this post was submitted on 28 Jul 2024
808 points (97.8% liked)

linuxmemes

20705 readers
2017 users here now

I use Arch btw

Sister communities:

Community rules

  1. Follow the site-wide rules and code of conduct
  2. Be civil
  3. Post Linux-related content
  4. No recent reposts

Please report posts and comments that break these rules!

founded 1 year ago
MODERATORS
poopsmith
zephyr
808
Have you tried NixOS? (lemmy.ml)
submitted 1 month ago by [email protected] to c/linuxmemes
124 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 19 points 1 month ago (9 children)

I mean, it's like a fucking drug. The learning curve is steep AF but past some point, when it starts making sense, it's just incredible. I'm currently moving my whole setup to NixOS and I'm in love.

[–] [email protected] 13 points 1 month ago (8 children)

Even when using in a basic way, I think it has one very tangible advantage: the fact that you can "compartmentalize" different aspects of your configuration.

Let's say I set up a specific web service that I want to put behind a reverse proxy, and it uses a specific folder that doesn't exist yet, like Navidrome which is a web-based audio player. It requires a set of adjustments of different system parts. My nix file for it looks like this:

{ config, ... }:

let
  domain = "music." + toString config.networking.domain;
in
  {
    services.navidrome = {
      enable = true;
      settings = {
        Address = "127.0.0.1";
        Port = 4533;
        MusicFolder = "/srv/music";
        BaseUrl = "https://" + domain;
        EnableSharing = true;
        Prometheus.Enabled = true;
        LogLevel = "debug";
        ReverseProxyWhitelist = "127.0.0.1/32";
      };
    };

    services.nginx = {
      upstreams = {
        navidrome = {
          servers = {
            "127.0.0.1:${toString config.services.navidrome.settings.Port}" = {};
          };
        };
      };
    };

    services.nginx.virtualHosts."${domain}" = {
      onlySSL = true;
      useACMEHost = config.networking.domain;
      extraConfig = ''
        include ${./authelia/server.conf};
      '';
      locations."/" = {
        proxyPass = "http://navidrome";
        recommendedProxySettings = false;
        extraConfig = ''
          include ${./authelia/proxy.conf};
          include ${./authelia/location.conf};
        '';
      };
    };

    systemd.tmpfiles.settings."navidrome-music-dir"."${toString config.services.navidrome.settings.MusicFolder}" = {
      d = {
        user = "laser";
        mode = "0755";
      };
    };
    systemd.services.navidrome.serviceConfig.BindReadOnlyPaths = ["/run/systemd/resolve/stub-resolv.conf"];
      
    security.acme.certs."${config.networking.domain}".extraDomainNames = [ "${domain}" ];
  }

All settings related to the service are contained in a single file. Don't want it anymore? Comment it out from my main configuration (or whereever it's imported from) and most traces of it are gone, the exception being the folder that was created using systemd.tmpfiles. No manually deleting the link from sites-available or editing the list of domains for my certificate. The next generation will look like the service never existed.

And in my configuration, at least the port could be changed and everything would still work – I guess there is room for improvement, but this does what I want pretty well.

[–] [email protected] 1 points 1 month ago (3 children)

Love the example here!

I'm still learning about available references (ex config.services.navidrome.settings.Port). What resources did you find to be the best for learning that kind of thing?

I'll accept RTFM if that's applicable :)

[–] tux7350 3 points 1 month ago (1 children)

Use nix repl! That stands for Read Eval Print Loop. You can evaluate a nix expression and see all the attributes inside. For example, on a non-flake system, use :l <nixpkgs/nixos> inside the repl to load the current system. Then you can hit the tab key to show whats inside of the current attribute set, make sure you have a . at the end. Then you can press enter to evaluate and see the declaration. For example when you set networking.hostName in configuration.nix you can actually find it under options.networking.hostName.value evaluating that in the repl.

[–] [email protected] 1 points 1 month ago

Amazing! I've used that before but just to look for packages offline. I'll definitely check that out.

load more comments (1 replies)
load more comments (5 replies)
load more comments (5 replies)