From 05283b54e752bb8b134dc7b4bb6d1b88e9cc2dcc Mon Sep 17 00:00:00 2001 From: Michele Cereda Date: Sat, 14 Sep 2024 23:11:29 +0200 Subject: [PATCH] chore: vastly expand notes about nixos --- .vscode/settings.json | 3 + knowledge base/guix system.md | 65 +++++++++++++++++++ knowledge base/guix.md | 69 +++++++++++++++++++++ knowledge base/nix.md | 60 ++++++++++++++---- knowledge base/nixos.md | 103 ++++++++++++++++++++++++++++++- snippets/nixos/commands.fish | 5 ++ snippets/nixos/configuration.nix | 77 +++++++++++++++++++++++ snippets/nixos/k3s.nix | 11 ++++ snippets/nixos/kde.nix | 11 ++++ 9 files changed, 392 insertions(+), 12 deletions(-) create mode 100644 knowledge base/guix system.md create mode 100644 knowledge base/guix.md create mode 100644 snippets/nixos/commands.fish create mode 100644 snippets/nixos/configuration.nix create mode 100644 snippets/nixos/k3s.nix create mode 100644 snippets/nixos/kde.nix diff --git a/.vscode/settings.json b/.vscode/settings.json index bf93454..67eabc2 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -176,6 +176,7 @@ "gpgtools", "groupmask", "growpart", + "guix", "hadolint", "hazelcast", "hdparm", @@ -229,6 +230,8 @@ "netcat", "nfsmount", "nindent", + "nixos", + "nixpkgs", "nmap", "nodepool", "nproc", diff --git a/knowledge base/guix system.md b/knowledge base/guix system.md new file mode 100644 index 0000000..270ba78 --- /dev/null +++ b/knowledge base/guix system.md @@ -0,0 +1,65 @@ +# Guix system + +TODO + +1. [TL;DR](#tldr) +1. [Further readings](#further-readings) + 1. [Sources](#sources) + +## TL;DR + + + + + + + +## Further readings + +- [Website] +- [Main repository] +- [Guix] +- [NixOS] + +### Sources + + + + + +[guix]: guix.md +[nixos]: nixos.md + + + +[main repository]: https://github.com/project/ +[website]: https://guix.gnu.org/ + + diff --git a/knowledge base/guix.md b/knowledge base/guix.md new file mode 100644 index 0000000..cfa934b --- /dev/null +++ b/knowledge base/guix.md @@ -0,0 +1,69 @@ +# Guix + +Package manager for GNU/Linux systems. + +Takes inspiration from [Nix].
+Uses [Guile] for its configuration files. + +1. [TL;DR](#tldr) +1. [Further readings](#further-readings) + 1. [Sources](#sources) + +## TL;DR + + + + + + + +## Further readings + +- [Website] +- [Main repository] +- [Nix] +- [Guix system] + +### Sources + + + + + +[guix system]: guix%20system.md +[nix]: nix.md + + + +[main repository]: https://savannah.gnu.org/git/?group=guix +[website]: https://guix.gnu.org/ + + +[guile]: https://www.gnu.org/software/guile/ diff --git a/knowledge base/nix.md b/knowledge base/nix.md index 0689ac8..30795bc 100644 --- a/knowledge base/nix.md +++ b/knowledge base/nix.md @@ -1,13 +1,14 @@ # The Nix package manager -## Table of contents - 1. [TL;DR](#tldr) 1. [Further readings](#further-readings) 1. [Sources](#sources) ## TL;DR +
+ Setup + ```sh # Install Nix in single-user mode (suggested). # Works on most Linux even *without systemd* or with SELinux *enabled*. @@ -20,9 +21,32 @@ curl -L 'https://nixos.org/nix/install' | sh bash <(curl -L 'https://nixos.org/nix/install') --daemon +# Uninstall Nix in single-user mode. +# Also remove references from '~/.bash_profile' and '~/.zshenv'. +rm -rf '/nix' + +# Uninstall Nix in multi-user mode. +# Oooh boi. +# Check https://nixos.org/manual/nix/stable/installation/uninstall#multi-user. +``` + +
+ +
+ Usage + +```sh # List configured channels. nix-channel --list +# Add channels. +nix-channel --add 'https://channels.nixos.org/nixos-24.05' 'nixos' +nix-channel --add 'https://channels.nixos.org/nixos-24.05-small' 'nixos' +nix-channel --add 'https://channels.nixos.org/nixos-unstable' 'nixos' + +# Remove channels. +nix-channel --remove 'nixos' + # Update channels. nix-channel --update nix-channel --update 'nixpkgs' @@ -38,6 +62,11 @@ nix-env --query --installed nix-env -qa --attr 'nixpkgs' nix-env --query --available --attr 'nixpkgs' +# Search packages. +# See +curl 'https://search.nixos.org/packages?channel=24.05&from=0&size=150&sort=relevance&type=packages&query=vscode' +nix --extra-experimental-features 'nix-command' --extra-experimental-features 'flakes' search 'nixpkgs' 'git' + # Install packages. nix-env -i 'coreutils' nix-env --install --attr 'nixpkgs.parallel' @@ -64,12 +93,18 @@ nix-shell --packages 'cowsay' 'lolcat' # state of the user environment, then run specific commands in it and exit. nix-shell -p 'cowsay' 'lolcat' --run 'cowsay "something" | lolcat' -# Free up space occupied by unreachable store objects like packages used in -# temporary shell environments. + +# Remove old and unreferenced packages. nix-collect-garbage +nix-store --gc +# Do the same for specific profiles. +nix-env -p '/nix/var/nix/profiles/per-user/jonah/profile' --delete-generations 'old' +nix-env -p '/nix/var/nix/profiles/per-user/sam/profile' --delete-generations '14d' + +# Delete old roots. +# Removes the ability to roll back to the deleted ones. nix-collect-garbage --delete-old nix-collect-garbage -d --dry-run -nix-store --gc # Evaluate Nix expressions in an interactive session. @@ -81,19 +116,21 @@ nix-instantiate --eval nix-instantiate --eval 'path/to/file.nix' -# Uninstall Nix in single-user mode. -# Also remove references from '~/.bash_profile' and '~/.zshenv'. -rm -rf '/nix' +# Scan the entire store for corrupt paths. +nix-store --verify --check-contents --repair -# Uninstall Nix in multi-user mode. -# Oooh boi. -# Check https://nixos.org/manual/nix/stable/installation/uninstall#multi-user. +# Replace identical files with hard links. +# It can take quite a while to finish. +nix-store --optimise ``` +
+ ## Further readings - [Website] - [NixOS] +- [Guix] ### Sources @@ -105,6 +142,7 @@ rm -rf '/nix' --> +[guix]: guix.md [nixos]: nixos.md diff --git a/knowledge base/nixos.md b/knowledge base/nixos.md index 4276030..0183ba1 100644 --- a/knowledge base/nixos.md +++ b/knowledge base/nixos.md @@ -1,17 +1,118 @@ # NixOS -TODO +Linux distribution based on [Nix]. +1. [TL;DR](#tldr) +1. [Automatic Upgrades](#automatic-upgrades) +1. [Automatic package cleanup](#automatic-package-cleanup) 1. [Further readings](#further-readings) +## TL;DR + +Refer [Nix] for the package manager's commands. + +The `/etc/nixos/configuration.nix` file contains the current configuration of the local system.
+Execute `nixos-rebuild switch` **as root** whenever one changes something in there to apply the changes. + +When multiple modules define an option, NixOS will try to **merge** all the definitions. + +System configurations are stored in the `/nix/var/nix/profiles/system` profile. + +
+ Usage + +```sh +# Open the manual in a browser window. +nixos-help + +# Inspect the system configuration. +nixos-rebuild repl + +# Apply changes to the system configuration. +# Only builds the configuration. +sudo nixos-rebuild build +# Switches the running system to the new configuration. +# Does *not* make it the default for booting. +sudo nixos-rebuild test +# Makes it the default for booting. +# Does *not* apply it to the running system. +sudo nixos-rebuild boot +# Makes it the default configuration for booting. +# Also tries to apply it to the running system. +sudo nixos-rebuild switch +# Make the new configuration show as an entry in GRUB. +sudo nixos-rebuild switch -p 'new entry' + +# Upgrade NixOS to the latest version in the chosen channel. +# Equivalent to `sudo nix-channel --update 'nixos' && nixos-rebuild switch`. +sudo nixos-rebuild switch --upgrade + +# Test a new configuration in a sandbox. +# Requires hardware virtualization. +# Builds and runs a QEMU VM containing the desired configuration. +sudo nixos-rebuild build-vm && ./result/bin/run-*-vm +``` + +```sh +# Prefer using the '--attr' option with nix. +# The normal command (e.g. `nix-env -i 'k3s'`) got always killed in tests. +nix-env --install --attr 'nixos.k3s' +nix-env --upgrade --attr 'nixos.parallel' +``` + +
+ +## Automatic Upgrades + +Enable the `nixos-upgrade.service` to automatically keep a NixOS system up-to-date by adding the following to the +`/etc/nixos/configuration.nix` file: + +```plaintext +{ + system.autoUpgrade.enable = true; + system.autoUpgrade.allowReboot = true; +} +``` + +If the `allowReboot` option is set to `false`, the service just runs `nixos-rebuild switch --upgrade` to upgrade the +system to the latest version in the current channel.
+If it is set to `true`, then the system will also automatically reboot if the new generation contains any different +initrd, kernel or kernel module. + +Specify a channel explicitly in the same file, e.g.: + +```plaintext +{ system.autoUpgrade.channel = "https://channels.nixos.org/nixos-24.05"; } +``` + +Check when the service runs by looking at the output of `systemctl list-timers 'nixos-upgrade.timer'`. + +## Automatic package cleanup + +Enable `nix-gc.service` to automatically remove old, unreferenced packages. + +One can set the system up to run this unit automatically at certain points in time: + +```plaintext +{ + nix.gc.automatic = true; + nix.gc.dates = "03:15"; +} +``` + ## Further readings - [Website] +- [Manual] + +[nix]: nix.md + +[manual]: https://nixos.org/manual/nixos/stable/ [website]: https://nixos.org diff --git a/snippets/nixos/commands.fish b/snippets/nixos/commands.fish new file mode 100644 index 0000000..f4d2c1e --- /dev/null +++ b/snippets/nixos/commands.fish @@ -0,0 +1,5 @@ +#!/usr/bin/env fish + +nix-env -i --attr 'nixos.kubectl' 'nixos.k9s' 'nixos.helm' + +sudo nixos-rebuild switch diff --git a/snippets/nixos/configuration.nix b/snippets/nixos/configuration.nix new file mode 100644 index 0000000..7842e72 --- /dev/null +++ b/snippets/nixos/configuration.nix @@ -0,0 +1,77 @@ +# Basic NIX modules. +{ config, pkgs, ... }: + +/* Option definitions */ +{ + system.stateVersion = "23.11"; + + # Bootloader. + boot.loader.grub = { + enable = true; + device = "/dev/sda"; + useOSProber = false; + }; + + # Localization. + console.keyMap = "us"; + time.timeZone = "Europe/Amsterdam"; + i18n.defaultLocale = "en_US.UTF-8"; + i18n.extraLocaleSettings = { + LC_ADDRESS = "nl_NL.UTF-8"; + LC_IDENTIFICATION = "nl_NL.UTF-8"; + LC_MEASUREMENT = "nl_NL.UTF-8"; + LC_MONETARY = "nl_NL.UTF-8"; + LC_NAME = "nl_NL.UTF-8"; + LC_NUMERIC = "nl_NL.UTF-8"; + LC_PAPER = "nl_NL.UTF-8"; + LC_TELEPHONE = "nl_NL.UTF-8"; + LC_TIME = "nl_NL.UTF-8"; + }; + + # Networking. + networking.hostName = "nixos-vm"; + + ## SSH. + # Automatically opens port 22 in the firewall. + services.openssh.enable = true; + + # Package management. + nixpkgs.config.allowUnfree = true; + environment.systemPackages = with pkgs; [ + git + tmux + vim + ]; + + # SUID wrappers. + programs.mtr.enable = true; + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + # Users. + users.users.mike = { + isNormalUser = true; + description = "Mike Wazowski"; + extraGroups = [ + "networkmanager" + "wheel" + ]; + packages = with pkgs; [ + chezmoi + firefox + kate + lefthook + # thunderbird + vscode + ]; + }; + + # Include external configuration files. + imports = [ + ./hardware-configuration.nix # usually autogenerated by the system + ./kde.nix + ./k3s.nix + ]; +} diff --git a/snippets/nixos/k3s.nix b/snippets/nixos/k3s.nix new file mode 100644 index 0000000..2867df5 --- /dev/null +++ b/snippets/nixos/k3s.nix @@ -0,0 +1,11 @@ +{ + # Refer https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/networking/cluster/k3s/README.md + boot.kernel.sysctl."net.ipv4.ip_forward" = 1; + networking.firewall.enable = false; + services.k3s = { + enable = true; + role = "server"; + token = "12345"; + clusterInit = true; + }; +} diff --git a/snippets/nixos/kde.nix b/snippets/nixos/kde.nix new file mode 100644 index 0000000..b2648f9 --- /dev/null +++ b/snippets/nixos/kde.nix @@ -0,0 +1,11 @@ +{ + services.xserver = { + enable = true; + desktopManager.plasma5.enable = true; + xkb = { + layout = "it"; + variant = ""; + }; + }; + services.displayManager.sddm.enable = true; +}