Nix / NixOS

I am pretty happy with my configs now, with home manager but no flakes so far. I am, however, annoyed by all the dotfiles that I didn't define, and I'm worried how many other files are laying around without getting imperatively defined.

I'm sort of picturing a kiosk mode, where every time I reboot everything is wiped and I only have what I defined. Any files I want to keep are on other partitions or network locations mapped in my config. If a new config file is created by changing a setting in an application, I want to be notified so I can add it to my Nix configs.

Is this possible? Is it a terrible idea?

The biggest challenge I see is in installing games, because it looks like they often leave bits all over the place.

In my previous post, I asked whether a certain subvolume layout would work well for NixOS, and if not, how it could be adapted.

Now that I know the layout does work as intended, I’m wondering what NixOS-specific subvolumes might be worth adding to it. The layout was originally designed for more traditional Linux distributions, so I’d like to tailor it a bit more to NixOS.

My goal is to achieve the same kind of clean, minimal system snapshots — ones that let me roll back safely without accidentally losing files or user data.

I’d really appreciate any advice or examples of good NixOS-oriented subvolume setups. Thanks in advance! 🙏

Related discussion:

• https://discourse.nixos.org/t/nix-ci-benchmarks/71086

Related discussion:

• https://news.ycombinator.com/item?id=45592401

root → / home → /home opt → /opt cache → /var/cache gdm → /var/lib/gdm libvirt → /var/lib/libvirt log → /var/log spool → /var/spool tmp → /var/tmp snapshots → /snapshots

I want to have similar kind of results for my next install of NixOS.

Related discussion:

• https://discourse.nixos.org/t/why-nix-will-win-and-whats-stopping-it-a-3-year-production-story/70621

https://github.com/antholeole/nixconfig

Not the most major step, but a good start. Mostly talks about caching and CUDA

Nix related discussion starts around the the 0:14:00 min mark.

Colmena is a simple, stateless NixOS deployment tool modeled after NixOps and morph, written in Rust. It's a thin wrapper over Nix commands like nix-instantiate and nix-copy-closure, and supports parallel deployment.

Starter template: https://github.com/logandonley/fleet
Colmena: https://github.com/zhaofengli/colmena

Related discussion:

• https://discourse.nixos.org/t/ctrl-os-open-beta-nixos-lts-with-5-year-support/68754

Related blog posts:

• Introducing Long-Term Support for NixOS: 5 Years of Stability and Security for Critical Systems
  • https://cyberus-technology.de/en/articles/introducing-nixos-long-term-support/
• CTRL-OS Open Beta: CRA-Ready NixOS with 5-Year Enterprise Support Now Available
  • https://cyberus-technology.de/en/articles/ctrlos-open-beta-announcement/

Related discussion:

• https://news.ycombinator.com/item?id=45167049

Related Repo:

• https://github.com/jimmyff/nixfiles/

Fair criticism, although the larger discussion thread this garnered earlier this year was an interesting read. Over +300 comments:

• https://news.ycombinator.com/item?id=42666851

• Video format of written guide:
  • https://youtube.com/watch?v=5WKoqJoJ3YE
• Source code for example NixOS config:
  • https://github.com/EmergentMind/nix-config

This is a quick and painless tutorial on how to install and configure NixOS from Scratch. It involves starting off with Home manager and Flakes before even rebuilding your system.

• Video format of written guide:
  • https://youtube.com/watch?v=2QjzI5dXwDY
• Source code for example NixOS config
  • https://github.com/tonybanters/nixos-from-scratch

I thought the example using builtins.mapAttrs with create_symlink for xdg.configFile was cleverly simple.

As a developer I often need to run code I cannot trust, especially dependencies from NodeJS and Python projects, on my dev machine. In order to protect my system from potentially malicious code, I built NixWrap, an adhoc sandboxing tool for NixOS.

NixWrap wraps bubblewrap (oh dear), running it with convenient defaults and offering easy to use command line flags to toggle custom options. An invocation to NixWrap is typically way shorter than the bubblewrap equivalent.

E.g. npm install can be wrapped with wrap -n npm install to gain network access and write access to the current working directory.

• https://news.ycombinator.com/item?id=45116657
• https://discourse.nixos.org/t/nixwrap-easy-adhoc-applicaton-sandboxing/68863