My home nixos/nix-darwin configuration rewrite in flakelight
This is a work in progress. Don’t abuse it yet. The legacy branch has all my old stuff, I’ll be migrating setup to here as I’ll be rebuilding systems with 25.05 when it is out.
Its main raison d’etre is to do disk setup/partitioning via disko and autogeneration of stuff. As well as to get deploy-rs to do all the rest of the work so I can do deploys of things from one location out to remote systems over ssh.
Todos:
- ssh ca setup so I can use an ssh ca setup for all ssh internally
- wireguard setup so I can setup my own overlay vpn for everything
- need to figure out how to have nix-shell get rid of this dum message:
Its complaining about profiles, probably something simple I broke. Will fix as I get time.
warning: Nix search path entry '/nix/var/nix/profiles/per-user/root/channels' does not exist, ignoring
Coming from here when using /usr/bin/nix-shell in a shebang line.
echo $NIX_PATH nixpkgs=flake:nixpkgs:nixpkgs=flake:nixpkgs:/nix/var/nix/profiles/per-user/root/channels
- https://github.com/Misterio77/nix-colors theming? veeeery future mitch task
I have a truly hacky script/wrapper around qemu in the bin dir, sys. It just a temporary way to test out derivations interactively.
For now it defaults to the vm setup in nix/nixosConfigurations/vm-simple
This is a temporary state for now, I hope, its mostly to bootstrap into a fully automated install again. I want to figure out how to replace this script with “normal” nixos testing infra in python like the nixos/nixpkgs repo has.
For now quick hacks is fine. Also useful for testing “air-gap” use cases as I can just disable network on qemu.
TODO: Now that I got everything working in vm-simple setup validte air gap install works
Since I’m trying to document things a bit more a bit of this repos layout convention (note private is for now just a silly work in progress thing):
- bin Simply a directory for symlinks to src scripts that are pertinent to development in this repo only.
- src Shell scripts for whatever
- nix Flakelight base directory for overlays, packages, nixos configurations, darwin configurations, home-manager etc…
- spec shellspec unit test dir.
- crypt Data that is encrypted within the git repo itself using https://github.com/vlaci/git-agecrypt and ssh keys via age. Basically “private junk hiding in plain sight to be used at runtime”. Note this is decrypted at boot time.
- static Bucket for any static files, which generally amounts to either fragments or full bits of files like say .profile that the rest of the flake will use of its own volition.
So my goal with all this is to get as much into a NixOS layout for home. Now that Flakes are “kinda/sorta” out it seems the best time to convert everything over to flakes.
Because nix isn’t exactly a “common” thing to encounter as a programming language/package manager…
- https://nixos.org/guides/nix-pills/
- https://nix.dev/
- https://github.com/tazjin/nix-1p
- https://learnxinyminutes.com/docs/nix/
- https://teu5us.github.io/nix-lib.html
- https://ryantm.github.io/nixpkgs/functions/library/strings/
- https://wiki.nikitavoloboev.xyz/operating-systems/linux/nixos
- https://stephank.nl/p/2020-06-01-a-nix-primer-by-a-newcomer.html
- https://ertt.ca/nix/patch-nixpkgs/
- https://nixos.org/manual/nix/stable/introduction (reference guide to the language)
NixOS option search, for when you want to know what you can set. https://search.nixos.org/options https://nixos.org/manual/nix/stable/language/builtins.html?search=mkIf
Home-manager equivalent.
https://mipmip.github.io/home-manager-option-search/?query=
A nice cli that searches both is https://github.com/mlvzk/manix
While this setup “works” for varying definitions of the word, its got more work to be done yet.
Right now I’m manually creating a nixosConfiguration iso derivation in nix/nixosConfigurations, this really could be automated once I finish writing everything twice (or more).
Thoughts as of writing:
- I should be able to create an iso for testing a vm of the configuration itself like the vm- configurations.
- I should also be able to create an iso for the setup itself.
- ??? I’m sure I’m missing something else here.
Thought is I make a lib.nix and create a function to handle this work and then just // { for system in inputs.self.nixosConfigurations function .... } somehow.... This is a future mitch winter problem to tackle
I should make a deploy-rs flakelight module instead of the current hack. This is also a future mitch winter problem.
I need to brain up how exactly I want to do mirrored systemd efi boot setups and add a test for it somehow into my vm test setups. Upstream nixos doesn’t seem to want any part in this but I like having resiliency to my mirror setups to know I can boot off any of the /dev/diskN partitions in the event of the primary disk failing without needing to rebuild.
This is in spite of the entire setup being meant to make rebuilds easy. Sometimes I don’t really have the time to invest to get that done and would rather get work done instead in the interim. Whats the point of mirroring/raid if I can’t boot the damn thing if one disk fails anyway?
My current setup that I abused with zfs is basically just rsync the data from the primary boot disk to the rest.
This is hacky and it needs tests/proof to demonstrate it works like I think.
boot.loader.systemd-boot.extraInstallCommands = ''
set -e
${pkgs.util-linux}/bin/mountpoint -q /efiboot/efi0 || ${pkgs.util-linux}/bin/mount -t vfat -o iocharset=iso8859-1 /dev/disk/by-partlabel/ESP0 /efiboot/efi0
${pkgs.util-linux}/bin/mountpoint -q /efiboot/efi1 || ${pkgs.util-linux}/bin/mount -t vfat -o iocharset=iso8859-1 /dev/disk/by-partlabel/ESP1 /efiboot/efi1
${pkgs.rsync}/bin/rsync -Havz --exclude .lost+found --delete --delete-before /efiboot/efi0/ /efiboot/efi1
'';
The upstream nixos pr to add it was this: NixOS/nixpkgs#246897
I am thinking I should just make my own nixosModule that does:
- On systemd-boot updates do the rsyncs to the mirrored boot devices/partitions
- efibootmgr install to the boot devices with an increment of 1 to specify the boot order for things
- That should do it.
Non goals:
- I don’t care about windows/other os’s here. That is nixos is the only os
- Not dealing with encryption related stuff for now, future mitch problem
- Its not intended to be perfect
Goals:
- Just be able to boot a system without rebuilding if the primary disk fails
- Thats it, its not meant to be forever, more than likely I will be rebuilding anyway just want to be able to have resiliency to hardware failures
Nice lists of open source stuff to poke at someday. https://github.com/serhii-londar/open-source-mac-os-apps https://github.com/jaywcjlove/awesome-mac
Try out more patches from here? https://tdodge.consulting/blog/living-the-emacs-garbage-collection-dream
https://github.com/tyler-dodge/emacs/commit/b386047f311af495963ad6a25ddda128acc1d461.patch
Some interesting org packages here. https://github.com/chrisbarrett/nursery
Some interesting macos integration ideas. https://xenodium.com/emacs-macos-sharing-dwim-style-improved/ https://github.com/xenodium/dwim-shell-command/commit/20e782b4bf1ea01fecfce3cc8ac4c5a74518cd80
Need to try out xwidget support and nov-xwidget on macos https://macowners.club/posts/using-xwidgets-on-macos/ and https://github.com/chenyanming/nov-xwidget
Also need to start abusing anki+org notes for cards https://yiufung.net/post/anki-org/
And explore this for org notes to auto get graphviz images into docs. https://orgmode.org/worg/org-contrib/babel/languages/ob-doc-dot.html
Set this up? https://en.liujiacai.net/2022/11/26/oh-my-github-1-0/
Add or try em?
https://input.djr.com/info/ https://www.fontget.com/font/among-us https://www.fontget.com/font/among-us-filled/ https://www.monolisa.dev/ https://github.com/intel/intel-one-mono https://www.fontbolt.com/font/barbie-2023-font/
Need to get vps using nix as well now that 22.11 has image build support.
https://github.com/Vanilla-s-Lab/linode-nix/tree/master
Might be fun to look into for a pi4 k8s cluster or something.
https://github.com/DeterminateSystems/nix-netboot-serve
Cause I forget and this is a readme so why not stick it here:
List out nixos generations as root:
nix-env --list-generations --profile /nix/var/nix/profiles/systemSwitch/rollback to prior generation, also as root:
nixos-rebuild switch --rollbackCause sometimes nixos-rebuild switch –rollback isn’t enough or you have multiple generations that are no good.
nix-env --switch-generation $GENERATION --profile /nix/var/nix/profiles/system
/nix/var/nix/profiles/system/bin/switch-to-configuration switchCause there is a dearth of docs on this and I can’t be assed to remember it, future me be happy I remembered to write this down. Future me add to upstream docs? Took a while to figure it out.
nix flake metadata --json | jq -r '.locks.nodes.root.inputs | keys[]'for input in nixpkgs nixpkgs-old
(printf "input: %s\n" "${input}" >&2; nix search --inputs-from . ${input} '\.pkgname$' stdboth | grep -Ev '(.*warning.*|evaluating)')I wrapped all this into some wrapper functions ~/profile so I can do this:
$ nis 'nixpkgs' '\.gcc$'
flake: . input: nixpkgs
* legacyPackages.aarch64-darwin.gcc (14.2.1.20250322)
GNU Compiler Collection, version 14.2.1.20250322 (wrapper script)
flake: . input: nixpkgs-old
* legacyPackages.aarch64-darwin.gcc (13.3.0)
GNU Compiler Collection, version 13.3.0 (wrapper script)
flake: . input: nixpkgs-unstable
* legacyPackages.aarch64-darwin.gcc (14.2.1.20250322)
GNU Compiler Collection, version 14.2.1.20250322 (wrapper script)
$ nis 'nixpkgs' '\.gcc$' github:mitchty/nix/legacy
flake: github:mitchty/nix/legacy input: nixpkgs
* legacyPackages.aarch64-darwin.gcc (13.3.0)
GNU Compiler Collection, version 13.3.0 (wrapper script)
flake: github:mitchty/nix/legacy input: nixpkgs-darwin
* legacyPackages.aarch64-darwin.gcc (13.3.0)
GNU Compiler Collection, version 13.3.0 (wrapper script)
flake: github:mitchty/nix/legacy input: nixpkgs-pacemaker
* legacyPackages.aarch64-darwin.gcc (12.3.0)
GNU Compiler Collection, version 12.3.0 (wrapper script)Works out pretty nifty to find out what versions of what is where in flake inputs and to compare what others might be abusing in their flakes.