#TIL doing mkswap is not enough when the partition was a zpool before and the automatic import #NixOS does via zpool import -d /dev/disk/by-id finds it anyway as long as there is not other pool already loaded with the same name.
Just don't mix up partitions when formatting 😂
PS: systemd-boot doesn't understand ext4 on /boot and having /boot on root and just separating /boot/efi works with grub out of the box or when setting a extra setting which I have of course did not have
Yesterday I finally nuked my Windows 10 gaming machine and installed #NixOS. I was a bit afraid of the Nvidia graphics card but I literally just turned 2 options on and could build a working custom ISO and install the system with them as well.
I had literally more trouble to properly format my disk 😂
My current working theory is, that just the hybrid/prime laptops are so troublesomed.
Sorry für weiteres #NixOS Simping, aber man kann sogar #Flatpak den Nix Way installieren. Einfach geil. :owi:
Wie kommt es, dass NixOS nischiger ist, als #ArchLinux oder #Gentoo? Das ist der beste Weg eine #Linux Distro zu konfigurieren, den ich je gesehen habe. Ich wünschte, ich hätte es früher gekannt. Von NixOS habe ich das erste Mal vielleicht von vor ein paar Monaten oder so gehört.
For all the #sops#nix enjoyers out there, Where do you keep your #AGE key? Does it just live on your drive? Do you use something like a #yubikey? Because boot strapping the key with sops obviously doesn't work
Ich weiß wirklich nicht, was mit dem #Nextcloud Klienten nicht stimmt oder das ein Problem von #NixOS ist. Egal was ich mache, der Client will bei jedem Neustart warum auch immer die Konfiguration von .local zu .config migrieren was fehlschlägt und dadurch kann der Client nicht mehr synchronisieren und logt mich aus. Selbst wenn ich den Konfigurationsordner festlege funktioniert es nicht. Diese beiden Ordner zu löschen bringt auch nichts, das ganze geht einfach von vorne los.
Deswegen immer die Dokumentation lesen. Dass es so weit unten innerhalb des Wikis ist und dazu auch innerhalb des Wikis für den #Nextcloud Server, spricht aber auch nicht gerade für eine gute Organisation. Aber ich habe in den letzten 2 Tagen immer wieder gehört, dass die #NixOS Dokumentation ziemlicher Müll ist. Davon abgesehen ist NixOS aber ein geiles System.
Installed Nixos on my old 2011 MacBook Air that was running Ubuntu. I was using Ubuntu because the WiFi drivers worked oob. Nixos had no problems and works perfectly. I shall name it nixbook air. Gnome always looks great on Mac hardware 🤣 #nixos
floyd (lenovo x260, 32GB RAM, 2TB SSD): programs.gnupg.agent.pinentryFlavor now works different. Easy to fix.
Update took 2 hours(!) and +20GB data
jackson (lenovo t490, 32GB RAM, 2TB SSD): virt-manager-qt doesn't compile but it never worked anyway, so I removed it. Took 7 minutes and used +18GB data.
So it went more or less fine but you need time + large storage meda for Nix.
#TIL: You want to declarative configure your firefox but you have no idea what all those settings in about:config are and the web is not helpful?
You can just copy ~/.mozilla/firefox/*.default/prefs.js to a temporary directory, change the setting in the Firefox UI and then diff the two files and voila, you got the key and value to write into your #NixOS config.
I think it has worked at some point, but, to be honest, I am not sure as I usually just use sleep.
I would now like to set up hybrid sleep, but for that I first need to get hibernation working once and for all
Current state is that it neither works on my work machine (a Dell Latitude 7440), nor on my private notebook (a Lenovo Thinkpad T470).
If you're already familiar with Linux, then #nixos is great, and all you need is a good degree in computer science to be able to write the configuration files. If you have one of those, you can learn it in about six months. If you haven't? Well, then it'll be about three years and six months.
Yes, and don't get me wrong, I very much appreciate #nixos and am using it on two of my home servers, and using nix to manage packages on my Macs. I do think there's something in the suggestion that it's easier if you don't have to un-learn a lot of stuff first! And, while I do have a couple of CS degrees to help me, I must confess my functional programming is rusty, not having had a use for it since my undergrad exams until now :-)
OK so I finally gave NixOS a shot and oh gosh it's a game changer. The thing NixOS solves is everything I hate about linux that I apparently mistakenly believed was "just how linux works".
I honestly did not know it was possible for a linux system to not suck as much as NixOS doesn't suck.
Current #HomeLab status: I‘m making progress very slowly. The server is assembled and up and running Proxmox 8. Yesterday I‘ve build a custom NixOS installiert that has my SSH key pre-loaded. That way I can boot a VM and set it up using nix-anywhere. Tonight I‘m planning to try this out the first time. #proxmox#NixOS#linux#SysAdmin
Thank you for the TPM2 #NixOSarticle@jnsgruk. I decided to give it a go last weekend, and it was a bit longer process than 10 minutes. For anybody who struggle to get rid of the password prompt for the LUKS volume, this setting is essential:
boot.initrd.systemd.enable = true;
The initrd must have systemd installed, so the settings defined with systemd-cryptenroll are available during the boot. Alternative way is to use Clevis to encrypt the LUKS password using the TPM module, and invoke it during boot. This is not super complex either, but I kind of like the systemd approach more.
Also the article didn’t mention much about the different PCR ids you can use with TPM. These define the system state when a secret key can be accessed from the TPM module. If any of the policies trigger, the TPM module will not output any secrets and the user needs to enter the LUKS password. The article uses three policies:
0: firmware updates
2: extended ROMs from pluggable hardware (e.g. USB)
7: secure boot disabled, or firmware certificates update
Additionally, one policy is needed to ensure an attacker cannot boot the system to a single user mode from the bootloader:
12: kernel config change, e.g. changing the boot parameters.
It is important to wipe the old slots with systemd-cryptenroll when changing the PCRs. Changing them is additional, and doesn’t modify the existing policies.
Edit: and do not wipe the password slot! This will render your disk unbootable.