cheng/wallet
0
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

attempting to learn nix

Browse Source
This commit is contained in:
reaction.la 2024-08-13 03:45:31 +00:00
parent 4721988d95
commit ae69f5c5ee
No known key found for this signature in database
2 changed files with 265 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/design/server.md
View File

@ -138,6 +138,10 @@ the verdict is that they are useless and unusable,
And we should use fibres instead. Fibres?
On the other hand, lots of people report incomprehensible complexity in
the borrow checker when it and the programmer are struggling with
asynch.
Boost fibres provide multiple stacks on a single thread of execution. But
the consensus is that [fibres just massively suck](https://devblogs.microsoft.com/oldnewthing/20191011-00/?p=102989).
@ -164,7 +168,7 @@ how to do it with Goroutines.
## Massive concurrency in Rust
Well supported, works, widely used.
Well supported, works, widely used. Hard to use.
The way Rust does things is that the input that you are waiting for is itself a
future, and that is what drives the cooperative multi tasking engine.

260
docs/setup/nixos.md Normal file
View File

@ -0,0 +1,260 @@
---
title:
Nixos
sidebar: true
...
Nixos is primarily a package manager with a declarative functional language as its package manager.
Which makes it possible to reproducibly create a setup. Unfortunately the packages are hard to customise, because access to the
configuration files is restricted and non trivial -- you have to create your own package.
Nixos solves the problem of dll hell by having any number of configurations living on the same machine -- which leads to massive and rapid accumulation of garbage. Garbage collection is very slow, and requires either a lot of ram or a lot of swap (12GB swap recommended. This is a feature I do not want, but wind up suffering, for the advantage of reproducible setups.
To avoid bloat, can use a strategy of re-install from scratch, which Nixos makes less painful. I notice the mail server insists
on pinning to a specific Nixos release.
# Install Nixos
# minimal server
ssh and avahi daemon, pubkeys setup for ssh, users created.
## configuration.nix
```nix
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# networking.hostName = "nixos"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Set your time zone.
# time.timeZone = "Europe/Amsterdam";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkb.options in tty.
# };
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# hardware.pulseaudio.enable = true;
# OR
# services.pipewire = {
# enable = true;
# pulse.enable = true;
# };
# Enable touchpad support (enabled default in most desktopManager).
services.libinput.enable = false;
#enable avahi-daemon
services.avahi = {
enable = true;
ipv6 = true;
ipv4 = true;
publish = {
enable = true;
addresses = true;
};
# nssmdns4 = true;
};
# guest additions
# not very useful unless desktop enabled, or maybe it just does not work at all
#virtualisation.virtualbox.guest.enable = true;
# Define a user account. Don't forget to set a password with passwd.
users.users.cherry = {
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAVcyLSWwsa8aN+v2PaS1wuHXGVhTdC+43B3eZ9j/C/M" ];
# packages = with pkgs; [
# firefox
# tree
# ];
};
# Define a user account. Don't forget to set a password with passwd.
users.users.root = {
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAVcyLSWwsa8aN+v2PaS1wuHXGVhTdC+43B3eZ9j/C/M" ];
};
# List packages installed in system profile. To search, run:
# $ nix search wget
# environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
# ];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
hostKeys = [
{
path = "/etc/ssh/ssh_host_ed25519_key";
rounds = 100;
type = "ed25519";
}
];
settings = {
PasswordAuthentication = false;
PubkeyAuthentication = true;
PermitRootLogin = "prohibit-password";
UsePAM = false;
ChallengeResponseAuthentication = false;
Ciphers = [ "chacha20-poly1305@openssh.com" ];
GatewayPorts = "Yes";
KbdInteractiveAuthentication = false;
KexAlgorithms = [ "curve25519-sha256" "curve25519-sha256@libssh.org" ];
Macs = [ "hmac-sha2-256-etm@openssh.com" ];
};
};
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "24.05"; # Did you read the comment?
}
```
## hardware-configuration.nix
This should be set up automatically by the install
process. For a human to do it is very difficult.
```nix
{
imports = [ ];
boot.initrd.availableKernelModules = [ "ata_piix" "ohci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/bf0ee7f8-0397-44d6-a3f7-462b848d0912";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/B4E2-93D5";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/2b67021b-3b31-4e2d-a521-05362ffb39f8"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s3.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
virtualisation.virtualbox.guest.enable = true;
}
```
# change config
```bash
nano /etc/nixos/conf*.nix
df -h .
nixos-rebuild test
nixos-rebuild boot
df -h .
```
## garbage collect old configs
```bash
nix-env --delete-generations old
nix-store --gc --print-dead
nix-store --gc --print-live
nix-store --gc
```
# Install nginx, mariadb, and php
[Nginx setup](https://wiki.nixos.org/wiki/Nginx#LEMP_stack)
# Nixos mail server
[This](https://nixos-mailserver.readthedocs.io/en/latest/) has the huge advantage that it only needs a small computer.
Setup is also decribed as ridiculously easy -- compare and contrast with much grief while setting up on debian.
And the huge disadvantage that it only exists for Nix 23.05, while the latest "stable" (not very stable at all) release is 24.05
It also has only a minimal nginx setup. Not at all sure what will happen when I combine it with a real nginx setup.