youwen5/alexandria
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
alexandria/content/Hacks/nixos-cheat-sheet.md

226 lines
6.9 KiB
Markdown
Raw Blame History

---
id: nixos-cheat-sheet
aliases: []
tags:
- nixos
- nixpkgs
- linux
title: Assorted NixOS hacks and tricks
---
The Nix package manager and NixOS Linux distribution are woefully
underdocumented. There are many, many powerful features that are difficult to
find, sans directly reading through source code.
I can't fix that, but this document serves as a personal cheat sheet of all the
small Nix features that I don't want to forget.
## Derivations
Stuff related to writing derivations of software.
### Sparse Checkout with fetchGit (and friends)
You can do sparse checkouts when using `fetchgit` and its friends
`fetchFromGitHub`, etc. This is useful if you're cloning a large repository and
know you only need one specific directory. If you only need a specific file,
consider `fetchurl`.
```nix
fetchgit {
url = "https://github.com/foo/bar";
hash = "sha256-0000000000000000000000000000000";
# takes a list of directories that should be checked out
sparseCheckout = ["dir", "another/dir", "foo/bar/dir"];
}
```
### The `callPackage` pattern
This isn't even a note for myself since I use this feature so much, but I'm add
it anyways so I can point to it as a reference.
When you look at `package.nix` files in the source code of `nixpkgs`, you'll
see they typically take the form:
```nix
{
stdenv,
libfoo,
libbar,
fetchFromGitHub,
...
}:
stdenv.mkDerivation {
nativeBuildInputs = [ stdenv libfoo libbar ];
src = fetchFromGitHub {
# blah blah
};
# rest of file omitted for brevity
}
```
It's a lambda (anonymous function) that takes in an attrset of everything the
derivation needs, and returns the derivation. As you clearly see, the `...`
means that the attrset contains all of the attributes specified, but also
arbitrarily more.
Exactly what attributes are available in this input attrset? It turns out that
this attrset is actually populated with the _entirety of nixpkgs_. Basically,
any package that can be referencd from `pkgs.xxx` is available in that input
attrset.
This is very useful for writing clean derivations. Oftentimes I see people
haphazardly pass `pkgs` around to all their derivations and directly make use
of it. While this is fine in small derivations, it quickly gets messy in large
ones. I prefer to always write non-trivial derivations using the nixpkgs
pattern. However, how do we go from a file like the example above to an actual
package that we can, say, output from a flake?
There's a function called `pkgs.callPackage` that handles precisely this task.
It takes in two arguments. Here is its pseudo type signature:
```
callPackage :: file -> attrset -> package
```
The first argument is the file that contains the derivation as shown in the
example. The second argument is an attrset that allows you to pass or overwrite
any values in the attrset passed to argument 1.
Oftentimes the second argument is not even needed and so you simply pass an
empty attrset (`{ }`).
```nix
packages.default = pkgs.callPackage ./my-derivation.nix { };
```
An example of the second argument in use is in a situation where you have a
flake that provides multiple packages, but one of these packages depends on the
other. Then, you can pass the packages to each other using the attrset
argument.
```nix
packages = rec {
foo = pkgs.callPackage ./foo.nix { inherit bar; };
bar = pkgs.callPackage ./bar.nix { };
};
```
Then, in the corresponding derivation of `foo`, `bar` will be available as an input:
```nix
# file: foo.nix
{
stdenv,
libblah,
bar, # the bar package we provided is now available here
...
}:
stdenv.mkDerivation {
buildInputs = [ bar ];
}
```
### Automatic updating derivations
Nix is powerful but also annoying at times. One of the most common issues is
how to automatically keep a derivation up to date.
When you fetch remote files in Nix, you need to provide Nix with a hash so that
it can guarantee the output is reproducible. This is a consequence of network
only being available in the "fixed output derivation".
When we automatically update a Nix derivation's sources, we need to take care
to both update the URL or revision and also the corresponding output hash.
The hash can be obtained using the `nix store prefetch-file` command, which
replaces the old and inferior `nix-prefetch-url`.
However this command doesn't return a clean hash that we can just pipe around
in our shell. We can add the `--json` flag and get a JSON object with the hash
in the `hash` property. Such as the following:
```nu
# this is a nushell script because i hate jq
nix store prefetch-file https://my-file.com/file --json | from json | get hash
```
We can then take our new URL and hash and then update our derivation. One way
to do this is with `sed` to modify the derivation in place, but this is kind of
janky. Another way is to create a JSON file that contains the URL and hash and
read it from Nix using `builtins.readFile` and `builtins.fromJSON`. This is
much easier since you can trivially generate JSON files using shell commands
(especially in Nushell).
The above process can be ran in CI to have fully automatic updating
derivations. See [[nixos-ci]] for writing on Nix in CI.
## nixpkgs and the nixpkgs lib
General stuff related to quirks in nixpkgs and `lib`.
## Flakes
Niche features of Nix flakes.
### Nix flake inputs have additional properties
Everyone knows the common properties of Nix flake inputs: the standard outputs
like `packages`, `apps`, `nixosModules`, etc.
However, there a few that I have seen seldom used and hard to find mentions of
in documentation
```nix
{
inputs.cool-flake.url = "github:hackerman/cool-flake";
outputs =
{ self, cool-flake, ...}:
{
# gives the commit hash of the flake
rev = cool-flake.rev;
# gives the UNIX timestamp of the commit of the flake
lastModified = cool-flake.lastModified;
# you can also get these attributes on the current flake using `self`
# gets current git commit hash
# caveat: this property isn't defined if the git tree is dirty (there are uncommitted changes)
selfRev = self.rev;
# I often use this pattern due to the above reason
selfRev' = if (self ? rev) then self.rev else "FALLBACK";
}
}
```
## NixOS
Things from the NixOS distribution, including the module system.
## Misc
Stuff to do with other stuff. Potentially community made flakes.
### Set the right time in Typix (and LaTeX)
When using Typix to compile Typst documents, sometimes it's a little _too
reproducible_. Attempting to reference the current date and time in the Typst
document will always return `January 1st, 1980` when compiled in the Nix build
environment.
You can set an environment variable to get the right time.
```nix
SOURCE_DATE_EPOCH = builtins.toString self.lastModified;
```
Here `self` is the self provided to the flake outputs that refers to the flake
itself. As shown in
[[./nixos-cheat-sheet.md#Nix-flake-inputs-have-additional-properties]], you can
get the timestamp of the current Git commit.
Reference in a new issue View git blame Copy permalink