ZFS: Difference between revisions

(9 intermediate revisions by 4 users not shown)

Line 1:

[https://zfsonlinux.org/ {{PAGENAME}}] ([[wikipedia:en:{{PAGENAME}}]]), also known as [https://openzfs.org/ OpenZFS] ([[wikipedia:en:OpenZFS]]), is a modern filesystem which is well supported on [[NixOS]].

[[category:filesystem]]

Besides the ''zfs'' package (''ZFS Filesystem Linux Kernel module'') ~~<ref>https://search.nixos.org/packages?channel=unstable&show=zfs&query=zfs</ref>~~ itself, there are many packages in the ZFS ecosystem available.

Besides the {{nixos:package|zfs}} package (''ZFS Filesystem Linux Kernel module'') itself, there are many packages in the ZFS ecosystem available.

ZFS integrates into NixOS via the ~~<code>boot.zfs</code><ref>https~~:~~//search.nixos.org/options?channel=unstable&query=~~boot.zfs~~</ref>~~ and ~~<code>service.zfs</code><ref>https~~:~~//search.nixos.org/options?channel=unstable&query=~~services.zfs~~</ref>~~ options.

ZFS integrates into NixOS via the {{nixos:option|boot.zfs}} and {{nixos:option|services.zfs}} options.

== Limitations ==

Line 10:

ZFS often does not support the latest Kernel versions. It is recommended to use an LTS Kernel version whenever possible; the NixOS default Kernel is generally suitable. See [[Linux kernel|Linux Kernel]] for more information about configuring a specific Kernel version.

If your config specifies a Kernel version that is not officially supported by upstream ZFS, the ZFS module will fail to evaluate with an error that the ZFS package is "broken".

If your config specifies a Kernel version that is not officially supported by upstream ZFS, the ZFS module will fail to evaluate with an error that the ZFS package is "broken". Upstream ZFS changed in 2.3 to refuse to build by default, regardless of Nixpkgs’ broken marking (or ignoring).

===== Selecting the latest ZFS-compatible Kernel =====

Line 18:

{

config,

lib,

pkgs,

~~config,~~

...

}:

let

~~isUnstable = config.boot.zfs.package == pkgs.zfsUnstable;~~

zfsCompatibleKernelPackages = lib.filterAttrs (

name: kernelPackages:

(builtins.match "linux_[0-9]+_[0-9]+" name) != null

&& (builtins.tryEval kernelPackages).success

&& (

&& (!kernelPackages.${config.boot.zfs.package.kernelModuleAttribute}.meta.broken)

(~~!isUnstable &&~~ !kernelPackages.zfs.~~meta.broken)~~

~~|| (isUnstable && !kernelPackages~~.~~zfs_unstable~~.meta.broken)

)

) pkgs.linuxKernel.packages;

latestKernelPackage = lib.last (

Line 48:

Line 44:

===== Using unstable, pre-release ZFS =====

{{Warning|Pre-release ZFS versions may be less well-tested, and may have critical bugs that may cause data loss.}}

{{Warning|Pre-release ZFS versions may be less well-tested, and may have critical bugs that may cause data loss.}}{{Warning|Running ZFS with a Kernel unsupported by upstream “is considered EXPERIMENTAL by the OpenZFS project. Even if it appears to build and run correctly, there may be bugs that can cause SERIOUS DATA LOSS.”}}

In some cases, a pre-release version of ZFS may be available that supports a newer Kernel. Use it with <code>boot.zfs.package = pkgs.zfs_unstable;</code>.

In some cases, a pre-release version of ZFS may be available that supports a newer Kernel. Use it with <code>boot.zfs.package = pkgs.zfs_unstable;</code>. Using zfs_unstable may allow the use of an unsupported Kernel; as warned above, [https://github.com/openzfs/zfs/blob/6a2f7b38442b42f4bc9a848f8de10fc792ce8d76/config/kernel.m4#L473-L487 upstream considers this experimental].

==== Partial support for swap on ZFS ====

Line 61:

Line 57:

The differences can be tested by running <code>zpool import -d /dev/disk/by-id</code> when none of the pools are discovered, eg. a live iso.

==== ~~Declarative mounting of~~ ZFS ~~datasets~~ ====

==== ZFS conflicting with systemd ====

ZFS will manage mounting non-legacy ZFS filesystems, but NixOS tries to manage mounting with systemd. ZFS native mountpoints are not managed as part of the system configuration (but better support hibernation with a separate swap partition). This can lead to conflicts if the ZFS mount service is also enabled for the same datasets.

~~When using~~ legacy mountpoints (created with e.g. <code>zfs create -o mountpoint=legacy</code>) ~~mountpoints~~ must be specified with <code>fileSystems."/mount/point" = {};</code>. ZFS native mountpoints are not managed as part of the system configuration but better support hibernation with a separate swap partition. This can lead to conflicts if ZFS mount service is also enabled for the same datasets. Disable it with <code>~~systemd.services.zfs~~-~~mount.enable = false;~~</code>.

Disable the mount service with <code>systemd.services.zfs-mount.enable = false;</code> or remove the <code>fileSystems</code> entries in hardware-configuration.nix. Otherwise, use legacy mountpoints (created with e.g. <code>zfs create -o mountpoint=legacy</code>). Mountpoints must be specified with <code>fileSystems."/mount/point" = {};</code> or with <code>nixos-generate-config</code>.

== Guides ==

===~~= '''~~OpenZFS Documentation for installing~~''' =~~===

=== OpenZFS Documentation for installing ===

{{warning|This guide is not endorsed by NixOS and some features like immutable root do not have upstream support and could break on updates. If an issue arises while following this guide, please consult the guides support channels.}}

Line 80:

Line 77:

* Giving understandable, easy to follow instructions which are close to the standard installation guide

* Integrating ZFS into your existing config

~~==== '''Simple NixOS ZFS on root installation''' ====~~

=== Simple NixOS ZFS on root installation ===

Start from here in the NixOS manual: [https://nixos.org/manual/nixos/stable/#sec-installation-manual].

Under manual partitioning [https://nixos.org/manual/nixos/stable/#sec-installation-manual-partitioning] do this instead:

~~'''~~Partition ~~your~~ disk ~~with your favorite partition tool'''~~

==== Partition the disk ====

We need the following partitions:

Line 96:

Line 92:

In low-memory situations, ZFS therefore might need a bit longer to free up memory from its cache. The swap partition will help with that.

Example with gdisk:

Example with gdisk using <code>/dev/nvme0n1</code> as the device (use <code>lsblk</code> to find the device</code>):

Line 139:

Line 135:

The operation has completed successfully.

</syntaxhighlight>

Final partition table

Final partition table (<code>fdisk -l /dev/nvme0n1</code>):

Number Start (sector) End (sector) Size Code Name

Line 147:

Line 143:

</syntaxhighlight>

'''Let's use variables from now on for simplicity.

'''Let's use variables from now on for simplicity.''' Get the device ID in <code>/dev/disk/by-id/</code> (using {{ic|blkid}}), in our case here it is <code>nvme-SKHynix_HFS512GDE9X081N_FNB6N634510106K5O</code>

Get the device ID in <code>/dev/disk/by-id/</code>, in our case here it is <code>nvme-SKHynix_HFS512GDE9X081N_FNB6N634510106K5O</code>

~~'''~~

BOOT=/dev/disk/by-id/nvme-SKHynix_HFS512GDE9X081N_FNB6N634510106K5O-part1

Line 156:

Line 151:

</syntaxhighlight>

~~'''Make a ZFS pool~~ with ~~encryption and mount points'''~~

{{note|It is often recommended to specify the drive using the device ID/UUID to prevent incorrect configuration, but it is also possible to use the device name (e.g. /dev/sda). See also: [[#Zpool created with bus-based disk names]], [https://wiki.archlinux.org/title/Persistent_block_device_naming Persistent block device naming - ArchWiki]}}

~~'''~~Note~~:'''~~ zpool config can significantly affect performance (especially the ashift option) so you may want to do some research. The ~~[https://jrs-s.net/2018/08/17/zfs-tuning-cheat-sheet/~~ ZFS tuning cheatsheet] or ~~[https://wiki.archlinux.org/title/ZFS#Storage_pools~~ ArchWiki] is a good place to start.

==== Make a ZFS pool with encryption and mount points ====

{{Note|zpool config can significantly affect performance (especially the ashift option) so you may want to do some research. The ZFS tuning cheatsheet or ArchWiki is a good place to start.}}

Line 172:

Line 169:

zfs create zpool/home

# Mount root

mkdir -p /mnt

mount -t zfs zpool/root /mnt -o zfsutil

# Mount nix, var, home

mkdir /mnt/nix /mnt/var /mnt/home

mount -t zfs zpool/nix /mnt/nix -o zfsutil

mount -t zfs zpool/var /mnt/var -o zfsutil

Line 195:

Line 194:

</syntaxhighlight>

~~'''~~Format boot partition ~~with FAT as filesystem'''~~

==== Format boot partition and enable swap ====

mkfs.fat -F 32 -n boot $BOOT

</syntaxhighlight>

~~'''Enable swap'''~~

mkswap -L swap $SWAP

Line 206:

Line 204:

</syntaxhighlight>

~~'''~~Installation~~'''~~

==== Installation ====

# Mount boot

~~<syntaxhighlight lang="bash">~~

mkdir -p /mnt/boot

mount $BOOT /mnt/boot

Line 223:

Line 220:

Now edit the configuration.nix that was just created in <code>/mnt/etc/nixos/configuration.nix</code> and make sure to have at least the following content in it.

~~<syntaxhighlight lang~~=~~"nix">~~

{{file|/mnt/etc/nixos/configuration.nix|diff|3=

{

...

Line 230:

Line 227:

# for local disks that are not shared over the network, we don't need this to be random

networking.hostId = "8425e349";

# without this, "ZFS requires networking.hostId to be set" will be raised

+ networking.hostId = "8425e349";

...

~~</syntaxhighlight>~~

}

}}

Now check the hardware-configuration.nix in <code>/mnt/etc/nixos/hardware-configuration.nix</code> and add whats missing e.g. <code>options = [ "zfsutil" ]</code> for all filesystems except boot and <code>randomEncryption = true;</code> for the swap partition. Also change the generated swap device to the partition we created e.g. <code>/dev/disk/by-id/nvme-SKHynix_HFS512GDE9X081N_FNB6N634510106K5O-part2</code> in this case and <code>/dev/disk/by-id/nvme-SKHynix_HFS512GDE9X081N_FNB6N634510106K5O-part1</code> for boot.

~~<syntaxhighlight lang~~=~~"nix">~~

{{file|/mnt/etc/nixos/configuration.nix|diff|3=

{

...

fileSystems."/" = {

Line 242:

fsType = "zfs";

# the zfsutil option is needed when mounting zfs datasets without "legacy" mountpoints

options = [ "zfsutil" ];

+ options = [ "zfsutil" ];

};

Line 248:

device = "zpool/nix";

fsType = "zfs";

options = [ "zfsutil" ];

+ options = [ "zfsutil" ];

};

Line 254:

device = "zpool/var";

fsType = "zfs";

options = [ "zfsutil" ];

+ options = [ "zfsutil" ];

};

Line 260:

device = "zpool/home";

fsType = "zfs";

options = [ "zfsutil" ];

+ options = [ "zfsutil" ];

};

Line 269:

swapDevices = [{

device = "/dev/disk/by-id/nvme-SKHynix_HFS512GDE9X081N_FNB6N634510106K5O-part2";

+ device = "/dev/disk/by-id/nvme-SKHynix_HFS512GDE9X081N_FNB6N634510106K5O-part2";

randomEncryption = true;

+ randomEncryption = true;

}];

}

~~</syntaxhighlight>~~

}}

Now you may install NixOS with <code>nixos-install</code>.

Line 426:

== Take snapshots automatically ==

See ~~<code>~~services.sanoid~~</code>~~ section in <code>man configuration.nix</code>.

See {{nixos:option|services.sanoid}} section in <code>man configuration.nix</code>.

== NFS share ==

Line 484:

Then, configure an alias for root account. With this alias configured, all mails sent to root, such as cron job results and failed sudo login events, will be redirected to the configured email account.

~~tee -a /~~etc/aliases ~~<<EOF~~

{

root: ~~user~~@example.com

environment.etc.aliases.text = ''

~~EOF~~

root: you@example.com

'';

}

</syntaxhighlight>

@@ Line 1: / Line 1: @@
 [https://zfsonlinux.org/ {{PAGENAME}}] ([[wikipedia:en:{{PAGENAME}}]]), also known as [https://openzfs.org/ OpenZFS] ([[wikipedia:en:OpenZFS]]), is a modern filesystem which is well supported on [[NixOS]].
 [[category:filesystem]]
-Besides the ''zfs'' package (''ZFS Filesystem Linux Kernel module'') <ref>https://search.nixos.org/packages?channel=unstable&show=zfs&query=zfs</ref> itself, there are many packages in the ZFS ecosystem available.
+Besides the {{nixos:package|zfs}} package (''ZFS Filesystem Linux Kernel module'') itself, there are many packages in the ZFS ecosystem available.
-ZFS integrates into NixOS via the <code>boot.zfs</code><ref>https://search.nixos.org/options?channel=unstable&query=boot.zfs</ref> and <code>service.zfs</code><ref>https://search.nixos.org/options?channel=unstable&query=services.zfs</ref> options.
+ZFS integrates into NixOS via the {{nixos:option|boot.zfs}} and {{nixos:option|services.zfs}} options.
 == Limitations ==
@@ Line 10: / Line 10: @@
 ZFS often does not support the latest Kernel versions. It is recommended to use an LTS Kernel version whenever possible; the NixOS default Kernel is generally suitable. See [[Linux kernel|Linux Kernel]] for more information about configuring a specific Kernel version.
-If your config specifies a Kernel version that is not officially supported by upstream ZFS, the ZFS module will fail to evaluate with an error that the ZFS package is "broken".
+If your config specifies a Kernel version that is not officially supported by upstream ZFS, the ZFS module will fail to evaluate with an error that the ZFS package is "broken". Upstream ZFS changed in 2.3 to refuse to build by default, regardless of Nixpkgs’ broken marking (or ignoring).
 ===== Selecting the latest ZFS-compatible Kernel =====
@@ Line 18: / Line 18: @@
 <syntaxhighlight lang="nix">
 {
+  config,
    lib,
    pkgs,
-  config,
    ...
 }:
 let
-  isUnstable = config.boot.zfs.package == pkgs.zfsUnstable;
    zfsCompatibleKernelPackages = lib.filterAttrs (
      name: kernelPackages:
      (builtins.match "linux_[0-9]+_[0-9]+" name) != null
      && (builtins.tryEval kernelPackages).success
-     && (
+     && (!kernelPackages.${config.boot.zfs.package.kernelModuleAttribute}.meta.broken)
-      (!isUnstable && !kernelPackages.zfs.meta.broken)
-      || (isUnstable && !kernelPackages.zfs_unstable.meta.broken)
-    )
    ) pkgs.linuxKernel.packages;
    latestKernelPackage = lib.last (
@@ Line 48: / Line 44: @@
 ===== Using unstable, pre-release ZFS =====
-{{Warning|Pre-release ZFS versions may be less well-tested, and may have critical bugs that may cause data loss.}}
+{{Warning|Pre-release ZFS versions may be less well-tested, and may have critical bugs that may cause data loss.}}{{Warning|Running ZFS with a Kernel unsupported by upstream “is considered EXPERIMENTAL by the OpenZFS project. Even if it appears to build and run correctly, there may be bugs that can cause SERIOUS DATA LOSS.”}}
-In some cases, a pre-release version of ZFS may be available that supports a newer Kernel. Use it with <code>boot.zfs.package = pkgs.zfs_unstable;</code>.
+In some cases, a pre-release version of ZFS may be available that supports a newer Kernel. Use it with <code>boot.zfs.package = pkgs.zfs_unstable;</code>. Using zfs_unstable may allow the use of an unsupported Kernel; as warned above, [https://github.com/openzfs/zfs/blob/6a2f7b38442b42f4bc9a848f8de10fc792ce8d76/config/kernel.m4#L473-L487 upstream considers this experimental].
 ==== Partial support for swap on ZFS ====
@@ Line 61: / Line 57: @@
 The differences can be tested by running <code>zpool import -d /dev/disk/by-id</code> when none of the pools are discovered, eg. a live iso.
-==== Declarative mounting of ZFS datasets ====
+==== ZFS conflicting with systemd ====
+ZFS will manage mounting non-legacy ZFS filesystems, but NixOS tries to manage mounting with systemd. ZFS native mountpoints are not managed as part of the system configuration (but better support hibernation with a separate swap partition). This can lead to conflicts if the ZFS mount service is also enabled for the same datasets.
-When using legacy mountpoints (created with e.g. <code>zfs create -o mountpoint=legacy</code>) mountpoints must be specified with <code>fileSystems."/mount/point" = {};</code>. ZFS native mountpoints are not managed as part of the system configuration but better support hibernation with a separate swap partition. This can lead to conflicts if ZFS mount service is also enabled for the same datasets. Disable it with <code>systemd.services.zfs-mount.enable = false;</code>.
+Disable the mount service with <code>systemd.services.zfs-mount.enable = false;</code> or remove the <code>fileSystems</code> entries in hardware-configuration.nix. Otherwise, use legacy mountpoints (created with e.g. <code>zfs create -o mountpoint=legacy</code>). Mountpoints must be specified with <code>fileSystems."/mount/point" = {};</code> or with <code>nixos-generate-config</code>.
 == Guides ==
-==== '''OpenZFS Documentation for installing''' ====
+=== OpenZFS Documentation for installing ===
 {{warning|This guide is not endorsed by NixOS and some features like immutable root do not have upstream support and could break on updates. If an issue arises while following this guide, please consult the guides support channels.}}
@@ Line 80: / Line 77: @@
 * Giving understandable, easy to follow instructions which are close to the standard installation guide
 * Integrating ZFS into your existing config
-==== '''Simple NixOS ZFS on root installation''' ====
+=== Simple NixOS ZFS on root installation ===
 Start from here in the NixOS manual: [https://nixos.org/manual/nixos/stable/#sec-installation-manual].
 Under manual partitioning [https://nixos.org/manual/nixos/stable/#sec-installation-manual-partitioning] do this instead:
-'''Partition your disk with your favorite partition tool'''
+==== Partition the disk ====
 We need the following partitions:
@@ Line 96: / Line 92: @@
 In low-memory situations, ZFS therefore might need a bit longer to free up memory from its cache. The swap partition will help with that.
-Example with gdisk:
+Example with gdisk using <code>/dev/nvme0n1</code> as the device (use <code>lsblk</code> to find the device</code>):
 <syntaxhighlight lang="bash">
@@ Line 139: / Line 135: @@
 The operation has completed successfully.
 </syntaxhighlight>
-Final partition table
+Final partition table (<code>fdisk -l /dev/nvme0n1</code>):
 <syntaxhighlight lang=bash>
 Number  Start (sector)    End (sector)  Size       Code  Name
@@ Line 147: / Line 143: @@
 </syntaxhighlight>
-'''Let's use variables from now on for simplicity.
+'''Let's use variables from now on for simplicity.''' Get the device ID in <code>/dev/disk/by-id/</code> (using {{ic|blkid}}), in our case here it is <code>nvme-SKHynix_HFS512GDE9X081N_FNB6N634510106K5O</code>
-Get the device ID in <code>/dev/disk/by-id/</code>, in our case here it is <code>nvme-SKHynix_HFS512GDE9X081N_FNB6N634510106K5O</code>
-'''
 <syntaxhighlight lang=bash>
 BOOT=/dev/disk/by-id/nvme-SKHynix_HFS512GDE9X081N_FNB6N634510106K5O-part1
@@ Line 156: / Line 151: @@
 </syntaxhighlight>
-'''Make a ZFS pool with encryption and mount points'''
+{{note|It is often recommended to specify the drive using the device ID/UUID to prevent incorrect configuration, but it is also possible to use the device name (e.g. /dev/sda). See also: [[#Zpool created with bus-based disk names]], [https://wiki.archlinux.org/title/Persistent_block_device_naming Persistent block device naming - ArchWiki]}}
-'''Note:''' zpool config can significantly affect performance (especially the ashift option) so you may want to do some research. The [https://jrs-s.net/2018/08/17/zfs-tuning-cheat-sheet/ ZFS tuning cheatsheet] or [https://wiki.archlinux.org/title/ZFS#Storage_pools ArchWiki] is a good place to start.
+==== Make a ZFS pool with encryption and mount points ====
+{{Note|zpool config can significantly affect performance (especially the ashift option) so you may want to do some research. The ZFS tuning cheatsheet or ArchWiki is a good place to start.}}
 <syntaxhighlight lang="bash">
@@ Line 172: / Line 169: @@
 zfs create zpool/home
+# Mount root
 mkdir -p /mnt
 mount -t zfs zpool/root /mnt -o zfsutil
+# Mount nix, var, home
 mkdir /mnt/nix /mnt/var /mnt/home
 mount -t zfs zpool/nix /mnt/nix -o zfsutil
 mount -t zfs zpool/var /mnt/var -o zfsutil
@@ Line 195: / Line 194: @@
 </syntaxhighlight>
-'''Format boot partition with FAT as filesystem'''
+==== Format boot partition and enable swap ====
 <syntaxhighlight lang="bash">
 mkfs.fat -F 32 -n boot $BOOT
 </syntaxhighlight>
-'''Enable swap'''
 <syntaxhighlight lang="bash">
 mkswap -L swap $SWAP
@@ Line 206: / Line 204: @@
 </syntaxhighlight>
-'''Installation'''
+==== Installation ====
+<syntaxhighlight lang="bash">
 # Mount boot
-<syntaxhighlight lang="bash">
 mkdir -p /mnt/boot
 mount $BOOT /mnt/boot
@@ Line 223: / Line 220: @@
 Now edit the configuration.nix that was just created in <code>/mnt/etc/nixos/configuration.nix</code> and make sure to have at least the following content in it.
-<syntaxhighlight lang="nix">
+{{file|/mnt/etc/nixos/configuration.nix|diff|3=
 {
 ...
@@ Line 230: / Line 227: @@
    # for local disks that are not shared over the network, we don't need this to be random
-   networking.hostId = "8425e349";
+   # without this, "ZFS requires networking.hostId to be set" will be raised
++  networking.hostId = "8425e349";
 ...
-</syntaxhighlight>
+}
+}}
 Now check the hardware-configuration.nix in <code>/mnt/etc/nixos/hardware-configuration.nix</code> and add whats missing e.g. <code>options = [ "zfsutil" ]</code> for all filesystems except boot and <code>randomEncryption = true;</code> for the swap partition. Also change the generated swap device to the partition we created e.g. <code>/dev/disk/by-id/nvme-SKHynix_HFS512GDE9X081N_FNB6N634510106K5O-part2</code> in this case and <code>/dev/disk/by-id/nvme-SKHynix_HFS512GDE9X081N_FNB6N634510106K5O-part1</code> for boot.
-<syntaxhighlight lang="nix">
+{{file|/mnt/etc/nixos/configuration.nix|diff|3=
+{
 ...
    fileSystems."/" = {
@@ Line 242: / Line 242: @@
      fsType = "zfs";
      # the zfsutil option is needed when mounting zfs datasets without "legacy" mountpoints
-    options = [ "zfsutil" ];
++    options = [ "zfsutil" ];
    };
@@ Line 248: / Line 248: @@
      device = "zpool/nix";
      fsType = "zfs";
-    options = [ "zfsutil" ];
++    options = [ "zfsutil" ];
    };
@@ Line 254: / Line 254: @@
      device = "zpool/var";
      fsType = "zfs";
-    options = [ "zfsutil" ];
++    options = [ "zfsutil" ];
    };
@@ Line 260: / Line 260: @@
      device = "zpool/home";
      fsType = "zfs";
-    options = [ "zfsutil" ];
++    options = [ "zfsutil" ];
    };
@@ Line 269: / Line 269: @@
    swapDevices = [{
-    device = "/dev/disk/by-id/nvme-SKHynix_HFS512GDE9X081N_FNB6N634510106K5O-part2";
++    device = "/dev/disk/by-id/nvme-SKHynix_HFS512GDE9X081N_FNB6N634510106K5O-part2";
-    randomEncryption = true;
++    randomEncryption = true;
    }];
 }
-</syntaxhighlight>
+}}
 Now you may install NixOS with <code>nixos-install</code>.
@@ Line 426: / Line 426: @@
 == Take snapshots automatically ==
-See <code>services.sanoid</code> section in <code>man configuration.nix</code>.
+See {{nixos:option|services.sanoid}} section in <code>man configuration.nix</code>.
 == NFS share ==
@@ Line 484: / Line 484: @@
 Then, configure an alias for root account. With this alias configured, all mails sent to root, such as cron job results and failed sudo login events, will be redirected to the configured email account.
-<syntaxhighlight lang="bash">
+<syntaxhighlight lang="nix">
-tee -a /etc/aliases <<EOF
+{
-root: user@example.com
+  environment.etc.aliases.text = ''
-EOF
+    root: you@example.com
+  '';
+}
 </syntaxhighlight>