crowJan 30
Setup my blog today, and made my first post detailing a Nix flake that I include on all my nixosSystem builds that sets some sensible defaults

Check it out: https://blog.xvrqt.com/nix-defaults.html

#nix #nixos #rust #flakes #programming #coder #hacking #crows
nix defaults

Sensible Nix Defaults If you're using Nix you are probably more accustomed to nonsense, and I am no...

xvrqt
Show threadcrowFeb 2
Got tricked into writing a blog post better explaining the linux kernel's audit system and setting it up in Nix

It's a moving work of art and you should read it; it will look great on your wedding day: https://blog.xvrqt.com/nix-audit.html

#nix #nixos #linux #kernelsecurity
nix audit

Nix Audit The linux kernel has an audit module which can keep track of which files are accessed, an...

xvrqt
Show threadcrow13h ago
https://blog.xvrqt.com/nix-wireguard.html

Writing a new series on using Nix to configure Wireguard. It's probably overly ambitious as I have had the completed flake done for personal use for weeks now, but writing the blog means redoing it step by step in excruciating detail.

I had to keep cutting scope for each post and now, after typing all day, I finally have... the basic option setup for it. How is writing so hard? Why would a loving god cause such agony?

Feedback welcome, as I think part of my problem is I don't understand who my audience is so I never know what I can leave out and what I should explain further.

#nix #nixos #linux #wireguard #kernel #flakes #foss
nix wireguard

Wireguard1 is a Linux Kernel Module which allows you to easily configure encrypted network interfac...

xvrqt
Show threadThe Incredible Laser11h ago

@crow there is the short mkEnableOption which is usually used for whatever.enable, doesn't save much but I find it somewhat convenient

One thing I don't understand about your code is wgqt.machines' default value, where is "defaults" coming from? I'd have expected something like "{}"

Show threadcrow4h ago
@IncredibleLaser I know about mkEnable but it defaults to "false" so I have to instantiate manually. Some times I make my own mkEnabled option which is just mkEnable with the default being true lol

As for the defaults let me look, it might be leftover cruft from my finished flake where I set the defaults to values in a defaults.nix so I can just import the module and do no setup. I thought I changed it to '{}' but I might have accidentally copied it back while editing 😛
Show threadcrow4h ago
@IncredibleLaser Good catch, it's correct in https://blog.xvrqt.com/nix-wireguard.html#set-of-machines but sneaks back in to the final config here https://blog.xvrqt.com/nix-wireguard.html#what-have-we-wrought

Thank you!!!
nix wireguard

Wireguard1 is a Linux Kernel Module which allows you to easily configure encrypted network interfac...

xvrqt
Show threadThe Incredible Laser

@crow no problem.

I can't comment on how understandable your guide is because I've already written modules before (yes, even with type attrsOf submodule...)

Also, something I just spotted: you're using "with lib;" which is an antipattern: https://nix.dev/guides/best-practices#with-scopes rather inherit from lib.

What I do like is that your options live in a separate flake. I wrote a blog post about that as well.

Anyhow, nice to see a practical example, I think most people tend not to use options.

Best practices — nix.dev documentation

4:39pmWeb
Show threadcrow2h ago
@IncredibleLaser

Yeah over time I have been using options more and more; realized having special flake outputs with data structures other flakes need to be insync was a serious anti-pattern and those should just be part of the config and referenced from there.

Nix gives me the feeling of learning cpp half a lifetime ago; everyone uses a different subset of features in different ways and it takes blowing your own feet off several times to realize what "good nix/cpp" should look like

Thanks for the feedback!