Maaaybe a stupid question as it might just be the same thing done differently. I'm not bright enough to understand the differences.

hardware.graphics was recently introduced which replaced hardware.opengl. Now, I've got my amdvlk, libva and such configured via hardware.graphics — recently I came across hardware.amdgpu which offers a bunch of options.

Should one combine, use one or the other, or does it make any difference at all?

hardware.amdgpu.opencl.enable hardware.amdgpu.legacySupport.enable hardware.amdgpu.initrd.enable hardware.amdgpu.amdvlk.supportExperimental.enable hardware.amdgpu.amdvlk.support32Bit.package hardware.amdgpu.amdvlk.support32Bit.enable hardware.amdgpu.amdvlk.settings hardware.amdgpu.amdvlk.package hardware.amdgpu.amdvlk.enable hardware.graphics.extraPackages32 hardware.graphics.extraPackages hardware.graphics.enable32Bit hardware.graphics.enable

That is, are these two examples the same for all intents and purposes or do either bring anything else?

``` hardware.amdgpu.amdvlk = { enable = true; support32Bit.enable = true; };

VS.

hardware.graphics = { enable = true; enable32Bit = true; extraPackages = with pkgs; [ amdvlk ]; extraPackages32 = with pkgs; [ driversi686Linux.amdvlk ]; }; ```

Title says it all. The Determinate Systems installer is supposed to have support, but it doesn’t work – from what I can tell, the contexts are wrong. Running restorecon reports changes, but I’m still getting denials. Running on Fedora Asahi Remix 40, if that’s relevant.

Is there any way to make this work? AppArmor is unsupported on Fedora, so I can’t switch to it…

Hi all;

This is a bit of a long shot; but I'm having an issue with trying to modularize my config in preparation for a new laptop.

In particular the issue I have is around passing a path through to an import statement for a home-managed user.

In particular I'm getting undefinedVariable hmPath; but it doesn't seem to be having the same issue when I'm mapping groups and shell; so I can only assume that imports has to be treated differently but I'm at a loss.

Any help on what I've misunderstood would be greatly appreciated.

Snippet below

``` { pkgs, config, options, lib, home-manager, ... }:

with lib; let cfg = config.ltp.home;

user = types.submodule ({name, ...}: { options = { doas.enable = mkEnableOption { default = false; type = types.bool; };

groups = mkOption { default = []; type = types.listOf string; };

shell = mkOption { default = pkgs.bash; type = types.package; };

hmPath = mkOption { type = types.path; }; }; }); in { options.ltp.home = { users = mkOption { description = Attrset of home-manager users; default = {}; type = types.attrsOf user; }; };

config = mkIf (cfg.users != {}) (mkMerge [ { users.users = let mkUser = lib.attrsets.mapAttrs' ( name: value: lib.attrsets.nameValuePair "${builtins.baseNameOf name}" { isNormalUser = true; extraGroups = "${groups}"; shell = "${shell}"; } ) cfg.users; in mkUser;

home-manager.users = let mkHmUser = lib.attrsets.mapAttrs' ( name: value: lib.attrsets.nameValuePair "${builtins.baseNameOf name}" { imports = [ "${hmPath}" ]; } ) cfg.users; in mkHmUser; } ]); } ```

Edit...

Solved the initial issue I was confusing myself and should've been using value.hmPath and equivalent inside the lib functions.

Next issue; I'm having is I can't seem to pass through the path for the home-manager module for the user that is give to the import statement.

Edit 2...

I didn't manage to get it working how I was doing it so I've changed my approach; to implicitly reference the users home-manager base module based on the folder structure e.g. ./hosts/${hostname}/users/${builtins.baseNameOf name}

Just a short elevator pitch that was posted today in that 100 seconds format. Maybe useful in introducing others.

A big part of why nix documentation is sub par. The essential tomes of nix - the nix manual, the nixos manual, the nixos options, the nixpkgs manual - each of these documents is just one long page.

They are the digital equivalent of scrolls, rather than books (codices?).

Rather than having a page number (or page link), one must unroll the scroll to the point of interest. One cannot simply flip between two points of interest. One cannot have bookmarks, or refer to page numbers. Ctrl-F is helpful, sure, but not great.

For instance, I was just looking for the documentation of the systemd.services.<name> options. Its near the end of the colossally long scroll known as the Nixos Options Appendix. Ctrl-F on systemctl.services will get one million hits on all the myriad services nixos offers before you finally get to the relevant section. And if you do find that section (with single pixel movements of the scroll bar) and then ctrl-f, woe betide you, you're now at the top of the document and your place is lost!

Hi!

I've ran into an issue with nix develop shells.

My setup:

• Nix Darwin (macos)
• Custom TLS certificates installed via nix darwin

Everything works as expected with the installed certificates, but as soon as I enter into a development shell with nix develop, the certificates are not available and thus, I get TLS errors that break whatever I'm doing in the dev shell. If I use an impure development shell, the issue disappears.

Is there a way to use pure nix develop shells which respect the installed certificates?

I had been struggling for a while to get CUDA on my main NixOS box for some ML programming. It seems there weren't any clear solutions in the NixOS forums, which just suggested suffering through painful build times. Here's my hacky, less Nix-y approach that takes ~5 minutes.

I followed the wiki on libvirt https://nixos.wiki/wiki/Libvirt and even set up the config for qemu for uefi but it isn't recognizing it I guess. Any ideas? Thanks

I want to change my hardware config from 2 btrfs partitions to 1 partition with subvolumes for root, /nix, /home, and maybe some other like /log.

I mainly want to optimize the /nix/store. And possibly being ready to integrate the impermanence module down the line

What would be the easiest way to accomplish this without reinstalling or breaking too much?

Alternativly I thought about using disko and nixos-install the overwrite my second disk

Thank you

I'm using Nixos 24.05 on my asus zenbook 14 and the scroll speed of the touchpad is rather high.

Is there any way to adjust it from the config? I don't see an option in gnome/wayland

This description is a repost of what was said about the project on the nix discourse

SkaraboxOS provides a flake template which combines:

• Creating a bootable ISO, installable on an USB key.
• nixos-anywhere to install NixOS headlessly.
• disko 1 to format the drives.
• deploy-rs 2 to deploy updates.

SkaraboxOS expects a particular hardware layout:

• 1 SSD or NVMe drive for the OS.
• 2 Hard drives that will store data. Capacity depends on the amount of data that will be stored. They will be formatted in Raid 1 (mirror) so each hard drive should have the same size.

WARNING: The 3 disks will be formatted and completely wiped out of data.

At the end of the process, the server will:

• Have an encrypted ZFS root partition using the NVMe drive, unlockable remotely through ssh.
• Have an encrypted ZFS data hard drives.
• Be accessible through ssh for administration and updates.

discourse post

Hi! I would like to host a transparent proxy for cache.nixos.org on my local kubernetes cluster.

I took the following NGINX config https://nixos.wiki/wiki/FAQ/Private_Cache_Proxy and created all the folders on the mounted storage.

This is the kubernetes deployment:

```yaml apiVersion: v1 kind: PersistentVolume metadata: name: nix-cache-volume spec: capacity: storage: 500Gi storageClassName: manual accessModes: - ReadWriteOnce hostPath: path: "/mnt/k8s/nix-cache" # Needs exists before PV is created! persistentVolumeReclaimPolicy: Retain --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: nix-cache-pvc spec: accessModes: - ReadWriteOnce storageClassName: manual resources: requests: storage: 500Gi --- apiVersion: apps/v1 kind: Deployment metadata: name: nix-cache spec: replicas: 1 selector: matchLabels: app: nix-cache template: metadata: labels: app: nix-cache name: nix-cache spec: volumes: - name: nix-cache-storage persistentVolumeClaim: claimName: nix-cache-pvc - name: nix-cache-config configMap: name: nix-cache-config containers: - name: nix-cache image: nginx:1.27.0 ports: - containerPort: 80 volumeMounts: - name: nix-cache-storage mountPath: /data - name: nix-cache-config mountPath: /etc/nginx/sites-available/default resources: limits: memory: "512Mi" cpu: "300m" requests: memory: "256Mi" cpu: "200m" --- apiVersion: v1 kind: Service metadata: name: nix-cache spec: selector: app: nix-cache ports: - protocol: TCP port: 80 targetPort: 80 --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: nix-cache-ingress annotations: traefik.ingress.kubernetes.io/router.tls: "true" spec: rules: - host: "nix-cache.raspi.home" http: paths: - pathType: Prefix path: "/" backend: service: name: nix-cache port: number: 80 tls: - secretName: nix-cache-raspi-home-tls hosts: - "nix-cache.raspi.home" --- apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: nix-cache.raspi.home spec: commonName: nix-cache.raspi.home dnsNames: - "nix-cache.raspi.home" secretName: nix-cache-raspi-home-tls issuerRef: name: ca-issuer kind: ClusterIssuer --- apiVersion: v1 kind: ConfigMap metadata: name: nix-cache-config data: nginx.conf: | server { listen 80; server_name nix-cache.raspi.home;

location ~ ^/nix-cache-info { proxy_store on; proxy_store_access user:rw group:rw all:r; proxy_temp_path /data/nginx/nix-cache-info/temp; root /data/nginx/nix-cache-info/store;

proxy_set_header Host "cache.nixos.org"; proxy_pass https://cache.nixos.org; }

location ~^/nar/.+$ { proxy_store on; proxy_store_access user:rw group:rw all:r; proxy_temp_path /data/nginx/nar/temp; root /data/nginx/nar/store;

proxy_set_header Host "cache.nixos.org"; proxy_pass https://cache.nixos.org; } }

```

To use the cache I added it to the substituters.

nix nix.settings.substituters = [ "https://nix-cache.raspi.home/" ];

But when I try to use it, get the error:

```bash

Trigger a download

nix develop nixpkgs#just

Error message

warning: 'https://nix-cache.raspi.home' does not appear to be a binary cache ```

In the logs of the NGINX I see the following error:

2024/08/03 12:09:30 [error] 31#31: *3 open() "/usr/share/nginx/html/nix-cache-info" failed (2: No such file or directory), client: 10.42.2.7, server: localhost, request: "GET /nix-cache-info HTTP/1 │ │ 10.42.2.7 - - [03/Aug/2024:12:09:30 +0000] "GET /nix-cache-info HTTP/1.1" 404 153 "-" "curl/8.8.0 Nix/2.18.5" "10.42.2.1" │ │ 10.42.2.7 - - [03/Aug/2024:12:09:30 +0000] "PUT /nix-cache-info HTTP/1.1" 405 157 "-" "curl/8.8.0 Nix/2.18.5" "10.42.2.1"

Any ideas whats wrong? I'm neither an nix nor an nginx expert, so maybe it is something really simple but I cannot figure it out.

I am having audio issues on NixOS. I have tried enabling all firmware. I've also tried both pipewire and pulseaudio. The audio is confirmed working on CachyOS live image.

Here is the error message found in the system log:

`Aug 01 01:43:19 nixos kernel: sof-audio-pci-intel-tgl 0000:00:1f.3: error: sink MIXER1.0g623.1 not found

Aug 01 01:43:19 nixos kernel: skl_hda_dsp_generic skl_hda_dsp_generic: ASoC: topology: add_route failed: -22

Aug 01 01:43:19 nixos kernel: skl_hda_dsp_generic skl_hda_dsp_generic: ASoC: topology: could not load header: -22

Aug 01 01:43:19 nixos kernel: sof-audio-pci-intel-tgl 0000:00:1f.3: error: tplg component load failed -22

Aug 01 01:43:19 nixos kernel: sof-audio-pci-intel-tgl 0000:00:1f.3: error: failed to load DSP topology -22

Aug 01 01:43:19 nixos kernel: sof-audio-pci-intel-tgl 0000:00:1f.3: ASoC: error at snd_soc_component_probe on 0000:00:1f.3: -22

Aug 01 01:43:19 nixos kernel: skl_hda_dsp_generic skl_hda_dsp_generic: ASoC: failed to instantiate card -22

Aug 01 01:43:19 nixos kernel: skl_hda_dsp_generic skl_hda_dsp_generic: probe with driver skl_hda_dsp_generic failed with error -22`

Here is configuration.nix

I created a hyprland and waybar configuration using nix, and neither seem to actually apply. Why is this happening?

https://pastebin.com/01z6BiCj

Does anybody know if there is a website or resource that has NixOS modules you can include in your config?

This is my first FOSS code project. If anyone has any constructive suggestions for improvement, please let me know.

https://github.com/guttermonk/waybar-nixos-updates

I am just setting up my NixOS config for the first time, and I know that it will be fairly complex. I know it will only be possible and scalable if I have sane conventions.

I have read a number of example configs, but there does not seem to be consistent conventions between them of where to store custom option declarations, how to handle enabling/disabling modules, etc. They all work, but they do it in different ways.

Are there any official or unofficial conventions/style guides to NixOS config structure, and where can I find them?

For example, should I make a lib directory where I put modules that are easily portable and reusable in other people's configs? When should I break modules up into smaller ones? Etc. These are things that I hope to be addressed.

So I started using nixos as a daily driver several months ago.

At first it was nice using the life disk to install it. I really liked the options you could choose. The only the thing it misses is the information that it will install systemd bootloader and I don't have the option to install grub2.

Then when I used it I had to learn that I needed to switch my flatpaks back to the system packages since nix had almost all of them too. And nix packages work better in nix. Even though flatpak is sandboxed sth. in nixos makes some of them break.

I could usually install my software just by using the existing packages, but if not available I started learning nix-shell amd nix in general.

This is when I realised I can't recommend nixos to normal people. If for any reason you need to install sth. that is not in the packages you are fucked. Usually it is easier to get a docker running than to learn nixos and setup a working nix-shell. However once you have a nix-shell to compile some c program you definitely have a deeper understanding of nixos and the program.

I often break my systems by tinkering around. So this was a great experience in nixos since I could go back several generations to a working one and continue from there.

However the last weeks I managed to break nixos! Even going back several generations didn't help. Probably going back several weeks may have worked, but I decided to reinstall instead.

So my problem was basically that I updated from 23.11 to 24.05.

I wanted to update since I was on unstable for razer stuff since I need current drivers.

However once I managed to get the update working i wasn't able to login into x11 anymore and Wayland seems inperformant in gaming. I also have other issues with Wayland.

The next thing was that I wanted to use an amd gpu for gpu-passthrough in a vm and therefore had a Nvidia and amd gpu present. However the system booted into the amd gpu and only after login switched to the Nvidia one.

If I blacklisted the drivers of amd I would not get a sddm log in screen anymore. Nothing I did fixed that. Removing the amd gpu didn't help. Going back to the novau drivers worked but I couldn't use them since they are broken as well.

After tinkering around a lot I finally decided to reinstall the current nixos image.

So life image it is again. Automatically loads Wayland. If I assume correctly with novau drivers. I installed everything however during the installation process the gui broke. (Wayland and novau don't work well I guess. Fuck Nvidia) And even though through tty I could see when it was finished I couldn't boot into the system.

So I rebooted the life disk and then logged out switched to x11 and reinstalled again. This time it worked. I then used my old configuration and only updated to plasma6 since I already installed that on the new installation.

And to my surprise it just worked. Everything was like before. X11 working and so on.

So while I managed to break nixos it is in fact just as easy to reinstall again and configure like before.

Hi, I am considering switching to NixOS and I was wondering what level of hassle I should expect for gaming.

I have been using linux for about 10 months so I don't know a lot yet. I am wondering if it is worth it to try gaming on Nix or if it is going to be way too much of a headache considering my limited knowledge.

I've had wildly different experiences trying gaming on different distros, and very differently from what I expected. It went from fine for a weird niche distro (antiX), to really awful for a distro supposedly "easy" and "good for gaming" (Manjaro 😑), to absolutely amazing gaming distro (Nobara), and finally to surprisingly good for a "don't try unless you are a Level 99 Tech Wizard dual-classed Zen Master you idiot" distro (Arch). So I really have no clue what to expect from Nix.

I really like Arch but my main issue is that I keep forgetting what I have already configured and how and with which settings, or I leave stuff partially configured because adhd then I forget it wasn't finished and where I was at, so using config files instead sound insanely more convenient and I've been wanting to try Nix for a while.

I'd be really glad for anyone willing to share their experience of gaming on Nix 🙂

I have started using NixOS recently and I am just now creating conventions to use in my config.

One big choice I need to make is whether to include a unique identifier as the most significant attribute in any options that I define for my system.

For example:

Lets say I am setting up my desktop so that I am easily able to switch between light and dark modes system-wide. Therefore, I create the boolean option:

visuals.useDarkMode

Lets say I also want to toggle on/off Tor and other privacy technologies all at once easily, so I create the boolean:

usePrivateMode

Although these options do not do related things, they are still both custom options that I have made. I have the first instinct to somehow segregate them from the builtin NixOS options. Let's say my initials are "RK". I could make them all sub-attributes of the "RK" attribute.

rk.visuals.useDarkMode

rk.usePrivateMode

I feel like this is either a really good idea or an antipattern. I would like your opinions on what you think of it and why.

I'm working through some necessary issues in VMs as I work towards dropping Windows, but it occurred to me that I should pick a distro my non-techy partner could use in the event that something catastrophic happens to me. I really like the declarative/immutable distros, but perhaps something more traditional with btrfs snapshots would be better suited to such a use case...?

It's no secret that NixOS has a steep learning curve, but do any of you share a NixOS PC with family/partners/etc.? If so, what has that experience been like? Could they take over admin if you were incapacitated?

If given the option, which route do you go? I have services running in both, and I'll often just do whats easier. I dont really notice a different in performance the configuration for containers is simple enough I don't mind it.

I also wish there was a nix function that parsed a docker compose and used it for the oci-container config. Then I could use my existing compose files or the ones I find in docs online.

I'm attempting to configure an anonymized DNS service using dnscrypt-proxy2, routed through the Tor network. I believe I have everything needed for it to work, but that does not seem to be the case. The DNS resolution is fine, but it's not being proxied through Tor as desired.

```nix services.resolved.enable = false; services.dnscrypt-proxy2 = { enable = true; settings = { ipv6_servers = config.networking.enableIPv6; block_ipv6 = !(config.networking.enableIPv6); listen_addresses = ["127.0.0.1:53" "[::1]:53"]; force_tcp = true;

use_syslog = false; odoh_servers = true; require_dnssec = true; require_nolog = false; require_nofilter = true;

anonymized_dns = { routes = [ { server_name = "*"; via = ["anon-plan9-dns" "anon-v.dnscrypt.up-ipv4"]; } ]; skip_incompatible = true; };

sources.public-resolvers = { urls = [ "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md" "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md" ]; cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md"; minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3"; };

block_unqualified = true; block_undelegated = true; proxy = "socks5://127.0.0.1:9050"; }; };

systemd.services.dnscrypt-proxy2.serviceConfig = { StateDirectory = "dnscrypt-proxy"; }; nix useDHCP = false; enableIPv6 = true; nameservers = [ "127.0.0.1" "::1" ]; networkmanager.enable = true; networkmanager.dns = "none"; nix services.tor = { enable = true; enableGeoIP = false; torsocks.enable = true; client = { enable = true; }; }; ```

This idea is inspired by nixos-mailserver. It was so easy to spin up the mailserver after changing some DNS records and putting in some settings. I thought it might be a good idea to do the same for services that need public, decentralized infrastructure to support. Some ideas include

• Tor relay, or exit node
• Encrypted messaging nodes. It looks like SimpleX chat relies on SMP servers to relay communication
• Crypto miners (I know, I know, but you understand how it fits the “public contribution” usecase)
• Search engines like searxng (I currently use a public instance)
• Libredirect services, like proxy clients for social media

Maybe federated services, but those require more than just the software running on the public internet. Those require moderation and long term maintenance. Ideally, the services in this config would be ephemeral.

Does this sound like a good idea? Would you spin one of these up on a $10 VPS? I understand that this is the NixOS community, not necessarily the privacy community, but I figured thered be overlap.

What other services do you think would be applicable?

I want to install a package, I lookup for the package here https://search.nixos.org/packages? I can find multiple versions. two that sound right, two sound like rubbish and one is a plugin for something. How do I decide which of the two good sounding packages I should choose? What if the package or even both not work? How do I know that it is up to date? How do I know that it will be updated in a timely manner? Can I update it?

I've tried just about every type of setup I can find for a nix shell with python.

I don't want to purely use nixpkgs for a lack of some packages and broken packages. I'm trying to use pyside6, but not everything in pyside6 is provided by the package, e.g. tools like uic.

Attempting to use a venv as normal leads to a disconnect between the env and system with libstdc++.so.6 unable to be found. There are a various different flakes I've tried to use like the-nix-way/dev-templates#python and others from forum discussions which add stdenv.cc.cc.lib to no avail.

I think the farthest I've gotten is with poetry/poetry2nix, where auto-patchelf warns about missing libQt6 libraries. Running with nix run fails to 'find all the required dependencies' even when adding qt6.qtbase or qt6.full to the packages. This is that flake, taken from the poetry2nix github with an added devshell:

``` { description = "Python application packaged using poetry2nix";

inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; poetry2nix.url = "github:nix-community/poetry2nix"; };

outputs = { self, nixpkgs, poetry2nix }: let system = "x86_64-linux"; # Adjust for your system pkgs = nixpkgs.legacyPackages.${system}; inherit (poetry2nix.lib.mkPoetry2Nix { inherit pkgs; }) mkPoetryApplication; in { packages.${system}.default = mkPoetryApplication { projectDir = ./.; };

apps.${system}.default = { type = "app"; program = "${self.packages.${system}.default}/bin/app"; };

devShells.${system}.default = pkgs.mkShell { packages = [ pkgs.poetry ]; buildInputs = [ pkgs.qt6.qtbase pkgs.qt6.full pkgs.qt6.wrapQtAppsHook ]; }; }; } ```

It seems kind of hopeless to get it working on NixOS. Does anyone have a working setup I could use for inspiration, or any other tips? I love the nix paradigm, but I'm honestly considering distrohopping with all of the trouble.

And others like him that have been ostracized. His mere presence seems to bring out quite negative emotions in people.

Anti Commercial-AI license

cross-posted from: https://awful.systems/post/1746256

> Nix project: ban? What ban? > > They invited that guy back. I do have to admit, I admire his inability to read a room.

I'm a beginner/intermediate in NixOS and my flake rebuild takes about 25 seconds to be finished. Most of the time is evaluating derivation for some reason and it's getting kinda frustrating having to wait when I want to add a package to my config. Has anyone the same problem or is it normal that it takes this long in Nix?

I've been trying to achieve a working mail setup on nixos by using simple-nixos-mailserver. ``` mailserver = { enable = true; certificateScheme = "acme-nginx"; enableManageSieve = true; fqdn = "email.teatastic.org"; domains = ["teatastic.org"]; mailboxes = { Drafts = { auto = "subscribe"; specialUse = "Drafts"; }; Junk = { auto = "subscribe"; specialUse = "Junk"; }; Sent = { auto = "subscribe"; specialUse = "Sent"; }; Trash = { auto = "no"; specialUse = "Trash"; }; };

loginAccounts = { "user1@teatastic.org" = { hashedPasswordFile = config.sops.secrets.password.path; aliases = ["postmaster@teatastic.org"]; }; };

fullTextSearch = { enable = false; enforced = "body"; indexAttachments = true; memoryLimit = 512; };

enableImap = true; enablePop3 = true; enableImapSsl = true; enablePop3Ssl = true;

virusScanning = false; }; services.roundcube = { enable = true; package = pkgs.roundcube.withPlugins ( plugins: [ plugins.carddav plugins.contextmenu plugins.custom_from plugins.persistent_login plugins.thunderbird_labels ] ); plugins = [ "attachment_reminder" # Roundcube internal plugin "carddav" "contextmenu" "custom_from" "managesieve" # Roundcube internal plugin "newmail_notifier" # Roundcube internal plugin "persistent_login" "thunderbird_labels" "zipdownload" # Roundcube internal plugin ]; #dicts = with pkgs.aspellDicts; [en]; hostName = config.mailserver.fqdn; maxAttachmentSize = 100; extraConfig = '' $config['smtp_server'] = "tls://${config.mailserver.fqdn}"; $config['smtp_user'] = "%u"; $config['smtp_pass'] = "%p"; ''; };

security.acme = { acceptTerms = true; defaults.email = "user1@teatastic.org"; }; firewall = { enable = true; allowedTCPPorts = [ 25 587 143 993 110 995 # Email 80 # Nginx ]; }; ``` I'm logging in through roundcube, which works as expected. However, when I get to the point of composing an email to somebody, it just starts a "Sending message..." loop without actually sending anything.

I've forwarded the aforementioned ports on my router, yet it fails.

To increase the security of my NAT configuration, I opted to implement port triggering instead of the traditional port forwarding on my router. I chose this approach in order to configure it from my nix configuration.

Specifically, I have enabled port 443 triggering on my router and included the following configuration: nftables = { enable = true; ruleset = '' table ip nat { chain PREROUTING { type nat hook prerouting priority dstnat; policy accept; iifname "wlp2s0" tcp dport 443 dnat to 10.100.0.3:443 } } ''; }; nat = { enable = true; internalInterfaces = ["lo"]; externalInterface = "wlp2s0"; forwardPorts = [ { sourcePort = 443; proto = "tcp"; destination = "10.100.0.3:443"; } ]; }; Now, after rebuilding, it still does not work and I'm left to wonder why. Are both the NAT and nftables settings even meant to run at the same time?

I've been trying to create a public instance of SearXNG by using NixOS, Cloudflare and Nginx, but I can't seem to make it open to the internet and I've ran out of ideas. Is there anything I'm overlooking? ``` services.searx = { enable = true; redisCreateLocally = true; limiterSettings = { real_ip = { x_for = 1;

ipv4_prefix = 32; ipv6_prefix = 56; }; botdetection = { ip_limit = { filter_link_local = true; link_token = true; }; ip_lists = { pass_ip = [ "192.168.0.0/16" "fe80::/10" ]; pass_searxng_org = true; }; }; }; runInUwsgi = true; uwsgiConfig = { socket = "/run/searx/searx.sock"; http = ":8888"; chmod-socket = "660"; disable-logging = true; }; settings = { general = { debug = false; instance_name = "SearXNG Instance"; donation_url = false; contact_url = false; enable_metrics = false; };

ui = { static_use_hash = true; theme_args.simple_style = "dark"; query_in_title = true; center_alignment = true; results_on_new_tab = false; };

search = { safe_search = 2; autocomplete_min = 2; autocomplete = "duckduckgo"; };

server = { port = 8888; bind_address = "0.0.0.0"; secret_key = config.sops.secrets.searx.path; image_proxy = true; method = "GET";

default_locale = "en"; default_lang = "en-US"; base_url = "https://myinstance.org"; public_instance = true; }; engines = lib.mapAttrsToList (name: value: {inherit name;} // value) { "duckduckgo".disabled = false; "brave".disabled = true; }; outgoing = { request_timeout = 5.0; max_request_timeout = 15.0; pool_connections = 100; pool_maxsize = 15; enable_http2 = true; }; }; }; services.nginx = { enable = true; recommendedGzipSettings = true; recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; virtualHosts = { "myinstance.org" = { forceSSL = true; sslCertificate = config.sops.secrets."SSL-Certificates/Cloudflare/Cert".path; sslCertificateKey = config.sops.secrets."SSL-Certificates/Cloudflare/Key".path; locations = { "/" = { extraConfig = '' uwsgi_pass unix:${config.services.searx.uwsgiConfig.socket}; ''; }; }; }; }; }; ```

I download and store music in my home folder for my desktop user, but also would like to share it with my jellyfin server, but obviously I cannot select a folder from my home folder as a library folder.

Is there any simple and clean way to make this folder available on a server?

https://github.com/NixNeovim/NixNeovim

I'm getting back into my setup after dualbooting and not touching it for a while. Flakes, home-manager, all that jazz. I was in the middle of messing around with my neovim config, bouncing between nixvim and nixneovim. Can't really remember why I was landing on nixneovim, but I think it had to do with having more 1-to-1 vim options through nix and more available plugins.

Part of this post is just to see what everyone's using, but I also can't copy to the system clipboard for the life of me! No ctrl-shift-v or anything. Oddly enough, ctrl-click-drag will copy a cut-off box of text. In nixneovim there's an option for clipboard, but that's just a string like 'unnamed' or 'unnamedplus', straight from the vim options. Nixvim has the option abstracted in a way that has the register and a provider for the functionality like wl-copy. I don't remember it not working with nixneovim before. That was months ago, though. Hoping someone would have an insight as I've been too deep in the weeds.

Edit: sooooo I just needed xclip in home.packages. I had tried installing it in a nix shell, but maybe that wasn't the right way to test. Doesn't seem to work with wl-clipboard, but I think neovim looks for xclip by default and nixneovim doesn't seem to have a way to give a different provider.

But still, how's everyone doing their neovim shenanigans?