51
5
submitted 1 year ago* (last edited 1 year ago) by rikudou@lemmings.world to c/nixos@infosec.pub

Hi there! I'm trying to make php and composer work. I have this in environment.systemPackages:

    (pkgs.php82.buildEnv {
      extensions = ({ enabled, all }: enabled ++ (with all; [
        xdebug
        redis
      ]));
      extraConfig = ''
        memory_limit=2G
        xdebug.mode=debug
      '';
    })
    php82Extensions.redis

The problem is that while running php -m correctly prints that redis extension is installed, composer does not, because it uses a different php:

  • file $(which php) prints the path /nix/store/igx8j4qjxy9jyj8kjyccwarnzqq5vsml-php-with-extensions-8.2.9/bin/php
  • cat $(which composer) shows that it's a wrapper for '/nix/store/lv4prxa52zifr54ws56iz3b9kdhs1b5w-php-with-extensions-8.2.9/bin/php' --add-flags '/nix/store/avqj0662f4gg2s875zlbbjajx6fm6bl0-php-composer-2.5.5/libexec/composer/composer.phar'

Note that the path to php is different. Is there any way to correct it on my side? I'd like to avoid having to install composer manually

52
12

Hi all, I've been getting into nix lately (I've been posting here frequently) and wanted to know what projects everyone is working on. Are you trying to integrate nix into an existing project? Contribute to nixpkgs? Experiment with your configs?

53
21

Short video from Vimjoyer on how to setup a firefox install using home manager and flakes. In particular, the focus of this video was how to use an external flake as a source for firefox extensions, since they aren't available in nixpkgs.

54
7

I came across this article when wondering how to integrate the "building" aspect of nix (that is, not just a devshell) with static websites or other projects that involve some output that is not an executable.

This article also talks about adding inputs from GitHub that aren't necessarily flakes. I've used this myself to pull some example configurations for certain programs that I haven't felt like tinkering with myself yet.

55
18
submitted 1 year ago* (last edited 1 year ago) by rutrum@lm.paradisus.day to c/nixos@infosec.pub

I'm been wanting to move over my main desktop for almost a year now. But from 3+ years of tinkering, installing applications, and configurations Ive been super hesitant. The jump from Ubuntu to NixOS would be a big one. I have a laptop running nixos thats given me some exposure to the nix language, but when it comes to my main rig, I still have the worry of "what if something I need wont be available?" and "what if I forget something?"

Well I finally tried home manager and wow, its the absolute perfect way to slowly transition to nixos. I'm slowly going through my package managers (cargo, npm, pip, apt, snap) and checking for applications that I can just drop into my home.nix. And every now and then I see an app I cant install (say, vtracer from cargo, very cool app). Well, I just make a mark and eventually I'll build my own derivation around it.

Home manager has been easing my worries as I make the transition. For those of you also unsure, I recommend integrating with home manager. You can do such small jumps at a time, no need to go full blown nix all at once.

56
12
nixos phone (youtu.be)

Interesting idea.

57
12

tl;dr image buildable with some patches

58
10
call for nixos papers (www.socallinuxexpo.org)

South California Linux Expo is looking for papers.

59
14
submitted 1 year ago* (last edited 1 year ago) by rutrum@lm.paradisus.day to c/nixos@infosec.pub
60
5
submitted 1 year ago* (last edited 1 year ago) by demesisx@infosec.pub to c/nixos@infosec.pub

I have a config that I share on github. I share the whole thing and there are keys in it but they are obviously not the complete key (as is standard throughout the community). Just enough to point to the real key with Nix.

Anyway, I have finally gotten around to learning the power of git-crypt. Today, I went through my whole config and took everything out that could even remotely be used by a hacker to find out security holes in my config (permitted insecure packages, specific hardware ID's, github username and email address, for example all went into nix files into the secrets folder with imports where they used to reside) and put those files into a folder at top level called secrets. Then, I encrypted all of the files in that folder and pointed the rest of the config to them so they remain encrypted on my github but perfectly usable in evaluation and build of my config derivation.

My question is: Have I done something clever that will significantly decrease the chances of exploit or do you recommend that everyone does this and I'm just late to the security party?

If this technique is just standard, what else could one do to harden their system without causing difficult to solve issues on deployment of their config? For example, I now need to decrypt that folder when I use that config on a new system and anyone else building it wouldn't be able to get through the evaluation.

I've heard of Sops-Nix and other such security handlers. How can I use sops-nix to aid in that initial git-crypt setup when I spin up a new system, for example?

61
2

What do you as a fail safe when there isnt a flake or nix package for what you need, and you don't have the time or ability to create it?

Here's my particular example. I need the beta version of OpenSCAD, which is only delivered as a flatpak in the beta flatpak channel, which I have tried but have been unsuccessful in doing. I havent even attempted building from source. Only the stable version is in nixpkgs. In this case, what would you do?

And in general, what do you do? Install things using a different package manager, like pip, npm, cargo, etc and manage at the user level? Do you run a VM? Docker? Let me know what your backup plan is on NixOS.

62
1

I recently followed https://www.arthurkoziel.com/installing-nixos-on-a-macbookpro/ to install NixOS on a macbookpro5,1 (from 2008). OSX hasn't supported that hardware since El Capitan and it was incredibly slow even then.

With Nix it works, but I'm frequently running into issues similar to https://askubuntu.com/questions/1114612/rcu-sched-self-detected-stall-on-cpu-watchdog-bug-soft-lockup-cpu3-stuck. The first 3 times I tried logging in after the install it hung after accepting the password. It was just logging the rcu stall error every few seconds, not responding to any keys. I was able to create a user account on the 4th boot, but still haven't installed anything extra on it.

It's also really slow to boot. A few minutes in stage 1 before it asks me for the decryption password and then another few minutes to get to the login prompt.

All of this is without any graphical environment. I was planning to go with a low resource desktop like xfce or cinnamon (are they still maintained?), but any tips on what to look at before I possibly introduce more instability?

63
3
Nix remote builds (gvolpe.com)
submitted 1 year ago by demesisx@infosec.pub to c/nixos@infosec.pub

gvolpe, the person I forked my NixOS config from wrote this excellent article. I feel like the least I could do is share this amazing blog post.

Remote builds enable interesting use cases and experiments. Besides building for different architectures, another use case that comes to mind would be having a low-resource machine building a derivation that would require heavy CPU usage (e.g. a Rust application) on the fly, without having to rely on CI builds or binary caches, effectively used as a development environment.

64
2

My understanding is like this. For multi-user computers, you'd manage packages with home manager. If you're developing a project or need some kind of specific built tool or dependency, define in it in a flake.nix or shell.nix or build.nix in the project folder. And for single user computers, or maybe admin accounts install at NixOS configuration.

Whats the intent for each location? The current question Im asking myself is "why install home manager when Im on a single user instance and can just update configuration.nix?"

65
4

Features

UnixPorn at its core

PwNixOS places a strong emphasis on delivering a top-notch graphical experience by providing a visually appealing and productivity-focused interface.

Hacking Tools

PwNixOS offers a wide array of tools and utilities out of the box to support your hacking endeavors. From advanced network analysis and penetration testing tools to powerful scripting languages and development environments, PwNixOS equips you with the necessary arsenal to explore and manipulate computer systems to your heart's content.

Package Management with Nix

One of the standout features of NixOS is its unique package management system called Nix. With Nix, you can easily install, update, and manage software packages on your system. What makes Nix special is its ability to provide isolated and reproducible environments for each package, ensuring that software installations do not interfere with one another. This allows for painless experimentation and easy rollback to previous configurations.

Declarative Configuration

NixOS follows a declarative approach to system configuration. Instead of making changes directly to the system, you define the desired state of your system in a configuration file or flake (like this one). This configuration specifies all the packages, services, and settings you want, providing a clear and reproducible blueprint for your system. This declarative nature simplifies system administration, enables easy replication of configurations across multiple machines, and facilitates version control of your system setup.

Custom packages

This flake has custom hacking tools that are uploaded to the NUR. The purpose of these tools is to fill in the gaps that exist today in the official repositories and create a full arsenal of tools, with well-known tools such as BloodHound and lesser-known tools such as psudohash.

66
1
submitted 2 years ago by Merulox@lemmy.world to c/nixos@infosec.pub

Just pasting this somewhere random in my configuration.nix gives me an error; where should I place it?

package in question: https://github.com/an-anime-team/an-anime-game-launcher/wiki/Installation#-nixos-nixpkg

Thank you for your time!

67
1
submitted 2 years ago by vpz@infosec.pub to c/nixos@infosec.pub

I want to learn and experiment with fully configuring a single user NixOS installation that is declarative. I've found quite a bit on the NixOS system-land side, but when I go into Home Manager user-land I'm not seeing very much around configuring the Desktop. I usually use XFCE but in trying to work with it I kept running across posts about how it wasn't well supported. So I tried KDE but found the same.What is the best supported Desktop with Home Manager? Or do folks just do the basics with nix stuff, and end up pulling in the rest of the config info into the home directory (like from a repo) as a work-around? Basically use nix stuff to retrieve files and put them into the correct destinations.

68
1
submitted 2 years ago* (last edited 2 years ago) by PortugalSpaceMoon@infosec.pub to c/nixos@infosec.pub
69
1
70
1
71
1
72
1
NixOS in 60 seconds (www.youtube.com)
submitted 2 years ago by demesisx@lemmy.world to c/nixos@infosec.pub

A quick 60 second video explaining NixOS.

73
2
submitted 2 years ago by priapus@lemmy.one to c/nixos@infosec.pub

This video has been bringing awareness of NixOS to a lot of new people!

74
1

Here is a link to the currently open github issues for the nixpkgs repository that are tagged "1.severity: security". Use this to browse around; some of them are simple package version update requests, some are pretty involved changes. If you're bored, why not pick one up? :-).

75
2
submitted 2 years ago by steven@infosec.pub to c/nixos@infosec.pub
view more: ‹ prev next ›

NixOS

1016 readers
1 users here now

NixOS is a Linux distribution built on top of the Nix package manager. Its declarative configuration allows reliable system upgrades via several official channels of stability and size.

This community discusses NixOS, Nix, and everything related.

founded 2 years ago
MODERATORS