It may be useful to add hashedPasswordFile in the future, although from
my testing it was possible to rebuild a VM that used a cached derivation
with the old password.
Ideally your main form of authentication is through LUKS encryption or
SSH keys anyway, and this password should solely be used for sudo
purposes.
Will extend upon this later, but this basically makes it possible to
guarantee that the flake can be used inside another flake and be
customized as expected.
Note that hardware-configuration.nix is optional if you're just using
the configuration for virtual machines and containers, which is why it's
optional here. A default file isn't provided to help users understand
that they have to bring their own.
Not really necessary anymore since I no longer test home-specific stuff
inside the virtual machine.
It would be nice if there was a way to create a temporary directory on
the fly (such as one in /tmp) that could be mounted and used for sharing
files between the virtual machine and the host.
Note that we will continue to use nixpkgs-fmt for the time being here
since nixfmt-rfc-style breaks string syntax highlighting and comments
like `/* this */` get turned into `# this`.
The conversion from lisp-like formatting to something else in flake.nix
is a bit unfortunate, but I'd rather have a singular style for the
entire code base to make things easier.
This increases boot times quite a bit so I'd rather use tmpfs as /tmp
where possible. Note that this defaults to cleaning /tmp anyway since
I'd rather clean /tmp than not do so at all.
For future reference, the message that gets shown is the following:
"A start job is running for Create Volatile Files and Directories"
This change makes it possible to use this nix-config in all the
different ways imaginable (containers, bare metal, tests, and as a
separate flake input) *without* running into infinite recursion
issues with self.
It does this by using a trick similar to JavaScript in which
`var self = this;`, thus enabling the usage of "this" (or self, in
Nix's case) where it wouldn't otherwise be possible.
Note that this *only* works if the input for this repository is named
nix-config. This makes it impractical to combine with multiple
configurations that employ the same strategy.
This change makes it possible to import the modules that are required
from the flake inputs in the output modules themselves, thus preventing
users from having to manually import those modules.
This simplifies things overall and was made possible by the specialArgs
option that allowed these flake inputs to be passed into our container.
Necessary since system now depends on home-manager and desktop depends
on stylix, which also depends on home-manager.
Note that since conditional imports can't be used and we include the
system module inside of our containers which don't have access to self,
importing the required modules inside the module itself cannot be used.
Realistically this might be more related to "system" than shell, however
it may also be advantageous to keep system as minimal as possible since
it could also be argued that interpreted programming languages are a
part of the system.
This is just a proof of concept that I plan to integrate into NixOS
containers running specific users. The ensureDBOwnership part would no
longer be needed since each database would receive its own container
and consequently user.
Now it's possible to use whatever username you want for your system. The
default value of "user" is good if you're concerned about information
disclosure attacks through things like the username being visible in
logs or other output.
There is currently a bug where yazi crashes since it tries to create
directories but is unable to due to being managed at the system level.
There is an open PR in nixpkgs, however it's been 3 weeks and it hasn't
been merged yet.
This is a part of making it easier to instantly have access to yazi
without having to worry about using home-manager. Note that this works
for my use case since I don't use Nix on non-NixOS devices and don't
intend to do so anytime soon.
This continues the process of simplifying the available modules for
end-users. The final result would be having a clear set of modules like
"desktop" and "shell" that can be enabled if users want a complete
Hyprland environment or a complete shell environment.
Enabling the stylix module "only" would be a low-tech solution and at
that point it'd likely be better for end-users to take complete control
of their stylix config with their own module.
Thunar is an opinionated file manager that we're using as the GUI
application of choice because it handles directories with large files
*significantly* better than Nautilus. It also supports image previews
for files that have been trashed, as well as a slew of other convenience
features such as a built-in auto-renaming tool.
Realistically I want access to htop on any machine running my shell
configuration. Making this NixOS-specific removes some of the dependence
on home-manager as well.