My home nixos/nix-darwin configuration rewrite in flakelight

This is a work in progress. Don’t abuse it yet. The legacy branch has all my old stuff, I’ll be migrating setup to here as I’ll be rebuilding systems with 25.05 when it is out.

Its main raison d’etre is to do disk setup/partitioning via disko and autogeneration of stuff. As well as to get deploy-rs to do all the rest of the work so I can do deploys of things from one location out to remote systems over ssh.

Todos:

• ssh ca setup so I can use an ssh ca setup for all ssh internally
• wireguard setup so I can setup my own overlay vpn for everything
• figure out the home manager activation issue:

[FAILED] Failed to start Home Manager environment for mitch.
See 'systemctl status home-manager-mitch.service' for details.
...
vm-simple systemd[1]: Starting Home Manager environment for mitch...
vm-simple hm-activate-mitch[710]: Starting Home Manager activation
vm-simple hm-activate-mitch[710]: Could not find suitable profile directory, tried /home/mitch/.local/state/nix/profiles and /nix/var/nix/profiles/per-user/mitch

• Also need to figure out how to have nix-shell get rid of this dum message:

NixOS/nix#2982

Its complaining about profiles, probably something simple I broke. Will fix as I get time.

warning: Nix search path entry '/nix/var/nix/profiles/per-user/root/channels' does not exist, ignoring

Coming from here when using /usr/bin/nix-shell in a shebang line.

echo $NIX_PATH
nixpkgs=flake:nixpkgs:nixpkgs=flake:nixpkgs:/nix/var/nix/profiles/per-user/root/channels

• https://github.com/Misterio77/nix-colors theming? veeeery future mitch task

Testing via qemu/vm

I have a truly hacky script/wrapper around qemu in the bin dir, test-iso. Its a hacky simple way to test out derivations.

For now it defaults to the vm setup in nix/nixosConfigurations/vm-simple

This is a temporary state for now, I hope, its mostly to bootstrap into a fully automated install again. I want to figure out how to replace this script with “normal” nixos testing infra in python like the nixos/nixpkgs repo has.

For now quick hacks is fine. Also useful for testing “air-gap” use cases as I can just disable network on qemu.

https://github.com/compactcode/dot-files/blob/c10315a9559dceaa1fbc0b8beb81c9b83e712bcf/nix/darwinModules/desktop/default.nix

https://nix-community.github.io/home-manager/index.xhtml#_how_do_i_install_packages_from_nixpkgs_unstable Below here be old readme I haven’t updated. Its likely not applicable any longer.

My home network nix flake setup

So my goal with all this is to get as much into a NixOS layout for home. Now that Flakes are “kinda/sorta” out it seems the best time to convert everything over to flakes.

Nix resources

Because nix isn’t exactly a “common” thing to encounter as a programming language/package manager…

• https://nixos.org/guides/nix-pills/
• https://nix.dev/
• https://github.com/tazjin/nix-1p
• https://learnxinyminutes.com/docs/nix/
• https://teu5us.github.io/nix-lib.html
• https://ryantm.github.io/nixpkgs/functions/library/strings/
• https://wiki.nikitavoloboev.xyz/operating-systems/linux/nixos
• https://stephank.nl/p/2020-06-01-a-nix-primer-by-a-newcomer.html
• https://ertt.ca/nix/patch-nixpkgs/
• https://nixos.org/manual/nix/stable/introduction (reference guide to the language)

NixOS option search, for when you want to know what you can set. https://search.nixos.org/options https://nixos.org/manual/nix/stable/language/builtins.html?search=mkIf

Home-manager equivalent.

https://mipmip.github.io/home-manager-option-search/?query=

A nice cli that searches both is https://github.com/mlvzk/manix

Rough usage

So the flake has deploy targets setup already for deploy-rs, to update/rebuild all NixOS nodes run:

clear; nix flake check --show-trace && nix run github:serokell/deploy-rs -- -s .

Or use the wrapper function+script in lib.sh and rebuild script:

wtf rebuild

To run a deploy without running nix flake check:

CHECK=anyvalue wtf rebuild

And should be good to go. Caveats on how/where deploy-rs can deploy to aside. Aka that without builder setup cannot deploy to a macos system from linux. This is on my TODO list to fix at some point.

Layout

Since I’m trying to document things a bit more a bit of layout convention explanation:

• bin Simply a directory for any pertinent scripts that use this repo. Note none of these scripts end up in /nix/store.
• src Source for stuff in bin.
• hosts Host specific data, e.g. mostly generated nix configuration files.
• img Nixos specific directory where iso or disk image outputs get dumped.
• modules General directory for any modules for nixos, nix-darwin, and home-manager. Should be intended to encompass “stuff with options”. Also includes the img autoinstall module used for iso builds.
• patches Any patch files that may be needed for things like CVE’s that might not yet be upstream yet in nixpkgs or anywhere else.
• secrets Any secret related data for age and/or git-transcrypt. Basically “private junk hiding in plain sight”.
• static Bucket for any static files, which generally amounts to either fragments or full bits of files like say .profile that the rest of the flake will use.

Todo’s

NixOS

I need to brain up how exactly I want to do mirroed systemd boot setups.

My current setup that I abused with zfs is basically just rsync the data from the primary boot disk to the rest.

This is hacky and it needs tests/proof.

boot.loader.systemd-boot.extraInstallCommands = ''
  set -e
  ${pkgs.util-linux}/bin/mountpoint -q /efiboot/efi0 || ${pkgs.util-linux}/bin/mount -t vfat -o iocharset=iso8859-1 /dev/disk/by-partlabel/ESP0 /efiboot/efi0
  ${pkgs.util-linux}/bin/mountpoint -q /efiboot/efi1 || ${pkgs.util-linux}/bin/mount -t vfat -o iocharset=iso8859-1 /dev/disk/by-partlabel/ESP1 /efiboot/efi1
  ${pkgs.rsync}/bin/rsync -Havz --exclude .lost+found --delete --delete-before /efiboot/efi0/ /efiboot/efi1
'';

The upstream nixos pr to add it was this: NixOS/nixpkgs#246897

Of note: https://serverfault.com/questions/1101507/how-should-the-efi-system-partition-be-made-redundant-without-using-hardware-rai

I am thinking I should just make my own nixosModule that does:

• On systemd-boot updates do the rsyncs to the mirrored boot devices/partitions
• efibootmgr install to the boot devices with an increment of 1 to specify the boot order for things
• That should do it.

Non goals:

• I don’t care about windows/other os’s here. That is nixos is the only os
• Not dealing with encryption related stuff for now, future mitch problem
• Its not intended to be perfect

Goals:

• Just be able to boot a system without rebuilding if the primary disk fails
• Thats it, its not meant to be forever, more than likely I will be rebuilding anyway just want to be able to have resiliency to hardware failures

Macos

Nice lists of open source stuff to poke at someday. https://github.com/serhii-londar/open-source-mac-os-apps https://github.com/jaywcjlove/awesome-mac

Macos Emacs

Try out more patches from here? https://tdodge.consulting/blog/living-the-emacs-garbage-collection-dream

https://github.com/tyler-dodge/emacs/commit/b386047f311af495963ad6a25ddda128acc1d461.patch

Some interesting org packages here. https://github.com/chrisbarrett/nursery

Some interesting macos integration ideas. https://xenodium.com/emacs-macos-sharing-dwim-style-improved/ https://github.com/xenodium/dwim-shell-command/commit/20e782b4bf1ea01fecfce3cc8ac4c5a74518cd80

Need to try out xwidget support and nov-xwidget on macos https://macowners.club/posts/using-xwidgets-on-macos/ and https://github.com/chenyanming/nov-xwidget

Also need to start abusing anki+org notes for cards https://yiufung.net/post/anki-org/

And explore this for org notes to auto get graphviz images into docs. https://orgmode.org/worg/org-contrib/babel/languages/ob-doc-dot.html

Set this up? https://en.liujiacai.net/2022/11/26/oh-my-github-1-0/

Fonts

Add or try em?

https://input.djr.com/info/ https://www.fontget.com/font/among-us https://www.fontget.com/font/among-us-filled/ https://www.monolisa.dev/ https://github.com/intel/intel-one-mono https://www.fontbolt.com/font/barbie-2023-font/

Linode

Need to get vps using nix as well now that 22.11 has image build support.

https://github.com/Vanilla-s-Lab/linode-nix/tree/master

Network booting?

Might be fun to look into for a pi4 k8s cluster or something.

https://github.com/DeterminateSystems/nix-netboot-serve

Random notes

Cause I forget and this is a readme so why not stick it here:

List generations

List out nixos generations as root:

nix-env --list-generations --profile /nix/var/nix/profiles/system

Rollback to prior generation

Switch/rollback to prior generation, also as root:

nixos-rebuild switch --rollback

Rolling back to a specific generation

Cause sometimes nixos-rebuild switch –rollback isn’t enough or you have multiple generations that are no good.

nix-env --switch-generation $GENERATION --profile /nix/var/nix/profiles/system
/nix/var/nix/profiles/system/bin/switch-to-configuration switch