-
In case of
~/.nix-profile
being a broken symlink (probably pointing to/nix/var/nix/profiles/per-user/$USER/profile
), run:$ nix-env --switch-profile /nix/var/nix/profiles/per-user/gy/home-manager/home-path
for only once, the symlink should be fixed by now. To let the changes take effect, re-login current user.
-
If switching to regular user as root using something like
su gy
receivessu
complaining:su: Authentication service cannot retrieve authentication info
Check
/etc/shadow
for the user's line of entry, it may have misformated. Consultman:shadow(5)
for the format specs. To resolve this, setusers.mutableUsers
inconfiguration.nix
totrue
, manually change the problematic user's password once,/etc/shadow
should be fixed by now, andusers.mutableUsers
can be changed back. -
If a flake needs to be built but the flake contains git submodules, use the following command:
$ nix build '.?submodules=1'
Reference: NixOS/nix#5434
-
For a package whose name contains dash (
-
, likewl-clipboard
),substituteAllInPlace <file>
won't work. A workaround is to perform string substitution manually in the install script withsubstituteInPlace
:$ substituteInPlace $script --replace @wl-clipboard@ ${wl-clipboard}
See ./packages/notification-scripts/default.nix and ./packages/notification-scripts/src/screenshot-notify for a concrete example.
-
Since network credentials are managed by
sops
, it is crucial that the secret key is present during boot. For the raspberry pi config, after flashing the image into the sd card, the secret key forsops
must also be copied to the sdcard (usersync -aAX
to preserve mode info).The image can be built with
nix build .#nixosConfigurations.rpi.config.system.build.sdImage
. -
On a machine with tight memory budgets, the
/nix/store
in an live environment might not have sufficient space for an installation. The path/nix/.rw-store
should be of typetmpfs
at this moment, remount it to gain more space:$ mount -oremount,size=100% /nix/.rw-store
See https://gist.github.com/blurgyy/0d559e6bb9f20de46f61938539b9cd74 for an example.
-
If installation process is killed due to OOM, enable zram in the live environment:
$ modprobe zram $ echo lz4 >/sys/block/zram0/comp_algorithm $ echo 2G >/sys/block/zram0/disksize $ mkswap /dev/zram0 $ swapon --priority 100 /dev/zram0
See https://gist.github.com/blurgyy/0d559e6bb9f20de46f61938539b9cd74 for an example.
-
If installation was successful but boot fails at Stage 1, complaining that the root filesystem could not be found and mounted, this may be due to related kernel modules not being loaded. On a bandwagon machine, adding an entry
virtio_scsi
to bothboot.initrd.availableKernelModules
andboot.initrd.kernelModules
before installing solved this problem.Edit: Or, add
(modulesPath + "/profiles/qemu-guest.nix")
to theimports
list.See ./nixos/_parts/defaults/default.nix for an concrete example. Related: NixOS/nixpkgs#76980
-
To boot from an ISO located on a physical drive
/dev/vda3
at path/live.iso
, use below grub entry (on Arch, add this content to/etc/grub.d/40_custom
):menuentry "NixOS minimal ISO" --class nixos { set isofile="/live.iso" set linux_path="/boot/bzImage" set initrd_path="/boot/initrd" loopback loop (hd0,3)$isofile # /dev/vda3 linux (loop)$linux_path init=/nix/store/69d87r2dvhhbbq17lsw04msvcq0y0kg0-nixos-system-nixos-22.05.2676.b9fd420fa53/init root=LABEL=nixos-minimal-22.05-x86_64 boot.shell_on_fail loglevel=4 copytoram initrd (loop)$initrd_path } menuentry "NixOS minimal ISO" --class nixos { set isofile="/live.iso" set linux_path="/boot/bzImage" set initrd_path="/boot/initrd" loopback loop (hd0,3)$isofile # /dev/vda3 linux (loop)$linux_path findiso=(hd0,3)$isofile init=/nix/store/39ajmfiwqsxmjlql9k8bm998d47cb4y3-nixos-system-installer-22.11.20220909.cc6ef94/init root=LABEL=isoroot boot.shell_on_fail net.ifnames=0 ip=154.9.139.26::154.9.139.1:255.255.255.0::eth0:dhcp loglevel=4 copytoram initrd (loop)$initrd_path }
Note that the kernel params are copied from inside the ISO image.
-
If the live environment cannot boot through stage 1 due to
/dev/root
not appearing, a workaround is to copy all contents of the ISO image to a standalone partition and use it as theroot=
parameter, e.g.$ mkdir iso-mnt fresh-part-mnt $ mount /live.iso iso-mnt/ $ mount /dev/disk/by-label/fresh-partition fresh-part-mnt/ $ cp -vr iso-mnt/* fresh-part-mnt/
And The
linux (loop)$linux_path ...
line in the above menuentry becomes:linux (loop)$linux_path init=/nix/store/69d87r2dvhhbbq17lsw04msvcq0y0kg0-nixos-system-nixos-22.05.2676.b9fd420fa53/init root=LABEL=fresh-partition boot.shell_on_fail loglevel=4 copytoram
Where the
/dev/disk/by-label/fresh-partition
should be the partition to create and put all contents in.- If creating a standalone partition is not possible (e.g. because the virtual machine's initial
partition table did not leave sufficient amount of space, and online-shrink of ext4 filesystems
is not possible), copy the files inside the iso to the current partition (i.e. the one mounted
at
/
in the running system) also works. Remember to replace theroot=
kernel parameter before runninggrub-mkconfig -o /boot/grub/grub.cfg
, then reboot.
- If creating a standalone partition is not possible (e.g. because the virtual machine's initial
partition table did not leave sufficient amount of space, and online-shrink of ext4 filesystems
is not possible), copy the files inside the iso to the current partition (i.e. the one mounted
at
-
In case bootloader was installed when a wrong partition (or no partition) was mounted on
/boot
, reinstall bootloader with:$ sudo NIXOS_INSTALL_BOOTLOADER=1 /nix/var/nix/profiles/system/bin/switch-to-configuration boot
-
If hydra jobset evaluation fails and shows only "evaluation failed with exit code 255" on the web frontend, it may be caused by changing jobset/project name earlier. Log into the hydra machine and confirm this with
journalctl -eu hydra-evaluator
, journal will contain a line like/nix/store/n1hh77ld9bl8rawad1y68sfy9jsrc6ml-hydra-2022-08-08/bin/.hydra-eval-jobset-wrapped: evaluation of jobset ‘configs:all (jobset#4)’ failed with exit code 255
Restart
hydra-evaluator.service
fixed this issue. -
Adding a
netboot.xyz
entry to GRUB:- Download the
.lkrn
file:$ curl -L https://boot.netboot.xyz/ipxe/netboot.xyz.lkrn -o /netboot.xyz.lkrn
- Add below entry to
/etc/grub.d/40_custom
:menuentry "netboot.xyz.lkrn" { linux16 (hd0,2)/netboot.xyz.lkrn # /dev/*da2 }
- Remove the line
GRUB_TIMEOUT_STYLE=hidden
from/etc/default/grub
if any, changeGRUB_TIMEOUT
in this file to a larger value to allow interaction with the grub menu:# GRUB_TIMEOUT_STYLE=hidden GRUB_TIMEOUT=10
- Update GRUB config:
$ grub-mkconfig -o /boot/grub/grub.cfg
- If for some reason the grub menu is not desired to be interacted, look into the generated
boot/grub/grub.cfg
file, count the index of the netboot entry (0-indexed), setGRUB_DEFAULT
to this index in/etc/default/grub
:then regenerate GRUB config:# partial content in /etc/default/grub GRUB_DEFAULT=2 # 0-indexed, this will automatically choose the 3rd entry in the grub menu
$ grub-mkconfig -o /boot/grub/grub.cfg
- Reboot:
$ reboot
- Example network config:
Set network interface number: 0 IP:203.0.113.2 Subnet mask:255.255.255.0 Gateway:203.0.113.1 DNS:8.8.8.8
Reference: https://gist.github.com/AndersonIncorp/9fb7402cf69a0994e175ebec8194847c
- Download the
-
Installing NixOS from Alpine
- Flush IPv6 address if DNS resolves to IPv6 address and network fails:
If the IPv6 address come back after one network connection, just run this command in an infinite loop in a tty, and run other commands in another tty.
$ ip -6 addr flush eth0 # change interface name to the one in the output of `ip a`
- To add package repositories for
nix
and its dependencylibcpuid
, add below two lines to/etc/apk/repositories
:Then runhttp://dl-cdn.alpinelinux.org/alpine/edge/testing http://dl-cdn.alpinelinux.org/alpine/edge/community
apk update
. - Install
bash
for vi mode and the laternix shell
call:$ apk add bash $ exec bash $ set -o vi # vi keybindins in bash
- [optional] Install
openssh
and setup public keys for installing via ssh:$ apk add openssh $ service sshd start $ apk add curl $ mkdir -p ~/.ssh $ curl https://github.com/blurgyy.keys >>.ssh/authorized_keys
- Install
util-linux
andbtrfs-progs
for disk partitioning:$ apk add util-linux btrfs-progs
- Partition disks, add a
/nix
subvolume for mounting on the live system to avoid disk out of spasce error later:$ fdisk /dev/vda # vda for example [...] $ mkfs.btrfs /dev/vda2 -L nixos-root # --force $ mkfs.vfat /dev/vda3 -n nixos-boot $ mount -ocompress-force=zstd:3 /dev/vda2 /mnt $ mkdir /mnt/boot $ mount /dev/disk/by-label/nixos-boot /mnt/boot $ btrfs subvolume create /mnt/nix $ mkdir -p /nix $ mount -osubvol=nix,compress-force=zstd:3 /dev/vda2 /nix $ # or: mount -obind /mnt/nix /nix $ btrfs subvolume create /mnt/tmp $ mount -osubvol=tmp,compress-force=zstd:3 /dev/vda2 /tmp $ # or: mount -obind /mnt/tmp /tmp
- With
/mnt/nix
being binded to/nix
, addnix
from apk and start nix-daemon:$ apk add nix $ service nix-daemon start # with nix 2.19.2, this seems necessary
- Copy contents to
/etc/nix/nix.conf
:allowed-users = * auto-optimise-store = true builders = cores = 0 experimental-features = nix-command flakes repl-flake #extra-platforms = aarch64-linux i686-linux i686-linux max-jobs = auto narinfo-cache-negative-ttl = 30 require-sigs = true sandbox = true sandbox-fallback = false substituters = https://mirror.sjtu.edu.cn/nix-channels/store https://nixos-cn.cachix.org https://cache.garnix.io https://nix-community.cachix.org https://cache.nixos.org/ system-features = nixos-test benchmark big-parallel kvm tarball-ttl = 30 trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g= nixos-cn.cachix.org-1:L0jEaL6w7kwQOPlLoCR3ADx+E3Q8SEFEcB9Jaibl0Xg= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= trusted-substituters = trusted-users = root
- Install utilities for installation via nix:
$ nix shell nixpkgs#{nixStable,nixos-install-tools} # use nix from nixpkgs instead from apline's channel
- Install NixOS:
$ nixos-install --flake gitlab:highsunz/flames#<HOSTNAME>
- Last but very importantly, Copy secrets to the host and place it at its proper location.
- Reboot.
- Flush IPv6 address if DNS resolves to IPv6 address and network fails:
-
If after partitioning, no partition under
/dev
is shown, only the disk itself appears under/dev
, usemknod
. Usage ofmknod
ismknod [OPTION]... NAME TYPE [MAJOR MINOR]
. We will create a block device by specifyingb
as TYPE, the MAJOR and MINOR can be read from/proc/partitions
, e.g.:$ cat /proc/partitions major minor #blocks name 8 0 3907018584 sda 8 1 3907017543 sda1 259 0 488386584 nvme0n1 259 1 102400 nvme0n1p1 259 2 16384 nvme0n1p2 259 3 182573029 nvme0n1p3 259 4 16777216 nvme0n1p4 259 5 512000 nvme0n1p5 259 6 288404487 nvme0n1p6 254 0 32487424 zram0 $ mknod /dev/nvme0n1p4 b 259 4
Reference: https://superuser.com/questions/120905/fdisk-l-shows-a-partition-is-not-in-dev-directory
-
On non-nixos machines, do not install
gcc
orpython
with home-manager, as they silently cause problems during compiling (default C compiler is set to~/.nix-profile/bin/cc
by cmake) and package installing (pacman installs system-level python packages likepython-catkin_pkg
to somewhere like/nix/store/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-python3-3.10.6-env/lib/python3.10/site-packages/
). -
In case the local nix store is corrupted, the corrupted path can be found via
$ nix store verify --all
Then the found corrupted path can be repaired with
$ sudo nix store repair /nix/store/<hash>-<name>
Warning
Consult the "Description" section of
nix store repair --help
for caveats of this approach. Or: usenix-store --verify --check-contents --repair
to verify and repair them. -
To run GUI programs inside systemd-nspawn containers, a simple way is to:
- Bind-mount (read-only)
/tmp/.X11-unix
from host to the container - Set
DISPLAY
variable inside container to the same as from the host - In a terminal that can run GUI application in the host machine, run
$ xhost +local:
Though
xhost
is considered dangerous, the above procedure does get the job done. - Bind-mount (read-only)
-
While installing WSL2 dependencies on Windows 11 using
wsl --install --no-distribution
inside a powershell, it may fail with a network error. Run the following powershell commands to use the system's proxy:$browser = New-Object System.Net.WebClient $browser.Proxy.Credentials =[System.Net.CredentialCache]::DefaultNetworkCredentials
Reference: https://stackoverflow.com/questions/14263359/access-web-using-powershell-and-proxy
-
To add the system's secret key to the tarball created by nixos-wsl, first decompress the gzipped tarball, and append the file to it, e.g.:
$ gunzip -c result/tarball/nixos-wsl-installer.tar.gz >decompressed.tar $ $ # add the file to the tar archive, and make its prefix be ./var/lib instead of the given path $ tar --append --file=decompressed.tar --transform='s:^:.:' /var/lib/hostname.age $ $ # inspect the modified tarball, use `--transform` rule like above to make the path be consistent if not already so $ tar --list --file=decompressed.tar
-
WSL2 imposes resources constraints on processes from it, to build on another machine with hostname
<host>
that we have SSH access, append--store ssh-ng://<host>
to nix3 commands, e.g.:$ nix build .#devShells.x86_64-linux.cudaDevShell --impure --store ssh-ng://morty
Reference: https://docs.nixbuild.net/remote-builds/#using-remote-stores
Note: while using
nix develop
, the command should also benix build
to allow copying over network later. -
After building closures on a remote store, the closures need to be copied from it. If
nix copy
fails with an error:$ nix copy --from ssh-ng://morty (nix path-info .#cudaDevShell --impure --json | jq -r '.[].path') error: cannot add path '/nix/store/g15j0y3fzvx4kkry4viymn698m1gk8yx-cudatoolkit-11.7.0' because it lacks a signature by a trusted key
To temporarily workaround this, use the
--no-check-sigs
flag:$ nix copy --from ssh-ng://morty (nix path-info .#cudaDevShell --impure --json | jq -r '.[].path') --no-check-sigs
Reference: NixOS/nix#4894 (comment)
-
In case the nix database (at
/nix/var/nix/db/db.sqlite
) is corrupted (probably due to performing an operation while the disk is full):- Stop nix-daemon:
$ systemctl --system stop nix-daemon{,.socket}
- Backup the database:
$ sudo sqlite3 /nix/var/nix/db/db.sqlite ".backup '/tmp/bak.sqlite'"
- Create a textual dump of the database for restoring:
$ sudo sqlite3 /nix/var/nix/db/db.sqlite .dump >/tmp/textual.sql $ $ # inspect the dumped sql, size of this file should be ~100M $ less /tmp/textual.sql
- If last line of this file is
ROLLBACK;
, change it toCOMMIT
or we won't restor anything - Restore the database by applying the textual sql commands to a newly created database:
$ sqlite3 /tmp/new.sqlite </tmp/textual.sql
- Make sure the backup from step 2 is the same as current database:
$ diff /tmp/bak.sqlite /nix/var/nix/db/db.sqlite # should output nothing
- Move the restored database to the location:
$ sudo mv /tmp/new.sqlite /nix/var/nix/db/db.sqlite
- Restart nix-daemon.
Reference: NixOS/nix#1353
-
Enabling webcam on Raspberry Pi 4B TL;DR: add two lines to the
config.txt
file which is located in the firmware partition:start_x=1 gpu_mem=256
The firmware partition is typically the first partition of type
vfat
, in my case it's/dev/mmcblk0p1
. Note that it's probably NOT mounted at/boot
(but rpi still respects its content).References:
-
To show current total GPU memory, use
sudo vcgencmd get_mem gpu
, wherevcgencmd
is from packagelibraspberrypi
. -
Tailscale's MagicDNS returns SERVFAIL for any unrecognized domain, only domains that starts with a configured hostname in Tailscale's admin panel and end with the configured tailnet name (by default it has the form
.tailXXXXX.ts.net
). -
On WSL2, if directly opening a terminal in a Windows Terminal (
wt
) tab, usingsystemctl --user
for user-scope service management might give an error:Failed to connect to bus: No such file or directory.
In this case, run:
$ systemctl --system restart [email protected] # assume the user's id is 1000
-
Computing the hash of a file given its download url:
$ nix hash to-sri sha256:$(nix-prefetch-url https://..... --type sha256)
Reference: NixOS/nixpkgs#191128 (comment)
-
To update packages except
foo
andbar
, use a combination oftomlq
(fromnixpkgs#yq
) andjq
to create a regular expression fromnvfetcher.toml
:$ tomlq keys nvfetcher.toml | jq -r 'map(select(test("foo|bar") | not)) | join("|")'
It can then be passed to the
--filter
option ofnvfetcher
:$ nvfetcher --filter "'$(tomlq keys nvfetcher.toml | jq -r 'map(select(test("alcn|tdesktop-megumifox") | not)) | join("|")')'" -k ~/.config/nvchecker/keyfile.toml --commit-changes -v
-
Mapping a keyboard to another layout using
xkbcomp
andckbcomp
:ckbcomp
expects a file containing only a xkb_symbols section. Such a file can be obtained by the below steps:- use
xkbcomp $DISPLAY output.xkb
to get a fileoutput.xkb
, theoutput.xkb
file will contain an outer section named "xkb_keymap", inside it there should be several sections, includgin "xkb_keycodes", "xkb_types", "xkb_compatibility", and "xkb_symbols". - retain only the "xkb_symbols" inner section, and remove the outer "xkb_keymap" braces.
- the file structure should now look like ${./keymap.xkb}.
- To customize the keymap, search for the respective keys and swap/ovewrite their rvalues.
- Modifiers probably should be specified using modifier_map located at the end of the xkb_symbols section.
- use
-
Inspect current sending queue on a postfix mail server:
$ sudo postqueue -j # output as json
Delete an item from the queue:
$ sudo postsuper -d 0628818AB791 # replace 0628818AB791 with value of the "queue_id" field in the previous command
-
Mail server cannot receive mail, the mail server does not log anything when sending an mail from an external address (e.g. gmail.com) to the mail server: The DNS record may be malconfigured. Make sure the mail address (the part after the
@
character of the mail address that should receive emails) on cloudflare's DNS dashboard is set to "DNS only" (as opposed to "Proxied"). It seems that the smtp address (e.g.smtp.blurgy.xyz
) can be set to "Proxied" though. -
Cannot fetch mails via IMAP from the mail server: The DNS record may be malconfigured. Make sure the imap mail address (e.g.
imap.blurgy.xyz
) on cloudflare's DNS dashboard is set to "DNS only" (as opposed to "Proxied"). -
Logseq (or any electron-based apps?) opens up with an empty window: Delete its GPU cache directory and relaunch:
$ rm -r ~/.config/Logseq/GPUCache
Reference: microsoft/vscode#195502 (comment)
-
To change user ID from 1001 to 1000 on a ubuntu machine (if the user with ID 1000 is already deleted):
- Change the user's ID from 1001 to 1000 in
/etc/passwd
,/etc/group
, and/etc/shadow
(last time I checked,/etc/shadow
did not need modify, because it did not contain any occurences of the string "1001") - Change file ownership:
Idealy, only files under the user's HOME directory should be owned by the user, so above command only finds files under
$ find /home -uid 1001 -exec chown -h 1000 {} +
/home
.
Reference: https://askubuntu.com/a/16719
- Change the user's ID from 1001 to 1000 in
-
To update conda to latest version, with no conda environment activated run:
$ conda --version # this should output the old version $ conda update -n base -c defaults -c conda-forge conda $ conda --version # this should output the latest version
-
While installing NixOS on a new machine with
$ nixos-install --flake gitlab:highsunz/flames#<hostname>
If it errors out with something like:
error: … while setting up the build environment error: getting attributes of path '/nix/store/ydbjdqhrfnl3fxwy2m3ppjv516i2qhc9-qemu-aarch64-binfmt-P-x86_64-unknown-linux-musl': No such file or directory
but on other machines and hydra, the system derivation builds successfully, include hydra's url in substituters and build that path first:
$ nix build /nix/store/ydbjdqhrfnl3fxwy2m3ppjv516i2qhc9-qemu-aarch64-binfmt-P-x86_64-unknown-linux-musl
Then rerun the
nixos-install
command, it can be built just fine. -
If Rust program build fails with error messages related to OpenSSL, try:
nativeBuildInputs = [ pkgs.pkg-config ]; buildInputs = [ pkgs.openssl ];
-
Installing a Ubuntu (jammy, for example. See https://nspawn.org for available images) container:
$ curl https://hub.nspawn.org/storage/ubuntu/jammy/tar/image.tar.xz -Lo /tmp/jammy.tar.xz $ machinectl import-tar /tmp/jammy.tar.xz <alias> # to remove it completely: $ machinectl remove <alias>
-
For the
include <path>
or!include <path>
directive in/etc/nix.conf
to work, the included path must be readable by the operating user. If a user cannot read that file, the path will effectively be ignored when that user uses Nix.
blurgyy / flames Goto Github PK
View Code? Open in Web Editor NEWmirror of https://gitlab.com/highsunz/flames