···

       
243
       
243
       
 
       
If the requested file is present in the Nix store, the resulting derivation will not be built, because its expected output is already available.

     

       
244
       
244
       
 
       
Otherwise, the builder will run, but fail with a message explaining to the user how to provide the file. The following code, for example:

     

       
245
       
245
       
 
       


     

       
246
       
246
       
-
       
```

     

       
246
       
246
       
+
       
```nix

     

       
247
       
247
       
 
       
requireFile {

     

       
248
       
248
       
 
       
  name = "jdk-${version}_linux-x64_bin.tar.gz";

     

       
249
       
249
       
 
       
  url = "https://www.oracle.com/java/technologies/javase-jdk11-downloads.html";

     
···

       
270
       
270
       
 
       


     

       
271
       
271
       
 
       
`fetchtorrent` expects two arguments. `url` which can either be a Magnet URI (Magnet Link) such as `magnet:?xt=urn:btih:dd8255ecdc7ca55fb0bbf81323d87062db1f6d1c` or an HTTP URL pointing to a `.torrent` file. It can also take a `config` argument which will craft a `settings.json` configuration file and give it to `transmission`, the underlying program that is performing the fetch. The available config options for `transmission` can be found [here](https://github.com/transmission/transmission/blob/main/docs/Editing-Configuration-Files.md#options)

     

       
272
       
272
       
 
       


     

       
273
       
273
       
-
       
```

     

       
273
       
273
       
+
       
```nix

     

       
274
       
274
       
 
       
{ fetchtorrent }:

     

       
275
       
275
       
 
       


     

       
276
       
276
       
 
       
fetchtorrent {

     

···

       
26
       
26
       
 
       
Nixpkgs provides a `pkgs.writeCueValidator` helper, which will write a validation script based on the provided Cuelang schema.

     

       
27
       
27
       
 
       


     

       
28
       
28
       
 
       
Here is an example:

     

       
29
       
29
       
-
       
```

     

       
29
       
29
       
+
       
```nix

     

       
30
       
30
       
 
       
pkgs.writeCueValidator

     

       
31
       
31
       
 
       
  (pkgs.writeText "schema.cue" ''

     

       
32
       
32
       
 
       
    #Def1: {

     
···

       
42
       
42
       
 
       
`document` : match your input data against this fragment of structure or definition, e.g. you may use the same schema file but different documents based on the data you are validating.

     

       
43
       
43
       
 
       


     

       
44
       
44
       
 
       
Another example, given the following `validator.nix` :

     

       
45
       
45
       
-
       
```

     

       
45
       
45
       
+
       
```nix

     

       
46
       
46
       
 
       
{ pkgs ? import <nixpkgs> {} }:

     

       
47
       
47
       
 
       
let

     

       
48
       
48
       
 
       
  genericValidator = version:

     

···

       
236
       
236
       
 
       
$ nuget-to-nix out > deps.nix

     

       
237
       
237
       
 
       
```

     

       
238
       
238
       
 
       
Which `nuget-to-nix` will generate an output similar to below

     

       
239
       
239
       
-
       
```

     

       
239
       
239
       
+
       
```nix

     

       
240
       
240
       
 
       
{ fetchNuGet }: [

     

       
241
       
241
       
 
       
  (fetchNuGet { pname = "FosterFramework"; version = "0.1.15-alpha"; sha256 = "0pzsdfbsfx28xfqljcwy100xhbs6wyx0z1d5qxgmv3l60di9xkll"; })

     

       
242
       
242
       
 
       
  (fetchNuGet { pname = "Microsoft.AspNetCore.App.Runtime.linux-x64"; version = "8.0.1"; sha256 = "1gjz379y61ag9whi78qxx09bwkwcznkx2mzypgycibxk61g11da1"; })

     

···

       
45
       
45
       
 
       


     

       
46
       
46
       
 
       
Also one can create a `pkgs.mkShell` environment in `shell.nix`/`flake.nix`:

     

       
47
       
47
       
 
       


     

       
48
       
48
       
-
       
```

     

       
48
       
48
       
+
       
```nix

     

       
49
       
49
       
 
       
let

     

       
50
       
50
       
 
       
  sbcl' = sbcl.withPackages (ps: [ ps.alexandria ]);

     

       
51
       
51
       
 
       
in mkShell {

     
···

       
55
       
55
       
 
       


     

       
56
       
56
       
 
       
Such a Lisp can be now used e.g. to compile your sources:

     

       
57
       
57
       
 
       


     

       
58
       
58
       
-
       
```

     

       
58
       
58
       
+
       
```nix

     

       
59
       
59
       
 
       
buildPhase = ''

     

       
60
       
60
       
 
       
  ${sbcl'}/bin/sbcl --load my-build-file.lisp

     

       
61
       
61
       
 
       
''

     
···

       
173
       
173
       
 
       
A package defined outside Nixpkgs using `buildASDFSystem` can be woven into the

     

       
174
       
174
       
 
       
Nixpkgs-provided scope like this:

     

       
175
       
175
       
 
       


     

       
176
       
176
       
-
       
```

     

       
176
       
176
       
+
       
```nix

     

       
177
       
177
       
 
       
let

     

       
178
       
178
       
 
       
  alexandria = sbcl.buildASDFSystem rec {

     

       
179
       
179
       
 
       
    pname = "alexandria";

     
···

       
199
       
199
       
 
       


     

       
200
       
200
       
 
       
Example of overriding `alexandria`:

     

       
201
       
201
       
 
       


     

       
202
       
202
       
-
       
```

     

       
202
       
202
       
+
       
```nix

     

       
203
       
203
       
 
       
sbcl.pkgs.alexandria.overrideLispAttrs (oldAttrs: rec {

     

       
204
       
204
       
 
       
  version = "1.4";

     

       
205
       
205
       
 
       
  src = fetchFromGitLab {

     
···

       
225
       
225
       
 
       


     

       
226
       
226
       
 
       
To package slashy systems, use `overrideLispAttrs`, like so:

     

       
227
       
227
       
 
       


     

       
228
       
228
       
-
       
```

     

       
228
       
228
       
+
       
```nix

     

       
229
       
229
       
 
       
ecl.pkgs.alexandria.overrideLispAttrs (oldAttrs: {

     

       
230
       
230
       
 
       
  systems = oldAttrs.systems ++ [ "alexandria/tests" ];

     

       
231
       
231
       
 
       
  lispLibs = oldAttrs.lispLibs ++ [ ecl.pkgs.rt ];

     
···

       
290
       
290
       
 
       


     

       
291
       
291
       
 
       
This example wraps CLISP:

     

       
292
       
292
       
 
       


     

       
293
       
293
       
-
       
```

     

       
293
       
293
       
+
       
```nix

     

       
294
       
294
       
 
       
wrapLisp {

     

       
295
       
295
       
 
       
  pkg = clisp;

     

       
296
       
296
       
 
       
  faslExt = "fas";

     

···

       
12
       
12
       
 
       


     

       
13
       
13
       
 
       
A good example of all these things is zlib:

     

       
14
       
14
       
 
       


     

       
15
       
15
       
-
       
```

     

       
15
       
15
       
+
       
```nix

     

       
16
       
16
       
 
       
{ pkg-config, testers, ... }:

     

       
17
       
17
       
 
       


     

       
18
       
18
       
 
       
stdenv.mkDerivation (finalAttrs: {

     

···

       
1197
       
1197
       
 
       
Pytest is the most common test runner for python repositories. A trivial

     

       
1198
       
1198
       
 
       
test run would be:

     

       
1199
       
1199
       
 
       


     

       
1200
       
1200
       
-
       
```

     

       
1200
       
1200
       
+
       
```nix

     

       
1201
       
1201
       
 
       
  nativeCheckInputs = [ pytest ];

     

       
1202
       
1202
       
 
       
  checkPhase = ''

     

       
1203
       
1203
       
 
       
    runHook preCheck

     
···

       
1213
       
1213
       
 
       


     

       
1214
       
1214
       
 
       
To filter tests using pytest, one can do the following:

     

       
1215
       
1215
       
 
       


     

       
1216
       
1216
       
-
       
```

     

       
1216
       
1216
       
+
       
```nix

     

       
1217
       
1217
       
 
       
  nativeCheckInputs = [ pytest ];

     

       
1218
       
1218
       
 
       
  # avoid tests which need additional data or touch network

     

       
1219
       
1219
       
 
       
  checkPhase = ''

     
···

       
1248
       
1248
       
 
       


     

       
1249
       
1249
       
 
       
Using the example above, the analogous `pytestCheckHook` usage would be:

     

       
1250
       
1250
       
 
       


     

       
1251
       
1251
       
-
       
```

     

       
1251
       
1251
       
+
       
```nix

     

       
1252
       
1252
       
 
       
  nativeCheckInputs = [

     

       
1253
       
1253
       
 
       
    pytestCheckHook

     

       
1254
       
1254
       
 
       
  ];

     
···

       
1273
       
1273
       
 
       
This is especially useful when tests need to be conditionally disabled,

     

       
1274
       
1274
       
 
       
for example:

     

       
1275
       
1275
       
 
       


     

       
1276
       
1276
       
-
       
```

     

       
1276
       
1276
       
+
       
```nix

     

       
1277
       
1277
       
 
       
  disabledTests = [

     

       
1278
       
1278
       
 
       
    # touches network

     

       
1279
       
1279
       
 
       
    "download"

     
···

       
1298
       
1298
       
 
       
To help ensure the package still works, [`pythonImportsCheck`](#using-pythonimportscheck) can attempt to import

     

       
1299
       
1299
       
 
       
the listed modules.

     

       
1300
       
1300
       
 
       


     

       
1301
       
1301
       
-
       
```

     

       
1301
       
1301
       
+
       
```nix

     

       
1302
       
1302
       
 
       
  pythonImportsCheck = [

     

       
1303
       
1303
       
 
       
    "requests"

     

       
1304
       
1304
       
 
       
    "urllib"

     
···

       
1307
       
1307
       
 
       


     

       
1308
       
1308
       
 
       
roughly translates to:

     

       
1309
       
1309
       
 
       


     

       
1310
       
1310
       
-
       
```

     

       
1310
       
1310
       
+
       
```nix

     

       
1311
       
1311
       
 
       
  postCheck = ''

     

       
1312
       
1312
       
 
       
    PYTHONPATH=$out/${python.sitePackages}:$PYTHONPATH

     

       
1313
       
1313
       
 
       
    python -c "import requests; import urllib"

     
···

       
1342
       
1342
       
 
       


     

       
1343
       
1343
       
 
       
we can do:

     

       
1344
       
1344
       
 
       


     

       
1345
       
1345
       
-
       
```

     

       
1345
       
1345
       
+
       
```nix

     

       
1346
       
1346
       
 
       
  nativeBuildInputs = [

     

       
1347
       
1347
       
 
       
    pythonRelaxDepsHook

     

       
1348
       
1348
       
 
       
  ];

     
···

       
1365
       
1365
       
 
       
Another option is to pass `true`, that will relax/remove all dependencies, for

     

       
1366
       
1366
       
 
       
example:

     

       
1367
       
1367
       
 
       


     

       
1368
       
1368
       
-
       
```

     

       
1368
       
1368
       
+
       
```nix

     

       
1369
       
1369
       
 
       
  nativeBuildInputs = [ pythonRelaxDepsHook ];

     

       
1370
       
1370
       
 
       
  pythonRelaxDeps = true;

     

       
1371
       
1371
       
 
       
```

     
···

       
1392
       
1392
       
 
       


     

       
1393
       
1393
       
 
       
`unittestCheckHook` is a hook which will substitute the setuptools `test` command for a [`checkPhase`](#ssec-check-phase) which runs `python -m unittest discover`:

     

       
1394
       
1394
       
 
       


     

       
1395
       
1395
       
-
       
```

     

       
1395
       
1395
       
+
       
```nix

     

       
1396
       
1396
       
 
       
  nativeCheckInputs = [

     

       
1397
       
1397
       
 
       
    unittestCheckHook

     

       
1398
       
1398
       
 
       
  ];

     
···

       
1409
       
1409
       
 
       
It is setup to automatically find common documentation source paths and

     

       
1410
       
1410
       
 
       
render them using the default `html` style.

     

       
1411
       
1411
       
 
       


     

       
1412
       
1412
       
-
       
```

     

       
1412
       
1412
       
+
       
```nix

     

       
1413
       
1413
       
 
       
  outputs = [

     

       
1414
       
1414
       
 
       
    "out"

     

       
1415
       
1415
       
 
       
    "doc"

     
···

       
1424
       
1424
       
 
       
`doc` output, if it exists. It also provides an automatic diversion

     

       
1425
       
1425
       
 
       
for the artifacts of the `man` builder into the `man` target.

     

       
1426
       
1426
       
 
       


     

       
1427
       
1427
       
-
       
```

     

       
1427
       
1427
       
+
       
```nix

     

       
1428
       
1428
       
 
       
  outputs = [

     

       
1429
       
1429
       
 
       
    "out"

     

       
1430
       
1430
       
 
       
    "doc"

     
···

       
1441
       
1441
       
 
       
Overwrite `sphinxRoot` when the hook is unable to find your

     

       
1442
       
1442
       
 
       
documentation source root.

     

       
1443
       
1443
       
 
       


     

       
1444
       
1444
       
-
       
```

     

       
1444
       
1444
       
+
       
```nix

     

       
1445
       
1445
       
 
       
  # Configure sphinxRoot for uncommon paths

     

       
1446
       
1446
       
 
       
  sphinxRoot = "weird/docs/path";

     

       
1447
       
1447
       
 
       
```

     
···

       
1920
       
1920
       
 
       
the builds are in that case not reproducible. To enable optimizations, override the

     

       
1921
       
1921
       
 
       
interpreter of interest, e.g using

     

       
1922
       
1922
       
 
       


     

       
1923
       
1923
       
-
       
```

     

       
1923
       
1923
       
+
       
```nix

     

       
1924
       
1924
       
 
       
let

     

       
1925
       
1925
       
 
       
  pkgs = import ./. {};

     

       
1926
       
1926
       
 
       
  mypython = pkgs.python3.override {

     

···

       
458
       
458
       
 
       
and fetches every dependency as a separate fixed-output derivation.

     

       
459
       
459
       
 
       
`importCargoLock` can be used as follows:

     

       
460
       
460
       
 
       


     

       
461
       
461
       
-
       
```

     

       
461
       
461
       
+
       
```nix

     

       
462
       
462
       
 
       
cargoDeps = rustPlatform.importCargoLock {

     

       
463
       
463
       
 
       
  lockFile = ./Cargo.lock;

     

       
464
       
464
       
 
       
};

     
···

       
468
       
468
       
 
       
hashes need to be specified since they are not available through the

     

       
469
       
469
       
 
       
lock file. For example:

     

       
470
       
470
       
 
       


     

       
471
       
471
       
-
       
```

     

       
471
       
471
       
+
       
```nix

     

       
472
       
472
       
 
       
cargoDeps = rustPlatform.importCargoLock {

     

       
473
       
473
       
 
       
  lockFile = ./Cargo.lock;

     

       
474
       
474
       
 
       
  outputHashes = {

     

···

       
147
       
147
       
 
       
A special function `swiftpmMakeMutable` is available to replace the symlink

     

       
148
       
148
       
 
       
with a writable copy:

     

       
149
       
149
       
 
       


     

       
150
       
150
       
-
       
```

     

       
150
       
150
       
+
       
```nix

     

       
151
       
151
       
 
       
configurePhase = generated.configure ++ ''

     

       
152
       
152
       
 
       
  # Replace the dependency symlink with a writable copy.

     

       
153
       
153
       
 
       
  swiftpmMakeMutable swift-crypto

     

···

       
81
       
81
       
 
       


     

       
82
       
82
       
 
       
## Example flake usage {#sec-darwin-builder-example-flake}

     

       
83
       
83
       
 
       


     

       
84
       
84
       
-
       
```

     

       
84
       
84
       
+
       
```nix

     

       
85
       
85
       
 
       
{

     

       
86
       
86
       
 
       
  inputs = {

     

       
87
       
87
       
 
       
    nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-22.11-darwin";

     
···

       
153
       
153
       
 
       
To do this, you just need to set the `virtualisation.darwin-builder.*` parameters as

     

       
154
       
154
       
 
       
in the example below and rebuild.

     

       
155
       
155
       
 
       


     

       
156
       
156
       
-
       
```

     

       
156
       
156
       
+
       
```nix

     

       
157
       
157
       
 
       
    darwin-builder = nixpkgs.lib.nixosSystem {

     

       
158
       
158
       
 
       
      system = linuxSystem;

     

       
159
       
159
       
 
       
      modules = [

     

···

       
159
       
159
       
 
       


     

       
160
       
160
       
 
       
e.g.

     

       
161
       
161
       
 
       


     

       
162
       
162
       
-
       
```

     

       
162
       
162
       
+
       
```nix

     

       
163
       
163
       
 
       
nativeBuildInputs = [

     

       
164
       
164
       
 
       
  meson

     

       
165
       
165
       
 
       
] ++ lib.optionals (!stdenv.buildPlatform.canExecute stdenv.hostPlatform) [

     

···

       
254
       
254
       
 
       


     

       
255
       
255
       
 
       
- `services.github-runner` and `services.github-runners.<name>` gained the option `serviceOverrides` which allows overriding the systemd `serviceConfig`. If you have been overriding the systemd service configuration (i.e., by defining `systemd.services.github-runner.serviceConfig`), you have to use the `serviceOverrides` option now. Example:

     

       
256
       
256
       
 
       


     

       
257
       
257
       
-
       
  ```

     

       
257
       
257
       
+
       
  ```nix

     

       
258
       
258
       
 
       
  services.github-runner.serviceOverrides.SupplementaryGroups = [

     

       
259
       
259
       
 
       
    "docker"

     

       
260
       
260
       
 
       
  ];

     

···

       
1228
       
1228
       
 
       
- CoreDNS may be built with external plugins now. This may be done by

     

       
1229
       
1229
       
 
       
  overriding `externalPlugins` and `vendorHash` arguments like this:

     

       
1230
       
1230
       
 
       


     

       
1231
       
1231
       
-
       
  ```

     

       
1231
       
1231
       
+
       
  ```nix

     

       
1232
       
1232
       
 
       
  services.coredns = {

     

       
1233
       
1233
       
 
       
    enable = true;

     

       
1234
       
1234
       
 
       
    package = pkgs.coredns.override {

     

···

       
57
       
57
       
 
       
  without perl). Previously, the NixOS activation depended on two perl scripts

     

       
58
       
58
       
 
       
  which can now be replaced via an opt-in mechanism. To make your system

     

       
59
       
59
       
 
       
  perlless, you can use the new perlless profile:

     

       
60
       
60
       
-
       
  ```

     

       
60
       
60
       
+
       
  ```nix

     

       
61
       
61
       
 
       
  { modulesPath, ... }: {

     

       
62
       
62
       
 
       
    imports = [ "${modulesPath}/profiles/perlless.nix" ];

     

       
63
       
63
       
 
       
  }

     

···

       
22
       
22
       
 
       


     

       
23
       
23
       
 
       
The following snippet can be used to configure IBus:

     

       
24
       
24
       
 
       


     

       
25
       
25
       
-
       
```

     

       
25
       
25
       
+
       
```nix

     

       
26
       
26
       
 
       
i18n.inputMethod = {

     

       
27
       
27
       
 
       
  enabled = "ibus";

     

       
28
       
28
       
 
       
  ibus.engines = with pkgs.ibus-engines; [ anthy hangul mozc ];

     
···

       
48
       
48
       
 
       
    methods, it must appear in the list of engines along with

     

       
49
       
49
       
 
       
    `table`. For example:

     

       
50
       
50
       
 
       


     

       
51
       
51
       
-
       
    ```

     

       
51
       
51
       
+
       
    ```nix

     

       
52
       
52
       
 
       
    ibus.engines = with pkgs.ibus-engines; [ table table-others ];

     

       
53
       
53
       
 
       
    ```

     

       
54
       
54
       
 
       


     
···

       
74
       
74
       
 
       


     

       
75
       
75
       
 
       
The following snippet can be used to configure Fcitx:

     

       
76
       
76
       
 
       


     

       
77
       
77
       
-
       
```

     

       
77
       
77
       
+
       
```nix

     

       
78
       
78
       
 
       
i18n.inputMethod = {

     

       
79
       
79
       
 
       
  enabled = "fcitx5";

     

       
80
       
80
       
 
       
  fcitx5.addons = with pkgs; [ fcitx5-mozc fcitx5-hangul fcitx5-m17n ];

     
···

       
110
       
110
       
 
       


     

       
111
       
111
       
 
       
The following snippet can be used to configure Nabi:

     

       
112
       
112
       
 
       


     

       
113
       
113
       
-
       
```

     

       
113
       
113
       
+
       
```nix

     

       
114
       
114
       
 
       
i18n.inputMethod = {

     

       
115
       
115
       
 
       
  enabled = "nabi";

     

       
116
       
116
       
 
       
};

     
···

       
123
       
123
       
 
       


     

       
124
       
124
       
 
       
The following snippet can be used to configure uim:

     

       
125
       
125
       
 
       


     

       
126
       
126
       
-
       
```

     

       
126
       
126
       
+
       
```nix

     

       
127
       
127
       
 
       
i18n.inputMethod = {

     

       
128
       
128
       
 
       
  enabled = "uim";

     

       
129
       
129
       
 
       
};

     
···

       
141
       
141
       
 
       


     

       
142
       
142
       
 
       
The following snippet can be used to configure Hime:

     

       
143
       
143
       
 
       


     

       
144
       
144
       
-
       
```

     

       
144
       
144
       
+
       
```nix

     

       
145
       
145
       
 
       
i18n.inputMethod = {

     

       
146
       
146
       
 
       
  enabled = "hime";

     

       
147
       
147
       
 
       
};

     
···

       
153
       
153
       
 
       


     

       
154
       
154
       
 
       
The following snippet can be used to configure Kime:

     

       
155
       
155
       
 
       


     

       
156
       
156
       
-
       
```

     

       
156
       
156
       
+
       
```nix

     

       
157
       
157
       
 
       
i18n.inputMethod = {

     

       
158
       
158
       
 
       
  enabled = "kime";

     

       
159
       
159
       
 
       
};

     

···

       
4
       
4
       
 
       


     

       
5
       
5
       
 
       
The `digitalbitbox` programs module may be installed by setting

     

       
6
       
6
       
 
       
`programs.digitalbitbox` to `true` in a manner similar to

     

       
7
       
7
       
-
       
```

     

       
7
       
7
       
+
       
```nix

     

       
8
       
8
       
 
       
programs.digitalbitbox.enable = true;

     

       
9
       
9
       
 
       
```

     

       
10
       
10
       
 
       
and bundles the `digitalbitbox` package (see [](#sec-digitalbitbox-package)),

     
···

       
21
       
21
       
 
       


     

       
22
       
22
       
 
       
The binaries, `dbb-app` (a GUI tool) and `dbb-cli` (a CLI tool), are available

     

       
23
       
23
       
 
       
through the `digitalbitbox` package which could be installed as follows:

     

       
24
       
24
       
-
       
```

     

       
24
       
24
       
+
       
```nix

     

       
25
       
25
       
 
       
environment.systemPackages = [

     

       
26
       
26
       
 
       
  pkgs.digitalbitbox

     

       
27
       
27
       
 
       
];

     
···

       
31
       
31
       
 
       


     

       
32
       
32
       
 
       
The digitalbitbox hardware package enables the udev rules for Digital Bitbox

     

       
33
       
33
       
 
       
devices and may be installed as follows:

     

       
34
       
34
       
-
       
```

     

       
34
       
34
       
+
       
```nix

     

       
35
       
35
       
 
       
hardware.digitalbitbox.enable = true;

     

       
36
       
36
       
 
       
```

     

       
37
       
37
       
 
       


     

       
38
       
38
       
 
       
In order to alter the udev rules, one may provide different values for the

     

       
39
       
39
       
 
       
`udevRule51` and `udevRule52` attributes by means of overriding as follows:

     

       
40
       
40
       
-
       
```

     

       
40
       
40
       
+
       
```nix

     

       
41
       
41
       
 
       
programs.digitalbitbox = {

     

       
42
       
42
       
 
       
  enable = true;

     

       
43
       
43
       
 
       
  package = pkgs.digitalbitbox.override {

     

···

       
12
       
12
       
 
       


     

       
13
       
13
       
 
       
To enable Plotinus, add the following to your

     

       
14
       
14
       
 
       
{file}`configuration.nix`:

     

       
15
       
15
       
-
       
```

     

       
15
       
15
       
+
       
```nix

     

       
16
       
16
       
 
       
programs.plotinus.enable = true;

     

       
17
       
17
       
 
       
```

     

···

       
9
       
9
       
 
       
The module uses the `oh-my-zsh` package with all available

     

       
10
       
10
       
 
       
features. The initial setup using Nix expressions is fairly similar to the

     

       
11
       
11
       
 
       
configuration format of `oh-my-zsh`.

     

       
12
       
12
       
-
       
```

     

       
12
       
12
       
+
       
```nix

     

       
13
       
13
       
 
       
{

     

       
14
       
14
       
 
       
  programs.zsh.ohMyZsh = {

     

       
15
       
15
       
 
       
    enable = true;

     
···

       
33
       
33
       
 
       
scripts.

     

       
34
       
34
       
 
       


     

       
35
       
35
       
 
       
The module can do this as well:

     

       
36
       
36
       
-
       
```

     

       
36
       
36
       
+
       
```nix

     

       
37
       
37
       
 
       
{

     

       
38
       
38
       
 
       
  programs.zsh.ohMyZsh.custom = "~/path/to/custom/scripts";

     

       
39
       
39
       
 
       
}

     
···

       
48
       
48
       
 
       


     

       
49
       
49
       
 
       
Rather than using a single mutable path for `ZSH_CUSTOM`,

     

       
50
       
50
       
 
       
it's also possible to generate this path from a list of Nix packages:

     

       
51
       
51
       
-
       
```

     

       
51
       
51
       
+
       
```nix

     

       
52
       
52
       
 
       
{ pkgs, ... }:

     

       
53
       
53
       
 
       
{

     

       
54
       
54
       
 
       
  programs.zsh.ohMyZsh.customPkgs = [

     
···

       
89
       
89
       
 
       
    [upstream repo.](https://github.com/robbyrussell/oh-my-zsh/tree/91b771914bc7c43dd7c7a43b586c5de2c225ceb7/plugins)

     

       
90
       
90
       
 
       


     

       
91
       
91
       
 
       
A derivation for `oh-my-zsh` may look like this:

     

       
92
       
92
       
-
       
```

     

       
92
       
92
       
+
       
```nix

     

       
93
       
93
       
 
       
{ stdenv, fetchFromGitHub }:

     

       
94
       
94
       
 
       


     

       
95
       
95
       
 
       
stdenv.mkDerivation rec {

     

···

       
21
       
21
       
 
       
## Basic usage for a local backup {#opt-services-backup-borgbackup-local-directory}

     

       
22
       
22
       
 
       


     

       
23
       
23
       
 
       
A very basic configuration for backing up to a locally accessible directory is:

     

       
24
       
24
       
-
       
```

     

       
24
       
24
       
+
       
```nix

     

       
25
       
25
       
 
       
{

     

       
26
       
26
       
 
       
    opt.services.borgbackup.jobs = {

     

       
27
       
27
       
 
       
      { rootBackup = {

     
···

       
59
       
59
       
 
       
```

     

       
60
       
60
       
 
       


     

       
61
       
61
       
 
       
Add the following snippet to your NixOS configuration:

     

       
62
       
62
       
-
       
```

     

       
62
       
62
       
+
       
```nix

     

       
63
       
63
       
 
       
{

     

       
64
       
64
       
 
       
  services.borgbackup.repos = {

     

       
65
       
65
       
 
       
    my_borg_repo = {

     
···

       
80
       
80
       
 
       
{file}`/run/keys/borgbackup_passphrase`, which should be only

     

       
81
       
81
       
 
       
accessible by root

     

       
82
       
82
       
 
       


     

       
83
       
83
       
-
       
```

     

       
83
       
83
       
+
       
```nix

     

       
84
       
84
       
 
       
{

     

       
85
       
85
       
 
       
  services.borgbackup.jobs = {

     

       
86
       
86
       
 
       
    backupToLocalServer = {

     

···

       
15
       
15
       
 
       


     

       
16
       
16
       
 
       
To enable FoundationDB, add the following to your

     

       
17
       
17
       
 
       
{file}`configuration.nix`:

     

       
18
       
18
       
-
       
```

     

       
18
       
18
       
+
       
```nix

     

       
19
       
19
       
 
       
services.foundationdb.enable = true;

     

       
20
       
20
       
 
       
services.foundationdb.package = pkgs.foundationdb71; # FoundationDB 7.1.x

     

       
21
       
21
       
 
       
```

     
···

       
109
       
109
       
 
       
FoundationDB stores all data for all server processes under

     

       
110
       
110
       
 
       
{file}`/var/lib/foundationdb`. You can override this using

     

       
111
       
111
       
 
       
{option}`services.foundationdb.dataDir`, e.g.

     

       
112
       
112
       
-
       
```

     

       
112
       
112
       
+
       
```nix

     

       
113
       
113
       
 
       
services.foundationdb.dataDir = "/data/fdb";

     

       
114
       
114
       
 
       
```

     

       
115
       
115
       
 
       


     
···

       
265
       
265
       
 
       
For example, to create backups in {command}`/opt/fdb-backups`, first

     

       
266
       
266
       
 
       
set up the paths in the module options:

     

       
267
       
267
       
 
       


     

       
268
       
268
       
-
       
```

     

       
268
       
268
       
+
       
```nix

     

       
269
       
269
       
 
       
services.foundationdb.extraReadWritePaths = [ "/opt/fdb-backups" ];

     

       
270
       
270
       
 
       
```

     

       
271
       
271
       
 
       


     

···

       
15
       
15
       
 
       
## Configuring {#module-services-postgres-configuring}

     

       
16
       
16
       
 
       


     

       
17
       
17
       
 
       
To enable PostgreSQL, add the following to your {file}`configuration.nix`:

     

       
18
       
18
       
-
       
```

     

       
18
       
18
       
+
       
```nix

     

       
19
       
19
       
 
       
services.postgresql.enable = true;

     

       
20
       
20
       
 
       
services.postgresql.package = pkgs.postgresql_15;

     

       
21
       
21
       
 
       
```

     
···

       
35
       
35
       
 
       
-->

     

       
36
       
36
       
 
       


     

       
37
       
37
       
 
       
By default, PostgreSQL stores its databases in {file}`/var/lib/postgresql/$psqlSchema`. You can override this using [](#opt-services.postgresql.dataDir), e.g.

     

       
38
       
38
       
-
       
```

     

       
38
       
38
       
+
       
```nix

     

       
39
       
39
       
 
       
services.postgresql.dataDir = "/data/postgresql";

     

       
40
       
40
       
 
       
```

     

       
41
       
41
       
 
       


     
···

       
174
       
174
       
 
       
"13"

     

       
175
       
175
       
 
       
```

     

       
176
       
176
       
 
       
For an upgrade, a script like this can be used to simplify the process:

     

       
177
       
177
       
-
       
```

     

       
177
       
177
       
+
       
```nix

     

       
178
       
178
       
 
       
{ config, pkgs, ... }:

     

       
179
       
179
       
 
       
{

     

       
180
       
180
       
 
       
  environment.systemPackages = [

     
···

       
256
       
256
       
 
       
```

     

       
257
       
257
       
 
       


     

       
258
       
258
       
 
       
To add plugins via NixOS configuration, set `services.postgresql.extraPlugins`:

     

       
259
       
259
       
-
       
```

     

       
259
       
259
       
+
       
```nix

     

       
260
       
260
       
 
       
services.postgresql.package = pkgs.postgresql_12;

     

       
261
       
261
       
 
       
services.postgresql.extraPlugins = ps: with ps; [

     

       
262
       
262
       
 
       
  pg_repack

     
···

       
265
       
265
       
 
       
```

     

       
266
       
266
       
 
       


     

       
267
       
267
       
 
       
You can build custom PostgreSQL-with-plugins (to be used outside of NixOS) using function `.withPackages`. For example, creating a custom PostgreSQL package in an overlay can look like:

     

       
268
       
268
       
-
       
```

     

       
268
       
268
       
+
       
```nix

     

       
269
       
269
       
 
       
self: super: {

     

       
270
       
270
       
 
       
  postgresql_custom = self.postgresql_12.withPackages (ps: [

     

       
271
       
271
       
 
       
    ps.pg_repack

     
···

       
275
       
275
       
 
       
```

     

       
276
       
276
       
 
       


     

       
277
       
277
       
 
       
Here's a recipe on how to override a particular plugin through an overlay:

     

       
278
       
278
       
-
       
```

     

       
278
       
278
       
+
       
```nix

     

       
279
       
279
       
 
       
self: super: {

     

       
280
       
280
       
 
       
  postgresql_15 = super.postgresql_15// {

     

       
281
       
281
       
 
       
    pkgs = super.postgresql_15.pkgs // {

     

···

       
7
       
7
       
 
       
TigerBeetle is a distributed financial accounting database designed for mission critical safety and performance.

     

       
8
       
8
       
 
       


     

       
9
       
9
       
 
       
To enable TigerBeetle, add the following to your {file}`configuration.nix`:

     

       
10
       
10
       
-
       
```

     

       
10
       
10
       
+
       
```nix

     

       
11
       
11
       
 
       
  services.tigerbeetle.enable = true;

     

       
12
       
12
       
 
       
```

     

       
13
       
13
       
 
       


     
···

       
20
       
20
       
 
       
To configure it to listen on a different interface (and to configure it to connect to other replicas, if you're creating more than one), you'll have to set the `addresses` option.

     

       
21
       
21
       
 
       
Note that the TigerBeetle module won't open any firewall ports automatically, so if you configure it to listen on an external interface, you'll need to ensure that connections can reach it:

     

       
22
       
22
       
 
       


     

       
23
       
23
       
-
       
```

     

       
23
       
23
       
+
       
```nix

     

       
24
       
24
       
 
       
  services.tigerbeetle = {

     

       
25
       
25
       
 
       
    enable = true;

     

       
26
       
26
       
 
       
    addresses = [ "0.0.0.0:3001" ];

     

···

       
8
       
8
       
 
       
applications on Linux.

     

       
9
       
9
       
 
       


     

       
10
       
10
       
 
       
To enable Flatpak, add the following to your {file}`configuration.nix`:

     

       
11
       
11
       
-
       
```

     

       
11
       
11
       
+
       
```nix

     

       
12
       
12
       
 
       
  services.flatpak.enable = true;

     

       
13
       
13
       
 
       
```

     

       
14
       
14
       
 
       


     
···

       
16
       
16
       
 
       
be installed. If you run GNOME, this will be handled automatically for you;

     

       
17
       
17
       
 
       
in other cases, you will need to add something like the following to your

     

       
18
       
18
       
 
       
{file}`configuration.nix`:

     

       
19
       
19
       
-
       
```

     

       
19
       
19
       
+
       
```nix

     

       
20
       
20
       
 
       
  xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];

     

       
21
       
21
       
 
       
  xdg.portal.config.common.default = "gtk";

     

       
22
       
22
       
 
       
```

     

···

       
18
       
18
       
 
       
## Basic usage for a caching proxy configuration {#opt-services-development-athens-caching-proxy}

     

       
19
       
19
       
 
       


     

       
20
       
20
       
 
       
A very basic configuration for Athens that acts as a caching and forwarding HTTP proxy is:

     

       
21
       
21
       
-
       
```

     

       
21
       
21
       
+
       
```nix

     

       
22
       
22
       
 
       
{

     

       
23
       
23
       
 
       
    services.athens = {

     

       
24
       
24
       
 
       
      enable = true;

     
···

       
28
       
28
       
 
       


     

       
29
       
29
       
 
       
If you want to prevent Athens from writing to disk, you can instead configure it to cache modules only in memory:

     

       
30
       
30
       
 
       


     

       
31
       
31
       
-
       
```

     

       
31
       
31
       
+
       
```nix

     

       
32
       
32
       
 
       
{

     

       
33
       
33
       
 
       
    services.athens = {

     

       
34
       
34
       
 
       
      enable = true;

     
···

       
39
       
39
       
 
       


     

       
40
       
40
       
 
       
To use the local proxy in Go builds, you can set the proxy as environment variable:

     

       
41
       
41
       
 
       


     

       
42
       
42
       
-
       
```

     

       
42
       
42
       
+
       
```nix

     

       
43
       
43
       
 
       
{

     

       
44
       
44
       
 
       
  environment.variables = {

     

       
45
       
45
       
 
       
    GOPROXY = "http://localhost:3000"

     

···

       
7
       
7
       
 
       
[Blackfire](https://blackfire.io) is a proprietary tool for profiling applications. There are several languages supported by the product but currently only PHP support is packaged in Nixpkgs. The back-end consists of a module that is loaded into the language runtime (called *probe*) and a service (*agent*) that the probe connects to and that sends the profiles to the server.

     

       
8
       
8
       
 
       


     

       
9
       
9
       
 
       
To use it, you will need to enable the agent and the probe on your server. The exact method will depend on the way you use PHP but here is an example of NixOS configuration for PHP-FPM:

     

       
10
       
10
       
-
       
```

     

       
10
       
10
       
+
       
```nix

     

       
11
       
11
       
 
       
let

     

       
12
       
12
       
 
       
  php = pkgs.php.withExtensions ({ enabled, all }: enabled ++ (with all; [

     

       
13
       
13
       
 
       
    blackfire

     

···

       
9
       
9
       
 
       
[`systemd`](https://www.freedesktop.org/wiki/Software/systemd/) unit

     

       
10
       
10
       
 
       
which runs the server.

     

       
11
       
11
       
 
       


     

       
12
       
12
       
-
       
```

     

       
12
       
12
       
+
       
```nix

     

       
13
       
13
       
 
       
{ ... }:

     

       
14
       
14
       
 
       


     

       
15
       
15
       
 
       
{

     
···

       
51
       
51
       
 
       
learning Kinos require `gcc` and `gnumake`.  To add these, use

     

       
52
       
52
       
 
       
`extraPackages`:

     

       
53
       
53
       
 
       


     

       
54
       
54
       
-
       
```

     

       
54
       
54
       
+
       
```nix

     

       
55
       
55
       
 
       
services.livebook.extraPackages = with pkgs; [ gcc gnumake ];

     

       
56
       
56
       
 
       
```

     

···

       
178
       
178
       
 
       
::: {.example #module-services-emacs-configuration-nix}

     

       
179
       
179
       
 
       
### Custom Emacs in `configuration.nix`

     

       
180
       
180
       
 
       


     

       
181
       
181
       
-
       
```

     

       
181
       
181
       
+
       
```nix

     

       
182
       
182
       
 
       
{

     

       
183
       
183
       
 
       
 environment.systemPackages = [

     

       
184
       
184
       
 
       
   # [...]

     
···

       
203
       
203
       
 
       
::: {.example #module-services-emacs-config-nix}

     

       
204
       
204
       
 
       
### Custom Emacs in `~/.config/nixpkgs/config.nix`

     

       
205
       
205
       
 
       


     

       
206
       
206
       
-
       
```

     

       
206
       
206
       
+
       
```nix

     

       
207
       
207
       
 
       
{

     

       
208
       
208
       
 
       
  packageOverrides = super: let self = super.pkgs; in {

     

       
209
       
209
       
 
       
    myemacs = import ./emacs.nix { pkgs = self; };

     
···

       
228
       
228
       
 
       
::: {.example #ex-emacsGtk3Nix}

     

       
229
       
229
       
 
       
### Custom Emacs build

     

       
230
       
230
       
 
       


     

       
231
       
231
       
-
       
```

     

       
231
       
231
       
+
       
```nix

     

       
232
       
232
       
 
       
{ pkgs ? import <nixpkgs> {} }:

     

       
233
       
233
       
 
       
let

     

       
234
       
234
       
 
       
  myEmacs = (pkgs.emacs.override {

     
···

       
262
       
262
       
 
       


     

       
263
       
263
       
 
       
To install and enable the {command}`systemd` user service for Emacs

     

       
264
       
264
       
 
       
daemon, add the following to your {file}`configuration.nix`:

     

       
265
       
265
       
-
       
```

     

       
265
       
265
       
+
       
```nix

     

       
266
       
266
       
 
       
services.emacs.enable = true;

     

       
267
       
267
       
 
       
```

     

       
268
       
268
       
 
       


     
···

       
323
       
323
       
 
       
by symlinks in {file}`/etc/systemd/user`. In the case where

     

       
324
       
324
       
 
       
Emacs daemon is not wanted for all users, it is possible to install the

     

       
325
       
325
       
 
       
service but not globally enable it:

     

       
326
       
326
       
-
       
```

     

       
326
       
326
       
+
       
```nix

     

       
327
       
327
       
 
       
services.emacs.enable = false;

     

       
328
       
328
       
 
       
services.emacs.install = true;

     

       
329
       
329
       
 
       
```

     

···

       
9
       
9
       
 
       
## Basic usage with Postfix {#module-services-mailman-basic-usage}

     

       
10
       
10
       
 
       


     

       
11
       
11
       
 
       
For a basic configuration with Postfix as the MTA, the following settings are suggested:

     

       
12
       
12
       
-
       
```

     

       
12
       
12
       
+
       
```nix

     

       
13
       
13
       
 
       
{ config, ... }: {

     

       
14
       
14
       
 
       
  services.postfix = {

     

       
15
       
15
       
 
       
    enable = true;

     
···

       
50
       
50
       
 
       
## Using with other MTAs {#module-services-mailman-other-mtas}

     

       
51
       
51
       
 
       


     

       
52
       
52
       
 
       
Mailman also supports other MTA, though with a little bit more configuration. For example, to use Mailman with Exim, you can use the following settings:

     

       
53
       
53
       
-
       
```

     

       
53
       
53
       
+
       
```nix

     

       
54
       
54
       
 
       
{ config, ... }: {

     

       
55
       
55
       
 
       
  services = {

     

       
56
       
56
       
 
       
    mailman = {

     

···

       
46
       
46
       
 
       
set in [services.mjolnir.homeserverUrl](#opt-services.mjolnir.homeserverUrl) and Mjolnir itself

     

       
47
       
47
       
 
       
will be configured to connect to the new Pantalaimon instance.

     

       
48
       
48
       
 
       


     

       
49
       
49
       
-
       
```

     

       
49
       
49
       
+
       
```nix

     

       
50
       
50
       
 
       
{

     

       
51
       
51
       
 
       
  services.mjolnir = {

     

       
52
       
52
       
 
       
    enable = true;

     
···

       
78
       
78
       
 
       
To use the Antispam Module, add `matrix-synapse-plugins.matrix-synapse-mjolnir-antispam`

     

       
79
       
79
       
 
       
to the Synapse plugin list and enable the `mjolnir.Module` module.

     

       
80
       
80
       
 
       


     

       
81
       
81
       
-
       
```

     

       
81
       
81
       
+
       
```nix

     

       
82
       
82
       
 
       
{

     

       
83
       
83
       
 
       
  services.matrix-synapse = {

     

       
84
       
84
       
 
       
    plugins = with pkgs; [

     

···

       
23
       
23
       
 
       
the host `myhostname.example.org`. For more information,

     

       
24
       
24
       
 
       
please refer to the

     

       
25
       
25
       
 
       
[installation instructions of Synapse](https://element-hq.github.io/synapse/latest/setup/installation.html) .

     

       
26
       
26
       
-
       
```

     

       
26
       
26
       
+
       
```nix

     

       
27
       
27
       
 
       
{ pkgs, lib, config, ... }:

     

       
28
       
28
       
 
       
let

     

       
29
       
29
       
 
       
  fqdn = "${config.networking.hostName}.${config.networking.domain}";

     
···

       
158
       
158
       
 
       
    by `matrix-synapse`.

     

       
159
       
159
       
 
       
  - Include the file like this in your configuration:

     

       
160
       
160
       
 
       


     

       
161
       
161
       
-
       
    ```

     

       
161
       
161
       
+
       
    ```nix

     

       
162
       
162
       
 
       
    {

     

       
163
       
163
       
 
       
      services.matrix-synapse.extraConfigFiles = [

     

       
164
       
164
       
 
       
        "/run/secrets/matrix-shared-secret"

     
···

       
190
       
190
       
 
       
Matrix Identifier. See

     

       
191
       
191
       
 
       
[Try Matrix Now!](https://matrix.org/docs/projects/try-matrix-now.html)

     

       
192
       
192
       
 
       
for a list of existing clients and their supported featureset.

     

       
193
       
193
       
-
       
```

     

       
193
       
193
       
+
       
```nix

     

       
194
       
194
       
 
       
{

     

       
195
       
195
       
 
       
  services.nginx.virtualHosts."element.${fqdn}" = {

     

       
196
       
196
       
 
       
    enableACME = true;

     

···

       
16
       
16
       
 
       
`DynamicUser` option.

     

       
17
       
17
       
 
       


     

       
18
       
18
       
 
       
This can be done by enabling the `anki-sync-server` service:

     

       
19
       
19
       
-
       
```

     

       
19
       
19
       
+
       
```nix

     

       
20
       
20
       
 
       
{ ... }:

     

       
21
       
21
       
 
       


     

       
22
       
22
       
 
       
{

     
···

       
27
       
27
       
 
       
It is necessary to set at least one username-password pair under

     

       
28
       
28
       
 
       
{option}`services.anki-sync-server.users`. For example

     

       
29
       
29
       
 
       


     

       
30
       
30
       
-
       
```

     

       
30
       
30
       
+
       
```nix

     

       
31
       
31
       
 
       
{

     

       
32
       
32
       
 
       
  services.anki-sync-server.users = [

     

       
33
       
33
       
 
       
    {

     
···

       
50
       
50
       
 
       
in most circumstances, because the sync server doesn't use HTTPS), then set the

     

       
51
       
51
       
 
       
following options:

     

       
52
       
52
       
 
       


     

       
53
       
53
       
-
       
```

     

       
53
       
53
       
+
       
```nix

     

       
54
       
54
       
 
       
{

     

       
55
       
55
       
 
       
  services.anki-sync-server.host = "0.0.0.0";

     

       
56
       
56
       
 
       
  services.anki-sync-server.openFirewall = true;

     

···

       
10
       
10
       
 
       


     

       
11
       
11
       
 
       
For instance, the following configuration could be used to use nginx as

     

       
12
       
12
       
 
       
frontend proxy:

     

       
13
       
13
       
-
       
```

     

       
13
       
13
       
+
       
```nix

     

       
14
       
14
       
 
       
services.nginx = {

     

       
15
       
15
       
 
       
  enable = true;

     

       
16
       
16
       
 
       
  recommendedGzipSettings = true;

     
···

       
35
       
35
       
 
       
all data like the repositories and uploads will be stored.

     

       
36
       
36
       
 
       


     

       
37
       
37
       
 
       
A basic configuration with some custom settings could look like this:

     

       
38
       
38
       
-
       
```

     

       
38
       
38
       
+
       
```nix

     

       
39
       
39
       
 
       
services.gitlab = {

     

       
40
       
40
       
 
       
  enable = true;

     

       
41
       
41
       
 
       
  databasePasswordFile = "/var/keys/gitlab/db_password";

     

···

       
12
       
12
       
 
       
and `services.postgresql` services.

     

       
13
       
13
       
 
       


     

       
14
       
14
       
 
       
A very basic configuration may look like this:

     

       
15
       
15
       
-
       
```

     

       
15
       
15
       
+
       
```nix

     

       
16
       
16
       
 
       
{ pkgs, ... }:

     

       
17
       
17
       
 
       
let

     

       
18
       
18
       
 
       
  fqdn =

     

···

       
12
       
12
       
 
       
session.

     

       
13
       
13
       
 
       


     

       
14
       
14
       
 
       
This can be done by enabling the `weechat` service:

     

       
15
       
15
       
-
       
```

     

       
15
       
15
       
+
       
```nix

     

       
16
       
16
       
 
       
{ ... }:

     

       
17
       
17
       
 
       


     

       
18
       
18
       
 
       
{

     
···

       
30
       
30
       
 
       
`screenrc` needs to be tweaked by adding

     

       
31
       
31
       
 
       
[multiuser](https://www.gnu.org/software/screen/manual/html_node/Multiuser.html#Multiuser)

     

       
32
       
32
       
 
       
support:

     

       
33
       
33
       
-
       
```

     

       
33
       
33
       
+
       
```nix

     

       
34
       
34
       
 
       
{

     

       
35
       
35
       
 
       
  programs.screen.screenrc = ''

     

       
36
       
36
       
 
       
    multiuser on

     

···

       
7
       
7
       
 
       


     

       
8
       
8
       
 
       
A minimal configuration looks like this:

     

       
9
       
9
       
 
       


     

       
10
       
10
       
-
       
```

     

       
10
       
10
       
+
       
```nix

     

       
11
       
11
       
 
       
{

     

       
12
       
12
       
 
       
  services.goss = {

     

       
13
       
13
       
 
       
    enable = true;

     

···

       
9
       
9
       
 
       
[node exporter](https://github.com/prometheus/node_exporter),

     

       
10
       
10
       
 
       
it provides hardware and OS metrics from the host it's

     

       
11
       
11
       
 
       
running on. The exporter could be configured as follows:

     

       
12
       
12
       
-
       
```

     

       
12
       
12
       
+
       
```nix

     

       
13
       
13
       
 
       
  services.prometheus.exporters.node = {

     

       
14
       
14
       
 
       
    enable = true;

     

       
15
       
15
       
 
       
    port = 9100;

     
···

       
35
       
35
       
 
       
the [available options](https://nixos.org/nixos/options.html#prometheus.exporters).

     

       
36
       
36
       
 
       


     

       
37
       
37
       
 
       
Prometheus can now be configured to consume the metrics produced by the exporter:

     

       
38
       
38
       
-
       
```

     

       
38
       
38
       
+
       
```nix

     

       
39
       
39
       
 
       
    services.prometheus = {

     

       
40
       
40
       
 
       
      # ...

     

       
41
       
41
       
 
       


     
···

       
75
       
75
       
 
       
    `nixos/modules/services/monitoring/prometheus/exporters/`

     

       
76
       
76
       
 
       
    directory, which will be called postfix.nix and contains all exporter

     

       
77
       
77
       
 
       
    specific options and configuration:

     

       
78
       
78
       
-
       
    ```

     

       
78
       
78
       
+
       
    ```nix

     

       
79
       
79
       
 
       
    # nixpkgs/nixos/modules/services/prometheus/exporters/postfix.nix

     

       
80
       
80
       
 
       
    { config, lib, pkgs, options }:

     

       
81
       
81
       
 
       


     
···

       
148
       
148
       
 
       
Should an exporter option change at some point, it is possible to add

     

       
149
       
149
       
 
       
information about the change to the exporter definition similar to

     

       
150
       
150
       
 
       
`nixpkgs/nixos/modules/rename.nix`:

     

       
151
       
151
       
-
       
```

     

       
151
       
151
       
+
       
```nix

     

       
152
       
152
       
 
       
{ config, lib, pkgs, options }:

     

       
153
       
153
       
 
       


     

       
154
       
154
       
 
       
with lib;

     

···

       
8
       
8
       
 
       
Litestream service is managed by a dedicated user named `litestream`

     

       
9
       
9
       
 
       
which needs permission to the database file. Here's an example config which gives

     

       
10
       
10
       
 
       
required permissions to access [grafana database](#opt-services.grafana.settings.database.path):

     

       
11
       
11
       
-
       
```

     

       
11
       
11
       
+
       
```nix

     

       
12
       
12
       
 
       
{ pkgs, ... }:

     

       
13
       
13
       
 
       
{

     

       
14
       
14
       
 
       
  users.users.litestream.extraGroups = [ "grafana" ];

     

···

       
17
       
17
       
 
       
## Initializing the database {#module-services-pleroma-initialize-db}

     

       
18
       
18
       
 
       


     

       
19
       
19
       
 
       
First, the Postgresql service must be enabled in the NixOS configuration

     

       
20
       
20
       
-
       
```

     

       
20
       
20
       
+
       
```nix

     

       
21
       
21
       
 
       
services.postgresql = {

     

       
22
       
22
       
 
       
  enable = true;

     

       
23
       
23
       
 
       
  package = pkgs.postgresql_13;

     
···

       
38
       
38
       
 
       
In this section we will enable the Pleroma service only locally, so its configurations can be improved incrementally.

     

       
39
       
39
       
 
       


     

       
40
       
40
       
 
       
This is an example of configuration, where [](#opt-services.pleroma.configs) option contains the content of the file `config.exs`, generated [in the first section](#module-services-pleroma-generate-config), but with the secrets (database password, endpoint secret key, salts, etc.) removed. Removing secrets is important, because otherwise they will be stored publicly in the Nix store.

     

       
41
       
41
       
-
       
```

     

       
41
       
41
       
+
       
```nix

     

       
42
       
42
       
 
       
services.pleroma = {

     

       
43
       
43
       
 
       
  enable = true;

     

       
44
       
44
       
 
       
  secretConfigFile = "/var/lib/pleroma/secrets.exs";

     
···

       
121
       
121
       
 
       


     

       
122
       
122
       
 
       
In this configuration, Pleroma is listening only on the local port 4000. Nginx can be configured as a Reverse Proxy, for forwarding requests from public ports to the Pleroma service. This is an example of configuration, using

     

       
123
       
123
       
 
       
[Let's Encrypt](https://letsencrypt.org/) for the TLS certificates

     

       
124
       
124
       
-
       
```

     

       
124
       
124
       
+
       
```nix

     

       
125
       
125
       
 
       
security.acme = {

     

       
126
       
126
       
 
       
  email = "root@example.net";

     

       
127
       
127
       
 
       
  acceptTerms = true;

     

···

       
25
       
25
       
 
       
[Multi User Chat (MUC)](https://xmpp.org/extensions/xep-0045.html)

     

       
26
       
26
       
 
       
endpoint as well as a [HTTP File Upload](https://xmpp.org/extensions/xep-0363.html)

     

       
27
       
27
       
 
       
endpoint will look like this:

     

       
28
       
28
       
-
       
```

     

       
28
       
28
       
+
       
```nix

     

       
29
       
29
       
 
       
services.prosody = {

     

       
30
       
30
       
 
       
  enable = true;

     

       
31
       
31
       
 
       
  admins = [ "root@example.org" ];

     
···

       
57
       
57
       
 
       


     

       
58
       
58
       
 
       
Provided the setup detailed in the previous section, you'll need the following acme configuration to generate

     

       
59
       
59
       
 
       
a TLS certificate for the three endponits:

     

       
60
       
60
       
-
       
```

     

       
60
       
60
       
+
       
```nix

     

       
61
       
61
       
 
       
security.acme = {

     

       
62
       
62
       
 
       
  email = "root@example.org";

     

       
63
       
63
       
 
       
  acceptTerms = true;

     

···

       
12
       
12
       
 
       
### Simple ephemeral node {#module-services-networking-yggdrasil-configuration-simple}

     

       
13
       
13
       
 
       


     

       
14
       
14
       
 
       
An annotated example of a simple configuration:

     

       
15
       
15
       
-
       
```

     

       
15
       
15
       
+
       
```nix

     

       
16
       
16
       
 
       
{

     

       
17
       
17
       
 
       
  services.yggdrasil = {

     

       
18
       
18
       
 
       
    enable = true;

     
···

       
39
       
39
       
 
       
### Persistent node with prefix {#module-services-networking-yggdrasil-configuration-prefix}

     

       
40
       
40
       
 
       


     

       
41
       
41
       
 
       
A node with a fixed address that announces a prefix:

     

       
42
       
42
       
-
       
```

     

       
42
       
42
       
+
       
```nix

     

       
43
       
43
       
 
       
let

     

       
44
       
44
       
 
       
  address = "210:5217:69c0:9afc:1b95:b9f:8718:c3d2";

     

       
45
       
45
       
 
       
  prefix = "310:5217:69c0:9afc";

     
···

       
90
       
90
       
 
       


     

       
91
       
91
       
 
       
A NixOS container attached to the Yggdrasil network via a node running on the

     

       
92
       
92
       
 
       
host:

     

       
93
       
93
       
-
       
```

     

       
93
       
93
       
+
       
```nix

     

       
94
       
94
       
 
       
let

     

       
95
       
95
       
 
       
  yggPrefix64 = "310:5217:69c0:9afc";

     

       
96
       
96
       
 
       
    # Again, taken from the output of "yggdrasilctl getself".

     

···

       
4
       
4
       
 
       
including but not limited to pictures and videos.

     

       
5
       
5
       
 
       


     

       
6
       
6
       
 
       
The service `c2fmzq-server` can be enabled by setting

     

       
7
       
7
       
-
       
```

     

       
7
       
7
       
+
       
```nix

     

       
8
       
8
       
 
       
{

     

       
9
       
9
       
 
       
  services.c2fmzq-server.enable = true;

     

       
10
       
10
       
 
       
}

     
···

       
17
       
17
       
 
       
are command line options to manage HTTPS certificates directly, but the module

     

       
18
       
18
       
 
       
is designed to be served behind a reverse proxy or only accessed via localhost.

     

       
19
       
19
       
 
       


     

       
20
       
20
       
-
       
```

     

       
20
       
20
       
+
       
```nix

     

       
21
       
21
       
 
       
{

     

       
22
       
22
       
 
       
  services.c2fmzq-server = {

     

       
23
       
23
       
 
       
    enable = true;

     

···

       
6
       
6
       
 
       
## Basic usage {#module-services-discourse-basic-usage}

     

       
7
       
7
       
 
       


     

       
8
       
8
       
 
       
A minimal configuration using Let's Encrypt for TLS certificates looks like this:

     

       
9
       
9
       
-
       
```

     

       
9
       
9
       
+
       
```nix

     

       
10
       
10
       
 
       
services.discourse = {

     

       
11
       
11
       
 
       
  enable = true;

     

       
12
       
12
       
 
       
  hostname = "discourse.example.com";

     
···

       
34
       
34
       
 
       
and [](#opt-services.discourse.sslCertificateKey)

     

       
35
       
35
       
 
       
options:

     

       
36
       
36
       
 
       


     

       
37
       
37
       
-
       
```

     

       
37
       
37
       
+
       
```nix

     

       
38
       
38
       
 
       
services.discourse = {

     

       
39
       
39
       
 
       
  enable = true;

     

       
40
       
40
       
 
       
  hostname = "discourse.example.com";

     
···

       
80
       
80
       
 
       
[hostname](#opt-services.discourse.hostname) as

     

       
81
       
81
       
 
       
email domain can be done like this:

     

       
82
       
82
       
 
       


     

       
83
       
83
       
-
       
```

     

       
83
       
83
       
+
       
```nix

     

       
84
       
84
       
 
       
services.discourse = {

     

       
85
       
85
       
 
       
  enable = true;

     

       
86
       
86
       
 
       
  hostname = "discourse.example.com";

     
···

       
162
       
162
       
 
       
Discourse instance and enables

     

       
163
       
163
       
 
       
GitHub login in the site settings,

     

       
164
       
164
       
 
       
and changes a few request limits in the backend settings:

     

       
165
       
165
       
-
       
```

     

       
165
       
165
       
+
       
```nix

     

       
166
       
166
       
 
       
services.discourse = {

     

       
167
       
167
       
 
       
  enable = true;

     

       
168
       
168
       
 
       
  hostname = "discourse.example.com";

     
···

       
253
       
253
       
 
       
plugins, and disable `discourse-spoiler-alert`

     

       
254
       
254
       
 
       
by default:

     

       
255
       
255
       
 
       


     

       
256
       
256
       
-
       
```

     

       
256
       
256
       
+
       
```nix

     

       
257
       
257
       
 
       
services.discourse = {

     

       
258
       
258
       
 
       
  enable = true;

     

       
259
       
259
       
 
       
  hostname = "discourse.example.com";

     

···

       
6
       
6
       
 
       
## Basic usage {#module-services-grocy-basic-usage}

     

       
7
       
7
       
 
       


     

       
8
       
8
       
 
       
A very basic configuration may look like this:

     

       
9
       
9
       
-
       
```

     

       
9
       
9
       
+
       
```nix

     

       
10
       
10
       
 
       
{ pkgs, ... }:

     

       
11
       
11
       
 
       
{

     

       
12
       
12
       
 
       
  services.grocy = {

     
···

       
29
       
29
       
 
       


     

       
30
       
30
       
 
       
The configuration for `grocy` is located at `/etc/grocy/config.php`.

     

       
31
       
31
       
 
       
By default, the following settings can be defined in the NixOS-configuration:

     

       
32
       
32
       
-
       
```

     

       
32
       
32
       
+
       
```nix

     

       
33
       
33
       
 
       
{ pkgs, ... }:

     

       
34
       
34
       
 
       
{

     

       
35
       
35
       
 
       
  services.grocy.settings = {

     
···

       
56
       
56
       
 
       


     

       
57
       
57
       
 
       
If you want to alter the configuration file on your own, you can do this manually with

     

       
58
       
58
       
 
       
an expression like this:

     

       
59
       
59
       
-
       
```

     

       
59
       
59
       
+
       
```nix

     

       
60
       
60
       
 
       
{ lib, ... }:

     

       
61
       
61
       
 
       
{

     

       
62
       
62
       
 
       
  environment.etc."grocy/config.php".text = lib.mkAfter ''

     

···

       
6
       
6
       
 
       
## Basic usage {#module-services-jitsi-basic-usage}

     

       
7
       
7
       
 
       


     

       
8
       
8
       
 
       
A minimal configuration using Let's Encrypt for TLS certificates looks like this:

     

       
9
       
9
       
-
       
```

     

       
9
       
9
       
+
       
```nix

     

       
10
       
10
       
 
       
{

     

       
11
       
11
       
 
       
  services.jitsi-meet = {

     

       
12
       
12
       
 
       
    enable = true;

     
···

       
22
       
22
       
 
       
## Configuration {#module-services-jitsi-configuration}

     

       
23
       
23
       
 
       


     

       
24
       
24
       
 
       
Here is the minimal configuration with additional configurations:

     

       
25
       
25
       
-
       
```

     

       
25
       
25
       
+
       
```nix

     

       
26
       
26
       
 
       
{

     

       
27
       
27
       
 
       
  services.jitsi-meet = {

     

       
28
       
28
       
 
       
    enable = true;

     

···

       
126
       
126
       
 
       
## Example configuration {#module-services-keycloak-example-config}

     

       
127
       
127
       
 
       


     

       
128
       
128
       
 
       
A basic configuration with some custom settings could look like this:

     

       
129
       
129
       
-
       
```

     

       
129
       
129
       
+
       
```nix

     

       
130
       
130
       
 
       
services.keycloak = {

     

       
131
       
131
       
 
       
  enable = true;

     

       
132
       
132
       
 
       
  settings = {

     

···

       
25
       
25
       
 
       
socket.

     

       
26
       
26
       
 
       


     

       
27
       
27
       
 
       
A very basic configuration may look like this:

     

       
28
       
28
       
-
       
```

     

       
28
       
28
       
+
       
```nix

     

       
29
       
29
       
 
       
{ pkgs, ... }:

     

       
30
       
30
       
 
       
{

     

       
31
       
31
       
 
       
  services.nextcloud = {

     
···

       
130
       
130
       
 
       
[corresponding `phpfpm` pool](#opt-services.phpfpm.pools).

     

       
131
       
131
       
 
       


     

       
132
       
132
       
 
       
An exemplary configuration may look like this:

     

       
133
       
133
       
-
       
```

     

       
133
       
133
       
+
       
```nix

     

       
134
       
134
       
 
       
{ config, lib, pkgs, ... }: {

     

       
135
       
135
       
 
       
  services.nginx.enable = false;

     

       
136
       
136
       
 
       
  services.nextcloud = {

     
···

       
205
       
205
       
 
       
in NixOS for a safe upgrade-path before removing those. In that case we should keep those

     

       
206
       
206
       
 
       
packages, but mark them as insecure in an expression like this (in

     

       
207
       
207
       
 
       
`<nixpkgs/pkgs/servers/nextcloud/default.nix>`):

     

       
208
       
208
       
-
       
```

     

       
208
       
208
       
+
       
```nix

     

       
209
       
209
       
 
       
/* ... */

     

       
210
       
210
       
 
       
{

     

       
211
       
211
       
 
       
  nextcloud17 = generic {

     

···

       
11
       
11
       
 
       
```

     

       
12
       
12
       
 
       


     

       
13
       
13
       
 
       
After that, `plausible` can be deployed like this:

     

       
14
       
14
       
-
       
```

     

       
14
       
14
       
+
       
```nix

     

       
15
       
15
       
 
       
{

     

       
16
       
16
       
 
       
  services.plausible = {

     

       
17
       
17
       
 
       
    enable = true;

     

···

       
80
       
80
       
 
       
in NixOS for a safe upgrade-path before removing those. In that case we should keep those

     

       
81
       
81
       
 
       
packages, but mark them as insecure in an expression like this (in

     

       
82
       
82
       
 
       
`<nixpkgs/pkgs/tools/filesystem/garage/default.nix>`):

     

       
83
       
83
       
-
       
```

     

       
83
       
83
       
+
       
```nix

     

       
84
       
84
       
 
       
/* ... */

     

       
85
       
85
       
 
       
{

     

       
86
       
86
       
 
       
  garage_0_7_3 = generic {

     

···

       
8
       
8
       
 
       


     

       
9
       
9
       
 
       
To enable the GNOME desktop use:

     

       
10
       
10
       
 
       


     

       
11
       
11
       
-
       
```

     

       
11
       
11
       
+
       
```nix

     

       
12
       
12
       
 
       
services.xserver.desktopManager.gnome.enable = true;

     

       
13
       
13
       
 
       
services.xserver.displayManager.gdm.enable = true;

     

       
14
       
14
       
 
       
```

     
···

       
23
       
23
       
 
       


     

       
24
       
24
       
 
       
If you’d like to only use the GNOME desktop and not the apps, you can disable them with:

     

       
25
       
25
       
 
       


     

       
26
       
26
       
-
       
```

     

       
26
       
26
       
+
       
```nix

     

       
27
       
27
       
 
       
services.gnome.core-utilities.enable = false;

     

       
28
       
28
       
 
       
```

     

       
29
       
29
       
 
       


     
···

       
37
       
37
       
 
       


     

       
38
       
38
       
 
       
It is also possible to disable many of the [core services](https://github.com/NixOS/nixpkgs/blob/b8ec4fd2a4edc4e30d02ba7b1a2cc1358f3db1d5/nixos/modules/services/x11/desktop-managers/gnome.nix#L329-L348). For example, if you do not need indexing files, you can disable Tracker with:

     

       
39
       
39
       
 
       


     

       
40
       
40
       
-
       
```

     

       
40
       
40
       
+
       
```nix

     

       
41
       
41
       
 
       
services.gnome.tracker-miners.enable = false;

     

       
42
       
42
       
 
       
services.gnome.tracker.enable = false;

     

       
43
       
43
       
 
       
```

     
···

       
48
       
48
       
 
       


     

       
49
       
49
       
 
       
You can install all of the GNOME games with:

     

       
50
       
50
       
 
       


     

       
51
       
51
       
-
       
```

     

       
51
       
51
       
+
       
```nix

     

       
52
       
52
       
 
       
services.gnome.games.enable = true;

     

       
53
       
53
       
 
       
```

     

       
54
       
54
       
 
       


     
···

       
56
       
56
       
 
       


     

       
57
       
57
       
 
       
You can install GNOME core developer tools with:

     

       
58
       
58
       
 
       


     

       
59
       
59
       
-
       
```

     

       
59
       
59
       
+
       
```nix

     

       
60
       
60
       
 
       
services.gnome.core-developer-tools.enable = true;

     

       
61
       
61
       
 
       
```

     

       
62
       
62
       
 
       


     
···

       
64
       
64
       
 
       


     

       
65
       
65
       
 
       
GNOME Flashback provides a desktop environment based on the classic GNOME 2 architecture. You can enable the default GNOME Flashback session, which uses the Metacity window manager, with:

     

       
66
       
66
       
 
       


     

       
67
       
67
       
-
       
```

     

       
67
       
67
       
+
       
```nix

     

       
68
       
68
       
 
       
services.xserver.desktopManager.gnome.flashback.enableMetacity = true;

     

       
69
       
69
       
 
       
```

     

       
70
       
70
       
 
       


     
···

       
72
       
72
       
 
       


     

       
73
       
73
       
 
       
The following example uses `xmonad` window manager:

     

       
74
       
74
       
 
       


     

       
75
       
75
       
-
       
```

     

       
75
       
75
       
+
       
```nix

     

       
76
       
76
       
 
       
services.xserver.desktopManager.gnome.flashback.customSessions = [

     

       
77
       
77
       
 
       
  {

     

       
78
       
78
       
 
       
    wmName = "xmonad";

     
···

       
104
       
104
       
 
       


     

       
105
       
105
       
 
       
You can install them like any other package:

     

       
106
       
106
       
 
       


     

       
107
       
107
       
-
       
```

     

       
107
       
107
       
+
       
```nix

     

       
108
       
108
       
 
       
environment.systemPackages = [

     

       
109
       
109
       
 
       
  gnomeExtensions.dash-to-dock

     

       
110
       
110
       
 
       
  gnomeExtensions.gsconnect

     
···

       
136
       
136
       
 
       


     

       
137
       
137
       
 
       
### Example {#sec-gnome-gsettings-overrides-example}

     

       
138
       
138
       
 
       


     

       
139
       
139
       
-
       
```

     

       
139
       
139
       
+
       
```nix

     

       
140
       
140
       
 
       
services.xserver.desktopManager.gnome = {

     

       
141
       
141
       
 
       
  extraGSettingsOverrides = ''

     

       
142
       
142
       
 
       
    # Change default background