NixOS
Contents
About
Resources
as well as nixos-help
Getting help
Matrix: #nix:nixos.org
Discourse Forum: Discourse
LiveCD
Default credentials
username |
nixos |
password |
empty |
OpenSSH daemon is running, but won't allow to login since PermitEmptyPasswords no is a compiled in default. To keep it simple a password for the user nixos can be set.
1 passwd nixos
Then you are allowed to login to the system via ssh.
Nix magic
The variable PATH is interesting
1 [nixos@nixos:~]$ echo $PATH
2 /run/wrappers/bin:/home/nixos/.nix-profile/bin:/etc/profiles/per-user/nixos/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin
3
4 [nixos@nixos:~]$ sudo -i
5
6 [root@nixos:~]# echo $PATH
7 /run/wrappers/bin:/root/.nix-profile/bin:/etc/profiles/per-user/root/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin
8
9 [root@nixos:/home/nixos]#
10
The whole filesystem seems to consist of hierarchical sym-links, that in the end point to the content /nix/store. E.g. the most of the filesystem tree /etc is abstracted in multiple layers by
sym-linking files to /etc/static.
sym-linking /etc/static to a specific generation in /nix/store
sym-linking the config-files in the chosen generation to files in /nix/store
That's very a very complex setup. I'm curios to the internals, that manage this "weirdness".
Installation
Prepare storage
I used the following partitioning layout
storage#Partitioning_with_parted_for_MBR
Formatting the devices
1 mkfs.ext4 -L rootfs /dev/vda3
2 mkswap -L swap1 /dev/vda2
3 swapon /dev/vda2
4
5 ###OUTPUT
6 mke2fs 1.46.4 (18-Aug-2021)
7 Discarding device blocks: done
8 Creating filesystem with 4717824 4k blocks and 1179648 inodes
9 Filesystem UUID: 371ae94a-651a-4510-8072-bb72f932b1e5
10 Superblock backups stored on blocks:
11 32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
12 4096000
13
14 Allocating group tables: done
15 Writing inode tables: done
16 Creating journal (32768 blocks): done
17 Writing superblocks and filesystem accounting information: done
18
19 mkswap: /dev/vda2: warning: wiping old ext4 signature.
20 Setting up swapspace version 1, size = 2 GiB (2147479552 bytes)
21 LABEL=swap1, UUID=ef9c1263-594d-4c60-a420-61819c37fcdf
22 mount /dev/disk/by-label/rootfs /mnt
Initial configuration
Automatically generate a new NixOS config
nixos-generate-config --root /mnt
So NixOS it generated a new config
ls -lR /mnt
1 /mnt:
2 total 20
3 drwxr-xr-x 3 root root 4096 Dec 9 12:49 etc
4 drwx------ 2 root root 16384 Dec 9 12:47 lost+found
5
6 /mnt/etc:
7 total 4
8 drwxr-xr-x 2 root root 4096 Dec 9 12:49 nixos
9
10 /mnt/etc/nixos:
11 total 8
12 -rw-r--r-- 1 root root 3546 Dec 9 12:49 configuration.nix
13 -rw-r--r-- 1 root root 821 Dec 9 12:49 hardware-configuration.nix
14
15 /mnt/lost+found:
16 total 0
Adjust initial configuration
There is probably no need to change
/mnt/etc/nixos/hardware-configuration.nix
1 # Do not modify this file! It was generated by ‘nixos-generate-config’
2 # and may be overwritten by future invocations. Please make changes
3 # to /etc/nixos/configuration.nix instead.
4 { config, lib, pkgs, modulesPath, ... }:
5
6 {
7 imports =
8 [ (modulesPath + "/profiles/qemu-guest.nix")
9 ];
10
11 boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
12 boot.initrd.kernelModules = [ ];
13 boot.kernelModules = [ ];
14 boot.extraModulePackages = [ ];
15
16 fileSystems."/" =
17 { device = "/dev/disk/by-uuid/371ae94a-651a-4510-8072-bb72f932b1e5";
18 fsType = "ext4";
19 };
20
21 swapDevices =
22 [ { device = "/dev/disk/by-uuid/ef9c1263-594d-4c60-a420-61819c37fcdf"; }
23 ];
24
25 hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
26 }
/mnt/etc/nixos/configuration.nix
1 [root@nixos:/mnt]# cat /mnt/etc/nixos/configuration.nix
2 # Edit this configuration file to define what should be installed on
3 # your system. Help is available in the configuration.nix(5) man page
4 # and in the NixOS manual (accessible by running ‘nixos-help’).
5
6 { config, pkgs, ... }:
7
8 {
9 imports =
10 [ # Include the results of the hardware scan.
11 ./hardware-configuration.nix
12 ];
13
14 # Use the GRUB 2 boot loader.
15 boot.loader.grub.enable = true;
16 boot.loader.grub.version = 2;
17 # boot.loader.grub.efiSupport = true;
18 # boot.loader.grub.efiInstallAsRemovable = true;
19 # boot.loader.efi.efiSysMountPoint = "/boot/efi";
20 # Define on which hard drive you want to install Grub.
21 boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only
22
23 networking.hostName = "nixos1"; # Define your hostname.
24 # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
25
26 # Set your time zone.
27 time.timeZone = "Europe/Berlin";
28
29 # The global useDHCP flag is deprecated, therefore explicitly set to false here.
30 # Per-interface useDHCP will be mandatory in the future, so this generated config
31 # replicates the default behaviour.
32 networking.useDHCP = false;
33 networking.interfaces.enp1s0.useDHCP = true;
34
35 # Configure network proxy if necessary
36 # networking.proxy.default = "http://user:password@proxy:port/";
37 # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
38
39 # Select internationalisation properties.
40 i18n.defaultLocale = "de_DE.UTF-8";
41 console = {
42 # font = "Lat2-Terminus16";
43 keyMap = "de";
44 };
45
46 # Enable the X11 windowing system.
47 services.xserver.enable = true;
48
49
50 # Configure keymap in X11
51 services.xserver.layout = "de";
52 # services.xserver.xkbOptions = "eurosign:e";
53
54 # Enable CUPS to print documents.
55 # services.printing.enable = true;
56
57 # Enable sound.
58 sound.enable = true;
59 hardware.pulseaudio.enable = true;
60
61 # Enable touchpad support (enabled default in most desktopManager).
62 # services.xserver.libinput.enable = true;
63
64 # Define a user account. Don't forget to set a password with ‘passwd’.
65 users.users.tobias = {
66 isNormalUser = true;
67 extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
68 description = "Tobias Stein,,,";
69 openssh.authorizedKeys.keys = [ "ssh-rsa kjlhkjhkjhjkjkhkj tobias@blubb" ];
70 };
71
72 # List packages installed in system profile. To search, run:
73 # $ nix search wget
74 environment.systemPackages = with pkgs; [
75 vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
76 firefox
77 bash-completion byobu btrfs-progs curl
78 dmidecode dosfstools git gpm htop iftop iotop jq
79 lsof man-db mc mlocate openssl parted pigz psmisc pv
80 pwgen rsync screen strace sudo
81 sysstat tmux vim wget zsh
82 ];
83
84 # Some programs need SUID wrappers, can be configured further or are
85 # started in user sessions.
86 # programs.mtr.enable = true;
87 programs.gnupg.agent = {
88 enable = true;
89 enableSSHSupport = true;
90 };
91
92 # List services that you want to enable:
93
94 # Enable the OpenSSH daemon.
95 services.openssh.enable = true;
96
97 # Open ports in the firewall.
98 # networking.firewall.allowedTCPPorts = [ ... ];
99 # networking.firewall.allowedUDPPorts = [ ... ];
100 # Or disable the firewall altogether.
101 # networking.firewall.enable = false;
102
103 # This value determines the NixOS release from which the default
104 # settings for stateful data, like file locations and database versions
105 # on your system were taken. It‘s perfectly fine and recommended to leave
106 # this value at the release version of the first install of this system.
107 # Before changing this value read the documentation for this option
108 # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
109 system.stateVersion = "21.11"; # Did you read the comment?
110
111 ### ENABLE AUTOMATIC UPGRADES
112 system.autoUpgrade.enable = true;
113 system.autoUpgrade.allowReboot = true;
114 #system.autoUpgrade.channel = https://nixos.org/channels/nixos-21.11;
115
116 ### ENABLE KDE
117 services.xserver.displayManager.sddm.enable = true;
118 services.xserver.desktopManager.plasma5.enable = true;
119 }
Install NixOS
The default option --root "/mnt".
- At the end you will be prompted for the root password
1 nixos-install
To chroot into the new system, e.g. to set a user password, you may use
1 [root@nixos:/]# nixos-enter --root '/mnt'
2 setting up /etc...
3 /etc/tmpfiles.d/journal-nocow.conf:26: Failed to resolve specifier: uninitialized /etc detected, skipping
4 All rules containing unresolvable specifiers will be skipped.
5 gpg-connect-agent: failed to create temporary file '/root/.gnupg/.#lk0x0000000001464eb0.nixos1.136': No such file or directory
6 gpg-connect-agent: can't connect to the agent: No such file or directory
7 gpg-connect-agent: error sending standard options: No agent running
8
9 [root@nixos1:/]# passwd
10 New password:
11 Retype new password:
12 passwd: password updated successfully
13
14 [root@nixos1:/]# passwd tobias
15 New password:
16 Retype new password:
17 passwd: password updated successfully
18
19 [root@nixos1:/]#
20 logout
Remove the image from the machine, adjust boot order and reboot the system
1 reboot
Check and install packages
Query some packages to find out if they exist. The list has been taken from Debian.
1 for PKG in \
2 apt-file aptitude bash-completion byobu btrfs-progs ca-certificates curl \
3 dmidecode dosfstools git gpm htop iftop info iotop jq libcrack2 locales \
4 lsb-release lsof man-db mc mlocate openssl parted pigz psmisc pv \
5 pwgen python3-apt rsync screen sqlite3 ssl-cert strace sudo \
6 sysstat tmux vim wget zsh;
7 do
8 nix-env -qa "$PKG";
9 done
So these packages do not exist
Query and install vim
Configure
Rebuild configuration
When you reconfigured something in /etc/nixos/configuration.nix, like me who forgot to configure locale and keyboard layout, you can apply the configuration with
1 nixos-rebuild switch
NixOS channels
Note: Channels are set per user. This means that running nix-channel --add as a non root user (or without sudo) will not affect configuration in /etc/nixos/configuration.nix
Take a look at the available channels
https://channels.nixos.org/
Show and update current channels
NixOS Manual - Automatic Upgrades
Stable channels, such as nixos-21.11. These only get conservative bug fixes and package upgrades. For instance, a channel update may cause the Linux kernel on your system to be upgraded from 4.19.34 to 4.19.38 (a minor bug fix), but not from 4.19.x to 4.20.x (a major change that has the potential to break things). Stable channels are generally maintained until the next stable branch is created.
The unstable channel, nixos-unstable. This corresponds to NixOS’s main development branch, and may thus see radical changes between channel updates. It’s not recommended for production systems.
Small channels, such as nixos-21.11-small or nixos-unstable-small. These are identical to the stable and unstable channels described above, except that they contain fewer binary packages. This means they get updated faster than the regular channels (for instance, when a critical security patch is committed to NixOS’s source tree), but may require more packages to be built from source than usual. They’re mostly intended for server environments and as such contain few GUI applications.
You can then upgrade NixOS to the latest version in your chosen channel by running
1 nixos-rebuild switch --upgrade
Enable fully-automatic upgrades /etc/nixos/configuration.nix
Nix
Install Nix package manager on Debian
1 curl -L "https://nixos.org/nix/install" |sh
~/.zshrc
Example installation of IHP
Install IHP in the users Nix-store
Determine postgres socket and connect