Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
ohai.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A cozy, fast and secure Mastodon server where everyone is welcome. Run by the folks at ohai.is.

Administered by:

Server stats:

1.8K
active users

ohai.social: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.0-nightly.2025-04-01

#nixos

78 posts65 participants7 posts today
Replied in thread
Public
Karl Voit :emacs: :orgmode:

@janl The purpose is to warn bystanders to invest in technological #complexity that seems to be very attractive for its advanced features without acknowledging the risks or efforts associated.

Its learning curve doesn't even allow for an easy start.

As with so many awesome tools, this is something for specific experts and not for new/occasional/advanced users.

BTDT and I've had my fair share of bad experiences.

Current pain in my setup: #NixOS. Instead of providing an abstraction layer to keep away certain OS setup & maintenance problems for good, I got into so many little & bigger troubles that I try to tell people only to use it when they are ready to invest its required learning effort all the way.

From my point of view, this also holds true for "advanced" file systems like #ZFS, #XFS, ... YMMV.

#PIM#technology#nix
Public
TheDragon 🔥

Just stumbled over this....

Is it just me, or does the branding not seem somewhat ... problematic?

Despite it's appearance (inc use of the logo) looking incredibly similar to the official website, and as far as I can tell - it doesn't have any "official" affiliation with #NixOS

That's without touching on the fact this is entirely AI oriented - which is a very "marmite" like product to put it mildly...

mcp-nixos.io/

MCP-NixOS - Model Context Protocol for NixOS
MCP-NixOSMCP-NixOS | Model Context Protocol for NixOSMCP resources and tools for NixOS packages, system options, Home Manager configuration, and nix-darwin macOS configuration.
Replied in thread
Public
John Hammarberg

@itsfoss

I have to say traditional LTS distros. After doing big manual server upgrades for some decade, no more LTS expiration dread!

Next to go will be my arch desktop as I find #nixos fits my desktop and server needs way better.

A disclaimer would be that NixOS is non standard. Documentation is lacking and knowledge of the Nix language is required for advanced configuration.

Public
Mike :nixos:

Ok #linux and #nixos peeps, I have a puzzle.

I want this systemd service to run ONLY WHEN a user is logged in, and they're connected to the internet.

Is this possible?

This is what I have so far but when I restart the computer, the systemd service shows as failed because it's trying to send the notification when no one is logged into the system.

systemd.services."auto-update-config" = { script = '' set -eu notify_sessions() { local title="$1" local message="$2" sessions=$(loginctl list-sessions --no-legend | ${pkgs.gawk}/bin/awk '{print $1}') for session in $sessions; do user=$(loginctl show-session "$session" -p Name | cut -d'=' -f2) ${pkgs.sudo}/bin/sudo -u "$user" "DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/$(id -u "$user")/bus" \ ${pkgs.libnotify}/bin/notify-send "$title" "$message" 2>/dev/null done } export GIT_SSH=${pkgs.openssh}/bin/ssh export PATH=${pkgs.git}/bin:${pkgs.openssh}/bin:${pkgs.coreutils-full}/bin:${pkgs.util-linux}/bin:${pkgs.flatpak}/bin:$PATH git_output=$(runuser -u mkelly -- ${pkgs.git}/bin/git -C /home/mkelly/Projects/nix pull --autostash 2>&1) notify_sessions "Git Updated" "$git_output" flatpak_output=$(${pkgs.coreutils-full}/bin/nice -n 19 ${pkgs.util-linux}/bin/ionice -c 3 ${pkgs.flatpak}/bin/flatpak update --noninteractive --assumeyes 2>&1) ''; serviceConfig = { Type = "oneshot"; User = "root"; }; after = [ "network-online.target" "systemd-user-sessions.service" "getty@tty1.service" ]; wants = [ "network-online.target" ]; wantedBy = [ "default.target" ]; # Ensure the service starts after rebuild };
Public *
JimmyChezPants

Hey #NixOS #Cloudflare #ZeroTrust

edit: I have not yet sorted out getting Docker running on NixOS yet, so for the moment I'm gonna get that installed and use the available container, which has latest build. I would like to stick to pure Nix on everything, but there is a need to be, umm, clean on opsec.

I was trying to install cloudflared from unstable repo. It installed and works from 24.11, but when I ran the command to create the credentialsFile it complained about the older version and suggested upgrading to 2025.4.0 rather than the 2024.10.0 that is in nixos.

Unstable has 2025.2.1, which is better, but is not 2025.4.0. Two branching questions from here.

1 - the unstable package returned that error: Package ‘cloudflared-2025.2.1’ in /nix/store/vxwsnfg5mys9v1qrxvim13ddmnhd4z1g-unstable/unstable/pkgs/applications/networking/cloudflared/default.nix:97 is marked as broken, refusing to evaluate.

Conveniently, it included instructions for allowing packages marked broken through. Is that considered normal in dealing with Cloudflare on NixOS? Cause it reads to me like an outtake from "How To Get Your Website Pwned By L33t H4krz".

2 - considering that even if I allow the "broken" package in, I'm still not getting the version recommended by cloudflared's error message, perhaps there's a flake or something I should try, that would get the daily build or whatever?

I'm off to do more searches and maybe poke my head into one of the actual support forums, but this seems like a pretty common task for NixOS admins to be doing, so it's probably an easy answer that I just haven't found yet.

Probably been looking at nixos.wiki again or something.

Replied in thread
Public
TheDragon 🔥

@jpmens ❤️ GPG agent forwarding with a Yubikey!

I've been using this method for a while now to control sudo authentication on my local machine, and all remote devices/VMs too. Allows me to leave an undesirably long/complex password for the user account in a password manager (as an escape hatch, but which I don't actually use).

With verification of presence via touch, and also the PIN on the Yubikey cached for only a short period of time, and it self destructing after 3 incorrect PIN entries...

End result is I have super convenient *and* secure local/remote two factor authentication and privelidge escalation.

I'm also using sudo-rs, which is a much more "minimal" implementation - just as I don't need the vast array of extra stuff that bundled into the traditional version.

I use #NixOS almost entirely, so only have need for Ansible in a few places...

That said, finding a way to utilize this for Ansible Vault has been on my to-do list for a while, so looks like you've solved that one for me!

Thank you 🙏

Public
N-gated Hacker News

🚫Oh, the horror! Anduril Industries, purveyors of digital warfare, dared to recruit on the sacred #NixOS forums! 🛡️ NixOS users, valiantly defending their turf, strike a blow against corporate overlords with the power of passive-aggressive forum posts. 🚀
discourse.nixos.org/t/anduril- #AndurilIndustries #DigitalWarfare #ForumWarriors #CorporateOverlords #PassiveAggression #HackerNews #ngated

NixOS Discourse · Anduril Industries' Electromagnetic Warfare Team is HiringThe moderation team brought this thread to our attention as the latest example in an ongoing controversy in the community and they escalated the decision to us so that we can provide them clearer guidance for how to proceed going forward. Our moderation team has done an admirable job, but this controversy has escalated beyond the point where moderation actions alone can resolve this. To that end, the Steering Committee is banning Anduril from recruiting on Discourse. We will leave this specific...
Public
Hacker News

Anduril Industries banned from recruiting on NixOS forums

discourse.nixos.org/t/anduril-

NixOS Discourse · Anduril Industries' Electromagnetic Warfare Team is HiringThe moderation team brought this thread to our attention as the latest example in an ongoing controversy in the community and they escalated the decision to us so that we can provide them clearer guidance for how to proceed going forward. Our moderation team has done an admirable job, but this controversy has escalated beyond the point where moderation actions alone can resolve this. To that end, the Steering Committee is banning Anduril from recruiting on Discourse. We will leave this specific...
#HackerNews#AndurilIndustries#NixOS
Public
D. Moonfire

So, for various reasons (professional verses personal), I don't set my global user name or email in Git. Instead, I have NixOS and Home Manager set up to give me a git command:

  home-manager.users.dmoonfire =
    { pkgs, config, ... }:
    {
      home.packages = [
        (pkgs.writeShellScriptBin "git-moonfire" ''
          git config user.name "D. Moonfire"
          git config user.email "contact@moonfire.us"
          git config core.sshCommand 'ssh -i ~/.ssh/moonfire-rsa'
        '')
    };

That way, I can easily call this with:

git clone https://some...path/
git moonfire
git commit -am 'feat: everything is awesome'
#NixOS#HomeManager
ExploreLive feeds
About