ZACH OGLESBY

Rather Boring

Category: nix

4 posts found

NixOS Grafana Tailscale Auth

#nix

It took me a while to figure out how to configure an auth proxy on Grafana in a NixOS config, turns out it was really easy. I was doing everything right except wrapping auth.proxy in quotes.

services.grafana = {
      ...
      "auth.proxy" = {
        enabled = true;
        header_name = "Tailscale-User-Login";
        header_property = "username";
        auto_sign_up = true;
        sync_ttl = 60;
        whitelist = "127.0.0.1";
        headers = "Email:Tailscale-User-Login Name:Tailscale-User-Name";
        enable_login_token = true;
      };
    };
  };

Linux Finerprint Reader and Lid State

#nix #linux

I recently setup fprintd on my laptop so that I could use the fingerprint reader for login and unlocking 1Password. It worked well until I plugged my laptop into the dock and closed the lid. It was unfortunately still prompting me for a fingerprint, even when I did not have access to the reader.

After a search I found an article about how someone disabled the usb device on lid close so that it would stop this from happening. I only needed to find the correct device to disable. It was not listed in lsusb as a fingerprint reader, but the Archwiki had the information I needed. After that I just needed to find where it was in the device tree.

$ grep 06cb /sys/bus/usb/devices/*/idVendor
/sys/bus/usb/devices/3-3/idVendor:06cb

After adding the the following NixOS config everything worked just how it should.

services.acpid = {
    enable = true;
   lidEventCommands = ''
    grep -q close /proc/acpi/button/lid/LID/state
if [ $? = 0 ]; then
    echo 0 > /sys/bus/usb/devices/3-3/authorized
fi

grep -q open /proc/acpi/button/lid/LID/state
if [ $? = 0 ]; then
    echo 1 > /sys/bus/usb/devices/3-3/authorized
fi

exit 0
    '';
  };

Nix & Emacs

#emacs #nix

Last week I posted about now I moved to Nix and the ways that it is different from the typical Linux distribution. One of the things that changed for my installations was the way that I manage Emacs packages.

ELPA and MELPA packages as available as part of the distribution. Thanks to that effort, I can install Emacs and ensure that I have all of the additional tools that I want installed at the same time.

{
  programs.emacs = {
    enable = true;
    extraPackages = epkgs : [
      epkgs.magit
      epkgs.nix-mode
      ...
    ];
  };
}

Installing additional packages this way means that I do not need to rely on use-package to download them when Emacs starts up. I can however still take advantage of use-package on in my configuration that way when I use another machine, like my work computer, everything will still work. Since the package is installed, and loaded into Emacs ensure: t will do nothing on Nix.

(use-package vertico
  :ensure t
  :bind (:map vertico-map
	 ("C-j" . vertico-next)
	 ("C-k" . vertico-previous)
	 ("C-f" . vertico-exit)
	 :map minibuffer-local-map
	 ("M-h" . backward-kill-word))
  :custom
  (vertico-cycle t)
  :init
  (vertico-mode))

Nix

#nix #linux

I have been using Linux since 2001, most of the time using Red Hat Linux and Fedora. With a short spell of Arch around 2005-2006. Recently I learned about Guix and played with it for a bit, I thought it was cool, but it had a few issues so I moved on to Nix. Both Guix and Nix are very different from traditional Linux distributions. They are both based around expression languages that enable the OS to be configured as code. For example, if I want to install and configure Xmonad I could use the following or at it to my configuration. (This is code for another tool, home-manager, but the idea is the same)

{
xsession = {
 enable = true;
windowManager.xmonad = {
 enable = true;
 enableContribAndExtras = true;
 extraPackages = hp: [
hp.dbus
hp.monad-logger
hp.xmonad-contrib
 ];
 config = /home/zoglesby/s/dot/xmonad/xmonad.hs;
 };
 };
}

This type of configuration allows for a workflow similar to Ansible, Puppet, or Chef. The difference is that the package manager and the operating system are aware of the state. Role backs, for instance, are supported, even at the boot menu level. If you change your configuration and break the start-up process, you can simply boot into the previous configuration and fix it. This feature is built-in functionality that the OS is aware of, not something bolted on like many of the ZFS/package manager solutions that are popular now. Nix is also not dependent on the traditional file system structure for binaries that most Linux distributions use. While you typically find Python at /usr/bin/python or something similar, Nix uses a hash such as /nix/store/hb1lzaisgx2m9n29hqhh6yp6hasplq1v-python3-3.9.10/bin/python. This hashed path enables several cool features, but the first is that you can use more than one version of Python or any other tool. Nix-shell also allows you to have dependencies that are not in your $PATH for specific projects or folders. So you can cd into a directory where all of your dev tools will show up, but they will not be there while you are doing random things on your computer. It can also be helpful if you just need to run a program once but don’t want to keep it installed as it can be cleaned up automatically later without you having to do anything.

[zoglesby@trill:~]$ which python
which: no python in (/run/wrappers/bin:/home/zoglesby/.nix-profile/bin:/etc/profiles/per-user/zoglesby/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin)
[zoglesby@trill:~]$ nix-shell -p python3
[nix-shell:~]$ which python
/nix/store/hb1lzaisgx2m9n29hqhh6yp6hasplq1v-python3-3.9.10/bin/python

I want to cover more about Nix in more depth in the coming weeks. For instance, how I have moved all of my servers to it, or the Surface Go 2 I am using Nix and Gnome on for a Linux-based tablet.

All Categories

Notes

Untitled posts and quick thoughts

Really sad to hear that The Wheel of Time TV series was cancelled by Amazon. The third season showed its potential and I was looking forward to seeing the story play out on the screen.

šŸ“š Currently reading Fluent Forever by Gabriel Wyner

A good end to the first half of the series. I had guessed a few of the developments that took place, but other parts turned out to be a huge surprise.

šŸ“š Finished reading Wind and Truth by Brandon Sanderson

All of this has happened before. All of this will happen again.

The above quote is not from this book, but it’s what I kept thinking the whole time I was reading it. I learned a lot of history I was unaware of and obviously Maddow was pointing out the similarities to today’s political landscape

šŸ“š Finished reading Prequel by Rachel Maddow

Took Thursday and Friday off last week, went to 4 baseball games, enjoyed watching the Padres play the Nationals and Orioles. Dylan Cease tossed a no-hitter to start my long weekend and the Padres took 3 out of 4. If I am lucky the Padres will be back in October to play the O’s in the World Series!

On CNN

A second longtime adviser said the only way Biden would even consider stepping aside ā€” a move that is still very much an open question ā€” is if he was presented serious data showing that he would not only likely lose his reelection bid, but also endanger down-ballot candidates in House, Senate and competitive local races across the country.

Ego.

Its been a few years since I have been backpacking so I’m going car camping soon to make sure all my gear is still functional and safe. I can tell i am out of practice because I can’t manage to fit everything in my pack like I could have before.

The worst part about going to Japan is having to leave. It will always be my favorite country and I look forward to the next time.

Photo

Even though I am not afraid of heights, my little brain was telling me to walk softly.

Iā€™m not sure how else to say this but a spa/hot tub/bath filled with herbs and tea is amazing. I am so relaxed now.