have different versions of the same software package
      • to have same version but compiled with different flags aswell!
  • Has some FHS stuff to keep things posix compliant, eg /bin/sh, /usr/bin/env, all other stuff goes into /nix/store and everything else gets symlinked from /run/current-system

Module system

Tools

Installing NixOS

Q: With or without flakes? / channels OR flakes? flakes also seem to use channels? WHAT! A: We will choose flakes at whatever points we can. Team flakes.

Remote machines (Servers/VMs etc)

Meta

  • Options we have

    OptionDescriptionProsCons
    nixinfect
    nixosanywhere
    official nixos amiSimple installation, management via something like colmena
    official nixos ami + user-dataconfig at max can be 16k, on every boot it’ll build
    official nixos ami + customized via packerSee this and thisThis will prevent nixos-rebuild on every boot and make boot fasterHave to store the AMI somewhere, S3?
    official nixos ami + customized via nixos-generatorit’s packer vs doing via nixos-generator, example w flakesOfficial way of doing it for nixos compared to using packer
    custom isonixos-generator helps generate iso/ami

  • cloud-init / user-data

    • Seems cloud-init (See LXC & LXD) is not preferred/supported in nixos
    • But we need user-data when launching new scripts!
    • For that reason we have amazon-init but it has limitations like it doesn’t support gzip like cloud-init. So your configuration.nix has to be <16k for now.
      • The fetch-ec2-metadata service in NixOS fetches user data from IMDS and stores in /etc/ec2-metadata/user-data.
      • The amazon-init service inspects the downloaded user data and tries to detect a script or Nix expression.
      • So basically we can have nix expression as user-data in aws and things should work.
      • If you’re using secrets here, can use something like sops w/ kms.

Hetzner

  • nix-parts vs nix-utils

    • vanilla: I’m a big fan of this pattern: devShells = builtins.mapAttrs (system: pkgs: { default = adsfasdf asdfsadfa asdfasdf; }) inputs.nixpkgs.legacyPackages; No framework required.

  • Installing nixos on hetzner

    • way1: ssh into ubuntu and manually install nixos
    • way2: hetzner cloud provides nixos iso, we can mount it and install it
    • way3: nix infect
    • way4: nix anywhere, example repo
    • way5: nix anywhere with terraform

  • way5: nix-anywhere with terraform

    • First we need to setup a fresh ubuntu server using normal hcloud tf modules
    • Build on remote was not working
      • So I was like fuck it, nix-everywhere and tf is out of the syllabus. I also don’t like how tf is being used to provision, i’d much prefer using nix-everywhere directly via makefile/bashscript or via ansible
      • Catch is that we’re using ARM here
      • Installing using the --build-on-remote flag worked. Butt switch had issues
      • So i tried doing rebuild switch
    • ERRR: Seems like issues :(
    • VERDICT: I think we can use this only for install?
      • I still want to be controlling the nix-rebuild for a remote machine from my local machine

AWS

  • AWS EC2
  • AWS when using Auto Scaling Group (Need complete automation)

NixOs and non-nixos compatibility

Gotchas

Package manager usage

nix-env

  • nix-env tool manages environments, profiles and their generations.
  • nix-env -i installs stuff
  • Using this is an anti-pattern, we go back to what we had before in non nixos. One global package for everything.

nix-shell

  • It only provides a bash shell, but that’s mostly all you need.
  • Ephemeral
    • This allows us to do shit like nix-shell -p go1.16 -p nodejs23 and then nix-shell -p go1.20 -p ruby3 and it’ll just spin up those environments for us without polluting them in the global namespace.
  • Reusable environments
    • This is nice, picks shell.nix / default.nix from current directory
    • Same idea of ephemeral but now into a file and now can be re-produced anywhere

Packaging

Golang packages

Nix in Infra and Devops

Resources

Libraries/Tools

Testing

TODO NixOS, Flakes and Home-manager for laptop

Want to do it proper this time around, will need a day or two.

Flake

Nix & WebAssembly

Combinations

Nix and Nvidia

https://github.com/NixOS/nixpkgs/issues/254614 https://nixos.wiki/wiki/Nvidia (nixos specialization kde/sway)

Nix and Playwright

Which playeight to go with?

  • According to this thread, playwright-node is more feature-full than playwright-python.
  • I personally would prefer to use the node version because eitheway you’d need to interfact with the page and you’ll need js for that reason etc.

nixpkgs playwright vs npm install & browser

  • Two things
    • Installing playwright
    • Installing playwright browsers
  • Installing playwright
    • Both cases would work, installing playwright from nixpkgs, which installs the python version of playwright. i.e playwright-python instead of playroght-node
    • If you want playwright-node you can install using npm just like you’d install any other package. But only thing you need to make sure is to NOT install the browsers though this npm installed version of playwright.
      • i.e playwright install won’t work
  • Installing playwright browsers
    • If you try to install the browsers using the playwright cli installed using npm, it’ll not work because playwright doesn’t know how to install things in nixos.
    • So you install playwright-browser from nixpkgs
  • Final working setup for me
    • Install browsers via playwirght-browser nixpkgs
    • Make sure it’s the same version that i’ve installed via npm for the playwright npm package. (Here I installed the node variant of playwright)
    • Everything works now.
    • Additionally I’ve to figure out Typescript setup for playwright now.

Windows x NixOS

{config, pkgs, ... }: {
  programs.dconf.enable = true;
  users.users.gcis.extraGroups = [ "libvirtd" ];
  environment.systemPackages = with pkgs; [ virt-manager virt-viewer spice spice-gtk spice-protocol win-virtio win-spice gnome.adwaita-icon-theme ];
  services.spice-vdagentd.enable = true;
 
  virtualisation = {
    libvirtd = {
      enable = true;
      qemu = { swtpm.enable = true; ovmf.enable = true; ovmf.packages = [ pkgs.OVMFFull.fd ]; };
    };
    spiceUSBRedirection.enable = true;
  };
}
{ pkgs, username, ... }:
{
  virtualisation = {
    libvirtd = {
      enable = true;
      qemu = {
        package = pkgs.qemu_kvm;
        swtpm.enable = true;
        ovmf.enable = true;
        ovmf.packages = [ pkgs.OVMFFull.fd ];
      };
    };
    spiceUSBRedirection.enable = true;
  };
 
  users.users.${username}.extraGroups = [ "libvirtd" ];
 
  environment.systemPackages = with pkgs; [
    spice
    spice-gtk
    spice-protocol
    virt-viewer
    #virtio-win
    #win-spice
  ];
  programs.virt-manager.enable = true;
 
  home-manager.users.${username} = {
    dconf.settings = {
      "org/virt-manager/virt-manager/connections" = {
        autoconnect = [ "qemu:///system" ];
        uris = [ "qemu:///system" ];
      };
    };
  };
}

Virtualization resources

Graph View

Backlinks