VPNs from first principles
If you enjoy the from first principles theme, consider reading the one on containers.
Networking can seem like voodoo; many of us take for granted how data transmits from one computer to the next. Recently, wireguard, has attracted a lot of publicity for it’s inclusion into the Linux kernel & for it’s stated goal of making setting up VPNs simpler.
Behind all the magic, is a very simple premise. Let’s shed some of the complexity and break it down to first principles.
Tailscale is magic; even more so with NixOS
Our adventure into NixOS continues; this time let’s look into how we can harden our NixOS machines by putting them within a VPN. We will be using tailscale to setup our VPN.
Restricting your machines; especially SSH for servers; behind a VPN is a great way to add a layer of security without having to mess with various checklists like making sure password based logins are disabled.
NixOS; what's in a rebuild? Continued.
This is part 2 of a series on nixos-rebuild. You can read part 1 here.
We previously broke down that one of the first tasks done by nixos-rebuild is to build the system attribute.
What happens next for switch ? Let’s go back to the source.
NixOS; what's in a rebuild?
I have been using Nix but mainly through home-manager on my Debian system; finally I made the plunge into running NixOS on an AWS server for my side-projects.
There’s a lot of information on how to configure & setup an already created NixOS machine but not much advice for workflows, best practices & multiple machines.
Here I’ll document what I found useful and pulling back the veil on some of the NixOS tooling.
Feel free to check my Nix repository for home-manager & NixOS https://github.com/fzakaria/nix-home
mvn2nix; welcoming Maven into Nix's warm embrace
I wrote previously about the current state of affairs for Java packaging in the Nix ecosystem; including a little blurb at the end about a little project I have been working on.
I would like to announce a beta release for mvn2nix.
You find find the similar announcement on https://discourse.nixos.org/t/mvn2nix-packaging-maven-application-made-easy/8751
Easily package your Maven Java application with the Nix package manager.
mvn2nix is my attempt & re-imagining of what a lock file type Nix Java ecosystem should look like.
quassel core on NixOS with Let's Encrypt
I have been wanting to take part of the NixOS community more; specifically the IRC channels. I have been heavily using the Discord server but I found many other contributors are only on the IRC network. ✊
nix coercion trick
tl;dr; If the attrset contains outPath, it can automatically be converted to a String.
caching your nix-shell
tl;dr; you can use the following invocation to cache your nix-shell
$ nix-store --query --references $(nix-instantiate shell.nix) | \
xargs nix-store --realise | \
xargs nix-store --query --requisites | \
cachix push your_cache
I have been hooked on Nix as a way to introduce reproducible development environments. However I had to introduce a shell.nix file for a project that relied on a very old version of nodejs.
Packaging a Maven application with Nix
Surprisingly for Java’s popularity, the Nix Java ecosystem is pretty immature & fragmented. There are several community driven solutions for integrating Maven (Java’s package manager) with Nix all which have their own pitfalls.
This post will go through a single idiom on how to package a Maven project in Nix that at the very least does not rely on 3rd party support: Double invoking Maven
what is bundlerEnv doing?
The Nix wiki is pretty great for a lot of technical content however it sometimes fails to gently walk users through how something works.
I’ve been doing some Ruby work as part of my day-to-day job and wanted to better understand Nix’s approach to Ruby.
