It’s a very steep curve to start, with some additional minor steep parts along the way, but it’s not a long curve. Once you got the core concepts and the basic language constructs, you’ve learned most of what you’ll ever need.

Two nice resources: search.nixos.org is super handy, and you can search GitHub with language:nix and a search term to get tons of examples from other people.

Oh, and nix and just is actually a pretty common combo!

Yep, exactly.

To be fair, if you use Debian, Arch, Fedora,… long enough, you also know how to tweak your machine for every purpose. In Nix, it’s just somewhat of a self-fulfilling prophecy, because you have to know how to tweak your system to achieve… anything, and then it’s the same tweaking mechanics for every other purpose as well.

My Steam Deck also runs NixOS.

Because this way I can much more comfortably configure it, plus everything game related I automated through nix for my Desktop (e.g. mod installs, reShade config,…) immediately and without any extra steps also applies to the Steam Deck.

https://github.com/Jovian-Experiments/Jovian-NixOS

Yes. Everything is NixOS. Because it’s perfect for everything.

Not to dimish your work at all, but: the Sonarr upgrades absolutely do work.

Awesome! And good job, looks great!

Why are there no screenshots in the README.

Yes I know I can just install the app, but for an app that primarily seems to define itself by its UI improvements over the established competitor, the screenshots are the deciding factor in the question “Should I download and install this?”, and no screenshots defaults to “no”.

I mean, how can we feel superior if we are not wasting huge amounts of time setting things up!?

Why, by boasting that it’s so easy, just look at that, it is only two options you need to set thanks to the 80 custom modules I’ve written to abstract the abstractions from nixpkgs!

I WISH I could put an /s here, but I cannot.

Ehm… I’m also on Nixos and I’d say it’s super trivial.

services.openssh = {
  enable = true;
  settings = {
    PasswordAuthentication = false;
    PermitRootLogin = "no";
  };
};

users.users.<name>.openssh.authorizedKeys.keys = [ list of pubkeys ideally read from file in repo ];

Eh, the machine is actually in one of my wireguard nets anyways, but for different purposes.

The nice thing about SSH key-based access is, I either have the key and login succeeds, or I have no business trying to log in.

That’s why my remote root server bans via fail2ban after a single failed login.

Yes I’ve had to write support to get a KVM. Yes it’s still configured like this.

Yeah. I have a feeling that stopping it is, somehow, not desirable to a portion of the commentors.

Past me had a dick

Sorry, couldn’t resist.

And yet, today, Taiwan is a sovereign state and wants to keep it that way, which is the only thing that matters here. This is pretty straightforward.

How! For me it’s more like: “you get up to cook dinner and realize you’ve already snacked twice your calorie budget”

Eh… Not really. Qemu does a really good job with VM virtualizarion.

I believe I could easily build containers instead of VMs from the nix config, but I actually do like having a full VM: since it’s running a full OS instead of an app, all the usual nix tooling just works on it.

Also: In my day job, I actually have to deal quite a bit with containers (and kubernetes), and I just… don’t like it.

I’ll DM you… Not sire I want to link those two accounts publicly 😄

Zero.

About 35 NixOS VMs though, each running either a single service (e.g. Paperless) or a suite (Sonarr and so on plus NZBGet, VPN,…).

There’s additionally a couple of client VMs. All of those distribute over 3 Proxmox hosts accessing the same iSCSI target for VM storage.

SSL and WireGuard are terminated at a physical firewall box running OpnSense, so with very few exceptions, the VMs do not handle any complicated network setup.

A lot of those VMs have zero state, those that do have backup of just that state automated to the NAS (simply via rsync) and from there everything is backed up again through borg to an external storage box.

In the stateless case, deploying a new VM is a single command; in the stateful case, same command, wait for it to come up, SSH in (keys are part of the VM images), run restore-<whatever>.

On an average day, I spend 0 minutes managing the homelab.

You (sadly) need to group all quality profiles into a single one, and then handle quality through a custom format. Example from my setup: