Almost every NixOS tutorial I encounter, be that blog or video, says to use Flakes and Home Manager. While that definitely speaks to the value of these tools, I find myself, instinctually, wanting to avoid them. I’ve attempted to get them working multiple time, and encountered more issues than they solved, for me. I interpret this to mean my knowledge and/or use case of NixOS is not ready for me to use these tools effectively. On top of that, something about a set of files that could all be put into a single unified config appeals to me (which flakes/hm can probably do too, but hopefully to get my vibe).
My reasoning aside, this has made me curious if there is some way for me to “backport” all these configs I encounter into my set of more default style configs. The primary goal I have that lead me to this is rootless Podman and declaring my containers in the config. If anyone has any guidance or resources you could point me to it would be much appreciated.
God, I wish I could just do like a live coding session with a group to explain what I know and like and how to translate that into flakes and hm. Lots of good info and suggestions from everyone, but I feel I could explain myself better with my system in front of me. I get the flakes concept of locking a program to a particular version. I like that idea, but I also think I’m still in a stage of building out my system, discovering which packages I want. And I understand home manager is for handling my home folder and config within nix.
I can’t place it, but for some reason I don’t mind my config files living in .config, and keeping my system (for now) up to date and running the latest version of most software. That being said I of course see the value in both of these in the long term, especially as I work to build out a config I can install on all my systems and automatically toggles the correct modules based on device and user. I want that, but my repeat failure to get the flakes I want working, working, tells me I need to learn more base nix before I tackle that.
In fact I could tell I learned a lot when I had to figure out how to remove flakes and hm when I kind of got them working. While I had moved my config into home manager, I also broke a bunch of other things, rendering enough of my desktop environment non-functional (audio mostly lol), that I needed to do something. The solution I knew I could pull off was completely rewriting my config as a sort of in between of my single file Hyprland based config, to a directory of files and niri. Learning to properly import other files, learning about needing to include default.nix and how I can toggle which files are imported very easily with comments. The broader nix ecosystem started to make more sense.
I finally got good about using git, I made a folder structure that makes a lot of sense to me as far as parts of my config that are interoperable or machine specific. It’s clicking. I know the next step from that is probably flakes and hm, but again, the last time I tried to add those to my config, I broke way more than I fixed.
I feel just dumb enough with this that I’m not sure I’m comfortable sharing my config publicly yet. For example I haven’t implemented a secrets setup, so things like my syncthing IDs are in my config still.
As far as clearer goals. I’d like a config I can distribute across 3 machines (for now).
There’s many more thoughts prancing around in my head, but I don’t know how to prompt them.
I don’t see anything in your goals that would really require flakes or home manager. Maybe the podman containers, there seem to be some sharp edges around NixOS support for podman from what I can tell.
You might not want to share your entire config but you could share snippets of what you’re trying to do and isn’t working.
Moving on to more concrete suggestions:
If you aren’t already doing so, you should be using the option search liberally. And you should also read the code of the modules and packages, at least sometimes. Sorry, I know nixpkgs Nix can be quite obtuse, but honestly without it I don’t think it’s possible to really grok how NixOS works.
Secondly, a lot of people seem to think you need flakes to configure multiple systems in one repo, but you can actually also do that just fine with stable nix using the
-Iflag. It’s even possible to build an arbitrary Nix expression using the (unfortunately undocumented)-fand-Aflags like flakes would.Edit: For secrets, I would recommend using agenix, mostly just because it uses SSH instead of GPG. Instead you can also put them in a separate Nix file and gitignore that, but your secrets will end up in /nix/store that way which is a vulnerability if they’re important (also Flakes also break this completely).
I already use Unix pass as my password manager and have a private git server for it. Is there a nice way to get that working with secrets in my config? I know that directly goes against the suggestion of SSH vs GPG, but I’ve already got lots of data saved within that system.
Unfortunately I don’t think there’s a nice way to do that. You can retrieve secrets from
pass(albeit with quite a bit of working around the intended evaluation model) but I don’t see a good way to actually deploy the secrets without just putting the plain text into the Nix store (unless you also use a big server management thing like NixOps, as the author of that blog is, but in the time since blog was written NixOps has decided people shouldn’t be using it anymore… so it’s a bit of a mess). You’d really want something like sops-nix or agenix for that.You can of course decide you don’t care about the secrets being in the Nix store. It “just” means that every local user on the system can read them, as can anyone booting a live USB if the disk isn’t encrypted. And, while this almost certainly isn’t relevant to you right now, if you use the system as a binary cache for other systems those can get the plaintext secrets too. But you might not actually actually care about any of these.