All the cool kids are running NixOS

My first intro to NixOS was a demo that an engineer ran through in my companies DevOps guild. My first thoughts are and still mainly consist of why are you not just dumping that into a container which also provides a deterministic, reproducible output. In general, I put NixOS on the back burner as I explored the funky town that is buildpacks novelty government cloud provides. I didn’t think much else of it for a couple of months.

Over in a homelab thread NixOS popped up again, this time in the context of using NixOS to manage Raspberry 5 configuration. I revisited some GitHub links but fell disappointed, just don’t think there is much traction there quite yet.

Then I was exposed to some humble nerd bragging, someone threw down the words:

“Very please with my dev machine these days. Apple Silicon Mac + nix-darwin + UTM(for Linux VMs). Nix flakes for dev environments/ reproducibility is so pleasant. Ghostty is already a solid terminal”

There was a lot that I needed to process with this declaration

• Ghostty 👻 - that’s still closed beta by Mitchell Hashimoto I’d love to try that out.
• My Dev Machine/s have some sprawl that I would love to sort out. Some declarative steamroller would be nice ☠️
• I’ll need to Google UTM cause I’m still terrible at acronyms
• Nix has popped up again, how far off could it be from Ansible

The quick follow answers:

Ghostty - yup still closed beta. Go watch the discord to get access beta Let’s fix developer sprawl with nix-darwin. Oh boy i’m a little confused to what’s happening with nix-darwin, flakes, home-manager I’ll figure out UTM when I get nix-darwin sorted.

Getting started with nix-darwin

Baby Steps

Get the TLDR and in-depth guide to get your feet wet with NixOS

• nixos-and-flakes.thiscute.world
• zero-to-nix.com
• nix.dev - tutorials Use Determinate Systems to install nix safely on MaxOS Nix Survival mode on MacOS

Search Packages: search.nixos.org

Useful takes on setup

I perused a bunch of these trying to get a foundation on how various people interpreted using flakes, home-manager, or the likes.

• yusef.napora.org - nixos-asahi
• br0g.0brg.net - nix
• krisztianfekete.org - nixos on-apple silicon with utm
• srid - nixos-config
• nixcademy.com - nix on mac

Get lost on what to do next

Figure out how to install some packages, find some examples https://github.com/ryan4yin/nix-darwin-kickstarter/blob/main/rich-demo/flake.nix

Go get overwhelmed with Mitchell’s setup: https://github.com/mitchellh/nixos-config

Modified take on Mitchells: https://github.com/cor/nixos-config/tree/master

Guess I’ll setup cachix? I’ll figure out the meaning of this a little later https://app.cachix.org/cache/kcirtapfromspace-nixos-config#pull

Mitchell’s config

Growing up I had typing class. Once or twice a week we would go to this dark room filled with computers, we got the joy of playing a speed typing game in silence for like an hour. This mild abuse to those of short attention spans feel like what i’m going through with Mitchells setup.

• linux - well its been a decade since I ran a desktop
• kitty/alacritty - new terminals i’ve been on iterm2 for a hot minute these days
• fish - this seems fine, until copy/paste doen’t seem to work and your on page 12 trying to figure out if key bindings are all change
• neovim - oh man what have I gotten into. I feel like all the simple things are now complicated again. At this point I’m afraid to ask.
  • oh plugin hell, what are all these things - treesitter, lua, telescope, etc.
    • great they’re installed now how do I create a branch
• raycast - neat its another Command - spacebar thing. I assume this is needed as nix doesn’t install applications into the Application dir.
• tmux - so why do none Control - b + % things work?

Cachix

cachix.org

Guess I’ll setup cachix? I’ll figure out the meaning of this a little later. Though, this might another rabbit hole that is too much for me to think through completely.
kcirtapfromspace-nixos-config

Personal Auth Token

Login to cachix.org and figure out how to generate an auth token.

1
2

❯ cachix authtoken <magical token here>
Written to /Users/thinkstudio/.config/cachix/cachix.dhall

After cachix is setup you’ll see the logs

1
2

copying path '/nix/store/7l8l8by558mf76vf9ngpg7lq0c8gwqby-source' from 'https://cache.nixos.org'...
[1 copied (147.6 MiB), 24.8 MiB DL] evaluating derivation 'git+file:///Users/thinkstudio/.config/nix-darwin#darwinConfigurations.thinkstudio.system'

Virtual Machines with UTM

https://mac.getutm.app/ Surprise UTM is really just open source version of VirtualBox that works with Apple’s M1 ARM64 Architecture. As my work has led me deeper and deeper into the world of microservices and docker containers. I haven’t had a hypervisor in ages! I’ve led teams to containerize and use .devcontainers to build an immutable env that can easily be shared across a team. I can see a setting where this is a requirement to contribute in a secure means. I like the abstraction from the host machine and adds a extra buffer of security. There is also the cattle not pets mentality, once the base configuration is established for the VM, these can be cloned to infinity and used as ephemeral or persistent dedicated local environment for any dev work.

Boot up

Boot up can be annoying as `Display Output is not Active"

Trying to get the mouse to wake up the screen sometimes does nothing, or boot time is just that slow. I feel like on the mac studio with the allocation of 32GB of ram this should be snappy fast.

ISOs

Go get them

• nixos-iso
• windows-iso Via CrystalFetch

Hashed Password

The nixos.nix config houses a hashed password for the VM. This is a quick means to generate a compatible password if you do not have mkpasswd available.

1

❯ docker run -it --rm alpine sh -c 'printf "password" | mkpasswd -s -m md5'

example of user management with hashed passwords

Bootstrapping VM

Mitchell has provided a Makefile filled with some convenient ssh commands that will help configure VMs. The order of operations:

• Elevate to Root & Set Password
• Check the ip with ifconfg
• Run the `make vm/Bootstrap0
• Run the `make vm/Bootstrap
• Login with hashed password
• Copy Secrets over to VM

Check git, gpg certs, Clone a Repo

1
2
3
4
5
6
7

❯ gpg --list-secret-keys --keyid-format=long
❯ eval "$(ssh-agent -s)"
fish: Unsupported use of '='. In fish, please use 'set SSH_AUTH_SOCK /tmp/ssh-XXXXXX8h5pip/agent.7808'.

❯ kcirtap@dev ~> eval $(ssh-agent -c)
Agent pid 7863 
❯ git clone git@github.com:kcirtapfromspace/nixos-config.git

Install necessary packages

Now for any project you have dedicated env which you can rip & replace.

1

nix-env -i <package>

“Fun” little things

Big fan of some of my ingrained muscle memory with mac keybindings

Command - L yeah that will lock the screen Command - W you wanted to close the VM right, Right Command - C/V You’re going to want to press the CTRL button