Reconfiguring the configuration.nix DELETES the passwd file!

vbgf3 · April 1, 2024, 5:18pm

Hi,

I have a pre-made configuration.nix file. The firewall didn’t start after nixos-rebuild. See my other thread. So I reinstalled NIXOS and copied over the configuration.nix file and did a nixos-rebuild switch. Immediately after I was not able to ‘sudo’. And upon reboot, I was not shown the username, and I am no longer able to login. The users list was gone !!

To summarize, I disabled IPv6, disabled Avahi, changed to nftables, disabled printing, disabled ipp-usb, and inserted some rules into INPUT chain.

Here is the configuration.nix: ( my changes have the Remark ‘###MY’ )

Edit this configuration file to define what should be installed on

your system. Help is available in the configuration.nix(5) man page

and in the NixOS manual (accessible by running ‘nixos-help’).

{ config, pkgs, … }:

{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];

Bootloader.

boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;

networking.hostName = “nixos”; # Define your hostname.

networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.

Configure network proxy if necessary

networking.proxy.default = “http://user:password@proxy:port/”;

networking.proxy.noProxy = “127.0.0.1,localhost,internal.domain”;

#####MY CHANGES
networking.enableIPv6 = false;

Enable networking

networking.networkmanager.enable = true;

Set your time zone.

time.timeZone = “America/Toronto”;

Select internationalisation properties.

i18n.defaultLocale = “en_CA.UTF-8”;

Enable the X11 windowing system.

services.xserver.enable = true;

Enable the GNOME Desktop Environment.

services.xserver.displayManager.gdm.enable = true;
services.xserver.desktopManager.gnome.enable = true;

Configure keymap in X11

services.xserver = {
layout = “us”;
xkbVariant = “”;
};

Enable CUPS to print documents.

###MY CHANGE

services.printing.enable = true;

###MY CHANGE
services.ipp-usb.enable = false;
services.printing.enable = false;
services.avahi.enable = false;
networking.firewall.package = pkgs.nftables;
networking.firewall.enable = true;
networking.firewall.extraInputRules = “ct state new drop
tcp flags syn drop
ip frag-off & 0x1fff ! = 0 drop
ip payload len eq 0 drop
tcp flags & ( fin|syn|rst|psh|ack|urg ) == ( fin|psh|urg ) drop
tcp dport { 6000:6007 } drop
udp dport { 6000:6007 } drop
tcp dport { 22, 23 } drop
tcp sport 2083 accept”; # CPANEL

                      # udp dport { 3478:3481 } accept \n  MSTEAM

Enable sound with pipewire.

sound.enable = true;
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;

# use the example session manager (no others are packaged yet so this is enabled by default,
# no need to redefine it in your config for now)
#media-session.enable = true;

};

Enable touchpad support (enabled default in most desktopManager).

services.xserver.libinput.enable = true;

Define a user account. Don’t forget to set a password with ‘passwd’.

users.users.zzz = {
isNormalUser = true;
description = “zzz”;
extraGroups = [ “networkmanager” “wheel” ];
packages = with pkgs; [
firefox
# thunderbird
];
};

Allow unfree packages

nixpkgs.config.allowUnfree = true;

List packages installed in system profile. To search, run:

$ nix search wget

environment.systemPackages = with pkgs; [

vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.

wget

];

Some programs need SUID wrappers, can be configured further or are

started in user sessions.

programs.mtr.enable = true;

programs.gnupg.agent = {

enable = true;

enableSSHSupport = true;

};

List services that you want to enable:

Enable the OpenSSH daemon.

services.openssh.enable = true;

Open ports in the firewall.

networking.firewall.allowedTCPPorts = [ … ];

networking.firewall.allowedUDPPorts = [ … ];

Or disable the firewall altogether.

networking.firewall.enable = false;

This value determines the NixOS release from which the default

settings for stateful data, like file locations and database versions

on your system were taken. It‘s perfectly fine and recommended to leave

this value at the release version of the first install of this system.

Before changing this value read the documentation for this option

(e.g. man configuration.nix or on NixOS Search).

system.stateVersion = “23.11”; # Did you read the comment?

}