Farid Zakaria's Blog

VPNs from first principles

If you enjoy the from first principles theme, consider reading the one on containers.

Networking can seem like voodoo; many of us take for granted how data transmits from one computer to the next. Recently, wireguard, has attracted a lot of publicity for it’s inclusion into the Linux kernel & for it’s stated goal of making setting up VPNs simpler.

Behind all the magic, is a very simple premise. Let’s shed some of the complexity and break it down to first principles.

Tailscale is magic; even more so with NixOS

Our adventure into NixOS continues; this time let’s look into how we can harden our NixOS machines by putting them within a VPN. We will be using tailscale to setup our VPN.

Restricting your machines; especially SSH for servers; behind a VPN is a great way to add a layer of security without having to mess with various checklists like making sure password based logins are disabled.

NixOS; what's in a rebuild? Continued.

This is part 2 of a series on nixos-rebuild. You can read part 1 here.

We previously broke down that one of the first tasks done by nixos-rebuild is to build the system attribute.

What happens next for switch ? Let’s go back to the source.

NixOS; what's in a rebuild?

I have been using Nix but mainly through home-manager on my Debian system; finally I made the plunge into running NixOS on an AWS server for my side-projects.

There’s a lot of information on how to configure & setup an already created NixOS machine but not much advice for workflows, best practices & multiple machines.

Here I’ll document what I found useful and pulling back the veil on some of the NixOS tooling.

Feel free to check my Nix repository for home-manager & NixOS https://github.com/fzakaria/nix-home

mvn2nix; welcoming Maven into Nix's warm embrace

I wrote previously about the current state of affairs for Java packaging in the Nix ecosystem; including a little blurb at the end about a little project I have been working on.

I would like to announce a beta release for mvn2nix.

You find find the similar announcement on https://discourse.nixos.org/t/mvn2nix-packaging-maven-application-made-easy/8751

Easily package your Maven Java application with the Nix package manager.

mvn2nix is my attempt & re-imagining of what a lock file type Nix Java ecosystem should look like.

quassel core on NixOS with Let's Encrypt

I have been wanting to take part of the NixOS community more; specifically the IRC channels. I have been heavily using the Discord server but I found many other contributors are only on the IRC network. ✊

#nixos #nix-community

nix coercion trick

tl;dr; If the attrset contains outPath, it can automatically be converted to a String.

caching your nix-shell

tl;dr; you can use the following invocation to cache your nix-shell

 $ nix-store --query --references $(nix-instantiate shell.nix) | \
    xargs nix-store --realise | \
    xargs nix-store --query --requisites | \
    cachix push your_cache

I have been hooked on Nix as a way to introduce reproducible development environments. However I had to introduce a shell.nix file for a project that relied on a very old version of nodejs.

Packaging a Maven application with Nix

Surprisingly for Java’s popularity, the Nix Java ecosystem is pretty immature & fragmented. There are several community driven solutions for integrating Maven (Java’s package manager) with Nix all which have their own pitfalls.

This post will go through a single idiom on how to package a Maven project in Nix that at the very least does not rely on 3rd party support: Double invoking Maven

what is bundlerEnv doing?

The Nix wiki is pretty great for a lot of technical content however it sometimes fails to gently walk users through how something works.

I’ve been doing some Ruby work as part of my day-to-day job and wanted to better understand Nix’s approach to Ruby.