NixOS

Making NixOS modules for fun and (hopefully) profit - Xe's Blog

x-posted from /r/NixOS by /u/makefoo

x-posted from /r/NixOS by /u/iElectric

Every now and then I see a program that doesn't have a default.nix or flake.nix in the source, doesn't have an entry in nixpkgs, and otherwise can't find a derivation for. So I write them myself.

What's the best way to share these? Should I contribute to nixpkgs? (does this count if I'm making flakes?) Do I maintain a single repo for each program? Or do I create a repo with a collection of flakes? Something else?

Used nix last year but dropped it after home-manager decided to unlink the apps from the Applications directory.

How is the current situation on usability of nix-Darwin + home-manager + brew?

Packages still fails to get indexed correctly in spotlight? I really like a fully repro environment but the fact that the usu ability was low bothered me a lot.

Simple, fast, and green CI and caching for nix projects

I recently wanted to try out (aider)[https://aider.chat], and ran into a problem that I continually run into: how do I install one-off, experimental software into my environment, without being a nix master, or spending an extreme amount of time on every new package.

In this case, it is a new python package available in pip. It isn't available in nixpkgs, and isn't nixified. pip2nix doesn't work on arm64 Macs (bug here)[https://github.com/nix-community/pip2nix/issues/88], so I can't use that to try and create a flake that works with this package. It isn't using poetry, so poetry2nix is out.

How are you dealing with this problem? Are you all experts in nix, and writing flakes for every piece of software that you want to play around with? Do you have a "dirty" part of your environment that you install this kind of stuff into? (I looked into using pipx to install this, however that (also has a bug)[https://github.com/NixOS/nixpkgs/issues/171429] in nixpkgs.)

Thoughts?

x-posted from /r/NixOS by /u/Jhsto

x-posted from /r/NixOS by /u/philippians_2-3

Make more productive use of the growing FlakeHub platform

Hi there! I'm trying to make php and composer work. I have this in environment.systemPackages:

    (pkgs.php82.buildEnv {
      extensions = ({ enabled, all }: enabled ++ (with all; [
        xdebug
        redis
      ]));
      extraConfig = ''
        memory_limit=2G
        xdebug.mode=debug
      '';
    })
    php82Extensions.redis

The problem is that while running php -m correctly prints that redis extension is installed, composer does not, because it uses a different php:

• file $(which php) prints the path /nix/store/igx8j4qjxy9jyj8kjyccwarnzqq5vsml-php-with-extensions-8.2.9/bin/php
• cat $(which composer) shows that it's a wrapper for '/nix/store/lv4prxa52zifr54ws56iz3b9kdhs1b5w-php-with-extensions-8.2.9/bin/php' --add-flags '/nix/store/avqj0662f4gg2s875zlbbjajx6fm6bl0-php-composer-2.5.5/libexec/composer/composer.phar'

Note that the path to php is different. Is there any way to correct it on my side? I'd like to avoid having to install composer manually

Hi all, I've been getting into nix lately (I've been posting here frequently) and wanted to know what projects everyone is working on. Are you trying to integrate nix into an existing project? Contribute to nixpkgs? Experiment with your configs?

Flake schemas enable you to teach Nix about new flake output types.

Attached: 1 image

💻 Try NixOS the easy way! 🚀 No setup, no Docker needed! Experience the power of NixOS on your laptop using systemd-nspawn/machinectl. Dive in hassle-free at https://nixcademy.com/2023/08/29/nixos-nspawn/ ! #NixOS #systemd #container

Short video from Vimjoyer on how to setup a firefox install using home manager and flakes. In particular, the focus of this video was how to use an external flake as a source for firefox extensions, since they aren't available in nixpkgs.

x-posted from /r/NixOS by /u/dj_nedic

I came across this article when wondering how to integrate the "building" aspect of nix (that is, not just a devshell) with static websites or other projects that involve some output that is not an executable.

This article also talks about adding inputs from GitHub that aren't necessarily flakes. I've used this myself to pull some example configurations for certain programs that I haven't felt like tinkering with myself yet.

A new home for your Nix flakes. Semantic versioning, flake exploration, automated publishing using GitHub Actions, and more.

I'm been wanting to move over my main desktop for almost a year now. But from 3+ years of tinkering, installing applications, and configurations Ive been super hesitant. The jump from Ubuntu to NixOS would be a big one. I have a laptop running nixos thats given me some exposure to the nix language, but when it comes to my main rig, I still have the worry of "what if something I need wont be available?" and "what if I forget something?"

Well I finally tried home manager and wow, its the absolute perfect way to slowly transition to nixos. I'm slowly going through my package managers (cargo, npm, pip, apt, snap) and checking for applications that I can just drop into my home.nix. And every now and then I see an app I cant install (say, vtracer from cargo, very cool app). Well, I just make a mark and eventually I'll build my own derivation around it.

Home manager has been easing my worries as I make the transition. For those of you also unsure, I recommend integrating with home manager. You can do such small jumps at a time, no need to go full blown nix all at once.

Interesting idea.

tl;dr image buildable with some patches

South California Linux Expo is looking for papers.

All CS SYD services (Intray, Tickler, Smos, Social Dance Today, ...) were down on 2023-08-08 between 12:30 and 18:00 Zürich time.This is a postmortem of the outage.

I have a config that I share on github. I share the whole thing and there are keys in it but they are obviously not the complete key (as is standard throughout the community). Just enough to point to the real key with Nix.

Anyway, I have finally gotten around to learning the power of git-crypt. Today, I went through my whole config and took everything out that could even remotely be used by a hacker to find out security holes in my config (permitted insecure packages, specific hardware ID's, github username and email address, for example all went into nix files into the secrets folder with imports where they used to reside) and put those files into a folder at top level called secrets. Then, I encrypted all of the files in that folder and pointed the rest of the config to them so they remain encrypted on my github but perfectly usable in evaluation and build of my config derivation.

My question is: Have I done something clever that will significantly decrease the chances of exploit or do you recommend that everyone does this and I'm just late to the security party?

If this technique is just standard, what else could one do to harden their system without causing difficult to solve issues on deployment of their config? For example, I now need to decrypt that folder when I use that config on a new system and anyone else building it wouldn't be able to get through the evaluation.

I've heard of Sops-Nix and other such security handlers. How can I use sops-nix to aid in that initial git-crypt setup when I spin up a new system, for example?