I finally have some time trying to grok flakes and redo my NixOS config from scratch after leaving it for some time (because I have work and have to quickly set things up without me trying to debug how NixOS works).
You've fell into the rabbit hole we call Nix where it leads to other rabbit holes such as functional package management, reproducibility, declarative systems, and immutable operating systems.
This is one of the many tickets to that rabbit hole, allow me to be your guide in this mark:[painful] wonderful declarative journey.
If you're going to install one of my NixOS configs, be sure to download the unstable versions from link:https://releases.nixos.org/?prefix=nixos/unstable/[their release page].
As an additional option, you can also use link:https://github.com/foo-dogsquared/nixos-config/releases/tag/latest[my personalized NixOS installers] which is primarily intended for me configs.
However, you have to keep some limitations and guidelines in mind.
* It exports an attribute based from the link:https://github.com/nix-community/NUR/[NUR template].
+
--
Several exports includes...
* My custom library at `lib`.
* Custom NixOS modules at `modules`.
* Custom home-manager modules at `hmModules`.
* An overlay of my custom packages at `overlays.foo-dogsquared-pkgs`.
* My packages as the rest of the top-level attributes from the attrset.
--
* Keep in mind it doesn't export the NixOS hosts and home-manager user configurations.
It would be pointless as it is duplicating effort plus I __really like managing my NixOS config more with the flakes way__ compared to setting up channels.
It has a lot of advantages such as the ease of provisioning and updating your setups along with its dependencies, enforcing certain values in a certain attribute that can be seen in the revised Nix CLI, and nicer interface overall.
While possible with channels, this is just better experience overall and I have no interest in maintaining setups in both ways.
* `homeManagerModules` are where my link:./modules/home-manager[custom home-manager modules] to be exported.
footnote:[This is more useful than my NixOS modules.]
* `nixosModules` are composed from NixOS modules defined in link:./modules/nixos[`./modules/nixos`].
It can be used as additional modules for your own NixOS config in case you want to use mine for whatever reason.
There are some niceties in there.
+
--
A few examples include:
* A NixOS module for Pop launcher plugins and scripts.
* Several service modules for archiving with link:https://github.com/yt-dlp/yt-dlp[yt-dlp], link:https://github.com/mikf/gallery-dl/[gallery-dl], and link:https://archivebox.io/[ArchiveBox].
* My themes which contain full desktop environments which is nice for quickly initializing a NixOS configuration.
* `homeManagerConfigurations` contains my various link:https://github.com/nix-community/home-manager[home-manager] configurations from link:./users/home-manager/[`./users/home-manager/`].
The neat thing about it is you can easily install it in a non-NixOS Linux distro.
* `nixosConfigurations` which is where you can install my various NixOS configurations directly (e.g., `nixos-install --flake {canonical_flake_url}#HOST`).
- Associated private keys: GPG, SSH, age, you name it.
They are used with a secret management tool (see <<secrets-management>> for more information) to encrypt the more sensitive parts of the system such as credentials and environment files.
- Disposable hosts configurations.
They will typically just make a messier mess than the current situation.
Though the unreproducible part is only like 10% of the whole configuration, it can be successfully deployed by anyone.
Keep in mind, it comes with a few restrictions due to the lack of the appropriate credentials.
An example would be the link:./modules/nixos/tasks/backup-archive[Borg backup task] where it needs several files and credentials locked from the secrets management tool.
- Certain components will be missing.
Most notably, the associated SSH key for the hosts.
You won't be able to connect to the host if you don't have the private key.
- Not to mention not all modules listed committed here are up-to-date.
Though this only applies to non-critical services like the link:./modules/nixos/tasks/multimedia-archive[multimedia archiving service].
My configuration takes a lot of cues from link:{devos_link}[devos] (which is unfortunately is a lot to take if you're just beginning to grok Nix as a whole).
* link:./secrets/[`./secrets/`] contains my cluster-wide secrets managed with link:https://github.com/mozilla/sops[sops] and link:https://github.com/Mic92/sops-nix[sops-nix].
Take note, each component (e.g., hosts, modules, users) could have their own specific secrets.
If you're going to use my stuff, why don't take a gander and try my non-personal parts of the configuration such as my link:./modules/nixos/[NixOS modules] and link:./modules/home-manager[home-manager modules]?
In that case, you can simply plop them into your list of imports for your NixOS configuration like so.
# Use my GNOME desktop configuration for some reason.
workflows.workflows.a-happy-gnome.enable = true;
}
----
[#using-my-config-with-channels]
=== With channels
The traditional way of managing stuff with link:https://nixos.org/manual/nix/stable/package-management/channels.html[channels].
Though, I have made some efforts to make it easy to use without flakes, I cannot guarantee it's good compared to using it with flakes.
WARNING: You cannot install my NixOS configurations at all with channels so there's another reason why (whether is valid or not is completely up to you).
To start, as root, you have to add my project into the channels list...
You can see link:./default.nix[`./default.nix`] to see more details but there are general guidelines to the attributes that is contained in this file which is outlined in <<channels-support>> section.
Here's an example snippet in a NixOS config making use of my configuration without flakes:
# Still using my GNOME desktop configuration for some reason.
workflows.workflows.a-happy-gnome.enable = true;
}
----
=== With manual fetching
If you really don't want to manage stuff with channels or with flakes for some reason, I suppose you can just use something like link:https://github.com/nmattia/niv/[niv].
You could also pin my config similarly to link:https://nix.dev/tutorials/towards-reproducibility-pinning-nixpkgs[how you can pin nixpkgs] then use it as if you manage it as described from <<using-my-config-with-channels>>.
Here's a snippet of using it as part of a NixOS configuration.
* [x] Make use of other established utilities such as link:https://github.com/divnix/digga/[digga], link:https://github.com/gytis-ivaskevicius/flake-utils-plus[flake-utils-plus], and link:https://github.com/nix-community/home-manager[home-manager] once I'm familiar to create my own Nix programs.
I hope you're ready for some time understanding because the learning curve is steeper than the link:https://en.wikipedia.org/wiki/Troll_Wall[Troll Wall].
I've written link:https://foo-dogsquared.github.io/blog/posts/moving-into-nixos/[a blog post regarding my experience with Nix] with a bunch of links for getting started.
I feel like link:https://github.com/hlissner/dotfiles/blob/5ea10e188354d096566a364016fbd28ec38dbe07/README.md#frequently-asked-questions[this answer is enough] but I'll give my take on it regardless.
+
--
If you are looking forward to debugging your configuration which consists of finding multiple sources from the manuals from the website, reading the source code from the appropriate point in link:https://github.com/NixOS/nixpkgs/[nixpkgs], and repeatedly testing your NixOS configurations with each change then this is for you.
Entering the Nix ecosystem at the beginning requires high level of engagement to learn the ropes even if your only intention is to create a basic reproducible operating system ala-Ansible.
* You'll encounter vague and unique errors as the likes of NixOS is a unique world (the infamous infinite recursion, anyone?).
* You'll appreciate technical writers as the documentation department is lacking.
* You'll read outdated unofficial guides, resources, and the source code as you dive deeper into Nix.
* You'll get used to the unfortunate UX that is the toolings around Nix (even the revised Nix CLI has its problems).
There's nothing better with NixOS than the (un)official NixOS experience™.
Once you passed the initial curve and the difficulties that come with Nix, the benefits are immense.
* Using Nix beyond package management.
** As a universal build system due to its ability to install and integrate multiple versions of the same program without problems and decent support for different projects use cases (i.e., programming languages, build systems).
** As a link:https://virtualenv.pypa.io/[virtualenv]-like environment useful for managing development environments.
** As a way to manage clusters and infrastructure (i.e., link:https://nixos.org/[NixOS] for your installations, link:https://github.com/NixOS/nixops[nixops] for deployment, link:https://github.com/NixOS/hydra[Hydra] for continuous integration).
* You can make use of Nix's large ecosystem of packages and tools from nixpkgs and beyond.
* It is easier to distribute and verify your builds as Nix also has toolings available for those purposes. footnote:[Though, other packaging formats also has those but for Nix, reproducibility is one of the focus.]
If you intend to use NixOS, I recommend to start small and install Nix on a non-NixOS distro and use it as a way to create reproducible development environment, be familiar to its build process (I recommend reading link:https://nixos.org/guides/nix-pills[Nix Pills] to get started), get intimate with systemd, and then test NixOS in a virtual machine.
You only need Nix 2.6 installed with the experimental features for Nix command and flakes enabled (i.e., `experimental-features = nix-command flakes`).
One of my goals when creating this config is to use as little dependency as much as possible and to understand more what's going under the hood with Nix.
At the time I've rewritten this configuration, I have little idea about Nix as a language and I find devos to be overwhelming so I doubled down to create from scratch.
+
However, I can say that my configuration is moving in a similar direction to devos (which is intended to be modified anyways) as I explore more of Nix.
In fact, I've based much of my config from it and may even be ended up as one.
It is nice that such a project exists serving as a reference for bigger configurations.
What's up with some error regarding something in restricted mode?::
If you found some error regarding something in restricted mode, you can run the installation with `--impure` flag (i.e., `nixos-install --impure --flake {canonical_flake_url}#ni`).
I just chose it to make it easier to upstream parts of this project to nixpkgs and to make it easier to copy it without much problems (just don't forget to add attribution as indicated from the license).
Please see link:./LICENSE[`./LICENSE`] for the full text.
