Cheatsheet: Difference between revisions

From NixOS Wiki
VisualWikitext
imported>Makefu
No edit summary
 
(79 intermediate revisions by 40 users not shown)
Line 1: Line 1:
= A cheat sheet and rough mapping between Ubuntu and NixOS =
== A NixOS cheat sheet and comparison to Ubuntu ==
This is meant to give you basic ideas and get you unstuck. NixOS being very different from most distributions, a deeper understanding will be necessary sooner or later! Follow the links to the manual pages and browse the wiki to find real NixOS tutorials.
[[Ubuntu_vs._NixOS|Ubuntu vs. NixOS]] provides a table mapping of common administrative tasks and their commands in Ubuntu to similar capabilities in NixOS.


The system-wide column is the equivalent of using apt under Ubuntu.
== Working with the nix store ==


TODO Provide well-commented sample configuration.nix and ~/.nixpkgs/config.nix files with examples of common tasks.
=== Get the store path for a package ===


{| class="wikitable"
<syntaxHighlight lang="console">
!|Task
$ nix repl
!|Ubuntu
nix-repl> :l <nixpkgs>  
!|NixOS (system-wide and root)
Added 7486 variables.
!|NixOS (user) and Nix in general
nix-repl> "${xorg.libXtst}"
|-
"/nix/store/nlpnx21yjdjx2ii7ln4kcmbm0x1vy7w9-libXtst-1.2.3"
| colspan="5" style="text-align:center"| Basic concepts
|-
|
|
|This column will let you do everything you can with Ubuntu and more.
|This column just isn't possible in Ubuntu.
|-
|Who can install packages and who can run them?
|All packages are always system-wide and only root can install packages.
|Packages root installs are system-wide. It does so through through /etc/nixos/configuration.nix. If root installs packages the same way users do, through ~/.nixpkgs/config.nix, they are also global. Root's default profile is the system-wide default profile.
|Users can install their own packages and have their own profiles (environments) through ~/.nixpkgs/config.nix
|-
|Package manager
|apt which is really running on top of dpkg, sometimes wrapped by UIs like aptitude.
|nix, but many system-wide operations are provided by nixos packages.
|Just nix without the involvement of nixos.
|-
|How do you select your official sources and major releases
|These are baked into the distribution (e.g. Ubuntu version X). Upgrades are hard and permanent.
|At any time you select from a collection of channels. They're system-wide when set by root. You can roll back changes or switch channels with ease.
|Channels are per-user if they're not set by root.
|-
|Where are packages installed?
|apt installs globally into /bin/, /usr/, etc.
|System-wide packages are in /run/current-system/sw/ (these are installed because of /etc/nixos/configuration.nix) and /nix/var/nix/profiles/default/bin/ (this is the profile managed by root). Note that the files are just symlinks to the real packages managed by nix /nix/store/.
|User packages are in ~/.nix-profile/. Note that the files are just symlinks to the real packages managed by nix in /nix/store/.
|-
|When changes take effect
|As soon as the command runs. Commands are not atomic and can leave your machine in a bad state.
|Most of the time you modify the configuration file and apply changes with nixos-rebuild switch
TODO How does one get nixos to do all the work for a switch and separate out the actual switching from fetching/building?
|Most of the time you apply changes with nix-env -i all
TODO How does one get nix to do all the work for a switch and separate out the actual switching from fetching/building?
|-
|Packages
|Uniformly referred to as packages
|Technically called "derivations" but everyone calls them packages.
|Technically called "derivations" but everyone calls them packages.
|-
| colspan="5" style="text-align:center"| Package management
|-
|Install a package
|<pre>sudo apt-get install emacs</pre>
|In /etc/nixos/configuration.nix:
If it's a program add to systemPackages:
<pre>
systemPackages = with pkgs;
                    [ <other packages...> emacs ];</pre>
If it's a service add:
 
<pre>services.openssh.enable = true;</pre>
|<pre>nix-env -i emacs</pre>
Or with collections, add the package to your ~/.nixpkgs/config.nix and run
<pre>nix-env -i all</pre>
Since 17.09pre:
<pre>users.users.<username>.packages =
          with pkgs;[ emacs ];</pre>
|-
|Uninstall a package
|<pre>sudo apt-get remove emacs</pre>
|remove from /etc/nixos/configuration.nix
<pre>sudo nixos-rebuild switch</pre>
|
|-
|Uninstall a package removing its configuration
|<pre>apt-get purge emacs</pre>
|All configuration is in configuration.nix
|
|-
|Update the list of packages
|<pre>sudo apt-get update</pre>
|<pre>sudo nix-channel --update</pre>
|<pre>nix-channel --update</pre>
|-
|Upgrade packages
|<pre>sudo apt-get upgrade</pre>
|<pre>sudo nixos-rebuild switch</pre>
|<pre>nix-env -u</pre>
|-
|Check for broken dependencies
|<pre>sudo apt-get check</pre>
|<pre>nix-store --verify --check-contents</pre>
|unneeded!
|-
|List package dependencies
|<pre>apt-cache depends emacs</pre>
|<pre>nix-store --query --requisites $(readlink -f /run/current-system)
nix-store -q --tree /nix/var/nix/profiles/system</pre>
|<pre>nix-store --query --references\
  $(nix-instantiate '<nixpkgs>' -A emacs)</pre>
For installed packages:
<pre>nix-store --query --references $(which emacs)</pre>
|-
|List which packages depend on this one (reverse dependencies)
|<pre>apt-cache rdepends emacs</pre>
|
|For installed packages (only print reverse dependencies *which are already installed*):
<pre>nix-store --query --referrers $(which emacs)</pre>
|-
|Verify all installed packages
|<pre>debsums</pre>
|<pre>sudo nix-store --verify --check-contents</pre>
|<pre>nix-store --verify --check-contents</pre>
|-
|Fix packages with failed checksums
|Reinstall broken packages
|<pre>sudo nix-store --verify --check-contents --repair</pre>
|<pre>nix-store --verify --check-contents --repair</pre>
|-
|Select major version and stable/unstable
|Change sources.list and apt-get dist-upgrade. A an extremely infrequent and destructive operation. The nix variants are safe and easy to use.
|<pre>nix-channel --add\
  https://nixos.org/channels/nixpkgs-unstable <name></pre>
Add the unstable channel. At that address you will find names for other versions and variants. Name can be any string.
<pre>nix-channel --remove <name></pre>
To eliminate a channel.
<pre>nix-channel --list</pre>
To show all installed channel.
|When run by a user channels work locally, when run by root they're used as the system-wide channels.
|-
|Private package repository
|PPA
|Define your package tree as in the general column, and include it in configuration.nix, then list your packages in systemPackages to make them available system wide
|See [https://sandervanderburg.blogspot.de/2014/07/managing-private-nix-packages-outside.html]
|-
|Install a particular version of a package
|
|
|
|-
| colspan="5" style="text-align:center"| Package configuration
|-
|Configure a package
|<pre>sudo dpkg-reconfigure <package></pre>
|edit /etc/nixos/configuration.nix
|edit ~/.nixpkgs/config.nix TODO More details about how to edit
|-
|List package options
|
|
|
|-
|Global package configuration
|Modify configuration file in /etc/
|
|
|-
| colspan="5" style="text-align:center"| Package configuration
|-
|Find packages
|<pre>apt-cache search emacs</pre>
|<pre>nix-env -qaP '.*emacs.*'</pre>
|<pre>nix-env -qaP '.*emacs.*'</pre>
|-
|Show package description
|<pre>apt-cache show emacs</pre>
|<pre>nix-env -qa --description '.*emacs.*'</pre>
|<pre>nix-env -qa --description '.*emacs.*'</pre>
|-
|Show files installed by package
|<pre>dpkg -L emacs</pre>
|<pre>readlink -f $(which emacs)
/nix/store/ji06y4haijly0i0knmr986l2dajffv1p-emacs-24.4/bin/emacs-24.4</pre>
then
<pre>du -a /nix/store/ji06y4haijly0i0knmr986l2dajffv1p-emacs-24.4</pre>
|<pre></pre>
|-
|Show package for file
|<pre>dpkg -S /usr/bin/emacs</pre>
|follow the symlink
|follow the symlink
|-
| colspan="5" style="text-align:center"| Services
|-
|Start a service
|<pre>sudo service apache start</pre>
|<pre>sudo systemctl start apache</pre>
|
|-
|Stop a service
|<pre>sudo service apache stop</pre>
|<pre>sudo systemctl stop apache</pre>
|
|-
|Where your log files live
|/var/log/
|System-wide packages /var/log/
|User packages ~/.nix-profile/var/log/
|-
|Adding a user
|sudo adduser alice
|Add <pre>users.extraUsers.alice =
{ isNormalUser = true;
  home = "/home/alice";
  description = "Alice Foobar";
  extraGroups = [ "wheel" "networkmanager" ];
  openssh.authorizedKeys.keys =
      [ "ssh-dss AAAAB3Nza... alice@foobar" ];
};</pre> to to /etc/nixos/configuration.nix and then call <pre>nixos-rebuild switch</pre>
|
|-
| colspan="5" style="text-align:center"| Misc tasks
|-
|List binaries
|<pre>ls /usr/bin/</pre>
|<pre>ls /run/current-system/sw/bin &&\
ls /nix/var/nix/profiles/default/bin/</pre>
|<pre>ls ~/.nix-profile/bin</pre>
|-
|Get the current version number
|<pre>cat /etc/debian_version</pre>
|<pre>nixos-version</pre>
|<pre>nixos-version</pre>
|-
|Get sources for a package
|<pre>apt-get source emacs</pre>
|
|In Debian, apt-get source gets both the patched upstream source and the recipe for the package. Those need two steps in Nix.
 
To find the package recipe: <pre>grep -r emacs $(nix-instantiate --eval --expr '<nixpkgs>')</pre>
To download the source as specified by the package recipe: <pre>nix-build '<nixpkgs>' -A emacs.src</pre>
The patched source is usually not a derivation itself, but can be produced for most packages with the following command: <pre>nix-shell '<nixpkgs>' -A emacs\
  --command 'unpackPhase; patchPhase'</pre>
|-
|Compile & install a package from source
|
|
|<pre>git clone foobar
cat >default.nix <<EOF
with import <nixpkgs> { };
stdenv.lib.overrideDerivation foobar (oldAttrs : {
  src = ./foobar;
})
EOF
nix-build</pre>
|-
|Install a binary package
|
|
|
|-
|Install a .deb
|<pre>dpkg -i package.deb</pre>
|
|Install dpkg with Nix, then <pre>dpkg -i package.deb</pre>
|}


= Working with the nix store =
nix-repl> :lf ./configuration.nix # as flakes way for a local file


== Get the store path for a package ==
# load nixos configuration from a nix file
$ nix repl --file '<nixpkgs/nixos>' -I nixos-config=./configuration.nix


<source lang="nix">
$ nix-repl
nix-repl> :l <nixpkgs>
Added 7486 variables.
nix-repl> "${xorg.libXtst}"                                                                                               
"/nix/store/nlpnx21yjdjx2ii7ln4kcmbm0x1vy7w9-libXtst-1.2.3"


$ nix-build '<nixpkgs>' --no-build-output -A xorg.libXtst
$ nix-build '<nixpkgs>' --no-build-output -A xorg.libXtst
/nix/store/nlpnx21yjdjx2ii7ln4kcmbm0x1vy7w9-libXtst-1.2.3
/nix/store/nlpnx21yjdjx2ii7ln4kcmbm0x1vy7w9-libXtst-1.2.3
</source>
</syntaxHighlight>
 


=== Adding files to the store ===
==== Get store path for a package from the Flake input ====
When packages are managed using [[Flakes]], store paths to them can be retrieved using <code>nix eval --inputs-from</code>, like this:<syntaxhighlight lang="shell">
$ nix eval --inputs-from "$flake_path" --raw "$input#$package"
</syntaxhighlight>For instance, when packages are managed using [[Home Manager]] using standard configuration, store path to the [[Git]] package can be retrieved using this command:<syntaxhighlight lang="shell">
$ nix eval --inputs-from ~/.config/home-manager --raw nixpkgs#git
</syntaxhighlight>


=== Add files to the store ===
It is sometimes necessary to add files to the store manually.
It is sometimes necessary to add files to the store manually.
This is particularly the case with packages that cannot be downloaded automatically,
This is particularly the case with packages that cannot be downloaded automatically,
Line 282: Line 36:
For most files, it is sufficient to run:
For most files, it is sufficient to run:


<source lang="bash">
<syntaxHighlight lang="console">
$ nix-store --add-fixed sha256 /path/to/file
$ nix-store --add-fixed sha256 /path/to/file
</source>
</syntaxHighlight>


Unfortunately, `nix-store` will try to load the entire file into memory,
Unfortunately, <code>nix-store</code> will try to load the entire file into memory,
which will fail if the file size exceeds available memory.
which will fail if the file size exceeds available memory.
If we have root access, we can copy the file to the store ourselves:
If we have root access, we can copy the file to the store ourselves:


<source lang="bash">
<syntaxHighlight lang="console">
$ sudo unshare -m bash  # open a shell as root in a private mount namespace
$ sudo unshare -m bash  # open a shell as root in a private mount namespace
$ largefile=/path/to/file
$ largefile=/path/to/file
Line 299: Line 53:
$ printf "$storepath\n\n0\n" | nix-store --register-validity --reregister  # register the file in the Nix database
$ printf "$storepath\n\n0\n" | nix-store --register-validity --reregister  # register the file in the Nix database
$ exit  # exit to the original shell where /nix/store is still mounted read-only
$ exit  # exit to the original shell where /nix/store is still mounted read-only
</source>
</syntaxHighlight>
 
To add a file with fixed name (when the input filename is not stable), or to add entire directories with filter, you can use '''builtins.path''':
 
<syntaxHighlight lang="console">
$ nix-instantiate --eval --read-write-mode -E 'builtins.path { path = ./myfile; name = "myname"; }'
</syntaxHighlight>


== Build nixos from nixpkgs repo ==
=== Build NixOS from nixpkgs repo ===


The following snippet will build the system from a git checkout:
The following snippet will build the system from a git checkout:


<source lang="bash">
<syntaxHighlight lang="console">
$ nixos-rebuild -I nixpkgs=/path/to/nixpkgs switch
$ nixos-rebuild -I nixpkgs=/path/to/nixpkgs switch
</source>
</syntaxHighlight>


This method can be used when testing nixos services for a pull request to nixpkgs.
This method can be used when testing NixOS services for a pull request to nixpkgs.


Building nixos from a git is an alternative to using nix channels and set up permanent following this [blog article](http://anderspapitto.com/posts/2015-11-01-nixos-with-local-nixpkgs-checkout.html).  
Building NixOS from a git is an alternative to using nix channels and set up permanent following this [https://web.archive.org/web/20160327190212/http://anderspapitto.com/posts/2015-11-01-nixos-with-local-nixpkgs-checkout.html blog article].
It has a couple of advantages over nixpkgs as it allows back-porting of packages/changes to stable versions
It has a couple of advantages over nixpkgs as it allows back-porting of packages/changes to stable versions
as well as applying customization.
as well as applying customization.


Use the following command to build directly from a particular branch of a repo in github:
Use the following command to build directly from a particular branch of a repository in GitHub:


<source lang="bash">
<syntaxHighlight lang="console">
$ nixos-rebuild -I nixpkgs=https://github.com/nixcloud/nixpkgs/archive/release-17.03.tar.gz switch
$ nixos-rebuild -I nixpkgs=https://github.com/nixcloud/nixpkgs/archive/release-17.03.tar.gz switch
</source>
</syntaxHighlight>
 
=== Evaluate a NixOS configuration without building ===
 
If you only want to evaluate <code>configuration.nix</code> without building (e.g. to syntax-check or see if you are using module options correctly), you can use:
 
<syntaxHighlight lang="console">
$ nix-instantiate '<nixpkgs/nixos>' -A system
</syntaxHighlight>
 
This creates the <code>.drv</code> file that <code>nixos-rebuild build</code> would build.
 
=== Explore a NixOS configuration in the REPL ===
If you want to see what ''value'' a NixOS option takes without building, as opposed to merely checking that all options work, you can run:
<syntaxhighlight lang="console">
$ nix repl --file '<nixpkgs/nixos>'
Welcome to Nix 2.18.2. Type :? for help.
 
Loading installable ''...
Added 6 variables.
nix-repl> config.environment.shells  # for example
[ "/run/current-system/sw/bin/zsh" ... ]
 
# Equivalently, if starting from an existing REPL:
nix-repl> :l <nixpkgs/nixos>
Added 6 variables.
 
nix-repl> config.environment.shells
</syntaxhighlight>
 
This can be helpful if your configuration is spread across multiple modules, or if you import modules from external sources, or if NixOS has defaults and you want to know whether a default is being used or extended in your configuration, or a variety of other cases in which you might want the computer to tell you what the end result of all your Nixing is going to be before you switch to it.
 
You can do this with configuration files other than the one installed in <code>/etc/nixos</code>, too:
 
<pre>
nix-repl> :a import <nixpkgs/nixos> { configuration = /path/to/config.nix; }
</pre>
 
=== Manually switching a NixOS system to a certain version of system closure ===
 
(''Or:'' What <code>nixos-rebuild</code> does under the hoods.)
 
Step 1: Do this for the equivalent of <code>nixos-rebuild boot</code> or <code>nixos-rebuild switch</code>, i.e. if you want the changes to persist after reboot:
 
If you have the store path, run this, replacing <code>$systemClosure</code> with store path to your system closure:
 
<syntaxHighlight lang="console">
$ nix-env --profile /nix/var/nix/profiles/system --set $systemClosure
</syntaxHighlight>
 
Or, if it was a previous generation, you can run this instead, replacing <code>$generation</code> with the desired generation number:
 
<syntaxHighlight lang="console">
$ nix-env --profile /nix/var/nix/profiles/system --switch-generation $generation
</syntaxHighlight>
 
Step 2: Do this for all changes:
 
Run this, replacing <code>$action</code> with the action (one of <code>boot</code>, <code>switch</code>, <code>test</code>):
 
<syntaxHighlight lang="console">
$ /nix/var/nix/profiles/system/bin/switch-to-configuration $action
</syntaxHighlight>
 
If you use a different profile name the procedure is similar, but use <code>/nix/var/nix/profiles/system-profiles/$profileName</code> instead of <code>/nix/var/nix/profiles/system</code>.


== Building a service as a VM (for testing) ==
=== Building a service as a VM (for testing) ===


While `nixos-rebuild build-vm` allows to build a vm out of the current system configuration, there is a more light-weight alternative when only a single service needs to be tested.
While <code>nixos-rebuild build-vm</code> allows to build a vm out of the current system configuration, there is a more light-weight alternative when only a single service needs to be tested.


Given the following configuration:
Given the following configuration:


<source lang="nix">
<syntaxHighlight lang="nix">
# vm.nix
# vm.nix
{ lib, config, ... }:                                                                                                
{ lib, config, ... }:
{                                                                                                                                    
{
   services.tor.enable = true;                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
   services.tor.enable = true;
   users.users.root.initialPassword = "root";                                                                                          
   users.users.root.initialPassword = "root";
}
}
</source>
</syntaxHighlight>


a vm can be build using the following command:
a vm can be build using the following command:


<source lang="bash">
<syntaxHighlight lang="console">
$ nixos-rebuild -I nixpkgs=/path/to/nixpkgs -I nixos-config=./vm.nix build-vm
$ nixos-rebuild -I nixpkgs=/path/to/nixpkgs -I nixos-config=./vm.nix build-vm
</source>
</syntaxHighlight>
 
where <code>-I nixpkgs=/path/to/nixpkgs</code> is optionally depending whether the vm should be build from git checkout or a channel.
 
On non-NixOS (linux) systems the following command can be used instead:
 
<syntaxHighlight lang="console">
$ nix-build '<nixpkgs/nixos>' -A vm -k -I nixos-config=./vm.nix
</syntaxHighlight>
 
By default the resulting vm will require X11 to create a virtual display.
By specifying additional arguments via the environment variables <code>QEMU_OPTS</code>and <code>QEMU_KERNEL_PARAMS</code> it is possible to reuse the current running terminal as serial console for the vm:
 
<syntaxHighlight lang="console">
$ export QEMU_OPTS="-nographic -serial mon:stdio" QEMU_KERNEL_PARAMS=console=ttyS0
$ /nix/store/lshw31yfbb6izs2s594jd89ma4wf8zw6-nixos-vm/bin/run-nixos-vm
</syntaxHighlight>
 
To forward a port you can set export <code>QEMU_NET_OPTS</code>. In the following example port 2222 on the host is forwarded to port 22 in the vm:


where `-I nixpkgs=/path/to/nixpkgs` is optionally depending whether the vm should be build from git checkout or a channel.
<syntaxHighlight lang="console">
$ export QEMU_NET_OPTS="hostfwd=tcp::2222-:22"
</syntaxHighlight>


On non-nixos (linux) systems the following command can be used instead:
Don't forget that by default NixOS comes with a firewall enabled:


<source lang="bash">
<syntaxHighlight lang="nix">
nix-build '<nixpkgs/nixos>' -A vm -k -I nixos-config=./vm.nix
{...}: {
</source>
  networking.firewall.enable = false;
}
</syntaxHighlight>


== Reuse a package as a build environment ==
=== Reuse a package as a build environment ===
As packages already contains all build dependencies, they can be reused to a build environment quickly.
As packages already contains all build dependencies, they can be reused to a build environment quickly.
In the following a setup for the cmake-based project [bcc](https://github.com/iovisor/bcc) is shown.
In the following a setup for the cmake-based project [https://github.com/iovisor/bcc bcc] is shown.
After obtaining the source:
After obtaining the source:


<source lang="bash">
<syntaxHighlight lang="console">
$ git clone https://github.com/iovisor/bcc.git
$ git clone https://github.com/iovisor/bcc.git
$ cd bcc
$ cd bcc
</source>
</syntaxHighlight>


Add the following `default.nix` to the project:
Add the following <code>default.nix</code> to the project:


<source lang="nix">
<syntaxHighlight lang="nix">
with import <nixpkgs> {};
with import <nixpkgs> {};
linuxPackages.bcc.overrideDerivation (old: {
linuxPackages.bcc.overrideDerivation (old: {
Line 368: Line 214:
   buildInputs = [ bashInteractive ninja ] ++ old.buildInputs;
   buildInputs = [ bashInteractive ninja ] ++ old.buildInputs;
})
})
</source>
</syntaxHighlight>


To initiate the build environment run `nix-shell` in the project root directory
To initiate the build environment run <code>nix-shell</code> in the project root directory


<source lang="bash">
<syntaxHighlight lang="console">
# this will download add development dependencies and set up the environment so build tools will find them.
# this will download add development dependencies and set up the environment so build tools will find them.
$ nix-shell
$ nix-shell
</source>
</syntaxHighlight>


The following is specific to bcc or cmake in general:
The following is specific to bcc or cmake in general:
(so you need to adapt the workflow depending on the project, you hack on)
(so you need to adapt the workflow depending on the project, you hack on)


<source lang="bash">
<syntaxHighlight lang="console">
$ mkdir build
$ mkdir build
$ cd build
$ cd build
Line 386: Line 232:
$ eval cmake $cmakeFlags ..
$ eval cmake $cmakeFlags ..
$ make
$ make
</source>
</syntaxHighlight>
 
=== Evaluate packages for a different platform ===
 
Sometimes you want to check whether a change to a package (such as adding a new dependency) would evaluate even on a different type of system. For example, you may want to check on <code>x86_64-linux</code> whether a package evaluates for <code>x86_64-darwin</code> or <code>aarch64-linux</code>.
 
Use the <code>system</code> argument:
 
<syntaxHighlight lang="console">
$ nix-instantiate --argstr system "x86_64-darwin" -A mypackage
</syntaxHighlight>
 
=== Cross-compile packages ===
 
The following command will cross compile the tinc package for the aarch64 CPU architecture from a different architecture (e.g. x86_64).
 
<syntaxHighlight lang="console">
$ nix-build '<nixpkgs>' --arg crossSystem '(import <nixpkgs> {}).lib.systems.examples.aarch64-multiplatform' -A tinc
</syntaxHighlight>
 
You can add your own specifications, or look at existing ones, in nixpkgs/lib/systems/examples.nix.


== Customizing Packages ==
=== Customizing Packages ===


=== Upgrading individual packages to a different channel ===
==== Upgrading individual packages to a different channel ====


One can track multiple channels on NixOS simultaneously, and then declaratively change packages from the default channel to another one.  
One can track multiple channels on NixOS simultaneously, and then declaratively change packages from the default channel to another one.


For example one can have both the unstable and stable channels on system root:
For example one can have both the unstable and stable channels on system root:


<source lang="nix">
<syntaxHighlight lang="console">
$ sudo nix-channel --list
$ sudo nix-channel --list
nixos https://nixos.org/channels/nixos-17.03
nixos https://nixos.org/channels/nixos-17.03
nixos-unstable https://nixos.org/channels/nixos-unstable
nixos-unstable https://nixos.org/channels/nixos-unstable
</source>
</syntaxHighlight>


and the following in `configuration.nix`:
and the following in <code>configuration.nix</code>:


<source lang="nix">
<syntaxHighlight lang="nix">
nixpkgs.config = {
nixpkgs.config = {
   # Allow proprietary packages
   # Allow proprietary packages
Line 411: Line 277:
   # Create an alias for the unstable channel
   # Create an alias for the unstable channel
   packageOverrides = pkgs: {
   packageOverrides = pkgs: {
     unstable = import <nixos-unstable> {  
     unstable = import <nixos-unstable> { # pass the nixpkgs config to the unstable alias # to ensure `allowUnfree = true;` is propagated:
      # pass the nixpkgs config to the unstable alias
       config = config.nixpkgs.config;
      # to ensure `allowUnfree = true;` is propagated:
       config = config.nixpkgs.config;  
     };
     };
   };
   };
};
};
</source>
</syntaxHighlight>


which allows you to switch particular packages to the unstable channel:
which allows you to switch particular packages to the unstable channel:


<source lang="nix">
<syntaxHighlight lang="nix">
environment = {
environment.systemPackages = with pkgs; [
  systemPackages = with pkgs; [
     ddate
     ddate
     devilspie2
     devilspie2
Line 431: Line 294:
     # ...
     # ...
     zsh
     zsh
  ];  
];
};
 
</source>
</syntaxHighlight>


== Building statically linked packages ==
=== Building statically linked packages ===


<source lang="bash">
<syntaxHighlight lang="console">
$ nix-build -E 'with (import ./. {}); (curl.override { stdenv = makeStaticLibraries stdenv;}).out'
$ nix-build -E 'with (import ./. {}); (curl.override { stdenv = makeStaticLibraries stdenv;}).out'
</source>
</syntaxHighlight>
 
There is also an stdenv adapter that will build static binaries:
 
<syntaxHighlight lang="console">
$ nix-build '<nixpkgs>' -A pkgsStatic.hello
</syntaxHighlight>


== Rebuild a package with debug symbols ==
=== Rebuild a package with debug symbols ===


<source lang="bash">
<syntaxHighlight lang="console">
$ nix-build -E 'with import <nixpkgs> {}; enableDebugging st'
$ nix-build -E 'with import <nixpkgs> {}; enableDebugging st'
$ file result/bin/st
$ file result/bin/st
result/bin/st: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /nix/store/f111ij1fc83965m48bf2zqgiaq88fqv5-glibc-2.25/lib/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, not stripped, with debug_info
result/bin/st: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /nix/store/f111ij1fc83965m48bf2zqgiaq88fqv5-glibc-2.25/lib/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, not stripped, with debug_info
</source>
</syntaxHighlight>
 
=== Download a nix store path from the cache ===
 
If you want to the exact same nix store path on a different system, you can use the <code>--realise</code> or short <code>-r</code> parameter in the <code>nix-store</code> command:
 
<syntaxHighlight lang="console">
$ nix-store -r /nix/store/0vg5bw04dn21czjcqcqczyjrhys5cv30-hello-2.10
$ find  /nix/store/0vg5bw04dn21czjcqcqczyjrhys5cv30-hello-2.10
/nix/store/0vg5bw04dn21czjcqcqczyjrhys5cv30-hello-2.10
/nix/store/0vg5bw04dn21czjcqcqczyjrhys5cv30-hello-2.10/bin
/nix/store/0vg5bw04dn21czjcqcqczyjrhys5cv30-hello-2.10/bin/hello
/nix/store/0vg5bw04dn21czjcqcqczyjrhys5cv30-hello-2.10/share
/nix/store/0vg5bw04dn21czjcqcqczyjrhys5cv30-hello-2.10/share/locale
...
</syntaxHighlight>
 
=== Install an arbitrary nix store path into a user profile ===
 
<code>nix-env</code> also accepts the full path to a program in the nix store:
 
<syntaxHighlight lang="console">
$ nix-env -i /nix/store/yzz2gvpcyxg5i68zi11sznbsp1ypccz8-firefox-65.0
</syntaxHighlight>
 
=== Check the syntax of a nix file ===
 
<syntaxHighlight lang="console">
$ echo '{}: bar' > expression.nix
$ nix-instantiate --parse-only expression.nix
error: undefined variable 'bar' at /tmp/expression.nix:1:5
</syntaxHighlight>
 
=== Using override with nix-build ===
 
using channels
<syntaxhighlight lang="nix">
nix-build -E 'with (import <nixpkgs>{}); polybar.override { i3Support = true; }'
</syntaxhighlight>
using a local repo
<syntaxhighlight lang="nix">
nix-build -E 'with (import ./default.nix{}); polybar.override { i3Support = true; }'
</syntaxhighlight>


== See also ==


==See also==
* [[Garbage Collection]]
* [[Garbage Collection]]
* [[NFS#Nix_store_on_NFS|Nix store on NFS]]
* [[NFS#Nix_store_on_NFS|Nix store on NFS]]
[[Category:Cookbook]]
[[Category:Software]]

Latest revision as of 18:45, 15 June 2024

A NixOS cheat sheet and comparison to Ubuntu

Ubuntu vs. NixOS provides a table mapping of common administrative tasks and their commands in Ubuntu to similar capabilities in NixOS.

Working with the nix store

Get the store path for a package

$ nix repl
nix-repl> :l <nixpkgs> 
Added 7486 variables.
nix-repl> "${xorg.libXtst}"
"/nix/store/nlpnx21yjdjx2ii7ln4kcmbm0x1vy7w9-libXtst-1.2.3"

nix-repl> :lf ./configuration.nix # as flakes way for a local file 

# load nixos configuration from a nix file
$ nix repl --file '<nixpkgs/nixos>' -I nixos-config=./configuration.nix


$ nix-build '<nixpkgs>' --no-build-output -A xorg.libXtst
/nix/store/nlpnx21yjdjx2ii7ln4kcmbm0x1vy7w9-libXtst-1.2.3

Get store path for a package from the Flake input

When packages are managed using Flakes, store paths to them can be retrieved using nix eval --inputs-from, like this:

$ nix eval --inputs-from "$flake_path" --raw "$input#$package"

For instance, when packages are managed using Home Manager using standard configuration, store path to the Git package can be retrieved using this command:

$ nix eval --inputs-from ~/.config/home-manager --raw nixpkgs#git

Add files to the store

It is sometimes necessary to add files to the store manually. This is particularly the case with packages that cannot be downloaded automatically, for example, proprietary software packages. For most files, it is sufficient to run: 

$ nix-store --add-fixed sha256 /path/to/file

Unfortunately, nix-store will try to load the entire file into memory, which will fail if the file size exceeds available memory. If we have root access, we can copy the file to the store ourselves: 

$ sudo unshare -m bash  # open a shell as root in a private mount namespace
$ largefile=/path/to/file
$ hash=$(nix-hash --type sha256 --flat --base32 $largefile)  # sha256 hash of the file
$ storepath=$(nix-store --print-fixed-path sha256 $hash $(basename $largefile))  # destination path in the store
$ mount -o remount,rw /nix/store  # remount the store in read/write mode (only for this session)
$ cp $largefile $storepath  # copy the file
$ printf "$storepath\n\n0\n" | nix-store --register-validity --reregister  # register the file in the Nix database
$ exit  # exit to the original shell where /nix/store is still mounted read-only

To add a file with fixed name (when the input filename is not stable), or to add entire directories with filter, you can use builtins.path: 

$ nix-instantiate --eval --read-write-mode -E 'builtins.path { path = ./myfile; name = "myname"; }'

Build NixOS from nixpkgs repo

The following snippet will build the system from a git checkout: 

$ nixos-rebuild -I nixpkgs=/path/to/nixpkgs switch

This method can be used when testing NixOS services for a pull request to nixpkgs.

Building NixOS from a git is an alternative to using nix channels and set up permanent following this blog article. It has a couple of advantages over nixpkgs as it allows back-porting of packages/changes to stable versions as well as applying customization.

Use the following command to build directly from a particular branch of a repository in GitHub: 

$ nixos-rebuild -I nixpkgs=https://github.com/nixcloud/nixpkgs/archive/release-17.03.tar.gz switch

Evaluate a NixOS configuration without building

If you only want to evaluate configuration.nix without building (e.g. to syntax-check or see if you are using module options correctly), you can use: 

$ nix-instantiate '<nixpkgs/nixos>' -A system

This creates the .drv file that nixos-rebuild build would build.

Explore a NixOS configuration in the REPL

If you want to see what value a NixOS option takes without building, as opposed to merely checking that all options work, you can run: 

$ nix repl --file '<nixpkgs/nixos>'
Welcome to Nix 2.18.2. Type :? for help.

Loading installable ''...
Added 6 variables.
nix-repl> config.environment.shells  # for example
[ "/run/current-system/sw/bin/zsh" ... ]

# Equivalently, if starting from an existing REPL:
nix-repl> :l <nixpkgs/nixos>
Added 6 variables.

nix-repl> config.environment.shells

This can be helpful if your configuration is spread across multiple modules, or if you import modules from external sources, or if NixOS has defaults and you want to know whether a default is being used or extended in your configuration, or a variety of other cases in which you might want the computer to tell you what the end result of all your Nixing is going to be before you switch to it.

You can do this with configuration files other than the one installed in /etc/nixos, too: 

nix-repl> :a import <nixpkgs/nixos> { configuration = /path/to/config.nix; }

Manually switching a NixOS system to a certain version of system closure

(Or: What nixos-rebuild does under the hoods.)

Step 1: Do this for the equivalent of nixos-rebuild boot or nixos-rebuild switch, i.e. if you want the changes to persist after reboot:

If you have the store path, run this, replacing $systemClosure with store path to your system closure: 

$ nix-env --profile /nix/var/nix/profiles/system --set $systemClosure

Or, if it was a previous generation, you can run this instead, replacing $generation with the desired generation number: 

$ nix-env --profile /nix/var/nix/profiles/system --switch-generation $generation

Step 2: Do this for all changes:

Run this, replacing $action with the action (one of boot, switch, test): 

$ /nix/var/nix/profiles/system/bin/switch-to-configuration $action

If you use a different profile name the procedure is similar, but use /nix/var/nix/profiles/system-profiles/$profileName instead of /nix/var/nix/profiles/system.

Building a service as a VM (for testing)

While nixos-rebuild build-vm allows to build a vm out of the current system configuration, there is a more light-weight alternative when only a single service needs to be tested.

Given the following configuration: 

# vm.nix
{ lib, config, ... }:
{
  services.tor.enable = true;
  users.users.root.initialPassword = "root";
}

a vm can be build using the following command: 

$ nixos-rebuild -I nixpkgs=/path/to/nixpkgs -I nixos-config=./vm.nix build-vm

where -I nixpkgs=/path/to/nixpkgs is optionally depending whether the vm should be build from git checkout or a channel.

On non-NixOS (linux) systems the following command can be used instead: 

$ nix-build '<nixpkgs/nixos>' -A vm -k -I nixos-config=./vm.nix

By default the resulting vm will require X11 to create a virtual display. By specifying additional arguments via the environment variables QEMU_OPTSand QEMU_KERNEL_PARAMS it is possible to reuse the current running terminal as serial console for the vm: 

$ export QEMU_OPTS="-nographic -serial mon:stdio" QEMU_KERNEL_PARAMS=console=ttyS0 
$ /nix/store/lshw31yfbb6izs2s594jd89ma4wf8zw6-nixos-vm/bin/run-nixos-vm

To forward a port you can set export QEMU_NET_OPTS. In the following example port 2222 on the host is forwarded to port 22 in the vm: 

$ export QEMU_NET_OPTS="hostfwd=tcp::2222-:22"

Don't forget that by default NixOS comes with a firewall enabled: 

{...}: {
  networking.firewall.enable = false;
}

Reuse a package as a build environment

As packages already contains all build dependencies, they can be reused to a build environment quickly. In the following a setup for the cmake-based project bcc is shown. After obtaining the source: 

$ git clone https://github.com/iovisor/bcc.git
$ cd bcc

Add the following default.nix to the project: 

with import <nixpkgs> {};
linuxPackages.bcc.overrideDerivation (old: {
  # overrideDerivation allows it to specify additional dependencies
  buildInputs = [ bashInteractive ninja ] ++ old.buildInputs;
})

To initiate the build environment run nix-shell in the project root directory 

# this will download add development dependencies and set up the environment so build tools will find them.
$ nix-shell

The following is specific to bcc or cmake in general: (so you need to adapt the workflow depending on the project, you hack on) 

$ mkdir build
$ cd build
# cmakeFlags is also defined in the bcc package. autotools based projects might defined $configureFlags
$ eval cmake $cmakeFlags ..
$ make

Evaluate packages for a different platform

Sometimes you want to check whether a change to a package (such as adding a new dependency) would evaluate even on a different type of system. For example, you may want to check on x86_64-linux whether a package evaluates for x86_64-darwin or aarch64-linux.

Use the system argument: 

$ nix-instantiate --argstr system "x86_64-darwin" -A mypackage

Cross-compile packages

The following command will cross compile the tinc package for the aarch64 CPU architecture from a different architecture (e.g. x86_64). 

$ nix-build '<nixpkgs>' --arg crossSystem '(import <nixpkgs> {}).lib.systems.examples.aarch64-multiplatform' -A tinc

You can add your own specifications, or look at existing ones, in nixpkgs/lib/systems/examples.nix.

Customizing Packages

Upgrading individual packages to a different channel

One can track multiple channels on NixOS simultaneously, and then declaratively change packages from the default channel to another one.

For example one can have both the unstable and stable channels on system root: 

$ sudo nix-channel --list
nixos https://nixos.org/channels/nixos-17.03
nixos-unstable https://nixos.org/channels/nixos-unstable

and the following in configuration.nix: 

nixpkgs.config = {
  # Allow proprietary packages
  allowUnfree = true;

  # Create an alias for the unstable channel
  packageOverrides = pkgs: {
    unstable = import <nixos-unstable> { # pass the nixpkgs config to the unstable alias # to ensure `allowUnfree = true;` is propagated:
      config = config.nixpkgs.config;
    };
  };
};

which allows you to switch particular packages to the unstable channel: 

environment.systemPackages = with pkgs; [
    ddate
    devilspie2
    evince
    unstable.google-chrome
    # ...
    zsh
];

Building statically linked packages

$ nix-build -E 'with (import ./. {}); (curl.override { stdenv = makeStaticLibraries stdenv;}).out'

There is also an stdenv adapter that will build static binaries: 

$ nix-build '<nixpkgs>' -A pkgsStatic.hello

Rebuild a package with debug symbols

$ nix-build -E 'with import <nixpkgs> {}; enableDebugging st'
$ file result/bin/st
result/bin/st: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /nix/store/f111ij1fc83965m48bf2zqgiaq88fqv5-glibc-2.25/lib/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, not stripped, with debug_info

Download a nix store path from the cache

If you want to the exact same nix store path on a different system, you can use the --realise or short -r parameter in the nix-store command: 

$ nix-store -r /nix/store/0vg5bw04dn21czjcqcqczyjrhys5cv30-hello-2.10
$ find  /nix/store/0vg5bw04dn21czjcqcqczyjrhys5cv30-hello-2.10
/nix/store/0vg5bw04dn21czjcqcqczyjrhys5cv30-hello-2.10
/nix/store/0vg5bw04dn21czjcqcqczyjrhys5cv30-hello-2.10/bin
/nix/store/0vg5bw04dn21czjcqcqczyjrhys5cv30-hello-2.10/bin/hello
/nix/store/0vg5bw04dn21czjcqcqczyjrhys5cv30-hello-2.10/share
/nix/store/0vg5bw04dn21czjcqcqczyjrhys5cv30-hello-2.10/share/locale
...

Install an arbitrary nix store path into a user profile

nix-env also accepts the full path to a program in the nix store: 

$ nix-env -i /nix/store/yzz2gvpcyxg5i68zi11sznbsp1ypccz8-firefox-65.0

Check the syntax of a nix file

$ echo '{}: bar' > expression.nix
$ nix-instantiate --parse-only expression.nix
error: undefined variable 'bar' at /tmp/expression.nix:1:5

Using override with nix-build

using channels 

nix-build -E 'with (import <nixpkgs>{}); polybar.override { i3Support = true; }'

using a local repo 

nix-build -E 'with (import ./default.nix{}); polybar.override { i3Support = true; }'

See also

Retrieved from "https://wiki.nixos.org/w/index.php?title=Cheatsheet&oldid=13183"