Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
ioc.exchange is one of the many independent Mastodon servers you can use to participate in the fediverse.
INDICATORS OF COMPROMISE (IOC) InfoSec Community within the Fediverse. Newbies, experts, gurus - Everyone is Welcome! Instance is supposed to be fast and secure.

Administered by:

Server stats:

1.6K
active users

ioc.exchange: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.4

#nixos

71 posts60 participants0 posts today
Replied in thread
Public
John Hammarberg

@itsfoss

I have to say traditional LTS distros. After doing big manual server upgrades for some decade, no more LTS expiration dread!

Next to go will be my arch desktop as I find #nixos fits my desktop and server needs way better.

A disclaimer would be that NixOS is non standard. Documentation is lacking and knowledge of the Nix language is required for advanced configuration.

Public
Mike :nixos:

Ok #linux and #nixos peeps, I have a puzzle.

I want this systemd service to run ONLY WHEN a user is logged in, and they're connected to the internet.

Is this possible?

This is what I have so far but when I restart the computer, the systemd service shows as failed because it's trying to send the notification when no one is logged into the system.

systemd.services."auto-update-config" = { script = '' set -eu notify_sessions() { local title="$1" local message="$2" sessions=$(loginctl list-sessions --no-legend | ${pkgs.gawk}/bin/awk '{print $1}') for session in $sessions; do user=$(loginctl show-session "$session" -p Name | cut -d'=' -f2) ${pkgs.sudo}/bin/sudo -u "$user" "DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/$(id -u "$user")/bus" \ ${pkgs.libnotify}/bin/notify-send "$title" "$message" 2>/dev/null done } export GIT_SSH=${pkgs.openssh}/bin/ssh export PATH=${pkgs.git}/bin:${pkgs.openssh}/bin:${pkgs.coreutils-full}/bin:${pkgs.util-linux}/bin:${pkgs.flatpak}/bin:$PATH git_output=$(runuser -u mkelly -- ${pkgs.git}/bin/git -C /home/mkelly/Projects/nix pull --autostash 2>&1) notify_sessions "Git Updated" "$git_output" flatpak_output=$(${pkgs.coreutils-full}/bin/nice -n 19 ${pkgs.util-linux}/bin/ionice -c 3 ${pkgs.flatpak}/bin/flatpak update --noninteractive --assumeyes 2>&1) ''; serviceConfig = { Type = "oneshot"; User = "root"; }; after = [ "network-online.target" "systemd-user-sessions.service" "getty@tty1.service" ]; wants = [ "network-online.target" ]; wantedBy = [ "default.target" ]; # Ensure the service starts after rebuild };
Public *
JimmyChezPants

Hey #NixOS #Cloudflare #ZeroTrust

edit: I have not yet sorted out getting Docker running on NixOS yet, so for the moment I'm gonna get that installed and use the available container, which has latest build. I would like to stick to pure Nix on everything, but there is a need to be, umm, clean on opsec.

I was trying to install cloudflared from unstable repo. It installed and works from 24.11, but when I ran the command to create the credentialsFile it complained about the older version and suggested upgrading to 2025.4.0 rather than the 2024.10.0 that is in nixos.

Unstable has 2025.2.1, which is better, but is not 2025.4.0. Two branching questions from here.

1 - the unstable package returned that error: Package ‘cloudflared-2025.2.1’ in /nix/store/vxwsnfg5mys9v1qrxvim13ddmnhd4z1g-unstable/unstable/pkgs/applications/networking/cloudflared/default.nix:97 is marked as broken, refusing to evaluate.

Conveniently, it included instructions for allowing packages marked broken through. Is that considered normal in dealing with Cloudflare on NixOS? Cause it reads to me like an outtake from "How To Get Your Website Pwned By L33t H4krz".

2 - considering that even if I allow the "broken" package in, I'm still not getting the version recommended by cloudflared's error message, perhaps there's a flake or something I should try, that would get the daily build or whatever?

I'm off to do more searches and maybe poke my head into one of the actual support forums, but this seems like a pretty common task for NixOS admins to be doing, so it's probably an easy answer that I just haven't found yet.

Probably been looking at nixos.wiki again or something.

Replied in thread
Public
TheDragon 🔥

@jpmens ❤️ GPG agent forwarding with a Yubikey!

I've been using this method for a while now to control sudo authentication on my local machine, and all remote devices/VMs too. Allows me to leave an undesirably long/complex password for the user account in a password manager (as an escape hatch, but which I don't actually use).

With verification of presence via touch, and also the PIN on the Yubikey cached for only a short period of time, and it self destructing after 3 incorrect PIN entries...

End result is I have super convenient *and* secure local/remote two factor authentication and privelidge escalation.

I'm also using sudo-rs, which is a much more "minimal" implementation - just as I don't need the vast array of extra stuff that bundled into the traditional version.

I use #NixOS almost entirely, so only have need for Ansible in a few places...

That said, finding a way to utilize this for Ansible Vault has been on my to-do list for a while, so looks like you've solved that one for me!

Thank you 🙏

Public
Hacker News

Anduril Industries banned from recruiting on NixOS forums

discourse.nixos.org/t/anduril-

NixOS Discourse · Anduril Industries' Electromagnetic Warfare Team is HiringThe moderation team brought this thread to our attention as the latest example in an ongoing controversy in the community and they escalated the decision to us so that we can provide them clearer guidance for how to proceed going forward. Our moderation team has done an admirable job, but this controversy has escalated beyond the point where moderation actions alone can resolve this. To that end, the Steering Committee is banning Anduril from recruiting on Discourse. We will leave this specific...
#HackerNews#AndurilIndustries#NixOS
Public
D. Moonfire

So, for various reasons (professional verses personal), I don't set my global user name or email in Git. Instead, I have NixOS and Home Manager set up to give me a git command:

  home-manager.users.dmoonfire =
    { pkgs, config, ... }:
    {
      home.packages = [
        (pkgs.writeShellScriptBin "git-moonfire" ''
          git config user.name "D. Moonfire"
          git config user.email "contact@moonfire.us"
          git config core.sshCommand 'ssh -i ~/.ssh/moonfire-rsa'
        '')
    };

That way, I can easily call this with:

git clone https://some...path/
git moonfire
git commit -am 'feat: everything is awesome'
#NixOS#HomeManager
Public
Mark Crocker

Installed #NixOS 24.11 on #VirtualBox today. Apparently the demo image was deprecated nixos.org/manual/nixos/stable/ in favor of using the standard ISO, but the installation instructions on the manual have not kept up.

Due to a corporate CA, just getting the installer to work at all discourse.nixos.org/t/nixos-in was painful, especially due to one being DER, so, had to install openssl before adding CA certs with nix-shell

I only noticed the Don't reboot itsfoss.com/install-nixos-vm/# after it was too late 😭

1/2

nixos.orgAppendix B. Release Notes
Replied in thread
Public
JimmyChezPants

@pmidden So this is kinda like using aptitude instead of apt-get on a Debian distro? It still connects to the real nix repos, with their godlike rolling schedules and whatnot?

I'm what you might call a conservative about this sort of thing - I'm not against these side versions, but as long as the majority of the community is using regular nix, the most likely scenario is that I'm gonna stay there as well, strictly because it is easier to find help and guidance from the largest user community.

As long as they are not giving up essential things for their mainstream choice, of course, and it seems to me that nix decides what's mainstream.

I remain a highly enthusiastic #NixOS user but I know I am not the first to complain about their atrocious documentation practices. I am still working on fully understanding the beast, but once I do I expect I'll try to help out with that, as my main contribution.

Main thing is nixos.wiki has to fucking go. It's just fucking embarrassing.

Public
da_am :nixos: :houdini:

I’ve officially deployed a Nixos based slideshow/ info screen for a client. It runs a rust client for the Xibo open source backend. It turns itself on and powers off at the end of the day. Has different systemd timers for different office hours throughout the week. Shows the weather, a slideshow of upcoming events and calendar showing that day’s events. Very slick and highly configurable. So far it’s been solid and I’m impressed. #nixos

Replied in thread
Public *
JimmyChezPants

@korenchkin Is nixos.wiki managed by non-NixOS or NixOS-hostile personnel?

Cause I tell ya, letting that link above just exist, with not so much as a "HEY DON'T READ THIS GO TO THE ONE AT NIXOS.ORG YOU NUMPTY" or something like that is pretty newbie-hostile.

Not just bad or clumsy management, but actively hostile. I dunno how much of my time that site just wasted, or how much it will waste before it is eradicated from the earth.

#NixOS#NixosCantDocument
Public
JimmyChezPants

Oh how I do love the docs at #NixOS.

I am attempting to do the "System wide vim/nvim configuration" example at https://nixos.wiki/wiki/Vim and rebuild is giving me this error:

error: attempt to call something which is not a function but a set

I read on one forum that removing the { } you see there, the set in question, from the override line, that would fix it, but then I of course get

error: expected a set but found a function

Since this is coming straight from the wiki and my syntax is correct, this is what you might call

Annoying

nixos.wikiVim - NixOS Wiki
ExploreLive feeds
About