I have yet to see any problem, however complicated, which, when looked at in the right way did not become still more complicated, Paul Anderson.
NixOS is a unique, innovative, and powerful Linux distribution that leverages the Nix package manager. Unlike traditional Linux distributions that update packages and system configurations in-place, NixOS uses a purely functional and declarative approach to define the system state, reducing the risk of system breakage.
NixOS is a Linux distribution that uses the Nix package manager to handle packages and system configuration in a purely functional manner. This approach ensures that builds are reproducible and that the system state can be reliably replicated or rolled back.
sudo nix-env ‐‐rollback is a command used to revert your system to the previous configuration. It’s a powerful tool for undoing unintended changes or recovering from failed package installations. Before rolling back, consider if there’s a more targeted solution, like uninstalling specific packages or reverting configuration files.
SSH (Secure Shell) is a protocol used to securely access and manage remote servers over a network. NixOS provides a declarative way to configure the OpenSSH service, allowing you to enable SSH daemon (sshd), restrict logins, and control authentication methods.
Step 1. Edit the NixOS configuration file: sudo vim /etc/nixos/configuration.nix:
services.openssh = {
#settings.PermitRootLogin = "yes";
enable = true; # Enable the OpenSSH daemon (sshd).
settings = {
X11Forwarding = true; # Allow forwarding X11 sessions over SSH
# It enables you to run graphical applications on a remote server and display them locally on your computer.
PermitRootLogin = "no"; # Disable root login for better security.
PasswordAuthentication = false;
# Disable password login. This is optional.
# This will disable your ability to log in through SSH using account passwords
# and enforce key-based authentication (you must use SSH Keys to log in).
};
# Restart and check the status of the SSH service:
# sudo systemctl restart sshd, sudo systemctl status sshd
};
# Define a user with their public SSH key
users.users.nmaximo7 = {
isNormalUser = true;
...
openssh.authorizedKeys.keys = [
""
# Replace INSERT PUBLIC KEY with the actual content of the user’s SSH public key
# (e.g., from ~/.ssh/id_ed25519.pub). This ensures the user nmaximo7 can log in via SSH key authentication without a password.
...
};
Step 2. Save, close the file and rebuild the system (apply changes): sudo nixos-rebuild switch
. Now, you can test SSH access from another machine.
Sometimes, you may want a particular user to run sudo commands without being prompted for a password. This can be convenient for automation, productivity (especially in a domestic “safe” place) but poses a security risk if not controlled carefully. Only enable passwordless sudo for trusted users and consider the implications.
Typically, you will edit your configuration.nix file:
# Configure sudo to allow specific users to run commands without a password
security.sudo.extraRules= [
{
users = [ "nmaximo7" ]; # Specify the user who will have passwordless sudo access
commands = [
{
command = "ALL" ; # Allow the user to run all commands
options= [ "NOPASSWD" ]; # Specify that no password is required for the specified commands (in this case, ALL).
}
];
}
];
Rofi is a powerful, versatile, and lightweight window switcher, application launcher, and dmenu replacement for Linux systems. It provides a flexible and user-friendly launcher for applications, SSH connections, window switching, and more. It is highly customizable through theming, plugins, and configuration files.
To configure Rofi, create or modify a rofi.nix file and import it into your user configuration (such as in home-manager configuration) or directly into configuration.nix.
Example Rofi Configuration:
{ config, pkgs, ... }:
{
programs.rofi = {
enable = true; # Enables Rofi
plugins = with pkgs; [ # Include additional plugins for Rofi
rofi-calc # Adds a calculator plugin
rofi-emoji # Enables emoji picker plugin from Rofi
rofi-power-menu # Adds a power menu plugin for system actions (shutdown, reboot, etc.)
];
terminal = "${pkgs.alacritty}/bin/alacritty";
# Set Alacritty as the terminal to be used by Rofi when launching terminal apps
theme = "~/dotfiles/Rofi/rounded-dark";
# Assigns a custom theme for Rofi, allowing you to personalize its appearance.
extraConfig = {
# Customize the modes available in Rofi
modes = "window,drun,run,ssh,combi,emoji,calc,power-menu:${pkgs.rofi-power-menu}/bin/rofi-power-menu --choices=shutdown/reboot/logout/lockscreen --confirm=logout/lockscreen";
# Lists the modes available in Rofi: window switching, applications launching, SSH connections, emoji selection, calculator functionality, and a power menu.
# -confirm=logout/lockscreen: It prompts for confirmation ONLY before executing the logout or lock screen actions.
combi-modes = "window,drun,emoji,calc";
# Defines which modes are included in the combined ("combi") mode view for convenience.
calc-command = "qalc"; # Use qalc for calculator mode
# qalc (Qalculate!) is a powerful, multi-purpose calculator utility available in Linux.
calc-show-history = true; # Enable the display of previous calculations
emoji-command = "rofi-emoji"; # Use rofi-emoji for emoji selection
font = "hack 20"; # Sets the font for Rofi to "Hack" at size 20, enhancing readability.
};
};
}
modes: Defines the various modes that Rofi can operate in. It includes:
Dropbox is a widely-used cloud storage and file synchronization service. On NixOS, enabling and running Dropbox typically involves the following steps:
{ config, pkgs, ... }:
{
# 1. Enable unfree packages. Dropbox is not free software!
nixpkgs.config.allowUnfree = true;
# 2. Add Dropbox to system packages (available system-wide).
# It allows you to manage Dropbox from the command line,
# but the Dropbox daemon also runs to synchronize files.
environment.systemPackages = with pkgs; [
dropbox-cli
];
# 3. Configure Dropbox as a systemd service
systemd.user.services.dropbox = {
description = "Dropbox";
wantedBy = [ "graphical-session.target" ];
environment = {
# 4. Environment variables for Qt.
# Dropbox’s graphical interface relies on Qt.
QT_PLUGIN_PATH = "/run/current-system/sw/" + pkgs.qt5.qtbase.qtPluginPrefix;
QML2_IMPORT_PATH = "/run/current-system/sw/" + pkgs.qt5.qtbase.qtQmlPrefix;
};
# 5. Service Settings:
serviceConfig = {
ExecStart = "${pkgs.dropbox}/bin/dropbox"; # It points to dropbox binary from the pkgs.dropbox package.
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
KillMode = "control-group";
Restart = "on-failure";
PrivateTmp = true; # Provide additional security by isolating the service’s temporary directory ...
ProtectSystem = "full"; # and restricting writes to the filesystem.
Nice = 10; # Ask Dropbox to play nice. It lowers the priority of the Dropbox process...
# reducing its impact on the overall system performanace.
};
};
# 6. Open necessary ports for Dropbox
# It opens TCP and UDP port 17500 (and port 22 for SSH) in the firewall configuration.
networking.firewall = {
allowedTCPPorts = [ 17500 22 ];
allowedUDPPorts = [ 17500 ];
};
}
After making changes: You will typically rebuild the system and switch to the new one: sudo nixos-rebuild switch
and sudo systemctl start dropbox
to start the service.
Visual Studio Code is a popular, multi-platform, source-code editor developed by Microsoft. Visual Studio Code functionality can be extended using extensions. NixOS can integrate and configure VSCode declaratively, installing extensions and applying user settings without extra manual configuration. We will configure it with two files inside our dotfiles directory: vscode.nix and vscode-snippets.nix.
{ config, pkgs, ... }:
let
home = config.home;
vscodeSnippets = import ~/dotfiles/vscode-snippets.nix { inherit pkgs; }; # Snippets file for Visual Studio
in
{
programs.vscode = {
enable = true; # Enable the VSCode program
package = pkgs.vscode; # Define the package to use for VSCode
# In NixOS, you can specify a list of VSCode extensions and themes to be installed declaratively. T
extensions = with pkgs.vscode-extensions; [
dracula-theme.theme-dracula # A popular theme for a dark aesthetic
yzhang.markdown-all-in-one # Markdown editing enhancements
oderwat.indent-rainbow # Colorful indentation guides for better readability
pkief.material-icon-theme # Material Design icons for files and folders
ms-python.python # An extension for Python language support
esbenp.prettier-vscode # Code formatter for consistent code style, following Prettier style rules
];
userSettings = { # User-specific settings for configuring VSCode in a JSON-like manner
"editor.snippetSuggestions" = "top";
"[markdown]" = {
"editor.quickSuggestions" = {
"other" = true;
"comments" = false;
"strings" = false;
};
};
"files.autoSave" = "afterDelay"; # Enable autosaves
"files.autoSaveDelay" = 1000; # Sets the delay for autosave
"editor.formatOnSave" = true; # Automatically format the code when saving
"editor.renderWhitespace" = "all"; # Show whitespace characters (spaces, tabs) in the editor
"files.trimTrailingWhitespace" = true; # Remove trailing whitespace when saving files
"workbench.colorTheme" = "Dracula"; # Set the color theme to Dracula
"workbench.iconTheme" = "material-icon-theme"; # Use Material Design icons
"python.defaultInterpreterPath" = "${pkgs.python3}/bin/python"; # Set the default Python interpreter path
"cSpell.enabled" = true; # Enable spell checking
"cSpell.language" = "en,es"; # Enable spell checking for English and Spanish languages
"cSpell.showStatus" = true; # Show the spell checker status in the status bar
}; # userSettings
keybindings = [
# The keybindings attribute customizes keyboard shortcuts.
# This ensures that pressing Tab inserts snippets if available, making snippet usage more intuitive.
{
key = "tab";
command = "snippetInsert";
when = "editorTextFocus && hasSnippetCompletions && !editorTabMovesFocus && !inSnippetMode";
}]; # Keybindings
}; # programs.vscode
home.file.".config/Code/User/snippets/markdown.json".source = snippets.markdownSnippets;
# This line places a custom snippet file for Markdown in the appropriate VSCode directory.
Rebuild the system: sudo nixos-rebuild switch