My server is currently running fedora and it has a encrypted raid attatched. Now i wanna move my server to nixos but i cant find anything on how to automount it. Any advice ? Thanks for your time and have a nice day!

Used nix last year but dropped it after home-manager decided to unlink the apps from the Applications directory.

How is the current situation on usability of nix-Darwin + home-manager + brew?

Packages still fails to get indexed correctly in spotlight? I really like a fully repro environment but the fact that the usu ability was low bothered me a lot.

I recently wanted to try out (aider)[https://aider.chat], and ran into a problem that I continually run into: how do I install one-off, experimental software into my environment, without being a nix master, or spending an extreme amount of time on every new package.

In this case, it is a new python package available in pip. It isn't available in nixpkgs, and isn't nixified. pip2nix doesn't work on arm64 Macs (bug here)[https://github.com/nix-community/pip2nix/issues/88], so I can't use that to try and create a flake that works with this package. It isn't using poetry, so poetry2nix is out.

How are you dealing with this problem? Are you all experts in nix, and writing flakes for every piece of software that you want to play around with? Do you have a "dirty" part of your environment that you install this kind of stuff into? (I looked into using pipx to install this, however that (also has a bug)[https://github.com/NixOS/nixpkgs/issues/171429] in nixpkgs.)

Thoughts?

Hi there! I'm trying to make php and composer work. I have this in environment.systemPackages:

    (pkgs.php82.buildEnv {
      extensions = ({ enabled, all }: enabled ++ (with all; [
        xdebug
        redis
      ]));
      extraConfig = ''
        memory_limit=2G
        xdebug.mode=debug
      '';
    })
    php82Extensions.redis

The problem is that while running php -m correctly prints that redis extension is installed, composer does not, because it uses a different php:

• file $(which php) prints the path /nix/store/igx8j4qjxy9jyj8kjyccwarnzqq5vsml-php-with-extensions-8.2.9/bin/php
• cat $(which composer) shows that it's a wrapper for '/nix/store/lv4prxa52zifr54ws56iz3b9kdhs1b5w-php-with-extensions-8.2.9/bin/php' --add-flags '/nix/store/avqj0662f4gg2s875zlbbjajx6fm6bl0-php-composer-2.5.5/libexec/composer/composer.phar'

Note that the path to php is different. Is there any way to correct it on my side? I'd like to avoid having to install composer manually

Interesting idea.

tl;dr image buildable with some patches

South California Linux Expo is looking for papers.

I have a config that I share on github. I share the whole thing and there are keys in it but they are obviously not the complete key (as is standard throughout the community). Just enough to point to the real key with Nix.

Anyway, I have finally gotten around to learning the power of git-crypt. Today, I went through my whole config and took everything out that could even remotely be used by a hacker to find out security holes in my config (permitted insecure packages, specific hardware ID's, github username and email address, for example all went into nix files into the secrets folder with imports where they used to reside) and put those files into a folder at top level called secrets. Then, I encrypted all of the files in that folder and pointed the rest of the config to them so they remain encrypted on my github but perfectly usable in evaluation and build of my config derivation.

My question is: Have I done something clever that will significantly decrease the chances of exploit or do you recommend that everyone does this and I'm just late to the security party?

If this technique is just standard, what else could one do to harden their system without causing difficult to solve issues on deployment of their config? For example, I now need to decrypt that folder when I use that config on a new system and anyone else building it wouldn't be able to get through the evaluation.

I've heard of Sops-Nix and other such security handlers. How can I use sops-nix to aid in that initial git-crypt setup when I spin up a new system, for example?

I recently followed https://www.arthurkoziel.com/installing-nixos-on-a-macbookpro/ to install NixOS on a macbookpro5,1 (from 2008). OSX hasn't supported that hardware since El Capitan and it was incredibly slow even then.

With Nix it works, but I'm frequently running into issues similar to https://askubuntu.com/questions/1114612/rcu-sched-self-detected-stall-on-cpu-watchdog-bug-soft-lockup-cpu3-stuck. The first 3 times I tried logging in after the install it hung after accepting the password. It was just logging the rcu stall error every few seconds, not responding to any keys. I was able to create a user account on the 4th boot, but still haven't installed anything extra on it.

It's also really slow to boot. A few minutes in stage 1 before it asks me for the decryption password and then another few minutes to get to the login prompt.

All of this is without any graphical environment. I was planning to go with a low resource desktop like xfce or cinnamon (are they still maintained?), but any tips on what to look at before I possibly introduce more instability?

gvolpe, the person I forked my NixOS config from wrote this excellent article. I feel like the least I could do is share this amazing blog post.

Remote builds enable interesting use cases and experiments. Besides building for different architectures, another use case that comes to mind would be having a low-resource machine building a derivation that would require heavy CPU usage (e.g. a Rust application) on the fly, without having to rely on CI builds or binary caches, effectively used as a development environment.

Features

UnixPorn at its core

PwNixOS places a strong emphasis on delivering a top-notch graphical experience by providing a visually appealing and productivity-focused interface.

Hacking Tools

PwNixOS offers a wide array of tools and utilities out of the box to support your hacking endeavors. From advanced network analysis and penetration testing tools to powerful scripting languages and development environments, PwNixOS equips you with the necessary arsenal to explore and manipulate computer systems to your heart's content.

Package Management with Nix

One of the standout features of NixOS is its unique package management system called Nix. With Nix, you can easily install, update, and manage software packages on your system. What makes Nix special is its ability to provide isolated and reproducible environments for each package, ensuring that software installations do not interfere with one another. This allows for painless experimentation and easy rollback to previous configurations.

Declarative Configuration

NixOS follows a declarative approach to system configuration. Instead of making changes directly to the system, you define the desired state of your system in a configuration file or flake (like this one). This configuration specifies all the packages, services, and settings you want, providing a clear and reproducible blueprint for your system. This declarative nature simplifies system administration, enables easy replication of configurations across multiple machines, and facilitates version control of your system setup.

Custom packages

This flake has custom hacking tools that are uploaded to the NUR. The purpose of these tools is to fill in the gaps that exist today in the official repositories and create a full arsenal of tools, with well-known tools such as BloodHound and lesser-known tools such as psudohash.

Just pasting this somewhere random in my configuration.nix gives me an error; where should I place it?

package in question: https://github.com/an-anime-team/an-anime-game-launcher/wiki/Installation#-nixos-nixpkg

Thank you for your time!

I want to learn and experiment with fully configuring a single user NixOS installation that is declarative. I've found quite a bit on the NixOS system-land side, but when I go into Home Manager user-land I'm not seeing very much around configuring the Desktop. I usually use XFCE but in trying to work with it I kept running across posts about how it wasn't well supported. So I tried KDE but found the same.What is the best supported Desktop with Home Manager? Or do folks just do the basics with nix stuff, and end up pulling in the rest of the config info into the home directory (like from a repo) as a work-around? Basically use nix stuff to retrieve files and put them into the correct destinations.

Here is a link to the currently open github issues for the nixpkgs repository that are tagged "1.severity: security". Use this to browse around; some of them are simple package version update requests, some are pretty involved changes. If you're bored, why not pick one up? :-).

The 23.05 release was made possible due to the efforts of 1867 contributors, who authored 36566 commits since the previous release. Our thanks go the contributors who also take care of the continued stability and security of our stable release.

NixOS is already known as the most up to date distribution while also being the distribution with the most packages. This release saw 16240 new packages and 13524 updated packages in Nixpkgs. We also removed 13466 packages in an effort to keep the package set maintainable and secure.