Instead of one Nix talk, we will do a round of short Nix lightning talks and a Nix Q&A session where you can raise questions and problems that you encountered while using Nix or NixOS, or that so far prevent you from using them. If you want to present a lightning talk (5-10min), feel free to send us a message.
Just installed the Prosody #XMPP server on my home server using the #NixOS module and a Let's Encrypt certificate. Everything just works out of the box, including E2E encryption and push notifications to Monal on iOS.
anyone here that can help me with nix on macos with limited sudo access and self-signed certs being forced into my connection to nixos.org by corporate?
Replaced an unbound today with knot resolver daemon or kresd. Was super easy to port with #NixOS and also create two PRs along the way: updating it to 5.7.2 and adding the missing psl Lua package to nixpkgs and kresd.
Next step is to replace the second and last bind with knot.
After a few months of maintaining my crafts-flake project, I just landed the final PR upstream in #nixpkgs which means that #rockcraft, #charmcraft and #snapcraft willl soon be readily available to all #NixOS users 😎 🚀
Es ist faszinierend wie sehr #nixos in meinem Umfeld doch um sich gegriffen hat. Speziell in den @westwoodlabs . Wir haben mittlerweile schon unsere eigene, nicht ganz kleine Usergroup.
A tool for checking the security hardening options of the #LinuxKernel
There are plenty of security hardening options for the Linux kernel. A lot of them are not enabled by the major distros. We have to enable these options ourselves to make our systems more secure.
But nobody likes checking configs manually. So let the computers do their job!
kernel-hardening-checker (formerly kconfig-hardened-check) is a tool for checking the security hardening options of the Linux kernel. It supports checking:
Kconfig options (compile-time)
Kernel cmdline arguments (boot-time)
Sysctl parameters (runtime)
The security hardening recommendations are based on:
I also created the Linux Kernel Defence Map, which is a graphical representation of the relationships between security hardening features and the corresponding vulnerability classes or exploitation techniques.
That feeling you get when your package.nix builds your command line tool successfully after testing different builders all afternoon...it's a truly wonderful experience! 😅🙌 :nixos: :rust_ferris: #rustlang#nixos#development
So Ive been using nixos with gnome for almost a year now and things have been pretty smooth, it’s just amazing, I never looked back since I started using it. So to make things more interesting and learn stuff I am trying to install hyprland, Ive no idea what window manager, compositor etc are, I have few questions Will...
Any suggestions on how to structure my #nixos config is very welcome. I have been trying to follow along with some of the things I have been seeing but not seen a consensus.
It seems that on #NixOS (unstable), there are (currently) no premade builds of #Plasma6 on the cache server for #aarch64. Unfortunately, on my #pinebook_pro, the integrated 64GB MMC simply isn't big enough to build it from source, even on a fresh vanilla installation! :blobcatnotlikethis:
@empire any time you need to build a config for a slightly less powerful ARM device (or any device for that matter), do what I do: use nixos-rebuild to its full potential!
Fun fact, #NixOS is so awesome, you can build your configuration on a more powerful machine and deploy the switch to a remote device on your network using SSH!
You just have to make sure you at least have a base NixOS install on the remote device and have SSH port open. You can specify the target machine via CLI 🤘 :nixos:
@empire I totally feel where you're coming from! It's true, the PBP hardware is only capable of doing so much...but I can't tell ya from experience that it's still plenty capable of being a low end dev laptop!
You just have to run what works best on the device. I recommend two big changes regardless of the OS:
Snag the NVMe adapter and install it to boot from instead of MMC. Real easy just use Tow-Boot
NO KDE or GNOME
BSPWM runs great, and #NixOS has Hyprland available in config!
I see sops-nix a lot, but it's generally used with SSH keys. But where do I get that SSH key from, and what if I lose it? Or what if I want to put my SSH key in Home Manager? Or what if I do a rebuild on another system that doesn't have that ssh key?
Can I just put a password in during a nixos-rebuild that'll decrypt my secret file(s)?
(I tried using sops with a gpg key on my Yubikey, but stumbled into an "Invalid Time" error that apparently me and 3 other people on Reddit have seen. But even if the key was safe on my Yubikey, it still doesn't solve the "rebuilding on another machine", because my Yubikey is on my desktop, not the VM, right?)
What would happen to my gnome environment if I switch to hyprland?
So Ive been using nixos with gnome for almost a year now and things have been pretty smooth, it’s just amazing, I never looked back since I started using it. So to make things more interesting and learn stuff I am trying to install hyprland, Ive no idea what window manager, compositor etc are, I have few questions Will...