This description is a repost of what was said about the project on the nix discourse

SkaraboxOS provides a flake template which combines:

• Creating a bootable ISO, installable on an USB key.
• nixos-anywhere to install NixOS headlessly.
• disko 1 to format the drives.
• deploy-rs 2 to deploy updates.

SkaraboxOS expects a particular hardware layout:

• 1 SSD or NVMe drive for the OS.
• 2 Hard drives that will store data. Capacity depends on the amount of data that will be stored. They will be formatted in Raid 1 (mirror) so each hard drive should have the same size.

WARNING: The 3 disks will be formatted and completely wiped out of data.

At the end of the process, the server will:

• Have an encrypted ZFS root partition using the NVMe drive, unlockable remotely through ssh.
• Have an encrypted ZFS data hard drives.
• Be accessible through ssh for administration and updates.

discourse post

Hi! I would like to host a transparent proxy for cache.nixos.org on my local kubernetes cluster.

I took the following NGINX config https://nixos.wiki/wiki/FAQ/Private_Cache_Proxy and created all the folders on the mounted storage.

This is the kubernetes deployment:

apiVersion: v1
kind: PersistentVolume
metadata:
  name: nix-cache-volume
spec:
  capacity:
    storage: 500Gi
  storageClassName: manual
  accessModes:
    - ReadWriteOnce
  hostPath:
    path: "/mnt/k8s/nix-cache" # Needs exists before PV is created!
  persistentVolumeReclaimPolicy: Retain
***
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: nix-cache-pvc
spec:
  accessModes:
    - ReadWriteOnce
  storageClassName: manual
  resources:
    requests:
      storage: 500Gi
***
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nix-cache
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nix-cache
  template:
    metadata:
      labels:
        app: nix-cache
        name: nix-cache
    spec:
      volumes:
        - name: nix-cache-storage
          persistentVolumeClaim:
            claimName: nix-cache-pvc
        - name: nix-cache-config
          configMap:
            name: nix-cache-config
      containers:
        - name: nix-cache
          image: nginx:1.27.0 
          ports:
            - containerPort: 80
          volumeMounts:
            - name: nix-cache-storage
              mountPath: /data
            - name: nix-cache-config
              mountPath: /etc/nginx/sites-available/default
          resources:
            limits:
              memory: "512Mi"
              cpu: "300m"
            requests:
              memory: "256Mi"
              cpu: "200m"
***
apiVersion: v1
kind: Service
metadata:
  name: nix-cache
spec:
  selector:
    app: nix-cache
  ports:
    - protocol: TCP
      port: 80
      targetPort: 80
***
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nix-cache-ingress
  annotations:
    traefik.ingress.kubernetes.io/router.tls: "true"
spec:
  rules:
    - host: "nix-cache.raspi.home"
      http:
        paths:
          - pathType: Prefix
            path: "/"
            backend:
              service:
                name: nix-cache
                port:
                  number: 80
  tls:
    - secretName: nix-cache-raspi-home-tls
      hosts:
        - "nix-cache.raspi.home"
***
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: nix-cache.raspi.home
spec:
  commonName: nix-cache.raspi.home
  dnsNames:
    - "nix-cache.raspi.home"
  secretName: nix-cache-raspi-home-tls
  issuerRef:
    name: ca-issuer
    kind: ClusterIssuer
***
apiVersion: v1
kind: ConfigMap
metadata:
  name: nix-cache-config
data:
  nginx.conf: |
    server {
      listen 80;
      server_name nix-cache.raspi.home;

      location ~ ^/nix-cache-info {
        proxy_store        on;
        proxy_store_access user:rw group:rw all:r;
        proxy_temp_path    /data/nginx/nix-cache-info/temp;
        root               /data/nginx/nix-cache-info/store;

        proxy_set_header Host "cache.nixos.org";
        proxy_pass https://cache.nixos.org;
      }

      location ~^/nar/.+$ {
        proxy_store        on;
        proxy_store_access user:rw group:rw all:r;
        proxy_temp_path    /data/nginx/nar/temp;
        root               /data/nginx/nar/store;

        proxy_set_header Host "cache.nixos.org";
        proxy_pass https://cache.nixos.org;
      }
    }

To use the cache I added it to the substituters.

  nix.settings.substituters = [
    "https://nix-cache.raspi.home/"
  ];

But when I try to use it, get the error:

# Trigger a download
nix develop nixpkgs#just
# Error message
warning: 'https://nix-cache.raspi.home' does not appear to be a binary cache

In the logs of the NGINX I see the following error:

2024/08/03 12:09:30 [error] 31#31: *3 open() "/usr/share/nginx/html/nix-cache-info" failed (2: No such file or directory), client: 10.42.2.7, server: localhost, request: "GET /nix-cache-info HTTP/1 │
│ 10.42.2.7 - - [03/Aug/2024:12:09:30 +0000] "GET /nix-cache-info HTTP/1.1" 404 153 "-" "curl/8.8.0 Nix/2.18.5" "10.42.2.1"                                                                             │
│ 10.42.2.7 - - [03/Aug/2024:12:09:30 +0000] "PUT /nix-cache-info HTTP/1.1" 405 157 "-" "curl/8.8.0 Nix/2.18.5" "10.42.2.1"    

Any ideas whats wrong? I'm neither an nix nor an nginx expert, so maybe it is something really simple but I cannot figure it out.

I am having audio issues on NixOS. I have tried enabling all firmware. I've also tried both pipewire and pulseaudio. The audio is confirmed working on CachyOS live image.

Here is the error message found in the system log:

`Aug 01 01:43:19 nixos kernel: sof-audio-pci-intel-tgl 0000:00:1f.3: error: sink MIXER1.0g623.1 not found

Aug 01 01:43:19 nixos kernel: skl_hda_dsp_generic skl_hda_dsp_generic: ASoC: topology: add_route failed: -22

Aug 01 01:43:19 nixos kernel: skl_hda_dsp_generic skl_hda_dsp_generic: ASoC: topology: could not load header: -22

Aug 01 01:43:19 nixos kernel: sof-audio-pci-intel-tgl 0000:00:1f.3: error: tplg component load failed -22

Aug 01 01:43:19 nixos kernel: sof-audio-pci-intel-tgl 0000:00:1f.3: error: failed to load DSP topology -22

Aug 01 01:43:19 nixos kernel: sof-audio-pci-intel-tgl 0000:00:1f.3: ASoC: error at snd_soc_component_probe on 0000:00:1f.3: -22

Aug 01 01:43:19 nixos kernel: skl_hda_dsp_generic skl_hda_dsp_generic: ASoC: failed to instantiate card -22

Aug 01 01:43:19 nixos kernel: skl_hda_dsp_generic skl_hda_dsp_generic: probe with driver skl_hda_dsp_generic failed with error -22`

Here is configuration.nix

I created a hyprland and waybar configuration using nix, and neither seem to actually apply. Why is this happening?

https://pastebin.com/01z6BiCj

Does anybody know if there is a website or resource that has NixOS modules you can include in your config?

This is my first FOSS code project. If anyone has any constructive suggestions for improvement, please let me know.

https://github.com/guttermonk/waybar-nixos-updates

I am just setting up my NixOS config for the first time, and I know that it will be fairly complex. I know it will only be possible and scalable if I have sane conventions.

I have read a number of example configs, but there does not seem to be consistent conventions between them of where to store custom option declarations, how to handle enabling/disabling modules, etc. They all work, but they do it in different ways.

Are there any official or unofficial conventions/style guides to NixOS config structure, and where can I find them?

For example, should I make a lib directory where I put modules that are easily portable and reusable in other people's configs? When should I break modules up into smaller ones? Etc. These are things that I hope to be addressed.

So I started using nixos as a daily driver several months ago.

At first it was nice using the life disk to install it. I really liked the options you could choose. The only the thing it misses is the information that it will install systemd bootloader and I don't have the option to install grub2.

Then when I used it I had to learn that I needed to switch my flatpaks back to the system packages since nix had almost all of them too. And nix packages work better in nix. Even though flatpak is sandboxed sth. in nixos makes some of them break.

I could usually install my software just by using the existing packages, but if not available I started learning nix-shell amd nix in general.

This is when I realised I can't recommend nixos to normal people. If for any reason you need to install sth. that is not in the packages you are fucked. Usually it is easier to get a docker running than to learn nixos and setup a working nix-shell. However once you have a nix-shell to compile some c program you definitely have a deeper understanding of nixos and the program.

I often break my systems by tinkering around. So this was a great experience in nixos since I could go back several generations to a working one and continue from there.

However the last weeks I managed to break nixos! Even going back several generations didn't help. Probably going back several weeks may have worked, but I decided to reinstall instead.

So my problem was basically that I updated from 23.11 to 24.05.

I wanted to update since I was on unstable for razer stuff since I need current drivers.

However once I managed to get the update working i wasn't able to login into x11 anymore and Wayland seems inperformant in gaming. I also have other issues with Wayland.

The next thing was that I wanted to use an amd gpu for gpu-passthrough in a vm and therefore had a Nvidia and amd gpu present. However the system booted into the amd gpu and only after login switched to the Nvidia one.

If I blacklisted the drivers of amd I would not get a sddm log in screen anymore. Nothing I did fixed that. Removing the amd gpu didn't help. Going back to the novau drivers worked but I couldn't use them since they are broken as well.

After tinkering around a lot I finally decided to reinstall the current nixos image.

So life image it is again. Automatically loads Wayland. If I assume correctly with novau drivers. I installed everything however during the installation process the gui broke. (Wayland and novau don't work well I guess. Fuck Nvidia) And even though through tty I could see when it was finished I couldn't boot into the system.

So I rebooted the life disk and then logged out switched to x11 and reinstalled again. This time it worked. I then used my old configuration and only updated to plasma6 since I already installed that on the new installation.

And to my surprise it just worked. Everything was like before. X11 working and so on.

So while I managed to break nixos it is in fact just as easy to reinstall again and configure like before.

Hi, I am considering switching to NixOS and I was wondering what level of hassle I should expect for gaming.

I have been using linux for about 10 months so I don't know a lot yet. I am wondering if it is worth it to try gaming on Nix or if it is going to be way too much of a headache considering my limited knowledge.

I've had wildly different experiences trying gaming on different distros, and very differently from what I expected. It went from fine for a weird niche distro (antiX), to really awful for a distro supposedly "easy" and "good for gaming" (Manjaro 😑), to absolutely amazing gaming distro (Nobara), and finally to surprisingly good for a "don't try unless you are a Level 99 Tech Wizard dual-classed Zen Master you idiot" distro (Arch). So I really have no clue what to expect from Nix.

I really like Arch but my main issue is that I keep forgetting what I have already configured and how and with which settings, or I leave stuff partially configured because adhd then I forget it wasn't finished and where I was at, so using config files instead sound insanely more convenient and I've been wanting to try Nix for a while.

I'd be really glad for anyone willing to share their experience of gaming on Nix 🙂

I have started using NixOS recently and I am just now creating conventions to use in my config.

One big choice I need to make is whether to include a unique identifier as the most significant attribute in any options that I define for my system.

For example:

Lets say I am setting up my desktop so that I am easily able to switch between light and dark modes system-wide. Therefore, I create the boolean option:

visuals.useDarkMode

Lets say I also want to toggle on/off Tor and other privacy technologies all at once easily, so I create the boolean:

usePrivateMode

Although these options do not do related things, they are still both custom options that I have made. I have the first instinct to somehow segregate them from the builtin NixOS options. Let's say my initials are "RK". I could make them all sub-attributes of the "RK" attribute.

rk.visuals.useDarkMode

rk.usePrivateMode

I feel like this is either a really good idea or an antipattern. I would like your opinions on what you think of it and why.

I'm working through some necessary issues in VMs as I work towards dropping Windows, but it occurred to me that I should pick a distro my non-techy partner could use in the event that something catastrophic happens to me. I really like the declarative/immutable distros, but perhaps something more traditional with btrfs snapshots would be better suited to such a use case...?

It's no secret that NixOS has a steep learning curve, but do any of you share a NixOS PC with family/partners/etc.? If so, what has that experience been like? Could they take over admin if you were incapacitated?

If given the option, which route do you go? I have services running in both, and I'll often just do whats easier. I dont really notice a different in performance the configuration for containers is simple enough I don't mind it.

I also wish there was a nix function that parsed a docker compose and used it for the oci-container config. Then I could use my existing compose files or the ones I find in docs online.

I'm attempting to configure an anonymized DNS service using dnscrypt-proxy2, routed through the Tor network. I believe I have everything needed for it to work, but that does not seem to be the case. The DNS resolution is fine, but it's not being proxied through Tor as desired.

 services.resolved.enable = false;
 services.dnscrypt-proxy2 = {
   enable = true;
   settings = {
     ipv6_servers = config.networking.enableIPv6;
     block_ipv6 = !(config.networking.enableIPv6);
     listen_addresses = ["127.0.0.1:53" "[::1]:53"];
     force_tcp = true;

     use_syslog = false;
     odoh_servers = true;
     require_dnssec = true;
     require_nolog = false;
     require_nofilter = true;

     anonymized_dns = {
       routes = [
         {
           server_name = "*";
           via = ["anon-plan9-dns" "anon-v.dnscrypt.up-ipv4"];
         }
       ];
       skip_incompatible = true;
     };

     sources.public-resolvers = {
       urls = [
         "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
         "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
       ];
       cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
       minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
     };

     block_unqualified = true;
     block_undelegated = true;
     proxy = "socks5://127.0.0.1:9050";
   };
 };

 systemd.services.dnscrypt-proxy2.serviceConfig = {
   StateDirectory = "dnscrypt-proxy";
 };

    useDHCP = false;
    enableIPv6 = true;
    nameservers = [
      "127.0.0.1"
      "::1"
    ];
    networkmanager.enable = true;
    networkmanager.dns = "none";

  services.tor = {
    enable = true;
    enableGeoIP = false;
    torsocks.enable = true;
    client = {
      enable = true;
    };
  };

This idea is inspired by nixos-mailserver. It was so easy to spin up the mailserver after changing some DNS records and putting in some settings. I thought it might be a good idea to do the same for services that need public, decentralized infrastructure to support. Some ideas include

• Tor relay, or exit node
• Encrypted messaging nodes. It looks like SimpleX chat relies on SMP servers to relay communication
• Crypto miners (I know, I know, but you understand how it fits the “public contribution” usecase)
• Search engines like searxng (I currently use a public instance)
• Libredirect services, like proxy clients for social media

Maybe federated services, but those require more than just the software running on the public internet. Those require moderation and long term maintenance. Ideally, the services in this config would be ephemeral.

Does this sound like a good idea? Would you spin one of these up on a $10 VPS? I understand that this is the NixOS community, not necessarily the privacy community, but I figured thered be overlap.

What other services do you think would be applicable?

I want to install a package, I lookup for the package here https://search.nixos.org/packages? I can find multiple versions. two that sound right, two sound like rubbish and one is a plugin for something. How do I decide which of the two good sounding packages I should choose? What if the package or even both not work? How do I know that it is up to date? How do I know that it will be updated in a timely manner? Can I update it?

I've tried just about every type of setup I can find for a nix shell with python.

I don't want to purely use nixpkgs for a lack of some packages and broken packages. I'm trying to use pyside6, but not everything in pyside6 is provided by the package, e.g. tools like uic.

Attempting to use a venv as normal leads to a disconnect between the env and system with libstdc++.so.6 unable to be found. There are a various different flakes I've tried to use like the-nix-way/dev-templates#python and others from forum discussions which add stdenv.cc.cc.lib to no avail.

I think the farthest I've gotten is with poetry/poetry2nix, where auto-patchelf warns about missing libQt6 libraries. Running with nix run fails to 'find all the required dependencies' even when adding qt6.qtbase or qt6.full to the packages. This is that flake, taken from the poetry2nix github with an added devshell:

{
  description = "Python application packaged using poetry2nix";

  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
    poetry2nix.url = "github:nix-community/poetry2nix";
  };

  outputs = { self, nixpkgs, poetry2nix }:
    let
      system = "x86_64-linux";  # Adjust for your system
      pkgs = nixpkgs.legacyPackages.${system};
      inherit (poetry2nix.lib.mkPoetry2Nix { inherit pkgs; }) mkPoetryApplication;
    in {
      packages.${system}.default = mkPoetryApplication {
        projectDir = ./.;
      };

      apps.${system}.default = {
        type = "app";
        program = "${self.packages.${system}.default}/bin/app";
      };

      devShells.${system}.default = pkgs.mkShell {
        packages = [ pkgs.poetry ];
        buildInputs = [ pkgs.qt6.qtbase pkgs.qt6.full pkgs.qt6.wrapQtAppsHook ];
      };
    };
}

It seems kind of hopeless to get it working on NixOS. Does anyone have a working setup I could use for inspiration, or any other tips? I love the nix paradigm, but I'm honestly considering distrohopping with all of the trouble.

And others like him that have been ostracized. His mere presence seems to bring out quite negative emotions in people.

Anti Commercial-AI license

cross-posted from: https://awful.systems/post/1746256

Nix project: ban? What ban?

They invited that guy back. I do have to admit, I admire his inability to read a room.

I'm a beginner/intermediate in NixOS and my flake rebuild takes about 25 seconds to be finished. Most of the time is evaluating derivation for some reason and it's getting kinda frustrating having to wait when I want to add a package to my config. Has anyone the same problem or is it normal that it takes this long in Nix?

I've been trying to achieve a working mail setup on nixos by using simple-nixos-mailserver.

  mailserver = {
    enable = true;
    certificateScheme = "acme-nginx";
    enableManageSieve = true;
    fqdn = "email.teatastic.org";
    domains = ["teatastic.org"];
    mailboxes = {
      Drafts = {
        auto = "subscribe";
        specialUse = "Drafts";
      };
      Junk = {
        auto = "subscribe";
        specialUse = "Junk";
      };
      Sent = {
        auto = "subscribe";
        specialUse = "Sent";
      };
      Trash = {
        auto = "no";
        specialUse = "Trash";
      };
    };

    loginAccounts = {
      "user1@teatastic.org" = {
        hashedPasswordFile = config.sops.secrets.password.path;
        aliases = ["postmaster@teatastic.org"];
      };
    };

    fullTextSearch = {
      enable = false;
      enforced = "body";
      indexAttachments = true;
      memoryLimit = 512;
    };

    enableImap = true;
    enablePop3 = true;
    enableImapSsl = true;
    enablePop3Ssl = true;

    virusScanning = false;
  };
  services.roundcube = {
    enable = true;
    package = pkgs.roundcube.withPlugins (
      plugins: [
        plugins.carddav
        plugins.contextmenu
        plugins.custom_from
        plugins.persistent_login
        plugins.thunderbird_labels
      ]
    );
    plugins = [
      "attachment_reminder" # Roundcube internal plugin
      "carddav"
      "contextmenu"
      "custom_from"
      "managesieve" # Roundcube internal plugin
      "newmail_notifier" # Roundcube internal plugin
      "persistent_login"
      "thunderbird_labels"
      "zipdownload" # Roundcube internal plugin
    ];
    #dicts = with pkgs.aspellDicts; [en];
    hostName = config.mailserver.fqdn;
    maxAttachmentSize = 100;
    extraConfig = ''
      $config['smtp_server'] = "tls://${config.mailserver.fqdn}";
      $config['smtp_user'] = "%u";
      $config['smtp_pass'] = "%p";
    '';
  };

  security.acme = {
    acceptTerms = true;
    defaults.email = "user1@teatastic.org";
  };

    firewall = {
      enable = true;
      allowedTCPPorts = [
        25 587 143 993 110 995 # Email
        80 # Nginx
      ];
    };

I'm logging in through roundcube, which works as expected. However, when I get to the point of composing an email to somebody, it just starts a "Sending message..." loop without actually sending anything.

I've forwarded the aforementioned ports on my router, yet it fails.