Our adventure into NixOS continues; this time let’s look into how we can harden our NixOS machines by putting them within a VPN. We will be using tailscale to setup our VPN.
Restricting your machines; especially SSH for servers; behind a VPN is a great way to add a layer of security without having to mess with various checklists like making sure password based logins are disabled.
This is part 2 of a series on nixos-rebuild. You can read part 1 here.
We previously broke down that one of the first tasks done by nixos-rebuild is to build the system attribute.
What happens next for switch ? Let’s go back to the source.
I have been using Nix but mainly through home-manager on my Debian system; finally I made the plunge into running NixOS on an AWS server for my side-projects.
There’s a lot of information on how to configure & setup an already created NixOS machine but not much advice for workflows, best practices & multiple machines.
Here I’ll document what I found useful and pulling back the veil on some of the NixOS tooling.
Feel free to check my Nix repository for home-manager & NixOS https://github.com/fzakaria/nix-home
I wrote previously about the current state of affairs for Java packaging in the Nix ecosystem; including a little blurb at the end about a little project I have been working on.
I would like to announce a beta release for mvn2nix.
You find find the similar announcement on https://discourse.nixos.org/t/mvn2nix-packaging-maven-application-made-easy/8751
Easily package your Maven Java application with the Nix package manager.
mvn2nix is my attempt & re-imagining of what a lock file type Nix Java ecosystem should look like.
I have been wanting to take part of the NixOS community more; specifically the IRC channels. I have been heavily using the Discord server but I found many other contributors are only on the IRC network. ✊
tl;dr; If the attrset contains outPath, it can automatically be converted to a String.
tl;dr; you can use the following invocation to cache your nix-shell
$ nix-store --query --references $(nix-instantiate shell.nix) | \ xargs nix-store --realise | \ xargs nix-store --query --requisites | \ cachix push your_cache
I have been hooked on Nix as a way to introduce reproducible development environments. However I had to introduce a shell.nix file for a project that relied on a very old version of nodejs.
Surprisingly for Java’s popularity, the Nix Java ecosystem is pretty immature & fragmented. There are several community driven solutions for integrating Maven (Java’s package manager) with Nix all which have their own pitfalls.
This post will go through a single idiom on how to package a Maven project in Nix that at the very least does not rely on 3rd party support: Double invoking Maven
The Nix wiki is pretty great for a lot of technical content however it sometimes fails to gently walk users through how something works.
I’ve been doing some Ruby work as part of my day-to-day job and wanted to better understand Nix’s approach to Ruby.
If you just want a very easy-to-use binary cache, consider using cachix.
Nix is an amazing tool, however the learning curve can be
very high. The online wiki has a lot of great documentation however I find it is often very geared towards NixOS specifically.
I wanted to better understand how to setup my own binary cache.