Hello NixOS!

by Eric on
tags: nix

I have decided that I’ll give Nix a go, since a team I am on will be using it.

I think for simple deployments, Nix saves me the hassle of installing new systems by allowing me to define the entire server in just a few files.

It was pretty nice, I shall paste my boilerplate Nix config here for my future use.

{ config, pkgs, ... }:

{
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
      ./thelounge.nix
    ];

  boot.loader.grub.enable = true;
  boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only

  networking.hostName = "nixplay"; # Define your hostname.
  networking.search = ["eric.si"];
  networking.nameservers = [ "9.9.9.10" "149.112.112.10" ];
  time.timeZone = "America/New_York";
  i18n.defaultLocale = "en_US.UTF-8";
  users.users.eric = {
     isNormalUser = true;
     extraGroups = [ "wheel" ];
     openssh.authorizedKeys.keys  = [
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN2whKHD8XCH+CQwnagH+iBfkyjc/2f/QEfdsEi0SaKO <ssh://eric@eric.si|ed25519>"
     ];
   };
   environment.systemPackages = with pkgs; [
     vim
     wget
     curl
   ];
  virtualisation = {
    podman = {
      enable = true;
      dockerCompat = true;
      defaultNetwork.settings.dns_enabled = true;
    };
  };
  services.openssh.enable = true;
  system.stateVersion = "23.05";
  nix.settings.experimental-features = [ "nix-command" "flakes" ];
  swapDevices = [ {
    device = "/swapfile";
    size = 4*1024;
    randomEncryption.enable = true;
  } ];

}

{
virtualisation.oci-containers.containers."thelounge" = {
  image = "thelounge/thelounge:latest";
  ports = [ "9000:9000" ];
  autoStart = true;
  volumes = [ "/etc/thelounge:/var/opt/thelounge" ];
};
}

I used nix-build switch to switch to the current config.

I also used nix-store --gc to cleanup.

In this current playground, I just deployed thelounge via podman.

I still need to figure out how to use flakes and some other things, but I like it so far.

If this goes well, I might nix-ify my whole infrastructure.

nix search

Update (Nov 5): I just finished writing the Nix for the org I am working with (Stevens Blueprint). the nix files can be found here

Currently it has Nginx, Dokuwiki, and Authelia SSO to reverse proxy Dokuwiki.

If you have any questions, want to change my mind, or literally anything else, please reach out!

<- Gabriel Talbert BuntRandomJoshua Hizgiaev ->
This website is part of the Stevens Community Webring.

All opinions here are my own and do not reflect the views of my employers or university: future, past, and present.
Copyright 2018-2023 • All text here are released under (CC BY 4.0) • Source code available here, released under the GNU AGPLv3 license.
Built on: 2023-11-27T23:48:49Z • Ref: refs/heads/main • Commit: bbb5cb6581f9d74fdafaa98bb752b76db7728447 • CT: all0he2/www1

Show BadgesPowered by Debianxenia-nowvimfurriestilde.townaperture_labsnonbinary_noproblemflag-pansun microsystemsvcss-bluevalid atomvalid rss