How to get back to a kernel version where all packages work as they used to

I wiped my computer and installed nixOS from a USB image using the installation GUI. I love nixOS with gnome. I worked for weeks trying to learn nixOS to make my configuration.nix the way I wanted it. After every change and build using a new configuration.nix I rebooted. I have about 90 generations now.
Every few days I would randomly do a build with the --upgrade flag.

I have 90 generations listed at boot, with kernel versions from 6.1.60 to 6.1.63.
Generation 20 is the last generation with 6.1.61

My bitwarden package (GUI app) and twilio authy (GUI app) fail for Kernels higher than 6.1.61 i.e. generation higher than 20.

So I want to go back to that kernel 6.1.61 in generation 20 because I use the bitwarden app every 10 minutes on my machine and without a proper password manager I cannot use any computer. That app is a sine qua non

If I roll back to generation 20 and want to change my configuration.nix then I have to do a build. The build then takes the kernel 6.1.63 that was created when I did the most recent --upgrade at generation 80 or so. Then my bitwarden GUI fails… as the kernel is 6.1.63 . So I am stuck in a catch 22.

I need the machine to do a rebuild using the present kernel for the generation I have booted to - only that way can I crawl back up the rabbit hole and undo for ever my upgrade that messed up my Bitwarden package (because that package is perhaps not rolled out for that kernel yet, who knows…).

This aim seems to be impossible or at least mega non-trivial to do via the configuration.nix . Yes, one can in theory make a flake/overlay to force bitwarden to use a different kernel but that is a massive investment in the steepest part of the learning curve and I am far lower down it at the moment.

So I am reinstalling by nixOS from the USB image which led to generation 1, and uses the kernel lower than 6.1.61, and copying my current configuratoin.nix into the resulting install; and making a mental note NOT TO DO --upgrade at rebuild.

QUESTION 1: is this re-install from USB image to revert the kernel a crazy step, or a sensible least complex solution for a newbie like me?

PLAN: I intend to save a nixOS bootable images for each kernel version I use (starting at 6.1.61) so that if an --upgrade causes a kernel change and messes up packages that are unknowingly not compatible, then I can roll back by brute force and re-install from scratch.

QUESTION 2: is this plan of hamstering nixOS images for each kernel version used before I perform an --upgrade to, bonkers, or a standard thing ?

Irrelevant background remarks:

I have no data on the machine - so I do not need to restore anything else yet. I am just trying to test nixOS to see if it’s stability and reliability can persuade me not to buy an macOS machine for myself.
The test consists of installing all the software I have on my wife’s macOS and Anroid devices as best I can using configuration.nix to make it how I need it, even to make a timemachine backup alternative, and if they all seem to work - bingo, I can live on planet FOSS.
Long-term I want to put the configuratoin.nix onto a linux phone and ditch even Android.

Grumble: I thought nixOS rollback was a rollback of the entire system, kernel and all, but seem to have found that a rollback is not a time machine as regards the kernel.

The rollback actually does roll back your kernel as well. However, I doubt that the reason for your bitwarden problems is the kernel.

A few remarks:

  1. The “hamstering” you describe is normal. However you should delete those after a while, otherwise your boot partition will be full at some point. Nix offers an easy mode to do such “garbage collection”: nix-collect-garbage is a command that will do it for you. It has many options, so you might want to read the documentation.

  2. Reinstalling NixOS from USB just to get back to an older kernel version however makes no sense. If you really need a very specific kernel version, there are ways to get it by defining your own kernel. Unless it is really end-of-life for a while and there are some incompatibilities with dependencies for building it. Then it might get complicated.

  3. As for bitwarden, that one most likely doesn’t fail due to changes in the kernel. Most likely it has something to do with the fact that bitwarden is an app that uses a framework called electron. A very easy workaround for this, while exploring what causes the issue, is to use bitwarden via the browser extension. That does most of the stuff the desktop app does as well.

As for the bitwarden app itself, try the following.

  1. Open a terminal window in whatever terminal you are using.

  2. Try running the bitwarden app from the terminal with the command bitwarden --disable-gpu

  3. Alternatively try running it from the terminal with env WAYLAND_DISPLAY= bitwarden

  4. Report back what each of those do. :smile:

Edit: Certain things on nix / NixOS are indeed “mega non-trivial”. That is just part of the game I guess.

Thanks. I have now reinstalled as a practice for porting a configuration.nix from one machine to another. I will see what happens and will use those bitwarden tricks (thanks) if my “brute force newbie dumb usb rollback” lands me in the same linux soup concerning bitwarden. Thanks again. (The browser extension I am wary of but will look it up. I never give my password to any browser based process. The macOS has fingerprint access to the bitwarden app and this is a dream so I am fighting to get the app working as a first step to build your own macOS clone ha ha )

So do I hear this correctly that you jumped from macOS straight into NixOS? :sweat_smile:

Many of these electron-based apps like Bitwarden are just the chromium browser packaged differently and running in a separate window.

The “tricks” I told you might also work on other electron-based apps. The reason behind it is that the new system which is basically responsible for drawing your desktop windows on your screen - it is called Wayland - does not play perfectly nice with chromium and electron yet. As long as this is the case, such workarounds might be necessary.

Thanks. No, I have an Dell Inspiron 3793 17inch which cost 400 euros and runs on Ubuntu only since about 4 years and that is such a wonderful machine. I also run RISCV boards and PaspPi boards. The only problem is the Linux install becomes a mess and I never know how I got to where I am, not how to uninstall, nor etc. etc. and the machine became just a web browsing tool. I like nixOS because with the configuration.nix I have a complete record with comments of how I got to where I am and can port the settings to my kids machines (and will to the ARM and RISCV boards) without having refer to hand-written notes as to how I installed stuff. BTW I did revert to the USB image which I started with and now have kernel 6.1.59 and bitwarden initially behaving normally. Precisely because of the configuration.nix I can roll back by brute force. What a wonderful design. I only need to nail a good backup and test a kernal rollback by re-install and backup restore… like time machine in apple which rocks.

You really don’t need to reinstall from a backup just to rollback the kernel. The kernel is just like any other piece of software in NixOS; as you’ve noticed, you can boot a previous generation and you’ll get that generation’s kernel.

When you rebuild your system after changing configuration.nix, the result depends both on the contents of configuration.nix and on the current value of the nixos channel for root. That channel is updated if you run nixos-rebuild with the --upgrade option, and not otherwise. So the reason you keep getting the newer kernel is because the newer value of the nixos channel specifies a newer kernel version.

If you want to build the current configuration.nix against an older value of the nixos channel, you can rollback the channel itself using nix-channel --rollback, optionally specifying a channel generation number. You can see the channel generations with ls /nix/var/nix/profiles/per-user/root—each entry that looks like channels-*-link indicates a generation number. If you rollback your channel (do this as root!) to a sufficiently old generation, and then run nixos-rebuild without --upgrade, you’ll get all the package versions (including the kernel) associated with the channel at the time of that channel generation, configured with the current contents of configuration.nix. No restoring anything from backup.

1 Like

That is in fact a much nicer and more detailed explanation of why this is not needed than I have given!

I think you can see now why nix is so nice. You most likely can recycle these usb sticks for different use cases. :smile:

So I am now doing the --upgrade to test the above channel rollback solution of … if it needed. And it is not. The bitwarden and authy apps work fine in the upgraded system with 6.1.63 with the copied over configuration.nix
… will thus use the disable gpu option if needed later