Over the last number of days leading up to writing this guide I have been
sharing my dotfiles left and right as a way to help people setting up their own
personal data server, which I shall start to refer to as PDS going forwards.

Understanding my assumptions

Before we go any further I think it's best you understand some of the assumptions
I have made when writing this guide.

1. I am going to make a logical leap to assume you already are using NixOS as
   the host for your server. If you are not, I would highly recommend reading
   the NixOS manual on installing
   NixOS.

2. I will be keeping all nix code agnostic from flakes and classic nix.

3. We will only be dealing with the reference implementation of the PDS and not
   alternative implementations such as cocoon even if they are packaged in
   nixpkgs.

4. I will be targeting my article towards unstable and the next upcoming stable
   release. If you are using the 25.05 release of NixOS, you will have to change
   any references of bluesky-pds to pds as the package was renamed on
   unstable and later releases.

Understanding your requirements

Before even starting to set up your PDS we should first consider how many
people we are going to host on the PDS. The bluesky PDS
documentation
suggests that for 1-20 users 1GB of ram, 1 vCPU and 20GB of storage is
sufficient. However, if you plan to host more users you should consider
increasing these resources accordingly. I also personally consider a single
user PDS to be a different entire world from a multi user PDS, so keep that in
mind.

Setting up the PDS

As with any NixOS service the first step will be to set the enable option for
the service we have chosen to true. This will look like such

{
  services.bluesky-pds = {
    enable = true;
  };
}

Configuring the PDS

overwhelming configuration

At first the list of environment
variables
can appear overwhelming. However, we are only going to need a few of them. Those being:

• PDS_PORT
• PDS_HOSTNAME
• PDS_ADMIN_EMAIL
• PDS_JWT_SECRET
• PDS_ADMIN_PASSWORD
• PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX

If you are going to be dealing with more than one user on your PDS you should
also be aware of the following optional environment variables.

• PDS_EMAIL_SMTP_URL
• PDS_EMAIL_FROM_ADDRESS

So lets get started with the easier ones! I personally run the PDS on the port
3000 since I have it free, so that's what I'll use that in our example. Now
we will need to get a domain name for our PDS for the sake of this example I
will be using example.com. It is also 2025 so I'll assume that everyone has
an email address that they can use for the admin of the PDS. So now let's put
that all into practice by adding the settings to our nix configuration.

{
  services.bluesky-pds = {
    enable = true;

    settings = {
      PDS_PORT = 3000;
      PDS_HOSTNAME = "example.com";
      PDS_ADMIN_EMAIL = "me@example.com";
    };
  };
}

Secrets

We are now faced with the time old question, "how do we deal with secrets in
nix?". First off you should not put your secrets into plain nix code as this
will place your secrets into the nix store, which everyone can see. So I would
recommend either agenix or
sops-nix. I shall not cover setting up
either of these but I will explain how to generate the secrets and how to use
both agenix and sops-nix here

To generate the PDS_JWT_SECRET and PDS_ADMIN_PASSWORD, you should open your
preferred terminal and run

openssl rand --hex 16

You must run this once for each secret.

And to generate the PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX secret you
should run

openssl ecparam --name secp256k1 --genkey --noout --outform DER | tail --bytes=+8 | head --bytes=32 | xxd --plain --cols 32

You should now place your newly generated secrets into your secrets manager.
This should look something similar to

PDS_JWT_SECRET=b2a99dc959f0509218cb64f46aec1d7b
PDS_ADMIN_PASSWORD=5114f716065307d0536fcfebc2044ced
PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX=78860ff08707c1219a890de116920c53507846d0cc702af9e7a5bba18cd6398c

With Agenix this may look something like

{ config, ... }:
{
  age.secrets.pds = {
    file = ./pds.age; # replace with the path to your secret
    mode = "600";
    owner = "pds";
    group = "pds";
  };

  services.bluesky-pds = {
    enable = true;

    environmentFiles = [ config.age.secrets.pds.path ];

    settings = {
      PDS_PORT = 3000;
      PDS_HOSTNAME = "example.com";
      PDS_ADMIN_EMAIL = "me@example.com";
    };
  };
}

And sops-nix this will look like

{ config, ... }:
{
  sops.secrets.pds = {
    owner = "pds";
    group = "pds";
  };

  services.bluesky-pds = {
    enable = true;

    environmentFiles = [ config.sops.secrets.pds.path ];

    settings = {
      PDS_PORT = 3000;
      PDS_HOSTNAME = "example.com";
      PDS_ADMIN_EMAIL = "me@example.com";
    };
  };
}

The mailer

If you're on a single user PDS you can skip this step, as long as you're willing
to search for the email_token in /var/lib/pds/accounts.sqlite, when you
first move your account, whenever you're trying to reset your password and so on.

I have set up both SMTP and resend in my time hosting my
PDS. Resend is by far the easier option if want your PDS to just work, or this
is your first time dealing with the horrors of SMTP and emails.

In the case of resend append the following to your secrets, having replaced the
placeholder details.

PDS_EMAIL_SMTP_URL=smtps://resend:<your-api-key-here>@smtp.resend.com:465/
PDS_EMAIL_FROM_ADDRESS=noreply@example.com

In the case that you are daring enough to use SMTP and your own mail server. You
should append the following to your secrets file, having replaced the placeholder data.
Please note that you must percent encode your username and password.

PDS_EMAIL_SMTP_URL=smtps://username:password@smtp.example.com/
PDS_EMAIL_FROM_ADDRESS=noreply@example.com

Additional fun variables

There are still some more optional variables that you may want to consider
using!

If you have multiple domains that would be good for using as handles you can
use PDS_SERVICE_HANDLE_DOMAINS to do this. An example of this is
PDS_SERVICE_HANDLE_DOMAINS=.example.com,.catsky.social.

Another useful option is PDS_CRAWLERS. I have shamelessly sourced my example
of crawlers from compare hoses. So here is how it
may look in nix code.

PDS_CRAWLERS = lib.concatStringsSep "," [
  "https://bsky.network"
  "https://relay.cerulea.blue"
  "https://relay.fire.hose.cam"
  "https://relay2.fire.hose.cam"
  "https://relay3.fr.hose.cam"
  "https://relay.hayescmd.net"
  "https://relay.xero.systems"
  "https://relay.upcloud.world"
  "https://relay.feeds.blue"
  "https://atproto.africa"
];

The web server

For this part I shall be be providing both nginx and
caddy examples. We will need to proxy the port we
selected, in my case that is 3000 but we can do this in a smart way by
accessing the port through the config attr. This will look like
config.services.bluesky-pds.settings.PDS_PORT, from there we can apply this
same premise to the domain. We must also proxy both our domain and all
subdomains of our PDS's domain since subdomains are used for the handles of the
PDS accounts.

In nginx this will look like

{ config, ... }:
let
  pdsSettings = config.services.bluesky-pds.settings;
in
{
  sops.secrets.pds = {
    owner = "pds";
    group = "pds";
  };

  services = {
    bluesky-pds = {
      enable = true;

      environmentFiles = [ config.sops.secrets.pds.path ];

      settings = {
        PDS_PORT = 3000;
        PDS_HOSTNAME = "example.com";
        PDS_ADMIN_EMAIL = "me@example.com";
      };
    };

    nginx = {
      enable = true;

      virtualHosts.${pdsSettings.PDS_HOSTNAME} = {
        serverAliases = [ ".${pdsSettings.PDS_HOSTNAME}" ];

        locations."/" = {
          proxyPass = "http://127.0.0.1:${toString pdsSettings.PDS_PORT}";
          proxyWebsockets = true;
        };
      };
    };
  };
}

and in caddy it will look like

{ config, ... }:
let
  pdsSettings = config.services.bluesky-pds.settings;
in
{
  sops.secrets.pds = {
    owner = "pds";
    group = "pds";
  };

  services = {
    bluesky-pds = {
      enable = true;

      environmentFiles = [ config.sops.secrets.pds.path ];

      settings = {
        PDS_PORT = 3000;
        PDS_HOSTNAME = "example.com";
        PDS_ADMIN_EMAIL = "me@example.com";
      };
    };

    caddy = {
      enable = true;

      virtualHosts.${pdsSettings.PDS_HOSTNAME} = {
        serverAliases = [ "*.${pdsSettings.PDS_HOSTNAME}" ];
        extraConfig = ''
          import common
          reverse_proxy http://127.0.0.1:${toString pdsSettings.PDS_PORT}
        '';
      };
    };
  };
}

Age assurance

We cannot be done just there; some of us are unfortunate enough to live in the
UK under the online safety act. However, a lovely gist on bluesky
osa has
been provided to us by the lovely
mary. So let us apply this to our nix code.

In nginx this will look like such

{
  # ... same as before

  nginx = {
    enable = true;

    virtualHosts.${pdsSettings.PDS_HOSTNAME} = {
      serverAliases = [ ".${pdsSettings.PDS_HOSTNAME}" ];

      locations =
        let
          mkAgeAssured = state: {
            return = "200 '${builtins.toJSON state}'";
            extraConfig = ''
              add_header access-control-allow-headers "authorization,dpop,atproto-accept-labelers,atproto-proxy" always;
              add_header access-control-allow-origin "*" always;
              add_header X-Frame-Options SAMEORIGIN always;
              add_header X-Content-Type-Options nosniff;
              default_type application/json;
            '';
          };
        in
        {
          # i am of age but i don't want to prove it lol
          # https://gist.github.com/mary-ext/6e27b24a83838202908808ad528b3318
          "/xrpc/app.bsky.unspecced.getAgeAssuranceState" = mkAgeAssured {
            lastInitiatedAt = "2025-07-14T15:11:05.487Z";
            status = "assured";
          };
          "/xrpc/app.bsky.ageassurance.getConfig" = mkAgeAssured {
            regions = [ ];
          };
          "/xrpc/app.bsky.ageassurance.getState" = mkAgeAssured {
            state = {
              lastInitiatedAt = "2025-07-14T15:11:05.487Z";
              status = "assured";
              access = "full";
            };
            metadata = {
              accountCreatedAt = "2022-11-17T00:35:16.391Z";
            };
          };

          # pass everything else to the pds
          "/" = {
            proxyPass = "http://${cfg.host}:${toString cfg.port}";
            proxyWebsockets = true;
          };
        };
      };
    };
  };
}

And with caddy

{
  # ... same as before

  caddy = {
    enable = true;

    virtualHosts.${pdsSettings.PDS_HOSTNAME} = {
      serverAliases = [ "*.${pdsSettings.PDS_HOSTNAME}" ];
      extraConfig = ''
        import common
        reverse_proxy http://127.0.0.1:${toString pdsSettings.PDS_PORT}

        handle /xrpc/app.bsky.unspecced.getAgeAssuranceState {
          header content-type "application/json"
          header access-control-allow-headers "authorization,dpop,atproto-accept-labelers,atproto-proxy"
          header access-control-allow-origin "*"
          respond `{"lastInitiatedAt":"2025-07-14T14:22:43.912Z","status":"assured"}` 200
        }

        handle /xrpc/app.bsky.ageassurance.getConfig {
          header content-type "application/json"
          header access-control-allow-headers "authorization,dpop,atproto-accept-labelers,atproto-proxy"
          header access-control-allow-origin "*"
          respond `{"regions":[]}` 200
        }
        handle /xrpc/app.bsky.ageassurance.getState {
          header content-type "application/json"
          header access-control-allow-headers "authorization,dpop,atproto-accept-labelers,atproto-proxy"
          header access-control-allow-origin "*"
          respond `{"state":{"lastInitiatedAt":"2025-07-14T14:22:43.912Z","status":"assured","access":"full"},"metadata":{"accountCreatedAt":"2022-11-17T00:35:16.391Z"}}` 200
        }
      '';
    };
  };
}

Create a test account & migration

It is important that you now access the server and create a test repo. To do
this you can use pdsadmin which is installed by default by the NixOS module.
We really want to do this because there are possible issue that may arise when using a
newly setup PDS, see setting up a pds by
lyna.

The below example will create an account for you with the email address and
handle as follows, make sure you replace the placeholder with your own data.

pdsadmin account create test@example.com test.example.com

When you have confirmed that everything is running well you can use
pdsmoover by the lovely Bailey
Townsend. But to do
so you will need an invite code from your PDS which you can generate with the
following command

pdsadmin create-invite-code

Now you can move your account over for which there are many guides.

Add PDS gatekeeper (optional)

PDS gatekeeper is a
service, once again created by Bailey Townsend, that adds 2FA email and
endpoint spam prevention, which is why I choose to employ it. In the future I
intend to upstream my code packaging and modularizing to nixpkgs, but until
then you will have to consume tgirlpkgs.
Please follow the setup guide documented in their readme!

From there it is as simple as adding the following to your previous configuration.

{ config, ... }:
let
  pdsSettings = config.services.bluesky-pds.settings;
in
{
  services.pds-gatekeeper = {
    enable = true;

    # assuming you're using nginx this will do all the stuff for you!
    setupNginx = true;

    settings = {
      # this should be different to the PDS's port
      GATEKEEPER_PORT = 3001;

      PDS_BASE_URL = "http://127.0.0.1:${toString pdsSettings.PDS_PORT}";
      GATEKEEPER_TRUST_PROXY = "true";

      # we need to share a lot of secrets between pds and gatekeeper
      # if you're using agenix make sure to swap the sops to age
      PDS_ENV_LOCATION = config.sops.secrets.pds.path;
    };
  };
}

Conclusion

You should now be all set! You have got your PDS running!

You should also consider giving me money on
ko-fi or github
sponsors for writing this because I
suck at writing and I spent a few hours on this.

That question completely shifted how I approached my site. I had been optimizing for SEO, but the real purpose of my site is self-documentation and sharing what I learn with others who want to learn alongside me.

With that in mind, I decided to delete the self-healing URLs. I no longer wanted to cater to machines—I wanted to build for people. Self-healing URLs are inherently anti-user. How is a human supposed to remember which number blog post this is? Or worse, if it's just a random string?

Maybe this will prompt you to remove your self-healing URLs... or maybe it won't :D

I've been using NixOS for a while now, and my biggest issue was that I have a
lot of machines. Which leads to having a lot of different
systems on my
flake because of that hardware. The
normal solution would be to use the module system, but a new issue arises when
we add nix-darwin. We suddenly start to
fail
eval over issues because some modules don't exist that are in the normal NixOS
module system. So my new issue is that I can no longer use my small abstraction
over
lib.nixosSystem.
I would have to expand the abstraction to include
lib.darwinSystem
since I can no longer unconditionally import all modules I use if they don't
exist in nix-darwin? But what if I don't want to do that? What if I want to
write my own lib.nixosSystem or my own lib.darwinSystem? What if I call it
mkSystem.
Well that's exactly what I did. And this article covers how I got to that point
and how my custom “builder” later evolved into
easy-hosts.

The research

To start we should read the documentation for lib.evalModules.
From which we find that there are 4 arguments, but 3 that we really care about.
Those being modules, specialArgs and class. The modules argument is a
list of modules, which are files, functions or attrsets that will be merged and
then evaluated. The specialArgs argument is a attrset of arguments that are
passed to the modules, but are not evaluated with the file structure in mind.
The class argument is a nominal type that ensures that only compatible
modules are imported. This is a very important argument, as it allows us to
have different modules for different systems.

However, I'm not much a fan of reading documentation. So instead lets dig into
the source code and pick it apart. To find out what we need to get our custom
lib.nixosSystem working. To do this I identified 4 main files in the nixpkgs
repository:

• flake.nix
• nixos/lib/eval-config.nix
• nixos/lib/eval-config-minimal.nix
• lib/modules.nix

These files may seem somewhat arbitrary, but they are listed in the order they
are called. The flake.nix file has our lib.nixosSystem function that calls
our nixos/lib/eval-config.nix file which is a light wrapper around our final
lib/modules.nix. So lets walk through those files in order and see what
exactly they do.

flake.nix

This file contains our lib.nixosSystem function, which takes args as an
argument. The
documentation
lists a set of known arguments being modules, specialArgs and
modulesLocation, it also specifies some additional legacy arguments system
and pkgs (both of which are now redundant).

The lib.nixosSystem then imports the nixos/lib/eval-config.nix file whilst
passing lib, and the remaining args to it. It also sets system to
null as well as adding nixpkgs.flake.source to nixpkgs output derivation.

nixos/lib/eval-config.nix

This file immediately points us to the fact that it is a “light wrapper” around
lib.evalModules. This file also has a large collection of arguments most of
which will be the defaults. A good example of this is baseModules which
defaults to a list of modules from the nixpkgs repo. The most important
arguments from this file are specialArgs, lib and modules. For the
most part these come from the prior flake.nix file.

As we read down the file we notice that there are two additional modules that
are going to be added. These are the pkgsModule and the modulesModule.
These appear to be pretty strange names at first, but the pkgsModule will
set nixpkgs.system if system was not null, and will set
nixpkgs.pkgs if pkgs is not null. The modulesModule will add
config._module.args as an attrset of noUserModules, baseModules,
extraModules and modules. So now we know some of the arguments that are
given to lib.evalModules lets see what that does.

nixos/lib/eval-config-minimal.nix

This file is a small wrapper upon lib.evalModules, but it gives us a little
bit of guidance on how to use the class argument. As well as showing us the
default for modulePath which is going to be passed as a special arg.

lib/modules.nix

This file won't add much to our understanding of lib.evalModules, but it
still is the definition of the function, so it's good to keep in mind if we have
any issues later down the line.

The implementation

Now that we have our key inputs of class, modules and specialArgs we can
start implementing our own lib.nixosSystem.

Getting the basics

Let us start in our very own flake.nix by writing the following code. This
will give us a basic template to work with and you, the reader, knows how to
start.

{
  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";

  outputs = inputs: let
    mkSystem = import ./mksystem.nix { inherit inputs; };
  in {
    nixosConfigurations = {
      mySystem = mkSystem { };
    };
  };
}

Now that we have a very bare bone flake.nix we can get started on the
mkSystem function. Let's also create the mksystem.nix file. We are going to
add some basic args that we know we are going to need later such as modules,
specialArgs and class. And we are going to add some defaults to these args
such that we don't get any errors if they are not provided.

{
  inputs ? throw "No inputs provided",
  lib ? inputs.nixpkgs.lib,
  ...
}:
{
  modules ? [ ],
  specialArgs ? { },
  class ? "nixos",
}: lib.evalModules {
  inherit modules specialArgs class;
}

Adding modulesPath

Now that we have our basic template down. Let's start by adding the
modulesPath, most people probably recognize this from when they first
installed nix and read their hardware-configuration.nix file and saw
something along the lines of modulesPath + /installer/scan/not-detected.nix.
That is why we are starting with this, so that our hardware-configuration.nix
will work.

The key to this is going to be including modulesPath in our specialArgs.
This is because specialArgs should only be used with arguments that need to
be evaluated when resolving module structure.

{
  inputs,
  lib ? inputs.nixpkgs.lib,
  ...
}:
{
  modules ? [ ],
  specialArgs ? { },
  class ? "nixos",
}: let
  modulesPath = "${inputs.nixpkgs}/nixos/modules";
in
lib.evalModules {
  inherit modules class;

  # here we are merging the user provided specialArgs with the modulesPath
  specialArgs = { inherit modulesPath; } // specialArgs;
}

So close and yet so far

Only adding modulePath is a bit useless however, so we can't exactly replace
our lib.nixosSystem's yet. So let's work on that. We are going to start by
importing baseModules, this will provide us with a base set of modules that
provide abstractions over configuring your system. We can use the modulePath
and get the module list.

{
  inputs,
  lib ? inputs.nixpkgs.lib,
  ...
}:
{
  modules ? [ ],
  specialArgs ? { },
  class ? "nixos",
}: let
  modulesPath = "${inputs.nixpkgs}/nixos/modules";

  baseModules = import "${modulesPath}/module-list.nix";
in
lib.evalModules {
  inherit class;

  specialArgs = { inherit modulesPath; } // specialArgs;

  modules = baseModules ++ modules;
}

It actually works?

We now have a mostly functional replacement. Depending on your configuration
may actually work as it is now! To keep progressing we are going to have to go
back to the modulesModule from earlier. we need this such that some nixpkgs
modules will work, one of these is the documentation module
which will be a hard module to ignore, when so many people use it.

To fix this we are going to introduce a new module which contains
config._module.args and takes a set of attrs that will be passed to each
module. I'm sure most of you recognize these when writing a module and adding
something like { pkgs, config, ... } to the top of a file. The
config._module.args option should be used when trying to pass arguments to
all modules, but should not be evaluated with file structure in mind.

{
  inputs,
  lib ? inputs.nixpkgs.lib,
  ...
}:
{
  modules ? [ ],
  specialArgs ? { },
  class ? "nixos",
}: let
  modulesPath = "${inputs.nixpkgs}/nixos/modules";

  baseModules = import "${modulesPath}/module-list.nix";
in
lib.evalModules {
  inherit class;

  specialArgs = { inherit modulesPath; } // specialArgs;

  modules = baseModules ++ modules ++ [
    {
      config._module.args = {
        inherit baseModules modules;
      };
    }
  ];
}

Adding some of our own modules

Even better, now we have completely replaced lib.nixosSystem with our own
mkSystem function. But let's be real. That's not enough for us. We should
start abstracting some common themes between our systems. Some big examples of
this are networking.hostName and nixpkgs.hostPlatform. And while were at it
lets also re-add the nixpkgs.flake.source from the original lib.nixoSystem,
as well as adding inputs as a special arg. As most people do this anyway,
I think it's a safe assumption we should add it. For further reading about
passing inputs to modules check nobbz's blog on getting inputs to flake modules.

{
  inputs,
  lib ? inputs.nixpkgs.lib,
  ...
}:
name:
{
  modules ? [ ],
  specialArgs ? { },
  class ? "nixos",
}: let
  modulesPath = "${inputs.nixpkgs}/nixos/modules";

  baseModules = import "${modulesPath}/module-list.nix";
in
lib.evalModules {
  inherit class;

  specialArgs = { inherit inputs modulesPath; } // specialArgs;

  modules = baseModules ++ modules ++ [
    {
      config. = {
        _module.args = {
          inherit baseModules modules;
        };

        networking.hostName = name;

        nixpkgs.flake.source = inputs.nixpkgs.outPath;
      };
    }
  ];
}

I just added name as an additional argument to our mkSystem function. This
allows us to set the hostname of our system. The way I opted to write it allows
for us to use mapAttrs on our nixosConfigurations. This will mean that we
need to change how the original flake.nix works though.

{
  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";

  outputs = inputs: let
    mkSystem = import ./mksystem.nix { inherit inputs; };
  in {
    nixosConfigurations = builtins.mapAttrs mkSystem {
      mySystem = { };
    };
  };
}

Furthermore, notice how I lied about settings nixpkgs.hostPlatform. If your curious why, maybe you
should read my last blog post about it. (Shameless plug)

Darwin compatibility

One of the main reasons I wanted to make this was to support
lib.darwinSystem. So let's address that now.

To introduce Darwin support we are allowing users to set the class
argument to darwin from there we can determine what modules to import.
As a result of this you may notice that Darwin has a different set of
modules which introduced some new options to set for this system type. This
includes nixpkgs.source and darwinVersionSuffix and darwinRevision. Some
of these are for commands like darwin-version.

You may also notice that we had to add system = eval.config.system.build.toplevel
back into the final eval produced by our Darwin eval. This is required to swap
to the configuration, otherwise it won't work at all. This is because the
system output is used by darwin-rebuild, to identify the final build
output.

{
  inputs,
  lib ? inputs.nixpkgs.lib,
  ...
}:
name:
{
  modules ? [ ],
  specialArgs ? { },
  class ? "nixos",
}: let
  # this is new? what is it?
  # I'm glad you asked, this is a nice way of checking if we have our darwin and nixpkgs inputs
  nixpkgs = inputs.nixpkgs or (throw "No nixpkgs input found");
  darwin = inputs.darwin or inputs.nix-darwin or (throw "No nix-darwin input found");

  modulesPath = if class == "darwin" then "${darwin}/modules" else "${nixpkgs}/nixos/modules";

  baseModules = import "${modulesPath}/module-list.nix";

  eval = lib.evalModules {
    inherit class;

    specialArgs = { inherit inputs modulesPath; } // specialArgs;

    modules = baseModules ++ modules ++ [
      {
        config. = {
          _module.args = {
            inherit baseModules modules;
          };

          networking.hostName = name;

          nixpkgs.flake.source = nixpkgs.outPath;
        };
      }
    ] ++ lib.optionals (class == "darwin") [
      {
        config = {
          nixpkgs.source = nixpkgs.outPath;

          system = {
            checks.verifyNixPath = false;

            darwinVersionSuffix = ".${darwin.shortRev or darwin.dirtyShortRev or "dirty"}";
            darwinRevision = darwin.rev or darwin.dirtyRev or "dirty";
          };
        };
      }
    ];
  };
in
  if class == "darwin" then (eval // { system = eval.config.system.build.toplevel; }) else eval;

The final touch

The final and maybe the best bit is adding inputs'. For those who are unaware
of flake-parts, you probably are not aware of the greatness that is inputs'.
The diff below shows the advantage of using inputs' over inputs for
accessing packages.

- inputs.input-name.packages.${pkgs.stdenv.hostPlatform.system}.package-name
+ inputs'.input-name.packages.package-name

Is that not awesome? So how can we replicate that for ourselves?

What we will need to do is map over all inputs, and their outputs and select
the output dependent on the host platform, if a system dependent output exists,
otherwise it will leave it as is. We can achieve that with the following code:

inputs' = lib.mapAttrs (_: lib.mapAttrs (_: v: v.${config.nixpkgs.hostPlatform} or v)) inputs;

Or if you are using flake-parts, you may prefer using the following code instead:

withSystem config.nixpkgs.hostPlatform ({ inputs', ... }: { inherit inputs'; });

So let's add that to our mkSystem function.

{
  inputs,
  lib ? inputs.nixpkgs.lib,
  ...
}:
name:
{
  modules ? [ ],
  specialArgs ? { },
  class ? "nixos",
}: let
  nixpkgs = inputs.nixpkgs or (throw "No nixpkgs input found");
  darwin = inputs.darwin or inputs.nix-darwin or (throw "No nix-darwin input found");

  modulesPath = if class == "darwin" then "${darwin}/modules" else "${nixpkgs}/nixos/modules";

  baseModules = import "${modulesPath}/module-list.nix";

  eval = lib.evalModules {
    inherit class;

    specialArgs = { inherit inputs modulesPath; } // specialArgs;

    modules = baseModules ++ modules ++ [
      ({ config, ... }: {
        config = {
          _module.args = {
            inherit baseModules modules;

            inputs' = lib.mapAttrs (_: lib.mapAttrs (_: v: v.${config.nixpkgs.hostPlatform} or v)) inputs;
          };

          networking.hostName = name;

          nixpkgs.flake.source = nixpkgs.outPath;
        };
      })
    ] ++ lib.optionals (class == "darwin") [
      {
        config = {
          nixpkgs.source = nixpkgs.outPath;

          system = {
            checks.verifyNixPath = false;

            darwinVersionSuffix = ".${darwin.shortRev or darwin.dirtyShortRev or "dirty"}";
            darwinRevision = darwin.rev or darwin.dirtyRev or "dirty";
          };
        };
      }
    ];
  };
in
  if class == "darwin" then
    (eval // { system = eval.config.system.build.toplevel; })
  else
    eval;

Conclusion

And that's it! We have a fully functional mkSystem function that can replace
both lib.nixosSystem and lib.darwinSystem. This was quite the task, and
although this blog post seems to reduce the quite simple. I've spent a lot of
time on this, both when researching how to create the custom builder and
writing and maintaining the latest rendition in the form of a flake module
called easy-hosts. If you enjoyed
this post, please consider donating on ko-fi
or github sponsors.

When I see another friend of mine start using nix my eyes glisten with the
knowledge there is still hope for their lost soul yet. But then I observe their
copy-pasted code and see all the bad practices everywhere. Sighhhh. Time to
explain to you everything wrong about what you're doing in your nix code. Make
sure to pay attention and make some notes because I don't want to explain it
again.

system and lib.nixosSystem

Often I see people passing the system argument to lib.nixosSystem. However,
you should not do this! This is because "legacy input" and will straight up be
ignored because of your autogenerated hardware-configuration.nix file, which
will set system for you. So to rectify this we can instead set
nixpkgs.hostPlatform to the desired system.

{
  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";

  outputs = inputs: {
    nixosConfigurations = {
      # this host contains our `system` antipattern, which we want to avoid
      myBadHost = inputs.nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
        modules = [ ./hardware-configuration.nix ];
      };

      # this is our fixed host, notice how it uses `nixpkgs.hostPlatform`
      myGoodHost = inputs.nixpkgs.lib.nixosSystem {
        modules = [
          ./hardware-configuration.nix
          { nixpkgs.hostPlatform = "x86_64-linux"; }
        ];
      };
    };
  };
}

For further reading about this topic please consult
nixpkgs@332e603/flake.nix#L54.

To such I am usually asked "But I want to be able to track other nixpkgs
revisions or inputs, then don't I have to? Or set a specialArg or something?".
NO! Almost never do you want to use specialArgs. specialArgs are great but
often overused for things that the module system was designed to do better. Now
to answer the main question, you can still do that. Allow me to introduce you
to pkgs.stdenv.hostPlatform.system and its alias pkgs.system. So now we can
do something more like the following:

{
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
    # notice our new nixpkgs input that is pinned to a stable version
    nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.05";
  };

  #         v this here is destructuring the inputs, and the `@` will allow us to refer to `inputs` as a whole
  outputs = { nixpkgs, ... } @ inputs: {
    nixosConfigurations.mySystem = inputs.nixpkgs.lib.nixosSystem {
      # notice we are now we are now passing the inputs as a specialArg
      specialArgs = {
        inherit inputs;

        # do NOT add `system` as a specialArg
        system = "x86_64-linux";
      };

      modules = [
        # instead notice how we can use `pkgs.system` to refer to the system output from nixpkgs 24.05
        # and we didn't need to add `system` as a specialArg
        ({ pkgs, inputs, ... }: {
          environment.systemPackages = [
            inputs.nixpkgs-stable.legacyPackages.${pkgs.system}.nil
          ];

          # this didn't change from our previous example
          nixpkgs.hostPlatform = "x86_64-linux";
        })
      ];
    };
  };
}

Overall, system being an input to lib.nixosSystem was so irritating me so
much that I made several bluesky posts complaining about it. And went on to
make easy-hosts as an abstraction
around making systems for your systems that will prevent you from making these
mistakes, and will force you to use the module system more.

system dependent overlays

I sadly am not kidding. These are real. I have seen people do this.

First off, overlays should not be consumed with a system like
overlays.x86_64-linux or overlays.x86_64-linux.default. Please stop
yourself if you ever get here. Instead, overlays should be consumed like
source.overlays.name, to improve upon this consider the following template:

{
  # inputs if you need them

  outputs = inputs: {
    overlays = let
      pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux;
    in {
      # these are all incorrect variations of the same code, that i have seen
      # or would be generate by some kind of code
      x86_64-linux = final: prev: {
        hello = pkgs.callPackage ./default.nix { };
      };

      # this is bad
      x86_64-linux.default = final: prev: {
        hello = pkgs.callPackage ./default.nix { };
      };

      # this is still bad
      default.x86_64-linux = final: prev: {
        hello = pkgs.callPackage ./default.nix { };
      };

      # notice in this example we removed any reference to `pkgs` and instead we use `prev`
      # this means that the overlay is not system dependent
      default = final: prev: {
        hello = prev.callPackage ./default.nix { };
      };
    };

    # any additional outputs go here
  };
}

Notice how here I used prev instead of pkgs or anything alike because we do
not need to know what the system is here. And if you do wish to refer to the
system recall how earlier I spoke of pkgs.system well prev like pkgs will
also expose system, so you can use prev.system.

Stop importing weirdly

You do not need this needless import. This is a waste of nix eval time. Since
users will place inputs.<source>.nixosModules.default in their flake
imports it will load those files for them, so you don't need to import unless
you need to pass args.

{
  inputs = { };

  outputs = inputs: {
    nixosModules.default = import ./module.nix;
  };
}

Here is a more acceptable flake, where we only import because we are passing
our inputs to our other module.

{
  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";

  outputs = inputs: {
    nixosModules = {
      noImport = ./module.nix;
      importWithArgs = import ./module.nix { inherit inputs; };
    };
  };
}

Stop importing nixpkgs

This one is somewhat of a subset of the previous problem, where people import
needlessly. nixpkgs already provides legacyPackages which is a
pre-constructed set of packages for you. So you don't need to import nixpkgs.

{
  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";

  outputs = { nixpkgs, ... }: let
    pkgs = import nixpkgs { };
    # or
    pkgs = import nixpkgs { system = "aarch64-linux"; };
  in {
    # imagine the rest of the file
  };
}

Importing nixpkgs without a system will use builtins.currentSystem which is
impure, this means that it needs to use information that may not be
reproducible like your system type. Instead, consider writing:

{
  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";

  outputs = { nixpkgs, ... }: let
    system = "aarch64-linux";
    pkgs = nixpkgs.legacyPackages.${system};
  in {
    packages.${system}.default = pkgs.callPackage ./default.nix {};
  };
}

You may also recall my earlier posts titled Experimenting with
nix and or Dev
dependencies, where I refer to a
function called forAllSystems to improve upon this pattern further. For the
sake of completion I will bring one of those examples back and use it to
generate the system based outputs of packages.

{
  inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";

  outputs = { nixpkgs, ... }: let
    forAllSystems =
      function:
      nixpkgs.lib.genAttrs nixpkgs.lib.systems.flakeExposed (
        system: function nixpkgs.legacyPackages.${system}
      );
  in {
    packages = forAllSystems (pkgs: {
      default = pkgs.callPackage ./default.nix { };
    });
  };
}

You may however have noticed this won't work if you need to access unfree or
broken packages. In which case I would recommend modifying the function to
align with the following:

forAllSystems =
  function:
  nixpkgs.lib.genAttrs nixpkgs.lib.systems.flakeExposed (
    system: function (
      import nixpkgs {
        inherit system;
        config.allowUnfree = true;
      }
    )
  );

The key difference in the above example is that we now are importing nixpkgs
and as such we now have access to nixpkgs.config and nixpkgs.overlays if
you so wish to use those.

This brings me onto my final point,

Stop using flake-utils

flake-utils is often an extra dependency added for no good reason. The main
purpose for using it more modernly is its overridable systems, they do this
through an input from the nix-systems GitHub
org. But more typically no one uses it for that, in fact most people use
flake-utils for its ability to create system dependent outputs. This is what
leads to the issues with system dependent overlays. But recall, I've
already covered all of what you need to make your own flake-utils, through the
usage of the forAllSystems function.

However, some of you may still want those overridable systems. In which case
please consider writing this flake like this instead:

{
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
    systems.url = "github:nix-systems/default";
  };

  outputs = { nixpkgs, systems, ... }: let
    forAllSystems =
      function:
      nixpkgs.lib.genAttrs (import systems) (
        system: function nixpkgs.legacyPackages.${system}
      );
  in {
    packages = forAllSystems (pkgs: {
      default = pkgs.callPackage ./default.nix { };
    });

    overlays.default = final: prev: {
      hello = prev.callPackage ./default.nix { };
    };
  };
}

Conclusion

I was never mad at you, I was just disappointed. But now you know better, so go
forth and write better nix code.

2024 in Review

New technologies

• wezterm - I started using this terminal emulator due to its multiplatform support and its depth of configurablity.
• ghostty - I started using this one while it was still in beta, and its been my go-to terminal emulator on macOS since.
• lix - This is a fork of nix and I've been using it for its cli stability and improved performance.
• freeze - A lovely little tool for taking screenshots of code and sharing them with friends.

Switching from WezTerm to Ghostty might seem odd, but the decision was clear: Ghostty’s native implementation offered unmatched speed and macOS integration, making it the superior choice for my needs.

Languages

This year I didn't learn any new languages, but rather I decided to focus on improving my existing skills in Go, Java and Rust. I found during that time that I really do prefer Rust, this is largly due to the developer support through rust-analyzer and cargo clippy.

New Projects

The year began with a significant project; rewriting my website in Go. The process was tedious, but the outcome was much preferable. However, I still had my reservations about Go's templating engine. While it’s good, I felt there was room for improvement.

And that is where Tera, a rust based templating engine like jinja2 and Django. I first encountered Tera through the Catppuccin Whiskers project. Tera’s extensablity convinced me to rewrite my site again, this time in Rust. The result exceeded my expectations, and Rust’s ecosystem further cemented my love for the language.

However, before the website was rewritten in rust I tried to create a new Go project izrss which was a terminal RSS feed reader. It's not feature rich but it was created to look pretty due to my dissatisfaction with newsboat.

This year, I abstracted by neovim configuration incredibly through the use of chainix. I later decided to remove a significant amount of the nix abstraction through izvim, where I made a package around the lua rather then using nix to generate the lua. During this year I also wrote the freeze.nvim plugin, which I wrote a blog post about. You can find the jeorney here: neovim blog post.

My goals for 2025

I would like to get some more work done on my Wayland compositor. I would also love to grow my social media presence, and maybe even write 3 blog posts, which would be my apology for not writing one in 6 months. And you all know me; rewrite my nix config once or twice again... per week.

Handling dependencies is hard to say the least. Issue after issue of missing and conflicting dependencies. And no good way to fix this util Docker Nix came along. This blog post will go over the start to end of getting a solid nix dev entiroment setup for all your projects.

Getting started

First we are going to create a basic file tree, such that you can understand how your system may look like.

.
├── default.nix
├── shell.nix
├── flake.lock
└── flake.nix

At first when seeing this tree you may think why are we polluting our root directory with all these files. But in this is a good way to help us write less Nix!

Now, we're going to create a flake.nix file. Unlike some other files mentioned later in this post, it's quite agnostic about the language of your project. Since I won't be explaining this part in detail, I recommend you read my previous blog post experimenting with nix.

{
  inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";

  outputs =
    { nixpkgs, ... }:
    let
      forAllSystems =
        function:
        nixpkgs.lib.genAttrs nixpkgs.lib.systems.flakeExposed (
          system: function nixpkgs.legacyPackages.${system}
        );
    in
    {
      packages = forAllSystems (pkgs: {
        default = pkgs.callPackage ./default.nix { };
      });

      devShells = forAllSystems (pkgs: {
        default = pkgs.callPackage ./shell.nix { };
      });
    };
}

Now we have something more useable for our flake.nix file we can now start making our default.nix file and shell.nix files.

We are going to start with the default.nix file for a basic Rust project. We start with the default.nix file to identify the dependencies of our project, which is particularly easy to do with Nix since the build system is isolated.

{
  lib,
  darwin,
  stdenv,
  openssl,
  pkg-config,
  rustPlatform,
}:
rustPlatform.buildRustPackage {
  pname = "kittysay"; # The name of the package
  version = "0.5.2"; # The version of the package

  # You can use lib here to make a more accurate source
  # this can be nice to reduce the amount of rebuilds
  # but thats out of scope for this post
  src = ./.; # The source of the package

  # The lock file of the package, this can be done in other ways
  # like cargoHash, we are not doing it in this case because this
  # is much simpler, especially if we have access to the lock file
  # in our source tree
  cargoLock.lockFile = ./Cargo.lock;

  # The runtime dependencies of the package
  buildInputs =
    [ openssl ]
    ++ lib.optionals stdenv.isDarwin (
      with darwin.apple_sdk.frameworks;
      [
        Security
        CoreFoundation
        SystemConfiguration
      ]
    );

  # programs and libraries used at build-time that, if they are a compiler or
  # similar tool, produce code to run at run-time—i.e. tools used to build the new derivation
  nativeBuildInputs = [ pkg-config ];

  meta = {
    license = lib.licenses.mit;
    mainProgram = "kittysay";
  };
}

You may have noticed buildInputs and nativeBuildInputs, which contain the dependencies of the project. At a basic level buildInputs are the dependencies that are needed at runtime whilst nativeBuildInputs are the dependencies that are only needed during the build process. So why does that matter?

Well these dependencies can be reused in our shell.nix file, we can do this like so:

{
  clippy,
  rustfmt,
  callPackage,
  rust-analyzer,
}:
let
  mainPkg = callPackage ./default.nix { };
in
mainPkg.overrideAttrs (prev: {
  nativeBuildInputs = [
    # Additional Rust tooling
    clippy
    rustfmt
    rust-analyzer
  ] ++ (prev.nativeBuildInputs or [ ]);
})

In this example we are adding additional Rust tooling to our shell. This is because those inputs are not there in our dependencies that we have defined in our default.nix file.

But what if I don't want to have default.nix file?

Nix still has a solution for this — pkgs.mkShell.

{
  clippy,
  mkShell,
  rustfmt,
  rust-analyzer,
}:
mkShell {
  packages = [
    clippy
    rustfmt
    rust-analyzer
  ];
}

What if you also require all the dependencies of another program? I've personally never needed this, but you can do it like so:

{
  mkShell,
  rust-analyzer,
}:
mkShell {
  inputsFrom = [
    rust-analyzer
  ];
}

Now you have a shell with all the dependencies of rust-analyzer and any other dependencies you have defined in your shell.nix file.

Some common misconceptions

Should I use nativeBuildInputs or buildInputs?

Well in this case it doesn't matter! All packages that are put into the mkShell will be merged into one attribute, and will all be available to the end user. So really the best thing to do here is use packages since it's documented and therefore a good practice.

If you would like proof they get merged into the one attribute here is the source:

mergeInputs = name:
  (attrs.${name} or [ ]) ++
  # 1. get all `{build,nativeBuild,...}Inputs` from the elements of `inputsFrom`
  # 2. since that is a list of lists, `flatten` that into a regular list
  # 3. filter out of the result everything that's in `inputsFrom` itself
  # this leaves actual dependencies of the derivations in `inputsFrom`, but never the derivations themselves
  (lib.subtractLists inputsFrom (lib.flatten (lib.catAttrs name inputsFrom)));

How about the environment variables?

I see a number of people using shellHook, but I'd argue that this is wrong — ideally we should use env. But not for any technical reason, since they fundamentally do the same thing and env is converted into a shellHook, but rather for readability.

1. The worst way:

shellHook = ''
  export RUSTFLAGS="-lEGL -lwayland-client"
  export LD_LIBRARY_PATH=${"$LD_LIBRARY_PATH:${libglvnd}/lib";}
'';

1. A bit better:

RUSTFLAGS = "-lEGL -lwayland-client";
LD_LIBRARY_PATH = lib.makeLibraryPath [ libglvnd ];

1. The best way:

env = {
  RUSTFLAGS = "-lEGL -lwayland-client";
  LD_LIBRARY_PATH = lib.makeLibraryPath [ libglvnd ];
};

After reading all three of these example, I hope you understand why I personally prefer the third example. Since its clear that its exporting environment variables, and it's also clear what the environment variables are or will be. It should also be noted that as of release 24.05 the recommended manor of exporting environment variables in a shell is example 2, but uses mixes between example 1 and 2.

But you didn't mention pkgs.mkShellNoCC?

The difference between difference these two is that mkShell includes a C compiler in the shell environment, whilst mkShellNoCC does not. So in a situation where you know you won't need any C compiler or related technogies its better to use pkgs.mkShellNoCC.

How about using my overlay?

My personal favorite has to be oxalica/rust-overlay, so that is what we are going to use in this example. I heavily advice mainly using the flake to get reproducible outputs.

{
  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
    rust-overlay.url = "github:oxalica/rust-overlay";
  };

  outputs =
    { nixpkgs, rust-overlay, ... }:
    let
      forAllSystems =
        function:
        nixpkgs.lib.genAttrs nixpkgs.lib.systems.flakeExposed (
          system: let
            overlays = [ (import rust-overlay) ];
            pkgs = import nixpkgs { inherit system overlays; };
          in
            function pkgs;
        );
    in
    {
      devShells = forAllSystems (pkgs: {
        default = pkgs.mkShell {
          packages = [
            rust-bin.stable.latest.minimal
          ];
        };
      });
    };
}

But you didn't include a shell.nix that time? I know thats because I want to keep this as reproducible as possible and that beacomes difficult with overlays and staying backwards compatible. The below example shows how you could do this though its not exactly pretty.

(import <nixpkgs> {
  overlays = [ (import (builtins.fetchTarball "https://github.com/oxalica/rust-overlay/archive/master.tar.gz")) ];
}).callPackage (
{ mkShell, rust-bin }:
mkShell {
  packages = [
    rust-bin.stable.latest.minimal
  ];
}) {}

The cherry on top

direnv

nix-direnv is a tool that allows you to have a .envrc file in your project that will automatically load the nix shell when you enter the directory. This is a great way to make sure that you are always in the correct environment.

The files from before will not change but now the .envrc file will be added to the project, and this will contain something like so:

if has nix_direnv_version; then
  use flake
fi

Templates

Nix allows you to create reproducible templates for your project, so you only have to set these up one time and then you can reuse them for all your projects.

For example you can use my templates like so nix flake init -t github:tgirlcloud/nix-templates#go which will create a new go project in your current directory, or you can use nix flake new -t github:tgirlcloud/nix-templates#rust cheese which will create a new directory called cheese with the rust template defined here.

Here we will create a quick example for a basic flake, but you can do this with littrally anything you want.

First lets define what our tree will look like as we did before:

.
├── flake.nix
└── comfy
    ├── default.nix
    ├── shell.nix
    └── flake.nix

Now lets define our flake.nix:

{
  outputs = _: {
    templates = {
      comfy = {
        path = ./comfy;
        description = "A comfy template";
      };
    };
  };
}

You may have notice that we are not taking any inputs and are only producing outputs and thats because we don't need a package set here. Then our comfy/* files will look like the ones we defined at the beginning of this post.

Wrapping up

Nix is a great tool for managing dependencies, and I hope this post has helped you understand how to use it in your projects. If you have any further questions feel free to email me or join my discord server. Thanks for reading!!! And If you really enjoyed the post please consider donating so I can keep doing this kind of thing on kofi or GitHub Sponsors.

My latest addiction is Nix.

Those who have read my previous posts have probably noticed that I have made a few references to it here and there but nothing too deep, that is until now.

This article is going to detail some of the oddities and tips I have learned along the way. Just a fair warning, I am still learning and nix is ever-growing so some of these details may not be the same tomorrow or the next day. Also its a complete mess of hundreds of ideas that I have so prepare yourself.

shell.nix the file I have everywhere

I don't have any dev programs permanently installed on my system, I have a shell.nix file in every project that I work on. This file contains all the dependencies that I need to work on that project. This is a great way to keep your system clean and to keep your dependencies in check.

{ pkgs ? import <nixpkgs> {} }:
pkgs.mkShell {
  nativeBuildInputs = with pkgs; [
    go
    gopls
  ];
}

Easy things that are not so easy

Recently I undertook the task of removing all unused occurrences of the fetchFromGitHub argument, at the time this was about 64 items, though I only removed 57. But here is why, some files like zig for example contain a generic.nix file which has commonalities between all the zig files so to reduce the work here they import that file. And to do that they need to pass fetchFromGitHub otherwise, you will error out. This is unexpected since deadnix cannot detect these the import like that. Oh and for anyone curious what kind of monstrosity of a command made this easy:

deadnix pkgs -o json |
  jq -n 'select(.results[].message == "Unused lambda pattern: fetchFromGitHub") | .file' |
  args -i nvim {}

NURs

I have never understood the point of NURs, they often ship outdated nixpkgs, and don't offer much more than putting the package on nixpkgs instead. I will be the first to admit I have my repo reminiscent of a NUR but it's not the same, that repo ships nightly packages because occasionally I want nightly packages for my programs and these should be consumed as an overlay.

Pinning packages

This feels somewhat of an extension to NURs since most of my packages are pins of specific working commits. You can achieve this with fetchers like fetchFromGitHub but my personal favorite is npins (and occasionally nvfetcher) since you can run git versions of a package. Then you can override the source with something reminiscent of this:

_: prev: {
  catppuccin-gtk = prev.callPackage (args:
    (prev.catppuccin-gtk.override args).overrideAttrs (attrs: {
      src = pins.catppuccin-gtk;
    })
  ) {};
}

fn expand_on_this_in_another_post() {
  todo!(); # yes this is a bad rust joke
}

Lib

The lib or library is a collection of expressions that are commonly used in nix because of this they are official and stable.

forAllSystems

This is not a part of the official lib but is featured in the official nix templates repo though maybe not in this exact format. What this does is provide an output for all of the system types that are in the list, this is important for packages that can work on multiple systems since it helps you prevent repeating the same code several times.

forAllSystems =
  function:
  nixpkgs.lib.genAttrs [
    "x86_64-Linux"
    "aarch64-Linux"
    "x86_64-darwin"
    "aarch64-darwin"
  ] (system: function nixpkgs.legacyPackages.${system});

lib. filesystem.packagesFromDirectoryRecursive

One of my current favorites has to be lib.filesystem.packagesFromDirectoryRecursive or its alias lib.packagesFromDirectoryRecursive. This function allows you to generate an attrset of your packages from a given directory. Perhaps the best thing about this lib expression is how well-documented it is. Or perhaps it is flexible.
I recently used this to generate a collection of packages you can find them on my GitHub repo isabelroses/beapkgs. In this case, I needed to callPackage with npins such that all packages would have access to their source. And guess what this is double the learning opportunity since we can use the previously stated forAllSystems.

packages = forAllSystems (
  pkgs:
  lib.packagesFromDirectoryRecursive {
    callPackage = lib.callPackageWith (pkgs // { pins = import ./npins; });
    directory = ./packages;
  });

lib.trivial.pipe

Similar to the concept of a pipe in bash, this function allows you to pipe the output of one function to the input of another. This is useful when you have a function that returns a value that you want to chain together several operations.

lib.trivial.pipe 2 [
  (x: x + 2)  # 2 + 2 = 4
  (x: x * 2)  # 4 * 2 = 8
] # outputs 8

Packaging

Tauri

Recently I tried packaging some Tauri apps, what a big mistake. Anyone that tried packaging a tarui app has probably seen this amazing error:

chmod: changing permissions of '/nix/store/6scp0k430y2psl9i7zbiccv0687fk4hc-454xi372h27vn98mavqlxn5cf85x72ll-source/src-tauri': Operation not permitted

But it suddenly fixes itself if you package it for nixpkgs rather than as a flake??? This one I am beyond lost on, but my best advice is just to make a package for nixpkgs.

My greatest enemy

pngquant-bin is truly my greatest enemy. In my upward battle to package catppuccinifier-gui, it had a dependency on pngquant-bin. And the worst bit is that pngquant-bin runs an install script to download extra files which simply is not allowed in nix. In the end, I gave up and patched the binary release instead.

The module system

I wish I learned this much earlier. I abuse this now and it's worth every bit of it. It makes your system configurations a lot easier to understand and commonalities between your systems and users can be shared.

Let's say between all machines I want to have a user named isabel, I would set that in a file called common.nix and then import that file in all my system configurations.

The file tree might look something like this:

.
├── hosts/
│   ├── host1.nix
│   └── host2.nix
└── users/
    └── isabel.nix

Then in the file users/isabel.nix file I would have something like this:

{
  users.users.isabel = {
    isNormalUser = true;
    extraGroups = [ "wheel" "networkmanager" ];
  };
}

Then each host1, hosts/host1.nix, can contain something specific to that host, in this case, the hostname:

{
  imports = [@users/isabel.nix];
  networking.hostName = "host1";
}

Whereas my other host hosts/host2.nix, might want to have a different hostname for example:

{
  imports = [@users/isabel.nix];
  networking.hostName = "host2";
}

If you can see where this is going, you should understand that this means that the entire system is extensible. We can make changes to one host that don't affect another. And changes that apply across multiple hosts.

We can make this even better with options. You could do this with a tree that looks more like such:

.
├── hosts/
│   ├── host1.nix
│   └── host2.nix
├── modules/
│   └── common.nix
└── users/
    └── isabel.nix

Our modules/common.nix may look something like this, where we are defining a new option for the hostname:

{lib, config, ...}: {
  imports = [@users/isabel.nix]; # this file remains the same

  # in this case we are creating a new option under the `my` namespace
  options.my.hostname = lib.mkOption {
    type = types.str;
    default = "nixos";
  };

  # This might be a little confusing since it's set as
  # `options.my.hostname` but to use is calling `config.networking.hostName`
  config.networking.hostName = config.my.hostname;
}

Then each host would look almost identical to the other but with slightly differing values:

{
  imports = [@modules/common.nix];
  config.my.hostname = "host1";
}

Changing the hostname per system like this is pretty trivial and not much of a real use case, but if you put your mind to it you can start to see how you might make a set of packages apply across 2 systems but not a 3rd or 4th.

Conclusion

Nix is super flexible and there's a lot of uses for it and ways you can use it. Some ways work better for some and not for others. I hope you found this article at least entertaining, if not that at least to have learned at least one thing.

I have been using Neovim for a while now, and I find it to be a great tool. However, I have never had the opportunity to write a plugin for it. Recently, I came across Charmbracelet's new app called "Freeze" which I liked, the app allows you to generate images of code snippits. This inspired me to integrate it into Neovim.

The Idea

The goal was to allow the user to select a range of text and then generate an image from that. If the user did not select an area of text then it would use the entire file.

The Implementation

To do this I created a set of allowed options the user could set when calling the setup() function for the plugin. The options would be identical to the arguments the cli command would take except in snake case. We could then use this data to generate a CLI command and call it with vim.fn.system(), and we could get the output and use that to give the user a log of what happened with vim.notify().

I also wanted to ensure that the user's options would actually work, so I created a function that would check the options and ensure that they were correct. This was done by checking the options against a list of allowed options and ensuring they were the correct type. At this point I realized I was enforcing the user to use the command freeze, but I did not account for use cases other than mine, so this was added as an option.

The struggle

Neovim's documentation when it comes to old and new versions and what APIs are available is not the best. I found myself having to look at the source code of the plugin manager I was using to see what was available. Thankfully @comfysage managed to get to the bottom of it. The following snippet shows how we handle arrays and lists differently depending on Neovim versions.

local function is_array(...)
  if vim.fn.has("nvim-0.10") == 1 then
    return vim.tbl_isarray(...)
  else
    return vim.tbl_islist(...)
  end
end

The outcome

The plugin was a success, and I was able to generate images from code snippets. I was also able to learn a lot about how to write a Neovim plugin and how to use the Neovim API. I was also able to learn a lot about how to use Vimscript and how to use the command line from within Neovim. This was a great experience, and I am thankful for it. See an example of the plugin below.

The plugin is available on GitHub under isabelroses/charm-freeze.nvim.

I started programming in Scratch when I was 10 or so years old, all of which I taught myself (this is a recurring theme). I didn't touch programming again until year 9 which is when I started my GCSEs. I took computer science as one of my options since I liked computers and I thought it would be fun. It was not. My class was the eldest year in this new school, we had no teachers at the time that actually did computer science, so we had a math teacher cobble together what he could for us. And later when we did get a teacher, we were given a booklet and told to complete it by the end of the year, it was awful.

Having completed my GCSEs, almost completely self-taught, I started my A-levels and I took computer science again. To my great surprise I had an not one but two amazing teachers, who were able to teach me a lot. I was able to learn a lot about java, and the deeper concepts behind programming and computer science.

Diving right into the deep end

I first started using Linux when I learned about self-hosting which came about from a friend of mine who was self-hosting a minecraft server. This prompted me to set up my own server in a virtual machine, all of this was brand new to me at the time and I found myself in the middle of a rush of information.

This all took place around, late February 2023. Following a tutorial on a now deleted YouTube video, probably not the best source. But despite that, I managed to get an Ubuntu virtual machine and bear in mind this is not even the server edition but the desktop version of Ubuntu which I chose.

Shortly after, I learned of Catppuccin, an amazing soothing pastel theme with 4 major flavors. I decided to try out their userstyles, a way to apply the theme to a website, done through the means of a browser extension. And I found myself with a beautiful theme for YouTube, but it was riddled with bugs. So I decided to try and fix them, and I did but only for myself, having almost zero idea on how to use git let alone GitHub.

I'm not drowning?

In March 2023, I joined the Catppuccin discord server and was greeted by a friendly community, and one person was kind enough to walk me through the process of creating a pull request. But this was not with Git but rather the GitHub web interface where I would drag and drop, copy and paste all the changes I had made. And unexpectedly, I became the maintainer of the userstyles? I was not expecting this at all, but I was happy to take on the role.

Needless to say this forced me to get more in touch with my tools like Git and GitHub, and I was able to learn a lot from this experience. I was also able to learn a lot about CSS and how to use it to style a website. This was a great experience, and I am damn thankful for it.

Trying to swim

In late April to early May 2023, I felt ready for more which prompted me to try and learn more about Linux and how to use it. This lead me to uninstalling windows from my laptop and installing Ubuntu. This was a big step for me as I had never used Linux as my main operating system before and at first it felt like a swing and a miss. I shortly after realized that it was ubuntu just was not the right distro for me.

So prompted by others once more I decided to try installing Arch Linux. Having tested installing in a virtual machine several times I felt ready to install it on my laptop. And I did, and it was a success. I was able to install Arch Linux on my laptop, and I was able to use it as my main operating system.

At this point I created my dotfiles repo, having learned it's a good idea to have the ability to easily install all my config files on a new machine. And I was able to learn a lot about how to use Git, and how to use the command line.

Learning to swim

In late May 2023, I was introduced to NixOS and I loved the idea, but I think I was not ready for it. So I didn't commit until much later
around late July 2023. I was able to install NixOS on my laptop, and I was able to use it as my main operating system. By this time I was much more proficient with the command line and all my other daily tools.

Around mid-July, I managed to become a member of staff for the Catppuccin userstyles repo which introduced me to a whole new set of skills. Like how to manage a repo, how to manage issues and pull requests, and how to manage a community. One of the strongest skills I learned from this is CI/CD, and how to use it to automate tasks, this was necessary for the userstyles repo due to the huge number of tasks that repetitive. Now almost all my repos have some amount of CI/CD.

I really can swim

As of the time of writing, I am still using NixOS as my main operating system and I am still learning a lot about it. I have also been able to learn a lot about programming and how to use Git and GitHub. I have also been able to learn a lot about how to manage a community and how to manage a repo. And i'm thankful for all the people who have helped me along the way. I hope to continue learning and improving my skills.

So to start off with, I started with using Git and GitHub properly, to be accurate I used to commit to GitHub rarely and doing so with the web upload by dragging and dropping files. I was also introduced to forking and pull requests thanks to the amazing community over at Catppuccin.

From now on were going to swap to a list format as it will be easier to read, and break it down into different sections.

New technologies

• Neovim, the best editor ever. This now is my main editor, and I'm really happy with it. I'm still learning how to use it properly, but I'm getting there. In fact, I'm writing this post in Neovim right now. Prior to this I was using VS Code and from time to time I still do, but I find myself using Neovim more and more.
• NixOS, my main operating system, and it has made development so much easier.
• Vikunja, this functioned as my main to-do list manager, but I would like to start using bellado as a way to interact with my Vikunja instance. The reason for this is I need to use my to-do list on the move more often then not. But I also love being in the command line and an easy way to do this would be amazing.

Self-hosted services

I started getting into self-hosting services (all managed by my NixOS dotfiles) this year and I got really excited and ended up hosting more than I actually use, but I'm still happy with the outcome. However, some of the ones I use the most are:

• forgejo, it's a really cool Git service that is lightweight and easy to use. I use it for most my Git hosting needs.
• My mail server, although this was a real pain to set up, I use this one of the most out of all my self-hosted services.
• wakatime, this is a really cool service that I use to track my coding time. I use this to see how much time I spend coding and what languages I use the most.
• Vikunja as mentioned above, this is my main to-do list manager. I use this to keep track of all my tasks and what I need to do.
• And finally, vaultwarden, an amazing open-source password manager, which saved me so many times.

New languages

This year I learned a wide range of languages since I was in search for the prefect language for me. And I think I found it, but I'm still learning it. But the languages that I learned this year were:

• Go, this is my main language now, and I'm really happy with it.
• Rust, this is a really cool language, but I don't use it as much as I would like to, but I have made a few projects in it.
• C, this is a language that I didn't really like as much as I thought, but I still learned it and made a few small projects in it.

New Projects

Some of the projects that I worked on during 2023 were:

• catppuccin/userstyles, a collection of userstyles for various websites. This was my first proper project that I worked on, and I learned a lot from it. And It's still one of my favorite projects to work on, it currently has (at the time of writing) 51 styles and 29 people working on it. And I'm really proud of it, and I was happy to be able to work on it with such an amazing community.
• my website, a cool website that I made in vue.js and now am in the process of remaking in go. I learned a lot from this project, and I'm really happy with how it turned out, but you can be my judge of that.
• bellado, a command line to-do list manager. This is one of the hardest projects that I have worked on, and I'm really thankful to the Catppuccin community once again for all the help making this a much easier job, in particular @nullishamy, she really was the best of help.
• my dotfiles, my NixOS dotfiles. This is one of the hardest things that I've done all year, there was so much to learn and so much to do. I'm really happy that I completed this, and I am really happy to be using NixOS as my main operating system.
• rerefined, I don't often mention this one since I don't update it that much, but its purpose is to make a visual improvement to multiple websites.

To start right away with things that I wish to get better at:

• vim motions
• touch typing
• Go
• Rust
• Nix

This list were created in order to improve my basic workflow to improve the
generic speed that I work at. To start I barely use vim motions despite using
Neovim as my main editor, and touch typing goes along well with this. And
despite using NixOS I feel like I barely know anything about Nix.

In order to also properly manage myself I have two main tools
bellado and
Vikunja having these two separate is really inconvenient
but in order to use my to-do list well it needs to be accessible via the command
line and through the web so whether I'm out and about or on my main work machine
every will work well. One way I plan to improve this issue is to allow bellado
to interact with my Vikunja instance.

Self-healing URLs are designed in a way that if a user was to type in a URL as
long as a certain part of the URL is correct, the user will be redirected to the
correct page. This is useful for when a user is trying to access a page that has
been moved or deleted.

For example, if a user was to type in /blog/gaoengioa-2 they would be redirected to /blog/self-healing-urls-2 as the only important part of the URL is the "2" in this case, which refers to the second blog post by ID.

To implement this I had to make a few changes to my code. The original way that
the post data was being fetched was by using the slug of the post. This meant
that if the slug was incorrect, the post would not be found and the user would
be redirected to a 404 page. To fix this I had to change the way that the post
was being fetched to use the ID of the post instead. This meant that if the slug
was incorrect, the post would still be found and the user would be redirected to
the correct page.

// the old code
get post() {
    return meta.posts.find((post: any) => post.slug == this.$route.params.slug);
}

// the new code
get post() {
    // get the id from the slug
    const id = (this.$route.params.slug).toString().split("-").slice(-1)[0];
    // find the post using the id
    const post = meta.posts.find((post: any) => post.id == id);

    if (this.$route.params.slug != post?.slug) {
        // create the correct slug
        const slug = post?.slug + "-" + id;
        // redirect to the correct page
        this.$router.push({ name: "BlogPost", params: { slug: slug } });
    }

    return post;
}

Then all that was left was to ensure all links were using the new slug format.
This was done by changing the way that the slug was being created. Instead of
using the title of the post, the slug was created using the title and the ID of
the post. This meant that the slug would always be unique and would always be
the same for the same post.

Inspiration

The original idea for this post comes from: https://www.youtube.com/watch?v=a6lnfyES-LA