Nix / NixOS

I experimented with several ways to run my services:

1. "regular" systemd services (services.glance = { ... };)
2. nix containers (containers.glance = { ... };)
3. podman containers (virtualisation.oci-containers.containers.glance = { ... })

and I must say I'm starting to appreciate the last option (the least nixos-y) more and more.

Specifically, I appreciate that:

• I just have to learn the app/container configuration, instead of also backwards-translating from their config into the various nixos options (of course the .yaml or whatever configuration files are still generated from my nixos config, I just do that in a derivation instead on relying on a module doing it for me)
• Services are sometimes outdated in nixpks (even in unstable - and juggling packages between stable and unstable is yet another complication)
• I feel like it's more secure (very arguable and also of very little consequence since everything is on my homelab... it's mainly for the warm fuzzies)

Do you guys use one of the options above? Something different?

I've been trying nixos recently and after watching a bunch of tutorials from various people, I have managed to enable home-manager and flakes.

My question is: where should I write the packages I want to install? In home.nix? In flakes.nix? In configuration.nix (probably not)? I'm probably only gonna have a single user on this machine.

So far, I think the only difference between writing the packages in home.nix compared to flakes.nix is that in the 1st senario, the apps will only be available for the user, while in the 2nd, it will be available for the whole system. Also, I could use the home.nix for non-nixos systems too. Other than that, I can probably write them the same way either on home.nix or flakes.nix and have the same result on my machine.

PS. On search.nixos.org there is an option to search for flakes. What is this? I am planing to get my packages from the packages tab, but I'm wondering that maybe I should search in the flakes tab instead (though it doesn't seem to have many packages).

PPS. Those are some resources I've found (I've mainly watched the videos and have started reading some of the guides):

• https://github.com/Evertras/simple-homemanager/blob/main/04-explain-outputs-function.md
• https://www.youtube.com/watch?v=a67Sv4Mbxmc
• https://www.youtube.com/watch?v=a67Sv4Mbxmc&list=PLko9chwSoP-15ZtZxu64k_CuTzXrFpxPE
• https://www.youtube.com/watch?v=63sSGuclBn0&list=PLuRxZ95-8LY1mlotZMYGYib5sXJRw1RxW
• https://www.youtube.com/watch?v=AGVXJ-TIv3Y
• https://www.youtube.com/watch?v=nLwbNhSxLd4
• https://discourse.nixos.org/t/pass-specialargs-to-the-home-manager-module/33068/4
• https://nix-community.github.io/home-manager/index.xhtml#ch-usage
• https://www.chrisportela.com/posts/home-manager-flake/
• https://nixos-and-flakes.thiscute.world/
• https://discourse.nixos.org/t/practical-nix-flakes-anatomy-a-guided-tour-of-flake-nix/42550/8
• https://old.reddit.com/r/NixOS/comments/v2xpjm/big_list_of_flakes_tutorials/

I try to add an application that was installed with homebrew (managed by nix darwin) to the "Open at Login" settings under "General -> Login Items & Extensions".

I tried to add a launchd.user.agents entry, but that didn't work. The app is only adeded to the "Allow in the Background" settings and does not start on login.

  launchd.user.agents = {
    sanesidebuttons = {
      serviceConfig = {
        Label = "com.thealpa.sanesidebuttons";
        RunAtLoad = true;
        Program = "/Applications/SaneSideButtons.app";
      };
    };
  };

Any ideas how to add an entry to the "Open at Login" settings with nix darwin? launchd.agents and launchd.daemons seems to be the wrong place as well.

edit: for the solution, see my comment below

I'm trying to package a go application (beszel) that bundles a bunch of html stuff built with bun (think, npm).

The html is generated by running bun install and bun run and then embedded in the go binary with //go:embed.

Being completely ignorant of the javascript ecosystem, my first idea was to just replicate what they do in the Makefile

postConfigure = ''
bun install --cwd ./site
bun run     --cwd ./site build
'' 

but, since bun install downloads dependencies from the net, that fails.

I guess the "clean" solution would be to look for buildNpmPackage or similar (assuming that exists) and let nix manage all the dependencies, but... it's some 800+ dependencies (at least, bun install ... --dry-run lists 800+ things) so that's a hard pass.

I then tried to look at how buildGoPackage handles the vendoring of dependencies, with the idea of replicating that (it dowloads what's needed and then compare a hash of what was downloaded with a hash provided in the nix package definition), but... I can't for the life of me decipher how nixpkgs' pkgs/build-support/go/module.nix works.

Do you know how to implement this kind of vendoring in a nix derivation?

Homebrew is the most popular package manager on MacOS, and for good reason. However personally, I believe that Nix is more powerful.

edit: for the solution, see my comment below

I need/want to build aeson and its subproject attoparsec-aeson from source (it's a fork of the "official" aeson), but I'm stuck... can you help out?

The sources of attoparsec-aeson live in a subdirectory of the aeson ones, so I have the sources:

aeson-src = fetchFromGitHub {
  ...
};

and the "main" aeson library:

aeson = haskellPackages.mkDerivation {
  pname = "aeson";
  src = aeson-src;
  ...
};

When I get to attoparsec-aeson however I run into a wall: I tried to follow the documentation about sourceRoot:

attoparsec-aeson = haskellPackages.mkDerivation {
  pname = "attoparsec-aeson";
  src = aeson-src;
  sourceRoot = "./attoparsec-aeson"; # maybe this should be "${aeson-src}/attoparsec-aeson"?
                                     # (it doesn't work either way)
  ...
};

but I get

 error: function 'anonymous lambda' called with unexpected argument 'sourceRoot'

Did I fail to spot some major blunder (I am nowhere near an expert)? Does sourceRoot not apply to haskellPackages.mkDerivation? What should I do to make it work?

BTW:

IDK if this may cause issues, but the attoparsec-aeson sources include symlinks to files in the "main" attoparsec sources:

~/git-clone-of-attoparsec-sources $ tree attoparsec-aeson/
attoparsec-aeson/
├── src
│   └── Data
│       └── Aeson
│           ├── Internal
│           │   ├── ByteString.hs -> ../../../../../src/Data/Aeson/Internal/ByteString.hs
│           │   ├── Text.hs -> ../../../../../src/Data/Aeson/Internal/Text.hs
│           │   └── Word8.hs -> ../../../../../src/Data/Aeson/Internal/Word8.hs
│           ├── Parser
│           │   └── Internal.hs
│           └── Parser.hs
├── attoparsec-aeson.cabal
└── LICENSE

I believe I solved this problem before, but I can't find the solution again. I have some Flatpaks installed on my NixOS system, but they aren't showing up in the app menu. Does anyone know what might be causing this or how to fix it?

cross-posted from: https://discuss.tchncs.de/post/22666403

cross-posted from: https://discuss.tchncs.de/post/22584651

Self-hosted photo and video management solution

I'm trying to set up a simple script (linked to a hotkey in my window manager) that can launch a terminal window with a nix-shell containing packages I specify. So far, I got this:

set packages (fuzzel -d --lines 0 --prompt 'packages for nix-shell > ')
kitty nix-shell --packages $packages --run fish

If I type a single package into my runlauncher (fuzzel) (e.g. grim), the window spawns with a nix-shell as expected; if, however, I attempt to launch a shell with multiple packages (e.g. grim slurp), it fails to launch with the following error:

error:
       … while calling the 'derivationStrict' builtin

         at /builtin/derivation.nix:9:12: (source not available)

       … while evaluating derivation 'shell'
         whose name attribute is located at /nix/store/cjz8w4dgc3rd2n3dqv5c208vygndjyba-source/pkgs/stdenv/generic/make-derivation.nix:336:7

       … while evaluating attribute 'buildInputs' of derivation 'shell'

         at /nix/store/cjz8w4dgc3rd2n3dqv5c208vygndjyba-source/pkgs/stdenv/generic/make-derivation.nix:383:7:

          382|       depsHostHost                = elemAt (elemAt dependencies 1) 0;
          383|       buildInputs                 = elemAt (elemAt dependencies 1) 1;
             |       ^
          384|       depsTargetTarget            = elemAt (elemAt dependencies 2) 0;

       error: attempt to call something which is not a function but a set

       at «string»:1:107:

            1| {...}@args: with import <nixpkgs> args; (pkgs.runCommandCC or pkgs.runCommand) "shell" { buildInputs = [ (grim slurp) ]; } ""
             |                                                                                                           ^

This happens with or without launching a new kitty window, and it happens with other runlaunchers as well. Why on earth isn't this working?

Any help appreciated---thanks, everyone.

cross-posted from: https://discuss.tchncs.de/post/22526287

cross-posted from: https://discuss.tchncs.de/post/22434175

cross-posted from: https://discuss.tchncs.de/post/22389417

cross-posted from: https://discuss.tchncs.de/post/22368053

NixOS Facter aims to be an alternative to projects such as NixOS Hardware and nixos-generate-config. It solves the problem of bootstrapping NixOS configurations by deferring decisions about hardware and other aspects of the target platform to NixOS modules.

Title says it all. The Determinate Systems installer is supposed to have support, but it doesn’t work – from what I can tell, the contexts are wrong. Running restorecon reports changes, but I’m still getting denials. Running on Fedora Asahi Remix 40, if that’s relevant.

Is there any way to make this work? AppArmor is unsupported on Fedora, so I can’t switch to it…

Hi all;

This is a bit of a long shot; but I'm having an issue with trying to modularize my config in preparation for a new laptop.

In particular the issue I have is around passing a path through to an import statement for a home-managed user.

In particular I'm getting undefinedVariable hmPath; but it doesn't seem to be having the same issue when I'm mapping groups and shell; so I can only assume that imports has to be treated differently but I'm at a loss.

Any help on what I've misunderstood would be greatly appreciated.

Snippet below

{ pkgs, config, options, lib, home-manager, ... }:

with lib; let
  cfg = config.ltp.home;

  user = types.submodule ({name, ...}: {
    options = {
      doas.enable = mkEnableOption {
        default = false;
        type = types.bool;
      };

      groups = mkOption {
        default = [];
        type = types.listOf string;
      };

      shell = mkOption {
        default = pkgs.bash;
        type = types.package;
      };

      hmPath = mkOption {
        type = types.path;
      };
    };
  });
in
{
  options.ltp.home = {
    users = mkOption {
      description = Attrset of home-manager users;
      default = {};
      type = types.attrsOf user;
    };
  };

  config = mkIf (cfg.users != {}) (mkMerge [
    {
      users.users = let mkUser =
        lib.attrsets.mapAttrs'
        (
          name: value:
          lib.attrsets.nameValuePair
            "${builtins.baseNameOf name}"
            {
              isNormalUser = true;
              extraGroups = "${groups}";
              shell = "${shell}";
            }
        )
        cfg.users;
      in
      mkUser;
      
      home-manager.users = let mkHmUser =
        lib.attrsets.mapAttrs'
        (
          name: value:
          lib.attrsets.nameValuePair
            "${builtins.baseNameOf name}"
            {
              imports = [ "${hmPath}" ];
            }
        )
        cfg.users;
      in
      mkHmUser;
    }
  ]);
}

Edit...

Solved the initial issue I was confusing myself and should've been using value.hmPath and equivalent inside the lib functions.

Next issue; I'm having is I can't seem to pass through the path for the home-manager module for the user that is give to the import statement.

Edit 2...

I didn't manage to get it working how I was doing it so I've changed my approach; to implicitly reference the users home-manager base module based on the folder structure e.g. ./hosts/${hostname}/users/${builtins.baseNameOf name}