Help, NixOS Kde plasma 6 kept crashing and freezing even in tty

Help
22

Theres your problem:

Note line:

substituters = https://mirror.sjtu.edu.cn/nix-channels/store
system-features = nixos-test benchmark big-parallel kvm
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ1

The tuna cache is trying to sign pkgs with the public key from the cache.nixos.org-1: public key
China being what it is, ill copy paste the relevant sections in the nix wiki for context:

Using a binary cache

To configure Nix to use a certain binary cache, refer to the Nix manual.[cf. 4] Add the binary cache as substituter (see the options substituters and extra-substituters) and the public key to the trusted keys (see trusted-public-keys).

Permanent use of binary cache:

# /etc/nixos/configuration.nix

  nix = {
    settings = {
      substituters = [
        "http://binarycache.example.com"
        "https://nix-community.cachix.org"
        "https://cache.nixos.org/"
      ];
      trusted-public-keys = [
        "binarycache.example.com-1:dsafdafDFW123fdasfa123124FADSAD"
        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
      ];
    };

Warning: Keys that are entered incorrectly or are otherwise invalid, aside from preventing you from benefiting from the cached derivations, may also prevent you from rebuilding your system. This is most likely to occur after garbage collection (e.g., via nix-collect-garbage -d). Consult NixOS/nix#8271 for additional details and a workaround.

Temporary use of binary cache:

$ nix-store -r /nix/store/gdh8165b7rg4y53v64chjys7mbbw89f9-hello-2.10 --option substituters http://binarycache.example.com --option trusted-public-keys binarycache.example.com:dsafdafDFW123fdasfa123124FADSAD
these paths will be fetched (0.00 MiB download, 24.04 MiB unpacked):
  /nix/store/7gx4kiv5m0i7d7qkixq2cwzbr10lvxwc-glibc-2.27
  /nix/store/gdh8165b7rg4y53v64chjys7mbbw89f9-hello-2.10
copying path '/nix/store/7gx4kiv5m0i7d7qkixq2cwzbr10lvxwc-glibc-2.27' from 'http://binarycache.example.com'...
copying path '/nix/store/gdh8165b7rg4y53v64chjys7mbbw89f9-hello-2.10' from 'http://binarycache.example.com'...
warning: you did not specify '--add-root'; the result might be removed by the garbage collector
/nix/store/gdh8165b7rg4y53v64chjys7mbbw89f9-hello-2.10

Short version: Your nix-config is trying to sub the nix-cache public key for signing instead of the key used for the cache you are enabling, you need to set the public key in your /etc/nixos/configuration.nix file

This source is WAY too long and descriptive to try and quote so ill just pray you can access this domain without too much issue: But this link goes to the nix.dev manual section regarding configuring in trusted keys and how to get them

https://nix.dev/manual/nix/2.24/command-ref/conf-file.html#conf-trusted-public-keys

It might also be worth just poking around the nix-channel cache you are using for the public key, it should be posted somewhere in the repo but i cannot read Chinese, its all running through a shit translator thats not very great.

Heres a template block that should work with your /etc/nixos/configuration.nix

  nix.settings = {
    extra-substituters = [
      "https://cache.m7.rs"
      "https://nix-gaming.cachix.org"
    ];
    extra-trusted-public-keys = [
      "cache.m7.rs:kszZ/NSwE/TjhOcPPQ16IuUiuRSisdiIwhKZCxguaWg="
      "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="
    ];
  };

After, you should be able to add the cache back to your nix-channel list and run a full rebuild, then reboot.

EDIT: While im thinking about, take a look at NixOS Search
There are a few different ways to declare these options, either as a single block or individually if you feel the need to declare them as separate functions

1 Like
23

Extra thought:

It might be worth completely isolating your nix system from the standard domains by dropping the nix-cache and nixos official channels all together and strictly running the cache as your main pull source for BOTH nixpkgs and nixos.

NOTE: When you go to add your nixpkgs channel back to nix-channels --add, be absolutely certain that when you declare the cache url you intend to use to put nixpkgs at the end. Should like this ish

nix-channel --add https://github.com/NixOS/nixpkgs/archive/release-24.11.tar.gz nixpkgs

Granted the link will be different, but you MUST append nixpkgs to the end of the string otherwise the channel wont be used when you rebuild.

same goes for the nix-channel --add for the nixos channel as well, if you intend to use the tuna repos for both (which is probably the better bet), make sure you have the right keys for both when configuring nix.settings.

After this is done, run a fresh (as root) $ nix-channel --update ; nixos-rebuild switch
Reboot, test again

24

Thanks for spotting it.

https://discourse.nixos.org/t/announcing-tuna-nix-mirror/6144/11?u=shiroxia

Please read this post because this is where I found the mirror.

In short,

That is why the signature is the nixos cache one.

Furthermore, the Chinese firewall even tightened bandwidth while accessing github; therefore, I also used a mirror for nixpkgs : https://mirror.sjtu.edu.cn/nix-channels/store

25

That adds alot of context.

in that case, i think all you should need to then to get a refresh is add the cache as a channel

States you only have the channel for nixos, not the nixpkgs. Add the cache pkgs channel as a new channel in nix-channel, run a nix-channel update, and then rebuild

26

Thanks for telling me.

In my previous conversation with NobbZ, he said that nixos will always pull from “cache.nixos.org” unless lib.mkForce is used and…

That is how I configured the pkgs mirror.

Such a pain, right?!

Just letting you know, my system currently pulls from the os mirror and the pkgs mirror very quickly and I just updated everything.

27

Yeah little bit lol

However, needing to specific the option substitutes is unnecessary if you delcare your subs directly in the config by using the fuction:

 nix.settings = { extra-substituters = [ " your sub here " ]; };

before initializing a rebuild

28

Scratch this, it would actually be better to add it as a trusted sub instead of a regular sub so the whole system can get the changes:

nix.settings = { trusted-substituters = [ " your sub here " ]; };

EDIT: some context i found that could explain some stuff

Name

nix.settings.trusted-substituters

Description

List of binary cache URLs that non-root users can use (in addition to those specified using nix.settings.substituters) by passing --option binary-caches to Nix commands.

Type

list of string

Default

[ ]

Example

[
  "https://hydra.nixos.org/"
]

Declared in

nixos/modules/config/nix.nix

nix.settings.substituters wouldnt effect root, which means certain pkgs could get mixed and dropped

29

About why I am using the sjtu mirror instead of the tuna mirror.

Check the following topic

https://discourse.nixos.org/t/enable-different-priority-substituters-with-flake/56073/5

It is complicated,
LSS, the tuna mirror got a binary cache mirror as well, but the server will deny pulls if mass downloads are detected, thus rendering the cache useless.

30

Thanks, I will do this tomorrow.

Thank you so much for following up on this post.

31

Naturally. Blows that the cache is rate limited, that does complicate the shit out of a lot of things.

Im commited to helping you out on this, i am going to build a VM using those caches over a VPN to china and find what works. I know its about bed time for you now, so i’ll tinker with this and see if i can find something that works using the cache as a sole source for everything in the VM

32

Thank you so much, see you tomorrow.

1 Like
33

No, it isn’t.

It serves the original NAR and metadata, inclusiding the original signature.

This means, that the file is indeed unchanged from the official caches. This works for users from behind the GFW since forever.

1 Like
34

Yes, he pointed to your original mention and i did some more reading through the nix.dev manual and it makes sense the keys would be the same. Good to know for future.

35

Hi Everyone, this is my registered account on Nix Discourse. I will stop using my github account because I cannot sign it up on firefox Windows. It gave me an error (500). I had enough typing on my phone because it took too long to finish the post.

So Some new error happened this morning.
I have noticed that whenever I open firefox on NixOS, it will crash after some time and sometimes dragging kwin with it. Therefore, I checked out its crash report for some clues. I believe that firefox also have something to do with the issue.
I have submitted a crash report to Mozilla. Please have a look of the following.
https://crash-stats.mozilla.org/report/index/821cddca-c340-4b5b-b6b3-35f770250109

Secondly, before that I noticed whenever the screen turns off after inactivity, I am unable to wake it back up eventhough I disabled sleep option. Today I ran dmesg -w and it suddently reporting swap error like crazy so I had to turn it off. I realised that I did not set up any SWAP partition so I suspect that there is something to do with it.
About SWAP, I have to admit that I do not understand how it works. While installing the system, I chose not to have a swap partition because I thought it is just a backup for when the PC ran out of RAM, I got 48GB of ddr5 RAM so I thought having a SWAP partition is unnecessary; however, the error proved me wrong. Furthermore, online forums suggest that if I must have SWAP space if I would like my system to be able to sleep. Therefore, I would like to partition my disk to allow 50GB of SWAP on my disk because online forums suggest that the optimal SWAP size is my total RAM +2GB.

I read the following ubuntu forum post on creating swap file on btrfs. It suggests that modern system uses a swap file instead of partitioning the disk.
https://askubuntu.com/questions/1206157/can-i-have-a-swapfile-on-btrfs

Oh boy, here comes the complicated part…

I fell into the disk partitioning rabbit hole and I got lost.

I was using btrfs and people suggest that traditional partitioning is obsolete because btrfs can partition subvolumes, but I do not know how to.

I checked on NixOS wiki on btrfs but it suggested me to disko for declarative partitioning, that I also do not know how to use.

https://nixos.wiki/wiki/Btrfs

https://github.com/nix-community/disko/blob/49f8aa791f81ff2402039b3efe0c35b9386c4bcf/docs/quickstart.md

I also found a tutorial on github regarding setting up NixOS with btrfs and in ram root.

https://gist.github.com/giuseppe998e/629774863b149521e2efa855f7042418

A comment on the following youtube video recommend me to partition /var because the logs can get huge when things go wrong, thus making fixing the error harder. By partitioning it, its size is limited, thus logs generated by rogue daemon can be contained. I wonder if this is acchieveable in btrfs subvolume?

https://m.youtube.com/watch?v=acgBqG5EI60

I have got so many questions now:

  1. Why do I need to partition my hard drive using disko? Does it make partition management easier?
  2. What is subvolume and how can I create them in my current system?
  3. Why does the github tutorial put root in RAM?
  4. How to create a SWAP file under a btrfs subvolume?
  5. Is there an optimal way to partition my drive?

My drive currently has 1GB FAT32 for boot and all the rest for btrfs.

Thank you for reading my post.

36

You don’t, it’s not necessary.
I’ve never used it and don’t plan to.

It’s a funny thing some people do: root on tmpfs. The idea is to minimise statefulness if you ever need to deploy from scratch, and you specifically opt in to the state you want to save. It’s not necessary.

Provide adequate space for whatever types of data go on each partition. You have to decide that.

What error? I don’t use swap either, but I never had such issues.

I would suggest not blindly following recommendations if you don’t understand why they were given or where they come from.

My personal approach to code (including with nix) is to keep things as simple as possible to serve the needs I face right now.

37

20250112_134048
20250112_1340484080×3060 2.91 MB

Hi everyone.

This is the new account for Sherlock Xia.

Just an update:

Context:
https://discourse.nixos.org/t/help-i-want-to-reinstall-nixos-with-btrfs-subvolumes/58603

I was planning to reinstall nixos with btrfs subvolumes; however, I was in the iso installer and it crashed, produced the error messages in the photo.

I would like to know is it the same amdgpu problem that was mentioned by @lopter

Thank you for reading.

38

@lopter

Just to let you know that I did lsblk today while on the nixos thumbdrive installer, it also crashed. See the post above for more information, please.

39

waiting for someone to comment on…