JustToThePoint English Website Version
JustToThePoint en español
Colaborate with us

NixOS V. SSH, Dropbox, VCode

I have yet to see any problem, however complicated, which, when looked at in the right way did not become still more complicated, Paul Anderson.

Introduction to NixOS

NixOS is a unique, innovative, and powerful Linux distribution that leverages the Nix package manager. Unlike traditional Linux distributions that update packages and system configurations in-place, NixOS uses a purely functional and declarative approach to define the system state, reducing the risk of system breakage.

NixOS is a Linux distribution that uses the Nix package manager to handle packages and system configuration in a purely functional manner. This approach ensures that builds are reproducible and that the system state can be reliably replicated or rolled back.

  1. Immutable Design: It uses a configuration file (usually /etc/nixos/configuration.nix) to define the entire system state, including installed packages, services, and system settings. This makes the system “immutable” in the sense that you don’t manually modify system files. Instead, you declare what you want, and NixOS builds the system from that declaration.
  2. Atomic Updates: When you run nixos-rebuild switch, the system builds a new generation of the environment. If the build is successful, you can switch to this new environment atomically. This means that either the entire update is applied, or nothing changes at all, preventing partial updates that could leave the system in an inconsistent state: sudo nixos-rebuild switch, build and switch to the new generation. If anything goes wrong, you can easily roll back to a previous generation: sudo nix-env ‐‐rollback This rollback is seamless because each generation is stored separately.

    sudo nix-env ‐‐rollback is a command used to revert your system to the previous configuration. It’s a powerful tool for undoing unintended changes or recovering from failed package installations. Before rolling back, consider if there’s a more targeted solution, like uninstalling specific packages or reverting configuration files.

  3. Purely Functional System Configuration: NixOS uses a functional paradigm for configuration. This means that changes are expressed as pure functions from a configuration to a system state, ensuring reproducible builds and easy rollback.

NixOS

SSH

SSH (Secure Shell) is a protocol used to securely access and manage remote servers over a network. NixOS provides a declarative way to configure the OpenSSH service, allowing you to enable SSH daemon (sshd), restrict logins, and control authentication methods.

Step 1. Edit the NixOS configuration file: sudo vim /etc/nixos/configuration.nix:

services.openssh = {
  #settings.PermitRootLogin = "yes";
    enable = true; # Enable the OpenSSH daemon (sshd).
    settings = {
      X11Forwarding = true; # Allow forwarding X11 sessions over SSH
      # It enables you to run graphical applications on a remote server and display them locally on your computer.
      PermitRootLogin = "no"; # Disable root login for better security.
      PasswordAuthentication = false;
      # Disable password login. This is optional.
      # This will disable your ability to log in through SSH using account passwords
      # and enforce key-based authentication (you must use SSH Keys to log in).
    };
    # Restart and check the status of the SSH service:
    # sudo systemctl restart sshd, sudo systemctl status sshd

  };
  # Define a user with their public SSH key
  users.users.nmaximo7 = {
    isNormalUser = true;
    ...
    openssh.authorizedKeys.keys = [
  	""
    # Replace INSERT PUBLIC KEY with the actual content of the user’s SSH public key
    # (e.g., from ~/.ssh/id_ed25519.pub). This ensures the user nmaximo7 can log in via SSH key authentication without a password.
    ...
  };

Step 2. Save, close the file and rebuild the system (apply changes): sudo nixos-rebuild switch. Now, you can test SSH access from another machine.

Configuration for Passwordless sudo

Sometimes, you may want a particular user to run sudo commands without being prompted for a password. This can be convenient for automation, productivity (especially in a domestic “safe” place) but poses a security risk if not controlled carefully. Only enable passwordless sudo for trusted users and consider the implications.

Typically, you will edit your configuration.nix file:

# Configure sudo to allow specific users to run commands without a password
security.sudo.extraRules= [
  {
    users = [ "nmaximo7" ]; # Specify the user who will have passwordless sudo access
      commands = [
          {
            command = "ALL" ; # Allow the user to run all commands
            options= [ "NOPASSWD" ];  # Specify that no password is required for the specified commands (in this case, ALL).
          }
      ];
  }
];
Enabling passwordless sudo can significantly enhance productivity, especially in environments where security risks are minimal, like a domestic or home setup. However, it’s crucial to stress that this privilege should only be granted to users who are completely trustworthy.

Rofi

Rofi is a powerful, versatile, and lightweight window switcher, application launcher, and dmenu replacement for Linux systems. It provides a flexible and user-friendly launcher for applications, SSH connections, window switching, and more. It is highly customizable through theming, plugins, and configuration files.

To configure Rofi, create or modify a rofi.nix file and import it into your user configuration (such as in home-manager configuration) or directly into configuration.nix.

Example Rofi Configuration:

{ config, pkgs, ... }:

{
  programs.rofi = {
    enable = true; # Enables Rofi
    plugins = with pkgs; [ # Include additional plugins for Rofi
        rofi-calc # Adds a calculator plugin
        rofi-emoji # Enables emoji picker plugin from Rofi
        rofi-power-menu # Adds a power menu plugin for system actions (shutdown, reboot, etc.)
    ];
    terminal = "${pkgs.alacritty}/bin/alacritty";
    # Set Alacritty as the terminal to be used by Rofi when launching terminal apps
    theme = "~/dotfiles/Rofi/rounded-dark";
    # Assigns a custom theme for Rofi, allowing you to personalize its appearance.
    extraConfig = {
    # Customize the modes available in Rofi
      modes = "window,drun,run,ssh,combi,emoji,calc,power-menu:${pkgs.rofi-power-menu}/bin/rofi-power-menu --choices=shutdown/reboot/logout/lockscreen --confirm=logout/lockscreen";
      # Lists the modes available in Rofi: window switching, applications launching, SSH connections, emoji selection, calculator functionality, and a power menu.
      # -confirm=logout/lockscreen: It prompts for confirmation ONLY before executing the logout or lock screen actions.
      combi-modes = "window,drun,emoji,calc";
      # Defines which modes are included in the combined ("combi") mode view for convenience.
      calc-command = "qalc"; # Use qalc for calculator mode
      # qalc (Qalculate!) is a powerful, multi-purpose calculator utility available in Linux.
      calc-show-history = true; # Enable the display of previous calculations
      emoji-command = "rofi-emoji"; # Use rofi-emoji for emoji selection
      font = "hack 20"; # Sets the font for Rofi to "Hack" at size 20, enhancing readability.
   };
  };
}

modes: Defines the various modes that Rofi can operate in. It includes:

Dropbox

Dropbox is a widely-used cloud storage and file synchronization service. On NixOS, enabling and running Dropbox typically involves the following steps:

{ config, pkgs, ... }:

{
  # 1. Enable unfree packages. Dropbox is not free software!
  nixpkgs.config.allowUnfree = true;

  # 2. Add Dropbox to system packages (available system-wide).
  # It allows you to manage Dropbox from the command line,
  # but the Dropbox daemon also runs to synchronize files.
  environment.systemPackages = with pkgs; [
    dropbox-cli
  ];

  # 3. Configure Dropbox as a systemd service
  systemd.user.services.dropbox = {
    description = "Dropbox";
    wantedBy = [ "graphical-session.target" ];
    environment = {
      # 4. Environment variables for Qt.
      # Dropbox’s graphical interface relies on Qt.
      QT_PLUGIN_PATH = "/run/current-system/sw/" + pkgs.qt5.qtbase.qtPluginPrefix;
      QML2_IMPORT_PATH = "/run/current-system/sw/" + pkgs.qt5.qtbase.qtQmlPrefix;
    };
    # 5. Service Settings:
    serviceConfig = {
      ExecStart = "${pkgs.dropbox}/bin/dropbox"; # It points to dropbox binary from the pkgs.dropbox package.
      ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
      KillMode = "control-group";
      Restart = "on-failure";
      PrivateTmp = true; # Provide additional security by isolating the service’s temporary directory ...
      ProtectSystem = "full"; # and restricting writes to the filesystem.
      Nice = 10; # Ask Dropbox to play nice. It lowers the priority of the Dropbox process...
      # reducing its impact on the overall system performanace.
    };
  };

  # 6. Open necessary ports for Dropbox
  # It opens TCP and UDP port 17500 (and port 22 for SSH) in the firewall configuration.
  networking.firewall = {
    allowedTCPPorts = [ 17500 22 ];
    allowedUDPPorts = [ 17500 ];
  };
}

After making changes: You will typically rebuild the system and switch to the new one: sudo nixos-rebuild switch and sudo systemctl start dropbox to start the service.

Visual Studio Code

Visual Studio Code is a popular, multi-platform, source-code editor developed by Microsoft. Visual Studio Code functionality can be extended using extensions. NixOS can integrate and configure VSCode declaratively, installing extensions and applying user settings without extra manual configuration. We will configure it with two files inside our dotfiles directory: vscode.nix and vscode-snippets.nix.

{ config, pkgs, ... }:

let
  home = config.home;
  vscodeSnippets = import ~/dotfiles/vscode-snippets.nix { inherit pkgs; }; # Snippets file for Visual Studio
in
{
programs.vscode = {
  enable = true; # Enable the VSCode program
  package = pkgs.vscode; # Define the package to use for VSCode
  # In NixOS, you can specify a list of VSCode extensions and themes to be installed declaratively. T
  extensions = with pkgs.vscode-extensions; [
      dracula-theme.theme-dracula  # A popular theme for a dark aesthetic
      yzhang.markdown-all-in-one # Markdown editing enhancements
      oderwat.indent-rainbow # Colorful indentation guides for better readability
      pkief.material-icon-theme # Material Design icons for files and folders
      ms-python.python # An extension for Python language support
      esbenp.prettier-vscode # Code formatter for consistent code style, following Prettier style rules
  ];
  userSettings = { # User-specific settings for configuring VSCode in a JSON-like manner
      "editor.snippetSuggestions" = "top";
			  "[markdown]" = {
			    "editor.quickSuggestions" = {
					"other" = true;
					"comments" = false;
					"strings" = false;
				};
			};
      "files.autoSave" = "afterDelay"; # Enable autosaves
      "files.autoSaveDelay" = 1000; # Sets the delay for autosave
      "editor.formatOnSave" = true; # Automatically format the code when saving
      "editor.renderWhitespace" = "all"; # Show whitespace characters (spaces, tabs) in the editor
      "files.trimTrailingWhitespace" = true; # Remove trailing whitespace when saving files
      "workbench.colorTheme" = "Dracula"; # Set the color theme to Dracula
      "workbench.iconTheme" = "material-icon-theme"; # Use Material Design icons
      "python.defaultInterpreterPath" = "${pkgs.python3}/bin/python"; # Set the default Python interpreter path
      "cSpell.enabled" = true; # Enable spell checking
      "cSpell.language" = "en,es"; # Enable spell checking for English and Spanish languages
      "cSpell.showStatus" = true; # Show the spell checker status in the status bar
  }; # userSettings
  keybindings = [
  # The keybindings attribute customizes keyboard shortcuts.
  # This ensures that pressing Tab inserts snippets if available, making snippet usage more intuitive.
  {
      key = "tab";
      command = "snippetInsert";
      when = "editorTextFocus && hasSnippetCompletions && !editorTabMovesFocus && !inSnippetMode";
  }]; # Keybindings
}; # programs.vscode
home.file.".config/Code/User/snippets/markdown.json".source = snippets.markdownSnippets;
# This line places a custom snippet file for Markdown in the appropriate VSCode directory.
I cannot show you my vscode-snippets.nix for rendering problems.

Rebuild the system: sudo nixos-rebuild switch

Bitcoin donation

JustToThePoint Copyright © 2011 - 2025 Anawim. ALL RIGHTS RESERVED. Bilingual e-books, articles, and videos to help your child and your entire family succeed, develop a healthy lifestyle, and have a lot of fun. Social Issues, Join us.

This website uses cookies to improve your navigation experience.
By continuing, you are consenting to our use of cookies, in accordance with our Cookies Policy and Website Terms and Conditions of use.