Please roast my nixos configuration

Help
1

Hi!

I’ve been running NixOS as my daily driver for over a year now. I think it’s time for some spring cleaning of my code :smile: . Can you guys please roast my config?

You can find it on Github:

Best,
Miro

PS. Please use github issues.

2 Likes
2

I’m not going to use gh issues. Feel free to ignore. Most of these are subjective.

  1. Don’t just enable unfree, use the predicate, otherwise you will potentially massively bloat your build times unintentionally.
  2. Don’t comment out code, delete it you coward (j/k). Git history / git log -G are much more scalable ways of recalling what you used to have without needing to clutter up code today.
  3. Don’t mix stable vs unstable, I don’t see anything super compelling requiring it. usually you can be much more surgical (i.e. stick to stable, use overrides for versions on individual packages, no overlays)
1 Like
3

Why are all the old nixpkgs in there? nixos-configuration-roast/flake.nix at 274c663e138143f405503d496a71de3f46916928 · miro-zamiro/nixos-configuration-roast · GitHub

1 Like
4

speciArgs and args make no sense, they are almost the same except for a repeated attr (flake-inputs which is just inputs). Did you write this by hand or are you asking for help to train some LLM?

5

And why are you regularly repairing your store? I have never done that.

2 Likes
6

Auto-upgrade will never change anything if the flake doesn’t update.

Also, access-tokens shouldn’t be in the flake as it will be copied to the nix store where any program/user on your system will be able to read it.

2 Likes
7
  1. I don’t quite understand. English isn’t my first language. You’re suggesting that I shouldn’t enable unfree software globally, do I understand correctly? How can enable it “per package”?
  2. I’m very resistive (is there such a word?) to things that every one knows but I don’t. Computer science is a hobby of mine and I don’t have much time to explore it as much as I wish. Thank you for suggestion :wink:
  3. Are there any reasons why I shouldn’t do that besides long build times?

Thank you for your time! :heart:

8

Why are all the old nixpkgs in there? nixos-configuration-roast/flake.nix at 274c663e138143f405503d496a71de3f46916928 · miro-zamiro/nixos-configuration-roast · GitHub

Mostly I forgot about them :roll_eyes:, but there are some packages (e. g. frescobaldi) that for some reason failed to build unless set to very old version. I believe that it is fixed now… But still I like having them there and knowing that I can very easily roll back every app to some older release.

9

speciArgs and args make no sense, they are almost the same except for a repeated attr (flake-inputs which is just inputs). Did you write this by hand or are you asking for help to train some LLM?

Everything there I wrote by hand! I do not have any animals :smile: .

I have no idea what they mean besides that they work…

10

I just thought that it would be redundant. But maybe it’s stupid :person_shrugging:

11

Set it in nixpkgs.config.allowUnfreePredicate. Although this raises a new question for me, which is why set it when allowUnfreePackages exists?

12

I should probably just remove it as I update my computers regulary anyway.

Also, access-tokens shouldn’t be in the flake as it will be copied to the nix store where any program/user on your system will be able to read it.

How can I set it safely?

13

You can use sops-nix or age-nix.

1 Like
14

Point one has been covered elsewhere. Point two: you are most welcome. Point three: yes, eval times bloat the more nixpkgs you have, but also you have to deal with the bugs of many versions of nixpkgs. I personally have one and exactly one nixpkgs, and I symlink it into /etc/nixos/nixpkgs, which is quite nice if I ever want check in on how something works. It’s right there. That SAID, you can always get your current nixos config in the repl (nixos-rebuild repl) and you can use that to look at exact packages no matter how much you mix and match. And given a package you can get it’s source from the store, but still, one nixpkgs is more than enough code to reason about for me.


~
❯ nixos-rebuild repl -f ~/src/mine/nixnix/ -A copperhouse.system
Nix 2.31.4
Type :? for help.
Loading installable ‘copperhouse.system’…
Added 6 variables.
config, options, pkgs, system, vm, vmWithBootLoader
nix-repl> options.programs.niri.package.value.meta.position
“/nix/store/5j28b5bid968ynfbl2yg4sj0a2hz0x68-source/pkgs/by-name/ni/niri/package.nix:136”

~
❯ head -n 50 /nix/store/5j28b5bid968ynfbl2yg4sj0a2hz0x68-source/pkgs/by-name/ni/niri/package.nix
{
  lib,
  dbus,
  eudev,
  fetchFromGitHub,
  installShellFiles,
  libdisplay-info,
  libglvnd,
  libinput,
  libxkbcommon,
  libgbm,
  versionCheckHook,
  nix-update-script,
  pango,
  pipewire,
  pkg-config,
  rustPlatform,
  seatd,
  stdenv,
  systemd,
  wayland,
  withDbus ? true,
  withDinit ? false,
  withScreencastSupport ? true,
  withSystemd ? true,
}:

rustPlatform.buildRustPackage (finalAttrs: {
  pname = "niri";
  version = "25.11";

  src = fetchFromGitHub {
    owner = "YaLTeR";
    repo = "niri";
    tag = "v${finalAttrs.version}";
    hash = "sha256-FC9eYtSmplgxllCX4/3hJq5J3sXWKLSc7at8ZUxycVw=";
  };

  outputs = [
    "out"
    "doc"
  ];

  postPatch = ''
    patchShebangs resources/niri-session
    substituteInPlace resources/niri.service \
      --replace-fail '/usr/bin' "$out/bin"
  '';

  cargoHash = "sha256-X28M0jyhUtVtMQAYdxIPQF9mJ5a77v8jw1LKaXSjy7E=";
15

Thank you, I’ll check it out.

16

How about this file:

nixos-configuration-roast/home-manager/user0/syncthing/syncthing.nix at 274c663e138143f405503d496a71de3f46916928 · miro-zamiro/nixos-configuration-roast · GitHub

Is there a better way of doing that?