Intro

[asmadeus@odin:~]$ # "normal" paths almost empty, only there for scripts expecting shebangs to work

[asmadeus@odin:~]$ ls -l /bin /usr/bin
/bin:
total 0
lrwxrwxrwx 1 root root 75 May 17 14:07 sh -> /nix/store/8n10gaxixlm8rg6w7q8xj2nw00nqslby-bash-interactive-4.4-p23/bin/sh


/usr/bin:
total 0
lrwxrwxrwx 1 root root 66 May 17 14:07 env -> /nix/store/7g6ar24krh7vn66gvfwwv3nq9xsh5c6i-coreutils-8.31/bin/env


[asmadeus@odin:~]$ echo $PATH
/run/wrappers/bin:/home/asmadeus/.nix-profile/bin:/etc/profiles/per-user/asmadeus/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin


[asmadeus@odin:~]$ # current-system is currently compiled system

[asmadeus@odin:~]$ ls -l /run/current-system
lrwxrwxrwx 1 root root 84 May 17 14:07 /run/current-system -> /nix/store/smp6rdc3ngs6wqda5y13dq5nccx8kw3k-nixos-system-odin-20.03.1866.a7c70f2e10b


[asmadeus@odin:~]$ # looks almost like a normal system...

[asmadeus@odin:~]$ ls -l /run/current-system/
total 40
-r-xr-xr-x 1 root root 14654 Jan  1  1970 activate
lrwxrwxrwx 1 root root    91 Jan  1  1970 append-initrd-secrets -> /nix/store/82canag4kkqqr71qd3kzw115d6z48l0j-append-initrd-secrets/bin/append-initrd-secrets
dr-xr-xr-x 2 root root    37 Jan  1  1970 bin
-r--r--r-- 1 root root     0 Jan  1  1970 configuration-name
lrwxrwxrwx 1 root root    51 Jan  1  1970 etc -> /nix/store/9i1sh77mbznavd2f67wiyx4w8y715pha-etc/etc
-r--r--r-- 1 root root     0 Jan  1  1970 extra-dependencies
dr-xr-xr-x 2 root root     6 Jan  1  1970 fine-tune
lrwxrwxrwx 1 root root    65 Jan  1  1970 firmware -> /nix/store/xlxhaxsji886q5s7yvmwmb0nsmpa4mb5-firmware/lib/firmware
-r-xr-xr-x 1 root root  5560 Jan  1  1970 init
-r--r--r-- 1 root root     9 Jan  1  1970 init-interface-version
lrwxrwxrwx 1 root root    70 Jan  1  1970 initrd -> /nix/store/nyq7ii897z046bzzifvf4pmb8qkl6p6k-initrd-linux-5.4.41/initrd
lrwxrwxrwx 1 root root    64 Jan  1  1970 kernel -> /nix/store/klvgkx3kqs80qfi09h9q4d4r6r41bmfp-linux-5.4.41/bzImage
lrwxrwxrwx 1 root root    58 Jan  1  1970 kernel-modules -> /nix/store/a25s64im7i3bk5gfnxys4r10kwb3xc9m-kernel-modules
-r--r--r-- 1 root root    10 Jan  1  1970 kernel-params
-r--r--r-- 1 root root    22 Jan  1  1970 nixos-version
lrwxrwxrwx 1 root root    55 Jan  1  1970 sw -> /nix/store/flxnij4b5ppcxvf1va48l6fb7dnnkci7-system-path
-r--r--r-- 1 root root    12 Jan  1  1970 system
lrwxrwxrwx 1 root root    57 Jan  1  1970 systemd -> /nix/store/8whc4mvh8mwzzja8zynhc770p5zrci6i-systemd-243.7


[asmadeus@odin:~]$ ls -l /run/current-system/sw/bin/
total 0
lrwxrwxrwx 1 root root 64 Jan  1  1970 '[' -> '/nix/store/l3z1qf0gz4njl5a8c64iyfx9yrf8fdgd-coreutils-8.31/bin/['
lrwxrwxrwx 1 root root 69 Jan  1  1970  accessdb -> /nix/store/x7nzcq9pd4ckapj7qcyigmvlawwmcyjk-man-db-2.9.0/bin/accessdb
lrwxrwxrwx 1 root root 73 Jan  1  1970  addgnupghome -> /nix/store/lgwc3qf6jlj78zflhic7ia2iffm97dxc-gnupg-2.2.19/bin/addgnupghome
lrwxrwxrwx 1 root root 77 Jan  1  1970  addpart -> /nix/store/27slyx813n1a5j3p0hs8z43x08yicmk2-util-linux-2.33.2-bin/bin/addpart
lrwxrwxrwx 1 root root 73 Jan  1  1970  addr2line -> /nix/store/1zf4cnaaidjajwb4gx4mnkqc5dypkcdy-binutils-2.31.1/bin/addr2line
lrwxrwxrwx 1 root root 76 Jan  1  1970  agetty -> /nix/store/27slyx813n1a5j3p0hs8z43x08yicmk2-util-linux-2.33.2-bin/bin/agetty
...
lrwxrwxrwx 1 root root 66 Jan  1  1970  xzdec -> /nix/store/4ih4qpvh7ydzw3m5a2q623a6nbp089fp-xz-5.2.4-bin/bin/xzdec
lrwxrwxrwx 1 root root 67 Jan  1  1970  xzdiff -> /nix/store/4ih4qpvh7ydzw3m5a2q623a6nbp089fp-xz-5.2.4-bin/bin/xzdiff
lrwxrwxrwx 1 root root 68 Jan  1  1970  xzegrep -> /nix/store/4ih4qpvh7ydzw3m5a2q623a6nbp089fp-xz-5.2.4-bin/bin/xzegrep
lrwxrwxrwx 1 root root 68 Jan  1  1970  xzfgrep -> /nix/store/4ih4qpvh7ydzw3m5a2q623a6nbp089fp-xz-5.2.4-bin/bin/xzfgrep
lrwxrwxrwx 1 root root 67 Jan  1  1970  xzgrep -> /nix/store/4ih4qpvh7ydzw3m5a2q623a6nbp089fp-xz-5.2.4-bin/bin/xzgrep
lrwxrwxrwx 1 root root 67 Jan  1  1970  xzless -> /nix/store/4ih4qpvh7ydzw3m5a2q623a6nbp089fp-xz-5.2.4-bin/bin/xzless
lrwxrwxrwx 1 root root 67 Jan  1  1970  xzmore -> /nix/store/4ih4qpvh7ydzw3m5a2q623a6nbp089fp-xz-5.2.4-bin/bin/xzmore
lrwxrwxrwx 1 root root 66 Jan  1  1970  yes -> /nix/store/l3z1qf0gz4njl5a8c64iyfx9yrf8fdgd-coreutils-8.31/bin/yes
lrwxrwxrwx 1 root root 91 Jan  1  1970  ypdomainname -> /nix/store/nda0zrac8wzkhljgm6cffx70kazxxdra-net-tools-1.60_p20170221182432/bin/ypdomainname
lrwxrwxrwx 1 root root 62 Jan  1  1970  zcat -> /nix/store/rj2642fn2ciqwiihvv607n68fiy4qbdc-gzip-1.10/bin/zcat
lrwxrwxrwx 1 root root 62 Jan  1  1970  zcmp -> /nix/store/rj2642fn2ciqwiihvv607n68fiy4qbdc-gzip-1.10/bin/zcmp
lrwxrwxrwx 1 root root 66 Jan  1  1970  zdb -> /nix/store/hragh1r3ynchmlaxci942vaiczx7n2rb-zfs-user-0.8.3/bin/zdb
lrwxrwxrwx 1 root root 63 Jan  1  1970  zdiff -> /nix/store/rj2642fn2ciqwiihvv607n68fiy4qbdc-gzip-1.10/bin/zdiff
lrwxrwxrwx 1 root root 68 Jan  1  1970  zdump -> /nix/store/2p6ji9i05dkjz3fgpvymlawl379fw577-glibc-2.30-bin/bin/zdump
lrwxrwxrwx 1 root root 66 Jan  1  1970  zed -> /nix/store/hragh1r3ynchmlaxci942vaiczx7n2rb-zfs-user-0.8.3/bin/zed
lrwxrwxrwx 1 root root 64 Jan  1  1970  zegrep -> /nix/store/rj2642fn2ciqwiihvv607n68fiy4qbdc-gzip-1.10/bin/zegrep
lrwxrwxrwx 1 root root 64 Jan  1  1970  zfgrep -> /nix/store/rj2642fn2ciqwiihvv607n68fiy4qbdc-gzip-1.10/bin/zfgrep
lrwxrwxrwx 1 root root 64 Jan  1  1970  zforce -> /nix/store/rj2642fn2ciqwiihvv607n68fiy4qbdc-gzip-1.10/bin/zforce
lrwxrwxrwx 1 root root 66 Jan  1  1970  zfs -> /nix/store/hragh1r3ynchmlaxci942vaiczx7n2rb-zfs-user-0.8.3/bin/zfs
lrwxrwxrwx 1 root root 80 Jan  1  1970  zfs-auto-snapshot -> /nix/store/ydch06a5p67nylmqgq5w1wsnarw5awk6-zfstools-0.3.6/bin/zfs-auto-snapshot
lrwxrwxrwx 1 root root 84 Jan  1  1970  zfs-cleanup-snapshots -> /nix/store/ydch06a5p67nylmqgq5w1wsnarw5awk6-zfstools-0.3.6/bin/zfs-cleanup-snapshots
lrwxrwxrwx 1 root root 81 Jan  1  1970  zfs-snapshot-mysql -> /nix/store/ydch06a5p67nylmqgq5w1wsnarw5awk6-zfstools-0.3.6/bin/zfs-snapshot-mysql
lrwxrwxrwx 1 root root 73 Jan  1  1970  zgenhostid -> /nix/store/hragh1r3ynchmlaxci942vaiczx7n2rb-zfs-user-0.8.3/bin/zgenhostid
lrwxrwxrwx 1 root root 63 Jan  1  1970  zgrep -> /nix/store/rj2642fn2ciqwiihvv607n68fiy4qbdc-gzip-1.10/bin/zgrep
lrwxrwxrwx 1 root root 68 Jan  1  1970  zhack -> /nix/store/hragh1r3ynchmlaxci942vaiczx7n2rb-zfs-user-0.8.3/bin/zhack
lrwxrwxrwx 1 root root 66 Jan  1  1970  zic -> /nix/store/2p6ji9i05dkjz3fgpvymlawl379fw577-glibc-2.30-bin/bin/zic
lrwxrwxrwx 1 root root 70 Jan  1  1970  zinject -> /nix/store/hragh1r3ynchmlaxci942vaiczx7n2rb-zfs-user-0.8.3/bin/zinject
lrwxrwxrwx 1 root root 70 Jan  1  1970  zipdetails -> /nix/store/rndy89km7gi0kybip1mri51243n6rdd2-perl-5.30.1/bin/zipdetails
lrwxrwxrwx 1 root root 63 Jan  1  1970  zless -> /nix/store/rj2642fn2ciqwiihvv607n68fiy4qbdc-gzip-1.10/bin/zless
lrwxrwxrwx 1 root root 63 Jan  1  1970  zmore -> /nix/store/rj2642fn2ciqwiihvv607n68fiy4qbdc-gzip-1.10/bin/zmore
lrwxrwxrwx 1 root root 62 Jan  1  1970  znew -> /nix/store/rj2642fn2ciqwiihvv607n68fiy4qbdc-gzip-1.10/bin/znew
lrwxrwxrwx 1 root root 68 Jan  1  1970  zpool -> /nix/store/hragh1r3ynchmlaxci942vaiczx7n2rb-zfs-user-0.8.3/bin/zpool
lrwxrwxrwx 1 root root 77 Jan  1  1970  zramctl -> /nix/store/27slyx813n1a5j3p0hs8z43x08yicmk2-util-linux-2.33.2-bin/bin/zramctl
lrwxrwxrwx 1 root root 74 Jan  1  1970  zstreamdump -> /nix/store/hragh1r3ynchmlaxci942vaiczx7n2rb-zfs-user-0.8.3/bin/zstreamdump
lrwxrwxrwx 1 root root 68 Jan  1  1970  ztest -> /nix/store/hragh1r3ynchmlaxci942vaiczx7n2rb-zfs-user-0.8.3/bin/ztest
lrwxrwxrwx 1 root root 72 Jan  1  1970  zvol_wait -> /nix/store/hragh1r3ynchmlaxci942vaiczx7n2rb-zfs-user-0.8.3/bin/zvol_wait


[asmadeus@odin:~]$ # all paths and library paths point to /nix/store/...

[asmadeus@odin:~]$ find /nix/store/rj2642fn2ciqwiihvv607n68fiy4qbdc-gzip-1.10
/nix/store/rj2642fn2ciqwiihvv607n68fiy4qbdc-gzip-1.10
/nix/store/rj2642fn2ciqwiihvv607n68fiy4qbdc-gzip-1.10/bin
/nix/store/rj2642fn2ciqwiihvv607n68fiy4qbdc-gzip-1.10/bin/gunzip
/nix/store/rj2642fn2ciqwiihvv607n68fiy4qbdc-gzip-1.10/bin/gzexe
/nix/store/rj2642fn2ciqwiihvv607n68fiy4qbdc-gzip-1.10/bin/gzip
/nix/store/rj2642fn2ciqwiihvv607n68fiy4qbdc-gzip-1.10/bin/uncompress
/nix/store/rj2642fn2ciqwiihvv607n68fiy4qbdc-gzip-1.10/bin/zcat
/nix/store/rj2642fn2ciqwiihvv607n68fiy4qbdc-gzip-1.10/bin/zcmp
/nix/store/rj2642fn2ciqwiihvv607n68fiy4qbdc-gzip-1.10/bin/zdiff
/nix/store/rj2642fn2ciqwiihvv607n68fiy4qbdc-gzip-1.10/bin/zegrep
/nix/store/rj2642fn2ciqwiihvv607n68fiy4qbdc-gzip-1.10/bin/zfgrep
/nix/store/rj2642fn2ciqwiihvv607n68fiy4qbdc-gzip-1.10/bin/zforce
/nix/store/rj2642fn2ciqwiihvv607n68fiy4qbdc-gzip-1.10/bin/zgrep
/nix/store/rj2642fn2ciqwiihvv607n68fiy4qbdc-gzip-1.10/bin/zless
/nix/store/rj2642fn2ciqwiihvv607n68fiy4qbdc-gzip-1.10/bin/zmore
/nix/store/rj2642fn2ciqwiihvv607n68fiy4qbdc-gzip-1.10/bin/znew


[asmadeus@odin:~]$ ldd /nix/store/rj2642fn2ciqwiihvv607n68fiy4qbdc-gzip-1.10/bin/gzip
	linux-vdso.so.1 (0x00007ffc865f4000)
	libc.so.6 => /nix/store/9hy6c2hv8lcwc6clnc1p2jf09cs5q9dp-glibc-2.30/lib/libc.so.6 (0x00007fee63a0a000)
	/nix/store/9hy6c2hv8lcwc6clnc1p2jf09cs5q9dp-glibc-2.30/lib/ld-linux-x86-64.so.2 => /nix/store/9hy6c2hv8lcwc6clnc1p2jf09cs5q9dp-glibc-2.30/lib64/ld-linux-x86-64.so.2 (0x00007fee63bcb000)


[asmadeus@odin:~]$ # works with runpath

[asmadeus@odin:~]$ readelf -d /nix/store/rj2642fn2ciqwiihvv607n68fiy4qbdc-gzip-1.10/bin/gzip | grep -i runpa
 0x000000000000001d (RUNPATH)            Library runpath: [/nix/store/9hy6c2hv8lcwc6clnc1p2jf09cs5q9dp-glibc-2.30/lib]

Install

[asmadeus@odin:~]$ # can install stuff as user

[asmadeus@odin:~]$ nix-env -q
alacritty-0.4.2
asciinema-2.0.2
cscope-15.9
inetutils-1.9.4
iperf-3.7
isync-1.3.1
lftp-4.9.1
mesa-20.0.2
mpc-0.33
nix-prefetch-git
pv-1.6.6
socat-1.7.3.4
sway-1.4
waypipe-unstable-0.6.1

[asmadeus@odin:~]$ echo $PATH

/run/wrappers/bin:/home/asmadeus/.nix-profile/bin:/etc/profiles/per-user/asmadeus/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin

[asmadeus@odin:~]$ ls /home/asmadeus/.nix-profile/bin:

alacritty      ifconfig  mbsync            ping6   socat    tftp
asciinema      iperf     mbsync-get-cert   procan  sway     traceroute
cscope         iperf3    mdconvert         pv      swaybar  waypipe
dnsdomainname  isync     mpc               rcp     swaymsg  whois
filan          lftp      nix-prefetch-git  rexec   swaynag
ftp            lftpget   ocs               rlogin  talk
hostname       logger    ping              rsh     telnet


[asmadeus@odin:~]$ nix search bat

warning: using cached results; pass '-u' to update the cache
* nixos.acpi (acpi-1.7)
  Show battery status and other ACPI information


* nixos.albatross (Albatross)
  A desktop Suite for Xfce

* nixos.bat (bat)
  A cat(1) clone with syntax highlighting and Git integration

* nixos.batctl (batctl)
  B.A.T.M.A.N. routing protocol in a linux kernel module for layer 2, control to ol

* nixos.batik (batik)
  Java based toolkit for handling SVG

* nixos.bats (bats)
  Bash Automated Testing System

* nixos.batti (batti)
  An {UPower,GTK}-based battery monitor for the system tray

* nixos.bibata-cursors (bibata-cursors)
  Material Based Cursor

* nixos.bibata-cursors-translucent (bibata-cursors-translucent-unstable)
  Translucent Varient of the Material Based Cursor

* nixos.bibata-extra-cursors (bibata-extra-cursors-unstable)
...

[asmadeus@odin:~]$ nix-env -i bat

installing 'bat-0.15.1'
these paths will be fetched (2.07 MiB download, 5.36 MiB unpacked):
  /nix/store/jw3qsmknid2r5qlpc2vl71x0zw832r9h-less-551
  /nix/store/ydhzmn810xb4kx7749k0r1p2kb7ph0nl-bat-0.15.1
copying path '/nix/store/jw3qsmknid2r5qlpc2vl71x0zw832r9h-less-551' from 'https://cache.nixos.org'...
copying path '/nix/store/ydhzmn810xb4kx7749k0r1p2kb7ph0nl-bat-0.15.1' from 'https://cache.nixos.org'...
building '/nix/store/vsdlyv8pnx4f7jdbsdnis8xpsh2i8n64-user-environment.drv'...
created 155 symlinks in user environment

[asmadeus@odin:~]$ nix-store -qd $(which bat)

/nix/store/vyh49g47k5j27s2ayl20dj9irfk8v00c-bat-0.15.1.drv

[asmadeus@odin:~]$ nix-store -q --roots /nix/store/vyh49g47k5j27s2ayl20dj9irfk8v000c-bat-0.15.1.drv

/nix/var/nix/profiles/per-user/asmadeus/profile-41-link -> /nix/store/n4pjzizpk6 4wy3r2is4yhy2jd4aq7b12-user-environment


[asmadeus@odin:~]$ # won't get uninstalled while that link exists (prevents gc)

[asmadeus@odin:~]$ nix-env -e bat

uninstalling 'bat-0.15.1'

[asmadeus@odin:~]$ nix-store -q --roots /nix/store/vyh49g47k5j27s2ayl20dj9irfk8v000c-bat-0.15.1.drv

/nix/var/nix/profiles/per-user/asmadeus/profile-41-link -> /nix/store/n4pjzizpk6 4wy3r2is4yhy2jd4aq7b12-user-environment

[asmadeus@odin:~]$ # link is still there ^

[asmadeus@odin:~]$ # Note there also are alternatives to nix-env -i such as home-manager which can manage dotfiles and packages in users home

[asmadeus@odin:~]$ # See also direnv and lorri...

[asmadeus@odin:~]$ # can also install just in a temporary shell

[asmadeus@odin:~]$ nix-shell -p bat

these paths will be fetched (1.89 MiB download, 5.39 MiB unpacked):
  /nix/store/1c2v6az1vpvc788xhszm50ci1m1n9kv3-bat-0.12.1

[nix-shell:~]$ bat </dev/null 
───────┬────────────────────────────────────────────────────────────────────────
       │ STDIN   <EMPTY>
───────┴────────────────────────────────────────────────────────────────────────

[asmadeus@odin:~]$ # nix run will apparently replace nix-shell.. shell completion works!

[asmadeus@odin:~]$ nix run nixpkgs.bat

Derivations

[asmadeus@odin:~]$ ls -d /nix/store/*robinhood*
/nix/store/gg6wxp86h706vfzlwlmpqd6x2rm90b6j-robinhood-4.0.0.drv
/nix/store/gsf9gd224b226f50vqf5g8288q2d1vgg-robinhood-4.0.0
/nix/store/iwgchp91pi4fk2b4si0k7gszfxqndrsn-robinhood-4.0.0.drv
/nix/store/nqyb96c6mmla9k27pxdx7wjm8fbng54a-robinhood-4.0.0.drv
/nix/store/qb1p7dnd4hns68iczfzlrma3gwkvflci-robinhood-4.0.0
/nix/store/xbiy6sg58is6aiylkls2n9czlv6ga50k-robinhood-4.0.0.drv


[asmadeus@odin:~]$ # multiple versions in parallel

[asmadeus@odin:~]$ nix-shell -p nix-diff --command 'nix-diff /nix/store/iwgchp91ppi4fk2b4si0k7gszfxqndrsn-robinhood-4.0.0.drv /nix/store/nqyb96c6mmla9k27pxdx7wjm88fbng54a-robinhood-4.0.0.drv'
- /nix/store/iwgchp91pi4fk2b4si0k7gszfxqndrsn-robinhood-4.0.0.drv:{out}
+ /nix/store/nqyb96c6mmla9k27pxdx7wjm8fbng54a-robinhood-4.0.0.drv:{out}
• The set of input sources do not match:
    - /nix/store/7k5xs8wx4nhbm6djn63fk8w2gzidppcj-0001-dlopen-use-absolute-paths.patch
    - /nix/store/lph7943mj8k48ryk33r8jp0b5m9jls7p-0001-mongo-hardcode-server-to-be-at-mongo-instead-of-loca.patch
• The environments do not match:
    - installCheckPhase=meson test --print-errorlogs
    buildInputs=''
        /nix/store/i738z59ivybnh3d2dizllp0a11ch7aw4-mongoc-1.8.0 /nix/store/sfmlzv5rkm74hbinh2pawdmsnwmgqds5-check-0.14.0
    ''
    doInstallCheck=1
    mesonFlags=-Db_sanitize=address,undefined
    nativeBuildInputs=''
        /nix/store/2vwn32mqkkb23gpr1g8y1fgj4dih59ql-meson-0.52.1 /nix/store/5r36j2m41mc1biyldziwsd4jkcz31g3z-ninja-1.9.0 /nix/store/qaa99594lmxrbfbnl0s93qgxs4k1dgh4-pkg-config-0.29.2 /nix/store/sfmlzv5rkm74hbinh2pawdmsnwmgqds5-check-0.14.0
    ''
    patches=''
        /nix/store/7k5xs8wx4nhbm6djn63fk8w2gzidppcj-0001-dlopen-use-absolute-paths.patch /nix/store/lph7943mj8k48ryk33r8jp0b5m9jls7p-0001-mongo-hardcode-server-to-be-at-mongo-instead-of-loca.patch
    ''


[asmadeus@odin:~]$ # different flags, patches...

[asmadeus@odin:~]$ # outputs = binaries produced by derivation 

[asmadeus@odin:~]$ nix-store -q --outputs /nix/store/nqyb96c6mmla9k27pxdx7wjm8fbnng54a-robinhood-4.0.0.drv

/nix/store/06ix3sc4ar8mx8b67c44hbmqjprc892r-robinhood-4.0.0


[asmadeus@odin:~]$ # dependencies

[asmadeus@odin:~]$ nix-store -q --references /nix/store/nqyb96c6mmla9k27pxdx7wjm8fbnng54a-robinhood-4.0.0.drv

/nix/store/9krlzvny65gdc8s7kpb6lkx8cd02c25b-default-builder.sh
/nix/store/zpsgyyx5k51bffrq4na0hsx9qm09i1bz-bash-4.4-p23.drv
/nix/store/48xixarkaz4f3bqbjar7mk38zn26n539-source.drv
/nix/store/iszb9bc4wbl1xax6a1ppyy73aahdqi3n-stdenv-linux.drv
/nix/store/asc6rnbq7ngxvwlkf5bc79xf739wbilz-pkg-config-0.29.2.drv
/nix/store/4irw5nqv63p5dwdkd7yd9rqx39agaarq-mongoc-1.8.0.drv
/nix/store/4py0ygl8k917nyiw0zd2iy7y8x44i85p-ninja-1.9.0.drv
/nix/store/6rsij96fmiyspasgi3ynxaibzlxvmkb1-check-0.14.0.drv
/nix/store/lfg71agl06zlydi7ma3xwsk23qpjkbgb-meson-0.52.1.drv


[asmadeus@odin:~]$ nix-store -q --tree /nix/store/nqyb96c6mmla9k27pxdx7wjm8fbng544a-robinhood-4.0.0.drv

/nix/store/nqyb96c6mmla9k27pxdx7wjm8fbng54a-robinhood-4.0.0.drv
+---/nix/store/9krlzvny65gdc8s7kpb6lkx8cd02c25b-default-builder.sh
+---/nix/store/zpsgyyx5k51bffrq4na0hsx9qm09i1bz-bash-4.4-p23.drv
|   +---/nix/store/9krlzvny65gdc8s7kpb6lkx8cd02c25b-default-builder.sh [...]
|   +---/nix/store/wj70qz8syf2jv4lr58larhap39x9ywy8-bootstrap-tools.drv
|   |   +---/nix/store/b7irlwi2wjlx5aj1dghx4c8k3ax6m56q-busybox.drv
|   |   +---/nix/store/bzq60ip2z5xgi7jk6jgdw8cngfiwjrcm-bootstrap-tools.tar.xz.d rv
|   |   +---/nix/store/c0sr4qdy8halrdrh5dpm7hj05c6hyssa-unpack-bootstrap-tools.s h
|   +---/nix/store/43961hlppjhq0a5n94n2fcpfa1879k2y-bison-3.5.1.drv
|   |   +---/nix/store/799rws9s5qrqa5lf9fi5gqmhpjgdrvlh-bison-3.5.1.tar.gz.drv
|   |   +---/nix/store/9krlzvny65gdc8s7kpb6lkx8cd02c25b-default-builder.sh [...]
|   |   +---/nix/store/wj70qz8syf2jv4lr58larhap39x9ywy8-bootstrap-tools.drv [... ]
|   |   +---/nix/store/ph20ifldm6gwl3sbp9a89zcbfbnrv6kv-bootstrap-stage1-stdenv- linux.drv
|   |   |   +---/nix/store/4ygqr4w06zwcd2kcxa6w3441jijv0pvx-strip.sh
|   |   |   +---/nix/store/wj70qz8syf2jv4lr58larhap39x9ywy8-bootstrap-tools.drv  [...]
|   |   |   +---/nix/store/8jm2z641bxyd9x9psq9m3wdfw3609i9r-bootstrap-stage1-gcc -wrapper-.drv
|   |   |   |   +---/nix/store/20ayqp8yqqyk7q0n1q9gs5flksphhiz1-utils.bash
|   |   |   |   +---/nix/store/wj70qz8syf2jv4lr58larhap39x9ywy8-bootstrap-tools. drv [...]
|   |   |   |   +---/nix/store/5wa8mmqmv9f2k5r78vgamx8y2plsmqn8-bootstrap-stage0 -stdenv-linux.drv
|   |   |   |   |   +---/nix/store/4ygqr4w06zwcd2kcxa6w3441jijv0pvx-strip.sh [.. .]
...


[asmadeus@odin:~]$ # and reverse dependencies (what uses it)...^C

[asmadeus@odin:~]$ nix-store -q --referrers-closure /nix/store//nix/store/iwgchp91pi4fk2b4sii0k7gszfxqndrsn-robinhood-4.0.0.drv

/nix/store/iwgchp91pi4fk2b4si0k7gszfxqndrsn-robinhood-4.0.0.drv
/nix/store/ryzc50szzmc7dl0b82iagfxlzdldjc26-rbh-sync-0.0.0.drv
/nix/store/wzjqfws4p467224y9ajlr1sjasr4mavr-rbh-find-0.0.0.drv
/nix/store/9nj9zd5vkzrrlk9j39aqg1dzh9928mfy-system-path.drv
/nix/store/9yfvrbdhfa0g1q9apm7s2d5mnz6f1ba7-unit-systemd-fsck-.service.drv
/nix/store/m670vgkl5jb3ipg6wj1qkwlz3yb5a62j-dbus-1.drv
/nix/store/jv70x8ljm550n9j8dh4kdplfvkm96xl1-unit-dbus.service.drv
/nix/store/pr5hbfhkxi6j2gyp6nrc2dn613wrc13r-unit-polkit.service.drv
/nix/store/5s7hgmk3c3kbq2i9zw9cpvm7ikzgijks-system-units.drv
/nix/store/icqyyil5qqc8c6rlmxsqzcfaspi672jv-unit-dbus.service.drv
/nix/store/b57yb24h3gqjl6d05rqr1rvgchlzl5nv-user-units.drv
/nix/store/scwqp0cn0nygvl9xxl6py50pqi3xw8g5-etc.drv
/nix/store/j9ihwhxr3ha3g449ksc6h2g72bxjdnr3-nixos-system-machine-20.03.1866.a7c7 0f2e10b.drv
/nix/store/n7vlp41igin1y7886jzpja3rhq0j0nd8-closure-info.drv
/nix/store/27crxakzvnvv647ffz28wz20naxck0f0-run-nixos-vm.drv
/nix/store/2q3vn7h7mxpxzql23aa22h4kgj5agk7v-nixos-vm.drv
/nix/store/7vz3fp5c9vsh2kb610qfyx3z84wmxpdb-system-path.drv
/nix/store/4gvfvp0mhpmbf6w84rs97wwz45anzdyp-unit-polkit.service.drv
/nix/store/5w37056vqplljigf53bhf2mv7wi3qh01-unit-systemd-fsck-.service.drv
/nix/store/prswnq66sm5c3ph2ljan8lbra0173cp4-dbus-1.drv
/nix/store/j2vzsj7q3v1k5k9g3kk2pjyjm90665f0-unit-dbus.service.drv
/nix/store/dk3ckb9c9flbcj6l5c0s9al3gqfv2pc5-user-units.drv
/nix/store/jl3p34v0llhd38fvc10lhrhb2jiakr37-unit-dbus.service.drv
/nix/store/p4crfybda71y3mvjw111gczqn2njgffz-system-units.drv
/nix/store/bg5dmg6zicniic7i7y98njv77fvvsdjg-etc.drv
/nix/store/v15b5i6l7x1bw86c8ji3lz7avlhqhfvj-nixos-system-machine-20.03.1866.a7c7 0f2e10b.drv
/nix/store/z21aqd0hg32i6wf8kcjkfp7m4lzg1qdn-closure-info.drv

[asmadeus@odin:~]$ # also superceeded by 'nix v2' interface:

[asmadeus@odin:~]$ nix path-info --help

Usage: nix path-info ... ...

Summary: query information about store paths.

Flags:
      --all                     apply operation to the entire store
      --arg         argument to be passed to Nix functions
      --argstr    string-valued argument to be passed to Nix functions
  -S, --closure-size            print sum size of the NAR dumps of the closure of each path
  -f, --file              evaluate FILE rather than the default
  -h, --human-readable          with -s and -S, print sizes like 1K 234M 5.67G etc.
  -I, --include           add a path to the list of locations used to look up <...> file names
      --json                    produce JSON output
  -r, --recursive               apply operation to closure of the specified paths
      --sigs                    show signatures
  -s, --size                    print size of the NAR dump of each path

Examples:

  To show the closure sizes of every path in the current NixOS system closure, sorted by size:
  $ nix path-info -rS /run/current-system | sort -nk2

  To show a package's closure size and all its dependencies with human readable sizes:
  $ nix path-info -rsSh nixpkgs.rust

  To check the existence of a path in a binary cache:
  $ nix path-info -r /nix/store/7qvk5c91...-geeqie-1.1 --store https://cache.nixos.org/

  To print the 10 most recently added paths (using --json and the jq(1) command):
  $ nix path-info --json --all | jq -r 'sort_by(.registrationTime)[-11:-1][].path'

  To show the size of the entire Nix store:
  $ nix path-info --json --all | jq 'map(.narSize) | add'

  To show every path whose closure is bigger than 1 GB, sorted by closure size:
  $ nix path-info --json --all -S | jq 'map(select(.closureSize > 1e9)) | sort_by(.closureSize) | map([.path, .closureSize])'

Note: this program is EXPERIMENTAL and subject to change.

[asmadeus@odin:~/nixos-config]$ nix path-info -sSh nixpkgs.robinhood

/nix/store/gsf9gd224b226f50vqf5g8288q2d1vgg-robinhood-4.0.0	 935.1K	  44.1M

[asmadeus@odin:~/nixos-config]$ nix path-info -rsh nixpkgs.robinhood

/nix/store/43a8qm56n5xi4adw08qpjf8j0h0x8kmr-snappy-1.1.8       	  51.3K
/nix/store/7q9ygpib5drvd3y7jnb5hrp04ymzbgfc-libbson-1.9.5      	 780.9K
/nix/store/9hy6c2hv8lcwc6clnc1p2jf09cs5q9dp-glibc-2.30         	  29.6M
/nix/store/gsf9gd224b226f50vqf5g8288q2d1vgg-robinhood-4.0.0    	 935.1K
/nix/store/hjng28vbd73qq9iz9j8r397x19aa8fp9-libidn2-2.3.0      	 217.5K
/nix/store/i738z59ivybnh3d2dizllp0a11ch7aw4-mongoc-1.8.0       	 842.9K
/nix/store/kf2sh7c2fmizvycqq02aad1rfp6xswgv-zlib-1.2.11        	 121.4K
/nix/store/mxaxvp33wg9sim8qh2kkw041v492bvxj-libunistring-0.9.10	   1.6M
/nix/store/spavrfasrcx396pxp4mq9g5pj9jk81nf-snappy-1.1.8-dev   	  35.5K
/nix/store/w7alid4mirzwx3ck4hj18q7rnr4yslfh-gcc-9.2.0-lib      	   6.0M
/nix/store/wbfvkab46lmihf7ninny4nqzxc0j8rq1-openssl-1.1.1g     	   4.0M

[asmadeus@odin:~/nixos-config]$ nix optimise-store

[23408/35260 paths optimised, 759.2 MiB / 84257 inodes freed] optimising path '/nix/store/mb1yldlm2qkmf9pq1d0ljxqb4xxxf...
[35260 paths optimised, 1026.2 MiB / 134785 inodes freed]

[asmadeus@odin:~/nixos-config]$ nix-store --gc # can be automated

Some clarification around "nix":

nix, the language (functional with lazy evaluation)
nix and nix-*, the commands / "package manager"
nixpkgs, the repo with all packages that can be installed "off the shelf"
nixos, the directory of nixpkgs that helps configure a system

nixos uses the nix language and nixpkgs packages to create derivations, that the nix* tools use to create a system out of. guix is just another language to create derivations in guile, but all concepts are the same. Everything in this presentation works as user except the 'configure a system' section; they also would work on top of another distros. The following command does a single-user install (uses sudo to create /nix):

sh <(curl https://nixos.org/nix/install) --no-daemon

Build a package

[asmadeus@odin:~]$ cd ~/nixos-config/

[asmadeus@odin:~/nixos-config]$ # This is my local system config repo, including local packages (see link in Resources at the end)

[asmadeus@odin:~/nixos-config]$ ls
configuration.nix  default.nix  files  machines  modules  overlays  overlays.nix  pkgs  profiles  README  result  tests  TODO


[asmadeus@odin:~/nixos-config]$ # equivalent of a spec file that describes a package:

[asmadeus@odin:~/nixos-config]$ # source, patches, how to build...

[asmadeus@odin:~/nixos-config]$ bat pkgs/robinhood/default.nix 
───────┬────────────────────────────────────────────────────────────────────────
       │ File: pkgs/robinhood/default.nix
───────┼────────────────────────────────────────────────────────────────────────
   1   │ { stdenv, fetchFromGitHub, meson, ninja, pkgconfig, mongoc, check }:
   2   │ 
   3   │ stdenv.mkDerivation rec {
   4   │   pname = "robinhood";
   5   │   version = "4.0.0";
   6   │ 
   7   │   src = fetchFromGitHub {
   8   │     owner = "cea-hpc";
   9   │     repo = "robinhood";
  10   │     rev = "92648d119585a38429c052538ae69bdc73bbb7cf";
  11   │     sha256 = "12hvxvxh53a72q37v1zl60j2ml4dgz3fpparg87019lkjbkl89r9";
  12   │   };
  13   │ 
  14   │   patches = [
  15   │     ./0001-dlopen-use-absolute-paths.patch
  16   │     ./0001-mongo-hardcode-server-to-be-at-mongo-instead-of-loca.patch
  17   │   ];
  18   │ 
  19   │   nativeBuildInputs = [ meson ninja pkgconfig ];
  20   │ 
  21   │   buildInputs = [ mongoc ];
  22   │ 
  23   │   mesonFlags = [ "-Db_sanitize=address,undefined" ];
  24   │ 
  25   │   # run tests post-install (instead of doCheck) because some tests
  26   │   # use dlopen() and need to find libraries
  27   │   doInstallCheck = true;
  28   │   installCheckInputs = [ check ];
  29   │   installCheckPhase = "meson test --print-errorlogs";
  30   │ 
  31   │   meta = with stdenv.lib; {
  32   │     description = "Robinhood core library";
  33   │     homepage = "https://github.com/cea-hpc/robinhood/";
  34   │     license = licenses.lgpl3Plus;
  35   │     maintainers = [ maintainers.asmadeus ];
  36   │     platforms = platforms.linux;
  37   │   };
  38   │ }
───────┴────────────────────────────────────────────────────────────────────────

[asmadeus@odin:~/nixos-config]$ bat pkgs/default.nix 
───────┬────────────────────────────────────────────────────────────────────────
       │ File: pkgs/default.nix
───────┼────────────────────────────────────────────────────────────────────────
   1   │ self: super: {
   2   │ 
   3   │   ashuffle = super.callPackage ./ashuffle { };
   4   │ 
   5   │   # absl for ashuffle
   6   │   abseil-cpp-17 = super.abseil-cpp.overrideAttrs (oldAttrs: rec {
   7   │     pname = "abseil-cpp-17";
   8   │     cmakeFlags = "-DCMAKE_CXX_STANDARD=17";
   9   │ 
  10   │     # version in master, remove once up to date
  11   │     date = "20191119";
  12   │     rev = "8ba96a8244bbe334d09542e92d566673a65c1f78";
  13   │     version = "${date}-${rev}";
  14   │     src = super.fetchFromGitHub {
  15   │       owner = "abseil";
  16   │       repo = "abseil-cpp";
  17   │       rev = rev;
  18   │       sha256 = "089bvlspgdgi40fham20qy1m97gr1jh5k5czz49dincpd18j6inb";
  19   │     };
  20   │   });
  21   │ 
  22   │   robinhood-v3 = super.callPackage ./robinhood-v3 { };
  23   │ 
  24   │   robinhood = super.callPackage ./robinhood { };
  25   │   rbh-find = super.callPackage ./rbh-find { };
  26   │   rbh-sync = super.callPackage ./rbh-sync { };
  27   │ 
  28   │   vaderetro = super.callPackage ./vaderetro { };
  29   │ }
───────┴────────────────────────────────────────────────────────────────────────

[asmadeus@odin:~/nixos-config]$ grep rev pkgs/robinhood/default.nix 

    rev = "92648d119585a38429c052538ae69bdc73bbb7cf";

[asmadeus@odin:~/nixos-config]$ sed -i -e 's/92648d119585a38429c052538ae69bdc73bbb7cf/d40d0008b759219c965e70ec25ae9f3491aaacc1/' pkgs/robinhood/default.nix 


[asmadeus@odin:~/nixos-config]$ nix-prefetch-url -A robinhood.src

downloading 'https://github.com/cea-hpc/robinhood/archive/d40d0008b759219c965e70ec25ae9f3491aaacc1.tar.gz'
unpacking...
[0.1 MiB DL]
path is '/nix/store/7dhzwa7yfjqdplms3j838sp6f3cqpiz4-source'
0bmkckm6m8f7rj012wkr825b87w7fnnkv1lypz5f4zgqd2izhpyw


[asmadeus@odin:~/nixos-config]$ grep sha256 pkgs/robinhood/default.nix 

    sha256 = "12hvxvxh53a72q37v1zl60j2ml4dgz3fpparg87019lkjbkl89r9";

[asmadeus@odin:~/nixos-config]$ sed -i -e 's/12hvxvxh53a72q37v1zl60j2ml4dgz3fpparg87019lkjbkl89r9/0bmkckm6m8f7rj012wkr825b87w7fnnkv1lypz5f4zgqd2izhpyw/' pkgs/robinhood/default.nix


[asmadeus@odin:~/nixos-config]$ # building a dependant package automatically rebuilds required dependencies

[asmadeus@odin:~/nixos-config]$ nix-build -A rbh-find
these derivations will be built:
  /nix/store/bfydzincc03g0xljrybxz6wpibxzmw7p-robinhood-4.0.0.drv
  /nix/store/z691ij9rsl6l6m6v7cvm52h1m59y9ka6-rbh-find-0.0.0.drv
building '/nix/store/bfydzincc03g0xljrybxz6wpibxzmw7p-robinhood-4.0.0.drv'...
unpacking sources
unpacking source archive /nix/store/7dhzwa7yfjqdplms3j838sp6f3cqpiz4-source
source root is source
patching sources
applying patch /nix/store/7k5xs8wx4nhbm6djn63fk8w2gzidppcj-0001-dlopen-use-absolute-paths.patch
patching file config.h.in
patching file meson.build
patching file src/plugin.c
applying patch /nix/store/lph7943mj8k48ryk33r8jp0b5m9jls7p-0001-mongo-hardcode-server-to-be-at-mongo-instead-of-loca.patch
patching file src/backends/mongo/mongo.c
Hunk #1 succeeded at 473 (offset 1 line).
configuring
meson flags: --buildtype=plain         --libdir=/nix/store/ysjzbiy4a2j9y2pqyyi9z7lzk6dsw282-robinhood-4.0.0/lib --libexecdir=/nix/store/ysjzbiy4a2j9y2pqyyi9z7lzk6dsw282-robinhood-4.0.0/libexec         --bindir=/nix/store/ysjzbiy4a2j9y2pqyyi9z7lzk6dsw282-robinhood-4.0.0/bin --sbindir=/nix/store/ysjzbiy4a2j9y2pqyyi9z7lzk6dsw282-robinhood-4.0.0/sbin         --includedir=/nix/store/ysjzbiy4a2j9y2pqyyi9z7lzk6dsw282-robinhood-4.0.0/include         --mandir=/nix/store/ysjzbiy4a2j9y2pqyyi9z7lzk6dsw282-robinhood-4.0.0/share/man --infodir=/nix/store/ysjzbiy4a2j9y2pqyyi9z7lzk6dsw282-robinhood-4.0.0/share/info         --localedir=/nix/store/ysjzbiy4a2j9y2pqyyi9z7lzk6dsw282-robinhood-4.0.0/share/locale         -Dauto_features=enabled         -Dwrap_mode=nodownload         --prefix=/nix/store/ysjzbiy4a2j9y2pqyyi9z7lzk6dsw282-robinhood-4.0.0 -Db_sanitize=address,undefined
The Meson build system
Version: 0.52.1
Source dir: /build/source
Build dir: /build/source/build
Build type: native build
Project name: robinhood
Project version: 4.0.0
C compiler for the host machine: /nix/store/xh3bh8nir5d45zk45dz9xxfs2j95cby4-gcc-wrapper-9.2.0/bin/cc (gcc 9.2.0 "gcc (GCC) 9.2.0")
C linker for the host machine: GNU ld.bfd 2.31.1
Host machine cpu family: x86_64
Host machine cpu: x86_64
Checking if "fts.h with _FILE_OFFSET_BITS=64" compiles: YES
Checking for function "statx" : YES
Configuring config.h using configuration
Configuring posix.h using configuration
Configuring mongo.h using configuration
Found pkg-config: /nix/store/qaa99594lmxrbfbnl0s93qgxs4k1dgh4-pkg-config-0.29.2/bin/pkg-config (0.29.2)
Run-time dependency libmongoc-1.0 found: YES 1.8.0
Run-time dependency libbson-1.0 found: YES 1.9.5
Run-time dependency check found: YES 0.14.0
Build targets in project: 18
Found ninja-1.9.0 at /nix/store/5r36j2m41mc1biyldziwsd4jkcz31g3z-ninja-1.9.0/bin/ninja
meson: enabled parallel building
building
build flags: -j4 -l4
[60/60] Linking target tests/unit/check_fsevent.ck_fsevent@exe/check_fsevent.c.o'..0.0.symbols'.
installing
install flags: install
[0/1] Installing files.
Installing src/librobinhood.so.0.0.0 to /nix/store/ysjzbiy4a2j9y2pqyyi9z7lzk6dsw282-robinhood-4.0.0/lib
Installing src/backends/mongo/librbh-mongo.so.0.0.0 to /nix/store/ysjzbiy4a2j9y2pqyyi9z7lzk6dsw282-robinhood-4.0.0/lib
Installing src/backends/posix/librbh-posix.so.0.0.0 to /nix/store/ysjzbiy4a2j9y2pqyyi9z7lzk6dsw282-robinhood-4.0.0/lib
Installing /build/source/include/robinhood.h to /nix/store/ysjzbiy4a2j9y2pqyyi9z7lzk6dsw282-robinhood-4.0.0/include
Installing /build/source/include/robinhood/backend.h to /nix/store/ysjzbiy4a2j9y2pqyyi9z7lzk6dsw282-robinhood-4.0.0/include/robinhood
Installing /build/source/include/robinhood/filter.h to /nix/store/ysjzbiy4a2j9y2pqyyi9z7lzk6dsw282-robinhood-4.0.0/include/robinhood
Installing /build/source/include/robinhood/fsentry.h to /nix/store/ysjzbiy4a2j9y2pqyyi9z7lzk6dsw282-robinhood-4.0.0/include/robinhood
Installing /build/source/include/robinhood/fsevent.h to /nix/store/ysjzbiy4a2j9y2pqyyi9z7lzk6dsw282-robinhood-4.0.0/include/robinhood
Installing /build/source/include/robinhood/id.h to /nix/store/ysjzbiy4a2j9y2pqyyi9z7lzk6dsw282-robinhood-4.0.0/include/robinhood
Installing /build/source/include/robinhood/iterator.h to /nix/store/ysjzbiy4a2j9y2pqyyi9z7lzk6dsw282-robinhood-4.0.0/include/robinhood
Installing /build/source/include/robinhood/itertools.h to /nix/store/ysjzbiy4a2j9y2pqyyi9z7lzk6dsw282-robinhood-4.0.0/include/robinhood
Installing /build/source/include/robinhood/plugin.h to /nix/store/ysjzbiy4a2j9y2pqyyi9z7lzk6dsw282-robinhood-4.0.0/include/robinhood
Installing /build/source/include/robinhood/queue.h to /nix/store/ysjzbiy4a2j9y2pqyyi9z7lzk6dsw282-robinhood-4.0.0/include/robinhood
Installing /build/source/include/robinhood/ring.h to /nix/store/ysjzbiy4a2j9y2pqyyi9z7lzk6dsw282-robinhood-4.0.0/include/robinhood
Installing /build/source/include/robinhood/statx.h to /nix/store/ysjzbiy4a2j9y2pqyyi9z7lzk6dsw282-robinhood-4.0.0/include/robinhood
Installing /build/source/include/robinhood/sstack.h to /nix/store/ysjzbiy4a2j9y2pqyyi9z7lzk6dsw282-robinhood-4.0.0/include/robinhood
Installing /build/source/include/robinhood/stack.h to /nix/store/ysjzbiy4a2j9y2pqyyi9z7lzk6dsw282-robinhood-4.0.0/include/robinhood
Installing /build/source/include/robinhood/uri.h to /nix/store/ysjzbiy4a2j9y2pqyyi9z7lzk6dsw282-robinhood-4.0.0/include/robinhood
Installing /build/source/include/robinhood/utils.h to /nix/store/ysjzbiy4a2j9y2pqyyi9z7lzk6dsw282-robinhood-4.0.0/include/robinhood
Installing /build/source/include/robinhood/value.h to /nix/store/ysjzbiy4a2j9y2pqyyi9z7lzk6dsw282-robinhood-4.0.0/include/robinhood
Installing /build/source/build/include/robinhood/backends/posix.h to /nix/store/ysjzbiy4a2j9y2pqyyi9z7lzk6dsw282-robinhood-4.0.0/include/robinhood/backends
Installing /build/source/build/include/robinhood/backends/mongo.h to /nix/store/ysjzbiy4a2j9y2pqyyi9z7lzk6dsw282-robinhood-4.0.0/include/robinhood/backends
Installing /build/source/include/robinhood/plugins/backend.h to /nix/store/ysjzbiy4a2j9y2pqyyi9z7lzk6dsw282-robinhood-4.0.0/include/robinhood/plugins
Installing /build/source/build/meson-private/robinhood.pc to /nix/store/ysjzbiy4a2j9y2pqyyi9z7lzk6dsw282-robinhood-4.0.0/lib/pkgconfig
post-installation fixup
shrinking RPATHs of ELF executables and libraries in /nix/store/ysjzbiy4a2j9y2pqyyi9z7lzk6dsw282-robinhood-4.0.0
shrinking /nix/store/ysjzbiy4a2j9y2pqyyi9z7lzk6dsw282-robinhood-4.0.0/lib/librobinhood.so.0.0.0
shrinking /nix/store/ysjzbiy4a2j9y2pqyyi9z7lzk6dsw282-robinhood-4.0.0/lib/librbh-mongo.so.0.0.0
shrinking /nix/store/ysjzbiy4a2j9y2pqyyi9z7lzk6dsw282-robinhood-4.0.0/lib/librbh-posix.so.0.0.0
strip is /nix/store/1zf4cnaaidjajwb4gx4mnkqc5dypkcdy-binutils-2.31.1/bin/strip
stripping (with command strip and flags -S) in /nix/store/ysjzbiy4a2j9y2pqyyi9z7lzk6dsw282-robinhood-4.0.0/lib
patching script interpreter paths in /nix/store/ysjzbiy4a2j9y2pqyyi9z7lzk6dsw282-robinhood-4.0.0
checking for references to /build/ in /nix/store/ysjzbiy4a2j9y2pqyyi9z7lzk6dsw282-robinhood-4.0.0...
running install tests
ninja: Entering directory `/build/source/build'
ninja: no work to do.
 1/15 check_backend                           OK       0.28 s
 2/15 check_filter                            OK       1.03 s
 3/15 check_fsentry                           OK       0.38 s
 4/15 check_fsevent                           OK       0.52 s
 5/15 check_id                                OK       0.22 s
 6/15 check_itertools                         OK       0.12 s
 7/15 check_lu_fid                            OK       0.42 s
 8/15 check_queue                             OK       0.42 s
 9/15 check_ring                              OK       0.47 s
10/15 check_sstack                            OK       0.22 s
11/15 check_stack                             OK       0.22 s
12/15 check_uri                               OK       0.62 s
13/15 check_value                             OK       0.73 s
14/15 check_plugin                            OK       0.17 s
15/15 check_posix                             OK       0.27 s


Ok:                   15
Expected Fail:         0
Fail:                  0
Unexpected Pass:       0
Skipped:               0
Timeout:               0


Full log written to /build/source/build/meson-logs/testlog.txt
building '/nix/store/z691ij9rsl6l6m6v7cvm52h1m59y9ka6-rbh-find-0.0.0.drv'...
unpacking sources
unpacking source archive /nix/store/kq3v8l0ahiwav5pmrnx28yp5cxq8i7x6-source
source root is source
patching sources
applying patch /nix/store/gq25mc565q0ib8iiajk8i31fb3hj6816-0001-rbh-find-fix-error-Wformat-security-warnings.patch
patching file rbh-find.c
configuring
meson flags: --buildtype=plain         --libdir=/nix/store/jidicmyl69x723z0a1wlzia8v0dc0i0q-rbh-find-0.0.0/lib --libexecdir=/nix/store/jidicmyl69x723z0a1wlzia8v0dc0i0q-rbh-find-0.0.0/libexec         --bindir=/nix/store/jidicmyl69x723z0a1wlzia8v0dc0i0q-rbh-find-0.0.0/bin --sbindir=/nix/store/jidicmyl69x723z0a1wlzia8v0dc0i0q-rbh-find-0.0.0/sbin         --includedir=/nix/store/jidicmyl69x723z0a1wlzia8v0dc0i0q-rbh-find-0.0.0/include         --mandir=/nix/store/jidicmyl69x723z0a1wlzia8v0dc0i0q-rbh-find-0.0.0/share/man --infodir=/nix/store/jidicmyl69x723z0a1wlzia8v0dc0i0q-rbh-find-0.0.0/share/info         --localedir=/nix/store/jidicmyl69x723z0a1wlzia8v0dc0i0q-rbh-find-0.0.0/share/locale         -Dauto_features=enabled         -Dwrap_mode=nodownload         --prefix=/nix/store/jidicmyl69x723z0a1wlzia8v0dc0i0q-rbh-find-0.0.0 -Db_sanitize=address,undefined
The Meson build system
Version: 0.52.1
Source dir: /build/source
Build dir: /build/source/build
Build type: native build
Project name: rbh-find
Project version: 0.0.0
C compiler for the host machine: /nix/store/xh3bh8nir5d45zk45dz9xxfs2j95cby4-gcc-wrapper-9.2.0/bin/cc (gcc 9.2.0 "gcc (GCC) 9.2.0")
C linker for the host machine: GNU ld.bfd 2.31.1
Host machine cpu family: x86_64
Host machine cpu: x86_64
Checking for function "statx" : YES
Configuring config.h using configuration
Found pkg-config: /nix/store/qaa99594lmxrbfbnl0s93qgxs4k1dgh4-pkg-config-0.29.2/bin/pkg-config (0.29.2)
Run-time dependency robinhood found: YES 4.0.0
Build targets in project: 1
Found ninja-1.9.0 at /nix/store/5r36j2m41mc1biyldziwsd4jkcz31g3z-ninja-1.9.0/bin/ninja
meson: enabled parallel building
building
build flags: -j4 -l4
[5/5] Linking target rbh-find.d@exe/rbh-find.c.o'.[KK
installing
install flags: install
[0/1] Installing files.
Installing rbh-find to /nix/store/jidicmyl69x723z0a1wlzia8v0dc0i0q-rbh-find-0.0.0/bin
post-installation fixup
shrinking RPATHs of ELF executables and libraries in /nix/store/jidicmyl69x723z0a1wlzia8v0dc0i0q-rbh-find-0.0.0
shrinking /nix/store/jidicmyl69x723z0a1wlzia8v0dc0i0q-rbh-find-0.0.0/bin/rbh-find
strip is /nix/store/1zf4cnaaidjajwb4gx4mnkqc5dypkcdy-binutils-2.31.1/bin/strip
stripping (with command strip and flags -S) in /nix/store/jidicmyl69x723z0a1wlzia8v0dc0i0q-rbh-find-0.0.0/bin
patching script interpreter paths in /nix/store/jidicmyl69x723z0a1wlzia8v0dc0i0q-rbh-find-0.0.0
checking for references to /build/ in /nix/store/jidicmyl69x723z0a1wlzia8v0dc0i0q-rbh-find-0.0.0...
/nix/store/jidicmyl69x723z0a1wlzia8v0dc0i0q-rbh-find-0.0.0

Configure a service

[asmadeus@odin:~/nixos-config]$ # Simple systemd service

[asmadeus@odin:~/nixos-config]$ bat profiles/ashuffle.nix
───────┬────────────────────────────────────────────────────────────────────────
       │ File: profiles/ashuffle.nix
───────┼────────────────────────────────────────────────────────────────────────
   1   │ { config, pkgs, ... }:
   2   │ 
   3   │ {
   4   │   systemd.services.ashuffle = {
   5   │     description = "Automagically adds songs";
   6   │     path = [ pkgs.ashuffle ];
   7   │     after = [ "mpd.service" ];
   8   │     serviceConfig = {
   9   │       Type = "simple";
  10   │       ExecStart = "${pkgs.ashuffle}/bin/ashuffle --host 127.0.0.1 --queue-buffer 1";
  11   │       Restart = "always";
  12   │       User = "nobody";
  13   │     };
  14   │     wantedBy = [ "default.target" ];
  15   │     confinement = {
  16   │       enable = true;
  17   │       binSh = null;
  18   │       mode = "chroot-only";
  19   │     };
  20   │   };
  21   │ }
───────┴────────────────────────────────────────────────────────────────────────

[asmadeus@odin:~/nixos-config]$ # ... Or build on top of nixpkgs modules

[asmadeus@odin:~/nixos-config]$ bat profiles/mpd.nix machines/jormungand/mpd.nix machines/jormungand/configuration.nix
───────┬────────────────────────────────────────────────────────────────────────
       │ File: profiles/mpd.nix
───────┼────────────────────────────────────────────────────────────────────────
   1   │ { config, lib, pkgs, ... }:
   2   │ 
   3   │ {
   4   │   # expects music dir to be bind-mounted to /var/lib/mpd/music e.g.
   5   │   # systemd.services.mpd.serviceConfig.BindReadOnlyPaths = [
   6   │   #   "home/asmadeus/zik:/var/lib/mpd/music"
   7   │   # ];
   8   │   services.mpd = {
   9   │     enable = true;
  10   │     fluidsynth = true;
  11   │     extraConfig = ''
  12   │       replaygain "auto"
  13   │       volume_normalization "yes"
  14   │       max_output_buffer_size "32768"
  15   │       filesystem_charset              "UTF-8"
  16   │       audio_output {
  17   │               type            "httpd"
  18   │               name            "mpd"
  19   │               encoder         "vorbis"                # optional, vorbis or lame
  20   │               port            "8080"
  21   │               bind_to_address "127.0.0.1"             # optional, IPv4 or IPv6
  22   │               quality         "5.0"                   # do not define if bitrate is defined
  23   │               #bitrate        "128"                   # do not define if quality is defined
  24   │               format          "44100:16:2"
  25   │               max_clients     "0"                     # optional 0=no limit
  26   │       }
  27   │     '';
  28   │   };
  29   │ 
  30   │   systemd.services.mpd = {
  31   │     serviceConfig.BindPaths = [ "/var/lib/mpd" ];
  32   │     # service start notify
  33   │     serviceConfig.BindReadOnlyPaths = [ "/run/systemd/notify" ];
  34   │     # ProtectSystem is not compatible with confinement
  35   │     serviceConfig.ProtectSystem = lib.mkForce false;
  36   │     confinement = {
  37   │       enable = true;
  38   │       binSh = null;
  39   │       mode = "chroot-only";
  40   │       packages = [ pkgs.soundfont-fluid ];
  41   │     };
  42   │   };
  43   │ }
───────┴────────────────────────────────────────────────────────────────────────
───────┬────────────────────────────────────────────────────────────────────────
       │ File: machines/jormungand/mpd.nix
───────┼────────────────────────────────────────────────────────────────────────
   1   │ { config, pkgs, ... }:
   2   │ 
   3   │ {
   4   │   imports = [ ../../profiles/mpd.nix ];
   5   │ 
   6   │   systemd.services.mpd.serviceConfig.BindReadOnlyPaths = [
   7   │     "/home/asmadeus/zik:/var/lib/mpd/music"
   8   │   ];
   9   │ }
───────┴────────────────────────────────────────────────────────────────────────
───────┬────────────────────────────────────────────────────────────────────────
       │ File: machines/jormungand/configuration.nix
───────┼────────────────────────────────────────────────────────────────────────
   1   │ { config, pkgs, ... }:
   2   │ 
   3   │ {
   4   │   imports =
   5   │     [
...
  11   │       ./mpd.nix
...
  15   │     ];
...
  33   │ }
───────┴────────────────────────────────────────────────────────────────────────

[asmadeus@odin:~/nixos-config]$ # Let's see what the running service looks like...

[asmadeus@odin:~/nixos-config]$ ps aux | grep [m]pd

mpd       6060  0.0  0.2 435560 41808 ?        Ssl  12:16   0:01 /nix/store/6s3jj55vw405rjxbmrkcpzs4j7527gia-mpd-0.21.19/bin/mpd --no-daemon /nix/store/nq73mm5x59vxkbirbjjr35jciwhb5in8-mpd.conf

[asmadeus@odin:~/nixos-config]$ bat /nix/store/nq73mm5x59vxkbirbjjr35jciwhb5in8-mpd.conf
───────┬────────────────────────────────────────────────────────────────────────
       │ File: /nix/store/nq73mm5x59vxkbirbjjr35jciwhb5in8-mpd.conf
───────┼────────────────────────────────────────────────────────────────────────
   1   │ music_directory     "/var/lib/mpd/music"
   2   │ playlist_directory  "/var/lib/mpd/playlists"
   3   │ db_file             "/var/lib/mpd/tag_cache"
   4   │ 
   5   │ state_file          "/var/lib/mpd/state"
   6   │ sticker_file        "/var/lib/mpd/sticker.sql"
   7   │ 
   8   │ bind_to_address "127.0.0.1"
   9   │ 
  10   │ decoder {
  11   │         plugin "fluidsynth"
  12   │         soundfont "/nix/store/ssaxy5fcpplx71rpdkkkb0zs2hda34g8-Fluid-3/share/soundfonts/FluidR3_GM2-2.sf2"
  13   │ }
  14   │ 
  15   │ 
  16   │ replaygain "auto"
  17   │ volume_normalization "yes"
  18   │ max_output_buffer_size "32768"
  19   │ filesystem_charset              "UTF-8"
  20   │ audio_output {
  21   │         type            "httpd"
  22   │         name            "mpd"
  23   │         encoder         "vorbis"                # optional, vorbis or lame
  24   │         port            "8080"
  25   │         bind_to_address "127.0.0.1"             # optional, IPv4 or IPv6
  26   │         quality         "5.0"                   # do not define if bitrate is defined
  27   │         #bitrate        "128"                   # do not define if quality is defined
  28   │         format          "44100:16:2"
  29   │         max_clients     "0"                     # optional 0=no limit
  30   │ }
  31   │ 
───────┴────────────────────────────────────────────────────────────────────────

[asmadeus@odin:~/nixos-config]$ # "magic" happens in "services.mpd =" section -- everything else is local gibberish (confinement, see later section, and how scripts are sorted)

[asmadeus@odin:~/nixos-config]$ # Let's see how it works!

[asmadeus@odin:~/nixos-config]$ # cd ~/nixpkgs
[asmadeus@odin:~/nixpkgs]$ find . -name mpd.nix

./nixos/modules/services/audio/mpd.nix
./nixos/tests/mpd.nix
./pkgs/applications/audio/mopidy/mpd.nix

[asmadeus@odin:~/nixpkgs]$ # so, tests are obviously tests (see Tests section)

[asmadeus@odin:~/nixpkgs]$ # pkgs/applications... is the package like we've seen.

[asmadeus@odin:~/nixpkgs]$ # Packages defined in nixpkgs have binary caching available so if no override is done we should never need to build them.

[asmadeus@odin:~/nixpkgs]$ # Let's have a closer look at the last one.

[asmadeus@odin:~/nixpkgs]$ bat ./nixos/modules/services/audio/mpd.nix
───────┬────────────────────────────────────────────────────────────────────────
       │ File: ./nixos/modules/services/audio/mpd.nix
───────┼────────────────────────────────────────────────────────────────────────
   1   │ { config, lib, pkgs, ... }:
   2   │ 
   3   │ with lib;
   4   │ 
   5   │ let
   6   │ 
   7   │   name = "mpd";
   8   │ 
   9   │   uid = config.ids.uids.mpd;
  10   │   gid = config.ids.gids.mpd;
  11   │   cfg = config.services.mpd;
  12   │ 
  13   │   mpdConf = pkgs.writeText "mpd.conf" ''
  14   │     music_directory     "${cfg.musicDirectory}"
  15   │     playlist_directory  "${cfg.playlistDirectory}"
  16   │     ${lib.optionalString (cfg.dbFile != null) ''
  17   │       db_file             "${cfg.dbFile}"
  18   │     ''}
  19   │     state_file          "${cfg.dataDir}/state"
  20   │     sticker_file        "${cfg.dataDir}/sticker.sql"
  21   │ 
  22   │     ${optionalString (cfg.network.listenAddress != "any") ''bind_to_address "${cfg.network.listenAddress}"''}
  23   │     ${optionalString (cfg.network.port != 6600)  ''port "${toString cfg.network.port}"''}
  24   │     ${optionalString (cfg.fluidsynth) ''
  25   │       decoder {
  26   │               plugin "fluidsynth"
  27   │               soundfont "${pkgs.soundfont-fluid}/share/soundfonts/FluidR3_GM2-2.sf2"
  28   │       }
  29   │     ''}
  30   │ 
  31   │     ${cfg.extraConfig}
  32   │   '';
  33   │ 
  34   │ in {
  35   │ 
  36   │   ###### interface
  37   │ 
  38   │   options = {
  39   │ 
  40   │     services.mpd = {
  41   │ 
  42   │       enable = mkOption {
  43   │         type = types.bool;
  44   │         default = false;
  45   │         description = ''
  46   │           Whether to enable MPD, the music player daemon.
  47   │         '';
  48   │       };
  49   │ 
  50   │       startWhenNeeded = mkOption {
  51   │         type = types.bool;
  52   │         default = false;
  53   │         description = ''
  54   │           If set, <command>mpd</command> is socket-activated; that
  55   │           is, instead of having it permanently running as a daemon,
  56   │           systemd will start it on the first incoming connection.
  57   │         '';
  58   │       };
  59   │ 
  60   │       musicDirectory = mkOption {
  61   │         type = with types; either path (strMatching "(http|https|nfs|smb)://.+");
  62   │         default = "${cfg.dataDir}/music";
  63   │         defaultText = ''''${dataDir}/music'';
  64   │         description = ''
  65   │           The directory or NFS/SMB network share where mpd reads music from.
  66   │         '';
  67   │       };
  68   │ 
  69   │       playlistDirectory = mkOption {
  70   │         type = types.path;
  71   │         default = "${cfg.dataDir}/playlists";
  72   │         defaultText = ''''${dataDir}/playlists'';
  73   │         description = ''
  74   │           The directory where mpd stores playlists.
  75   │         '';
  76   │       };
  77   │ 
  78   │       extraConfig = mkOption {
  79   │         type = types.lines;
  80   │         default = "";
  81   │         description = ''
  82   │           Extra directives added to to the end of MPD's configuration file,
  83   │           mpd.conf. Basic configuration like file location and uid/gid
  84   │           is added automatically to the beginning of the file. For available
  85   │           options see <literal>man 5 mpd.conf</literal>'.
  86   │         '';
  87   │       };
  88   │ 
  89   │       dataDir = mkOption {
  90   │         type = types.path;
  91   │         default = "/var/lib/${name}";
  92   │         description = ''
  93   │           The directory where MPD stores its state, tag cache,
  94   │           playlists etc.
  95   │         '';
  96   │       };
  97   │ 
  98   │       user = mkOption {
  99   │         type = types.str;
 100   │         default = name;
 101   │         description = "User account under which MPD runs.";
 102   │       };
 103   │ 
 104   │       group = mkOption {
 105   │         type = types.str;
 106   │         default = name;
 107   │         description = "Group account under which MPD runs.";
 108   │       };
 109   │ 
 110   │       network = {
 111   │ 
 112   │         listenAddress = mkOption {
 113   │           type = types.str;
 114   │           default = "127.0.0.1";
 115   │           example = "any";
 116   │           description = ''
 117   │             The address for the daemon to listen on.
 118   │             Use <literal>any</literal> to listen on all addresses.
 119   │           '';
 120   │         };
 121   │ 
 122   │         port = mkOption {
 123   │           type = types.int;
 124   │           default = 6600;
 125   │           description = ''
 126   │             This setting is the TCP port that is desired for the daemon to get assigned
 127   │             to.
 128   │           '';
 129   │         };
 130   │ 
 131   │       };
 132   │ 
 133   │       dbFile = mkOption {
 134   │         type = types.nullOr types.str;
 135   │         default = "${cfg.dataDir}/tag_cache";
 136   │         defaultText = ''''${dataDir}/tag_cache'';
 137   │         description = ''
 138   │           The path to MPD's database. If set to <literal>null</literal> the
 139   │           parameter is omitted from the configuration.
 140   │         '';
 141   │       };
 142   │ 
 143   │       fluidsynth = mkOption {
 144   │         type = types.bool;
 145   │         default = false;
 146   │         description = ''
 147   │           If set, add fluidsynth soundfont and configure the plugin.
 148   │         '';
 149   │       };
 150   │     };
 151   │ 
 152   │   };
 153   │ 
 154   │ 
 155   │   ###### implementation
 156   │ 
 157   │   config = mkIf cfg.enable {
 158   │ 
 159   │     systemd.sockets.mpd = mkIf cfg.startWhenNeeded {
 160   │       description = "Music Player Daemon Socket";
 161   │       wantedBy = [ "sockets.target" ];
 162   │       listenStreams = [
 163   │         "${optionalString (cfg.network.listenAddress != "any") "${cfg.network.listenAddress}:"}${toString cfg.network.port}"
 164   │       ];
 165   │       socketConfig = {
 166   │         Backlog = 5;
 167   │         KeepAlive = true;
 168   │         PassCredentials = true;
 169   │       };
 170   │     };
 171   │ 
 172   │     systemd.tmpfiles.rules = [
 173   │       "d '${cfg.dataDir}' - ${cfg.user} ${cfg.group} - -"
 174   │       "d '${cfg.playlistDirectory}' - ${cfg.user} ${cfg.group} - -"
 175   │     ];
 176   │ 
 177   │     systemd.services.mpd = {
 178   │       after = [ "network.target" "sound.target" ];
 179   │       description = "Music Player Daemon";
 180   │       wantedBy = optional (!cfg.startWhenNeeded) "multi-user.target";
 181   │ 
 182   │       serviceConfig = {
 183   │         User = "${cfg.user}";
 184   │         ExecStart = "${pkgs.mpd}/bin/mpd --no-daemon ${mpdConf}";
 185   │         Type = "notify";
 186   │         LimitRTPRIO = 50;
 187   │         LimitRTTIME = "infinity";
 188   │         ProtectSystem = true;
 189   │         NoNewPrivileges = true;
 190   │         ProtectKernelTunables = true;
 191   │         ProtectControlGroups = true;
 192   │         ProtectKernelModules = true;
 193   │         RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX AF_NETLINK";
 194   │         RestrictNamespaces = true;
 195   │         Restart = "always";
 196   │       };
 197   │     };
 198   │ 
 199   │     users.users = optionalAttrs (cfg.user == name) {
 200   │       ${name} = {
 201   │         inherit uid;
 202   │         group = cfg.group;
 203   │         extraGroups = [ "audio" ];
 204   │         description = "Music Player Daemon user";
 205   │         home = "${cfg.dataDir}";
 206   │       };
 207   │     };
 208   │ 
 209   │     users.groups = optionalAttrs (cfg.group == name) {
 210   │       ${name}.gid = gid;
 211   │     };
 212   │   };
 213   │ 
 214   │ }
───────┴────────────────────────────────────────────────────────────────────────

[asmadeus@odin:~/nixpkgs]$ # Three main sections:

[asmadeus@odin:~/nixpkgs]$ # - "let .. in" defines local variables (nix language)

[asmadeus@odin:~/nixpkgs]$ # "options = {}" defines configuration options

[asmadeus@odin:~/nixpkgs]$ # "config =" is the actual implementation from options

[asmadeus@odin:~/nixpkgs]$ # Options are typed, with default values and description

[asmadeus@odin:~/nixpkgs]$ # Config almost always guarded with "mkIf cfg.enable" -> nothing declared if service isn't enabled

[asmadeus@odin:~/nixpkgs]$ # can override anything with lib.mkForce

[asmadeus@odin:~/nixpkgs]$ cd ~/nixos-config 

[asmadeus@odin:~/nixos-config]$ # bat modules/services/mpd.nix 
───────┬────────────────────────────────────────────────────────────────────────
       │ File: modules/services/mpd.nix
───────┼────────────────────────────────────────────────────────────────────────
   1   │ { config, lib, pkgs, ... }:
   2   │ 
   3   │ with lib;
   4   │ let
   5   │ 
   6   │   cfg = config.services.mpd;
   7   │   # we want to remove user attr see https://github.com/NixOS/nixpkgs/pull/87418
   8   │   # user gets in the way of confinement
   9   │   mpdConf = pkgs.writeText "mpd.conf" ''
  10   │     music_directory     "${cfg.musicDirectory}"
  11   │     playlist_directory  "${cfg.playlistDirectory}"
  12   │     ${lib.optionalString (cfg.dbFile != null) ''
  13   │       db_file             "${cfg.dbFile}"
  14   │     ''}
  15   │     state_file          "${cfg.dataDir}/state"
  16   │     sticker_file        "${cfg.dataDir}/sticker.sql"
  17   │ 
  18   │     ${optionalString (cfg.network.listenAddress != "any") ''bind_to_address "${cfg.network.listenAddress}"''}
  19   │     ${optionalString (cfg.network.port != 6600)  ''port "${toString cfg.network.port}"''}
  20   │     ${optionalString (cfg.fluidsynth) ''
  21   │       decoder {
  22   │               plugin "fluidsynth"
  23   │               soundfont "${pkgs.soundfont-fluid}/share/soundfonts/FluidR3_GM2-2.sf2"
  24   │       }
  25   │     ''}
  26   │ 
  27   │     ${cfg.extraConfig}
  28   │   '';
  29   │ 
  30   │ in {
  31   │   # see https://github.com/NixOS/nixpkgs/pull/87270
  32   │   # once 'user' part landed it might be possible to extend extraConfig?
  33   │   # who am I kidding...
  34   │   options.services.mpd.fluidsynth = mkOption {
  35   │     type = types.bool;
  36   │     default = false;
  37   │     description = ''
  38   │       If set, add fluidsynth soundfont and configure the plugin.
  39   │     '';
  40   │   };
  41   │ 
  42   │   config.systemd.services.mpd.serviceConfig.ExecStart = mkForce "${pkgs.mpd}/bin/mpd --no-daemon ${mpdConf}";
  43   │ }
───────┴────────────────────────────────────────────────────────────────────────

Configure a system

[asmadeus@odin:~/nixos-config]$ # A system is just a bunch of services...

[asmadeus@odin:~/nixos-config]$ # su -

[root@odin:~]# cd /etc/nixos/

[root@odin:/etc/nixos]# ls

configuration.nix  default.nix  files  machines  modules  overlays  overlays.nix  pkgs  profiles  README  result  tests  TODO

[root@odin:/etc/nixos]# ls -l configuration.nix

lrwxrwxrwx 1 root root 31 May 10 10:11 configuration.nix -> machines/odin/configuration.nix

[root@odin:/etc/nixos]# bat configuration.nix
───────┬────────────────────────────────────────────────────────────────────────
       │ File: configuration.nix
───────┼────────────────────────────────────────────────────────────────────────
   1   │ { config, pkgs, ... }:
   2   │ 
   3   │ {
   4   │   imports =
   5   │     [
   6   │       ./hardware-configuration.nix
   7   │       ./network.nix
   8   │       ../../profiles/common.nix
   9   │       ../../profiles/users.nix
  10   │       ../../profiles/zfs.nix
  11   │       ./nfs.nix
  12   │       ./mpd.nix
  13   │     ];
  14   │ 
  15   │   environment.systemPackages = with pkgs; [
  16   │     iw
  17   │     kvm
  18   │     bridge-utils
  19   │   ];
  20   │ 
  21   │   boot.loader.grub.enable = true;
  22   │   boot.loader.grub.version = 2;
  23   │   boot.loader.grub.device = "/dev/sda";
  24   │   boot.tmpOnTmpfs = false;
  25   │ 
  26   │   # number of parallel tasks
  27   │   nix.buildCores = 4;
  28   │   nix.maxJobs = 4;
  29   │ 
  30   │   # This value determines the NixOS release from which the default
  31   │   # settings for stateful data, like file locations and database versions
  32   │   # on your system were taken. It‘s perfectly fine and recommended to leave
  33   │   # this value at the release version of the first install of this system.
  34   │   # Before changing this value read the documentation for this option
  35   │   # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  36   │   system.stateVersion = "18.03"; # Did you read the comment?
  37   │ }
───────┴────────────────────────────────────────────────────────────────────────

[root@odin:/etc/nixos]# nixos-rebuild switch --upgrade
unpacking channels...
created 1 symlinks in user environment
these derivations will be built:
  /nix/store/x2vxbns2y07y08xdaspgzd5rdbpif8rx-nixos-rebuild.drv
these paths will be fetched (2.69 MiB download, 14.10 MiB unpacked):
  /nix/store/ajlnfsb30n0bbiqsapjla9idar8a68f2-nix-2.3.4
  /nix/store/g7pqz813x9b82qnnyn20pdhp6yl6zq4a-nix-2.3.4-man
  /nix/store/h3431h1y6hh2v3zsw8iy061pamclsplh-aws-sdk-cpp-1.7.90
copying path '/nix/store/g7pqz813x9b82qnnyn20pdhp6yl6zq4a-nix-2.3.4-man' from 'https://cache.nixos.org'...
copying path '/nix/store/h3431h1y6hh2v3zsw8iy061pamclsplh-aws-sdk-cpp-1.7.90' from 'https://cache.nixos.org'...
copying path '/nix/store/ajlnfsb30n0bbiqsapjla9idar8a68f2-nix-2.3.4' from 'https://cache.nixos.org'...
building '/nix/store/x2vxbns2y07y08xdaspgzd5rdbpif8rx-nixos-rebuild.drv'...
building Nix...
building the system configuration...
these derivations will be built:
  /nix/store/h75vinr3drczh2v4mcnhirsydh7l34by-unit-script-nix-gc-start.drv
  /nix/store/0r35x5vvcgzk1l55a3rxyrwls2nj1sqy-unit-nix-gc.service.drv
  /nix/store/183v7kxqqcszlyi3qgrxqac42r8v4dg6-system-shutdown.drv
  /nix/store/lqpvmp76s73idabgxl3ny9crcv4r0fxc-find-libs.drv
  /nix/store/caxh1zag09n8fd5rwqmrxp636ajxk25w-extra-utils.drv
  /nix/store/3wwx56cp4x0hvdxp6hxmz9vyz5nrv22h-link-units.drv
  /nix/store/f2g58b3p8w5kbd3l55lki6clpv7scf11-initrd-fsinfo.drv
  /nix/store/jddnsl1cm3mk93f5zzjlmbviga0wp0w7-linux-5.4.42-modules.drv
  /nix/store/lla68ynmjb5dx3ffx1rqg6lzw2y4d9d5-firmware.drv
  /nix/store/lyi2jrm40v1aaig683gmi6b998w7xnzr-linux-5.4.42-modules-shrunk.drv
  /nix/store/ssc47f61858jfswbbiccs7hq2c33wqfn-udev-rules.drv
  /nix/store/1khqfkv3inajcvizfhsa1rkww7wr4j8j-stage-1-init.sh.drv
  /nix/store/41hzvwri8bsfyl5jzcr2xbxl1pz1x8mk-system-generators.drv
  /nix/store/fjbfiq7prv1f6icihyabrm7m7zqnxcik-nixos-version.drv
  /nix/store/nhgvryqr85s6cwd51ci0gd4dli758adv-nixos-help.drv
  /nix/store/rj6g7vz45y6z4ldn8fm26gsq50r88270-nixos-install.drv
  /nix/store/7hbpk354hqb3g2mp9n42v0chl4bjmq7w-sway.drv
  /nix/store/yznq3d6canqk2fl2l118iajxj1ix90rr-sway-1.4.drv
  /nix/store/z9w7sa0cph0qqal3qdhg2gqfq2v3qywa-system-path.drv
  /nix/store/634nq74gk2w8c0scrvhwijj3sqcmzsdf-unit-polkit.service.drv
  /nix/store/wzh5fz9fgzgy0izv87k3fn008d01dq0q-dbus-1.drv
  /nix/store/d1sb8gs2kaxqvg9h48i759dqb8blm2k1-unit-dbus.service.drv
  /nix/store/kgq6z827a5i7iarcknqi5vfy620v7j23-unit-systemd-fsck-.service.drv
  /nix/store/vv4r8s8na4yjmy9k4xfcspqmip1pkzqp-unit-nix-optimise.service.drv
  /nix/store/lfmh6jkz0f0xzwwhgi0h4rwg53nl8zfy-nix.conf.drv
  /nix/store/yjz6jg4nfjg1rj32nnakv1560ikinl1a-unit-nix-daemon.service.drv
  /nix/store/433kkd8akx9br9sjig3d67wiiwsfzpy9-system-units.drv
  /nix/store/ij7dw1a4ci3s6sjf7cmayrysc244pkzi-issue.drv
  /nix/store/mbqrdsbd3cpmn9l7rlqq3nqybgd7274n-etc-nixos.conf.drv
  /nix/store/zsxypf7pn3wxhxc5m5lq7g1m7f5b6n8j-unit-dbus.service.drv
  /nix/store/msq3rlxm43dnna8ya4ywjrn783cbiwbh-user-units.drv
  /nix/store/mx42s4rvqrhcbj4ycsqdiqbxq5sx0vhk-etc-zed.rc.drv
  /nix/store/sdi02migp3pw0sh5k083x8qb3a3hxzxl-etc-os-release.drv
  /nix/store/5r0qm2hzliz1zcdkzxjckrjhilkvcsca-etc.drv
  /nix/store/wk4mgskb4jkihn129wfcxla79a2535gr-mdadm.conf.drv
  /nix/store/mnnbzdfiqv4w0kg1gv7v0spydqhbk9b0-initrd-linux-5.4.42.drv
  /nix/store/y51pxfw80f8737m7s7kyck674iva12l3-kernel-modules.drv
  /nix/store/hgindm9ahc5vhhwl8bqxqbyij7zv07m9-nixos-system-odin-20.03.1942.6d68b920eb2.drv
these paths will be fetched (106.14 MiB download, 283.94 MiB unpacked):
  /nix/store/4vpljkglzm2k28yyv7lc7cqc35kp5144-perf-linux-5.4.42
  /nix/store/54lmif295g4ap8syvr3yhcg76mas1ym4-nixos-manpages
  /nix/store/aiql8jnvpkja65qjjjlys4l22ggf39n2-initrd-kmod-blacklist-ubuntu
  /nix/store/bjkmg2di633k6lzswcmyzg9gwx37iigl-sway-unwrapped-1.4
  /nix/store/bnx4n11q1f0j0n3sy8pl4vn7s45fw7jf-keymap
  /nix/store/glbxb42gw3290f45jpd5f949hrn0s8p1-zfs-kernel-0.8.3-5.4.42
  /nix/store/i6qc1wik32s9hngz2bzgc126m7b3ab18-nixos-manual-html
  /nix/store/ic9c7wkfba9srkyvv6cr67cj3mq68ppx-linux-5.4.42
  /nix/store/j66bzy6jx03fqbnqpxg4fg736cdj4w9p-bcc-0.12.0
  /nix/store/jnms9sxc6gvbnsrrivvciah83d9rbdqi-bpftrace-0.9.4
  /nix/store/lv64pkn6pi80rvs801mcwbpk47cz1nwx-nixos-option
  /nix/store/m6si30kkdzhpy7dcwh8k3ybx4wvr72s4-busybox-1.31.1
  /nix/store/pq5wbca8yn9wlyvyciygcycq0n16qp45-nix-2.3.4-doc
  /nix/store/w2z46q4p9zg21gijr49jp8l9rz2b719l-linux-5.4.42-dev
  /nix/store/w5wbk3y233hwzhnmir7lj5sbd8f5yjiq-bpftrace-0.9.4-man
  /nix/store/xkjifzci4i7wzl7lq9w1j6mpsxkri88j-nuke-references
copying path '/nix/store/ic9c7wkfba9srkyvv6cr67cj3mq68ppx-linux-5.4.42' from 'https://cache.nixos.org'...
copying path '/nix/store/w5wbk3y233hwzhnmir7lj5sbd8f5yjiq-bpftrace-0.9.4-man' from 'https://cache.nixos.org'...
copying path '/nix/store/pq5wbca8yn9wlyvyciygcycq0n16qp45-nix-2.3.4-doc' from 'https://cache.nixos.org'...
copying path '/nix/store/54lmif295g4ap8syvr3yhcg76mas1ym4-nixos-manpages' from 'https://cache.nixos.org'...
copying path '/nix/store/m6si30kkdzhpy7dcwh8k3ybx4wvr72s4-busybox-1.31.1' from 'https://cache.nixos.org'...
copying path '/nix/store/aiql8jnvpkja65qjjjlys4l22ggf39n2-initrd-kmod-blacklist-ubuntu' from 'https://cache.nixos.org'...
copying path '/nix/store/bnx4n11q1f0j0n3sy8pl4vn7s45fw7jf-keymap' from 'https://cache.nixos.org'...
copying path '/nix/store/i6qc1wik32s9hngz2bzgc126m7b3ab18-nixos-manual-html' from 'https://cache.nixos.org'...
copying path '/nix/store/lv64pkn6pi80rvs801mcwbpk47cz1nwx-nixos-option' from 'https://cache.nixos.org'...
copying path '/nix/store/xkjifzci4i7wzl7lq9w1j6mpsxkri88j-nuke-references' from 'https://cache.nixos.org'...
copying path '/nix/store/4vpljkglzm2k28yyv7lc7cqc35kp5144-perf-linux-5.4.42' from 'https://cache.nixos.org'...
copying path '/nix/store/bjkmg2di633k6lzswcmyzg9gwx37iigl-sway-unwrapped-1.4' from 'https://cache.nixos.org'...
copying path '/nix/store/glbxb42gw3290f45jpd5f949hrn0s8p1-zfs-kernel-0.8.3-5.4.42' from 'https://cache.nixos.org'...
building '/nix/store/sdi02migp3pw0sh5k083x8qb3a3hxzxl-etc-os-release.drv'...
building '/nix/store/mx42s4rvqrhcbj4ycsqdiqbxq5sx0vhk-etc-zed.rc.drv'...
building '/nix/store/lqpvmp76s73idabgxl3ny9crcv4r0fxc-find-libs.drv'...
building '/nix/store/f2g58b3p8w5kbd3l55lki6clpv7scf11-initrd-fsinfo.drv'...
building '/nix/store/caxh1zag09n8fd5rwqmrxp636ajxk25w-extra-utils.drv'...
...
building '/nix/store/zsxypf7pn3wxhxc5m5lq7g1m7f5b6n8j-unit-dbus.service.drv'...
building '/nix/store/433kkd8akx9br9sjig3d67wiiwsfzpy9-system-units.drv'...
building '/nix/store/msq3rlxm43dnna8ya4ywjrn783cbiwbh-user-units.drv'...
building '/nix/store/5r0qm2hzliz1zcdkzxjckrjhilkvcsca-etc.drv'...
building '/nix/store/hgindm9ahc5vhhwl8bqxqbyij7zv07m9-nixos-system-odin-20.03.1942.6d68b920eb2.drv'...
updating GRUB 2 menu...
stopping the following units: nix-daemon.service, nix-daemon.socket
NOT restarting the following changed units: systemd-fsck@dev-disk-by\x2duuid-523adeea\x2d94b7\x2d4a75\x2dba15\x2df94b4babefcf.service
activating the configuration...
setting up /etc...
reloading user units for asmadeus...
setting up tmpfiles
reloading the following units: dbus.service
starting the following units: nix-daemon.socket

[root@odin:/etc/nixos]# # here --upgrade works with nix-channel ; can use a git directly or pin release in the config instead

[root@odin:/etc/nixos]# nixos-rebuild --help
...
       switch
           Build and activate the new configuration, and make it the boot default. That is, the configuration is
           added to the GRUB boot menu as the default menu entry, so that subsequent reboots will boot the system
           into the new configuration. Previous configurations activated with nixos-rebuild switch or nixos-rebuild
           boot remain available in the GRUB menu.

       boot
           Build the new configuration and make it the boot default (as with nixos-rebuild switch), but do not
           activate it. That is, the system continues to run the previous configuration until the next reboot.

       test
           Build and activate the new configuration, but do not add it to the GRUB boot menu. Thus, if you reboot the
           system (or if it crashes), you will automatically revert to the default configuration (i.e. the
           configuration resulting from the last call to nixos-rebuild switch or nixos-rebuild boot).

       build
           Build the new configuration, but neither activate it nor add it to the GRUB boot menu. It leaves a symlink
           named result in the current directory, which points to the output of the top-level “system” derivation.
           This is essentially the same as doing

               $ nix-build /path/to/nixpkgs/nixos -A system

           Note that you do not need to be root to run nixos-rebuild build.

       dry-build
           Show what store paths would be built or downloaded by any of the operations above, but otherwise do
           nothing.

       dry-activate
           Build the new configuration, but instead of activating it, show what changes would be performed by the
           activation (i.e. by nixos-rebuild test). For instance, this command will print which systemd units would
           be restarted. The list of changes is not guaranteed to be complete.
...

[root@odin:/etc/nixos]# ^D
[asmadeus@odin:~/nixos-config]$ # for help on how to configure services:
[asmadeus@odin:~/nixos-config]$ man configuration.nix
[asmadeus@odin:~/nixos-config]$ nix repl ./nixos.nix

Configure a fleet: nixops

(maybe later) for now, much simpler version using nix-copy: http://www.haskellforall.com/2018/08/nixos-in-production.html

[asmadeus@odin:~/nixos-config]$ nix-build ./nixos.nix -A system
...
building '/nix/store/sbkhhyxw4w2h47av5k30k2d00fk5g3kc-nixos-system-jormungand.codewreck.org-20.03.1942.6d68b920eb2.drv'...
/nix/store/f0fs7rp7a3kxrdq6v1jpnvp0ayjprvsd-nixos-system-jormungand.codewreck.org-20.03.1942.6d68b920eb2

[asmadeus@odin:~/nixos-config]$ ls -l result

lrwxrwxrwx 1 asmadeus users 104 May 22 16:30 result -> /nix/store/f0fs7rp7a3kxrdq6v1jpnvp0ayjprvsd-nixos-system-jormungand.codewreck.org-20.03.1942.6d68b920eb2

[asmadeus@odin:~/nixos-config]$ nix copy --to ssh://jormungand.codewreck.org --substitute-on-destination ./result
...
copying path '/nix/store/kfxbih6cw32sfslszrhf6kd870d5hmxf-matrix-synapse-1.13.0' from 'https://cache.nixos.org'...
...
[22 copied (35.7 MiB)]

[asmadeus@odin:~/nixos-config]$ ssh jormungand.codewreck.org

[asmadeus@jormungand:~]$ sudo nix-env --profile /nix/var/nix/profiles/system --set /nix/store/1n0jnzchhpfpk4zzdqsc4dwhhaagkp2s-nixos-system-jormungand.codewreck.org-20.03.1942.6d68b920eb2

[asmadeus@jormungand:~]$ sudo nix-env --profile /nix/var/nix/profiles/system --delete-generations +10

[asmadeus@jormungand:~]$ sudo /nix/store/1n0jnzchhpfpk4zzdqsc4dwhhaagkp2s-nixos-system-jormungand.codewreck.org-20.03.1942.6d68b920eb2/bin/switch-to-configuration switch
updating GRUB 2 menu...
stopping the following units: matrix-synapse.service, nix-daemon.service, nix-daemon.socket
NOT restarting the following changed units: systemd-fsck@dev-disk-by\x2duuid-b9911970\x2db6a3\x2d49e1\x2da6df\x2d1372b9022962.service
activating the configuration...
setting up /etc...
reloading user units for asmadeus...
setting up tmpfiles
reloading the following units: dbus.service
restarting the following units: nginx.service, polkit.service
starting the following units: matrix-synapse.service, nix-daemon.socket

Flakes, NUR...

Way of pointing to other repos, NUR = no-check package repository (no binary cache, like arch's AUR) https://github.com/nix-community/NUR

Add a package variant (overrideAttrs or parametrized package)

[asmadeus@odin:~/nixos-config]$ # Already seen an overrideAttrs in pkgs/default.nix:

[asmadeus@odin:~/nixos-config]$ bat pkgs/default.nix
───────┬────────────────────────────────────────────────────────────────────────
       │ File: pkgs/default.nix
───────┼────────────────────────────────────────────────────────────────────────
   1   │ self: super: {
...
   5   │   # absl for ashuffle
   6   │   abseil-cpp-17 = super.abseil-cpp.overrideAttrs (oldAttrs: rec {
   7   │     pname = "abseil-cpp-17";
   8   │     cmakeFlags = "-DCMAKE_CXX_STANDARD=17";
   9   │ 
  10   │     # version in master, remove once up to date
  11   │     date = "20191119";
  12   │     rev = "8ba96a8244bbe334d09542e92d566673a65c1f78";
  13   │     version = "${date}-${rev}";
  14   │     src = super.fetchFromGitHub {
  15   │       owner = "abseil";
  16   │       repo = "abseil-cpp";
  17   │       rev = rev;
  18   │       sha256 = "089bvlspgdgi40fham20qy1m97gr1jh5k5czz49dincpd18j6inb";
  19   │     };
  20   │   });
...
  29   │ }
───────┴────────────────────────────────────────────────────────────────────────
 
[asmadeus@odin:~/nixos-config]$ # For parameters let's look at nixpkgs' openblas

[asmadeus@odin:~/nixos-config]$ cd ~/nixpkgs

[asmadeus@odin:~/nixpkgs]$ bat pkgs/development/libraries/science/math/openblas/default.nix
───────┬────────────────────────────────────────────────────────────────────────
       │ File: pkgs/development/libraries/science/math/openblas/default.nix
───────┼────────────────────────────────────────────────────────────────────────
   1   │ { stdenv, fetchFromGitHub, perl, which
   2   │ # Most packages depending on openblas expect integer width to match
   3   │ # pointer width, but some expect to use 32-bit integers always
   4   │ # (for compatibility with reference BLAS).
   5   │ , blas64 ? null
   6   │ # Multi-threaded applications must not call a threaded OpenBLAS
   7   │ # (the only exception is when an application uses OpenMP as its
   8   │ # *only* form of multi-threading). See
   9   │ #     https://github.com/xianyi/OpenBLAS/wiki/Faq/4bded95e8dc8aadc70ce65267d1093ca7bdefc4c#multi-threaded
  10   │ #     https://github.com/xianyi/OpenBLAS/issues/2543
  11   │ # This flag builds a single-threaded OpenBLAS using the flags
  12   │ # stated in thre.
  13   │ , singleThreaded ? false
  14   │ , buildPackages
  15   │ # Select a specific optimization target (other than the default)
  16   │ # See https://github.com/xianyi/OpenBLAS/blob/develop/TargetList.txt
  17   │ , target ? null
  18   │ , enableStatic ? false
  19   │ , enableShared ? true
  20   │ }:
...

[asmadeus@odin:~/nixpkgs]$ grep -A 4 -m1 openblas pkgs/top-level/all-packages.nix

  openblas = callPackage ../development/libraries/science/math/openblas { };

  # A version of OpenBLAS using 32-bit integers on all platforms for compatibility with
  # standard BLAS and LAPACK.
  openblasCompat = openblas.override { blas64 = false; };

[asmadeus@odin:~/nixpkgs]$ # then other packages can either use openblas or openblasCompat

[asmadeus@odin:~/nixpkgs]$ # also see pkgs/build-support/alternatives/blas/default.nix for default provided blas (openblas or mkl or...)

Debug a package build

[asmadeus@odin:~/nixos-config]$ # Oh, no, robinhood-v3 does not build!

[asmadeus@odin:~/nixos-config]$ nix-build -A robinhood-v3
...
  CC       rbh_modules.lo
  CC       basename.lo
In file included from /nix/store/9y9hgbczizwqzci2vfl2phnk9rz50fiq-glibc-2.30-dev/include/string.h:494,
                 from ../../src/include/db_schema.h:27,
                 from ../../src/include/rbh_boolexpr.h:29,
                 from ../../src/include/rbh_cfg_helpers.h:182,
                 from rbh_logs.c:23:
In function 'strncpy',
    inlined from 'display_line_log' at rbh_logs.c:518:13:
/nix/store/9y9hgbczizwqzci2vfl2phnk9rz50fiq-glibc-2.30-dev/include/bits/string_fortified.h:106:10: error: '__builtin_strncpy' specified bound 2048 equals destination size [-Werror=stringop-truncation]
  106 |   return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In function 'strncpy',
    inlined from 'check_syslog_facility' at rbh_logs.c:257:5,
    inlined from 'log_cfg_read' at rbh_logs.c:1158:14:
/nix/store/9y9hgbczizwqzci2vfl2phnk9rz50fiq-glibc-2.30-dev/include/bits/string_fortified.h:106:10: error: '__builtin_strncpy' output may be truncated copying 256 bytes from a string of length 1023 [-Werror=stringop-truncation]
  106 |   return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
make[2]: *** [Makefile:458: rbh_logs.lo] Error 1
make[2]: *** Waiting for unfinished jobs....
make[2]: Leaving directory '/build/source/src/common'
make[1]: *** [Makefile:394: all-recursive] Error 1
make[1]: Leaving directory '/build/source/src'
make: *** [Makefile:471: all-recursive] Error 1
builder for '/nix/store/9wcxz19gvpw7wxv7n9k133bqpallmrb9-robinhood-v3-3.0.drv' failed with exit code 2
error: build of '/nix/store/9wcxz19gvpw7wxv7n9k133bqpallmrb9-robinhood-v3-3.0.drv' failed

[asmadeus@odin:~/nixos-config]$ nix-shell -A robinhood-v3
[nix-shell:~/nixos-config]$ cd $(mktemp -d)
[nix-shell:/run/user/1000/tmp.XkjWMVu2Hi]$ declare -f genericBuild
...
        phases="${prePhases:-} unpackPhase patchPhase ${preConfigurePhases:-}             configurePhase ${preBuildPhases:-} buildPhase checkPhase             ${preInstallPhases:-} installPhase ${preFixupPhases:-} fixupPhase installCheckPhase             ${preDistPhases:-} distPhase ${postPhases:-}"
...

[nix-shell:/run/user/1000/tmp.XkjWMVu2Hi]$ 
[nix-shell:/run/user/1000/tmp.XkjWMVu2Hi]$ unpackPhase 
unpacking source archive /nix/store/y825rc9fa5f8pdf13dg7mqwbs691h82a-source
source root is source

[nix-shell:/run/user/1000/tmp.XkjWMVu2Hi]$ patchPhase

[nix-shell:/run/user/1000/tmp.XkjWMVu2Hi]$ configurePhase
...

[nix-shell:/run/user/1000/tmp.XkjWMVu2Hi]$ buildPhase
... reproduce error
fix files etc
(in this case added `-Wno-error=stringop-truncation` to CFLAGS for now...)

Secure service

[asmadeus@odin:~/nixos-config]$ # Back in services there was a "confinement" block...

[asmadeus@odin:~/nixos-config]$ ps aux|grep [a]shuffle

nobody   31726  0.0  0.1  10140  7860 ?        Ss   11:16   0:02 /nix/store/8n7729hs7658cxyhxmb4wv2bjw9m8ly6-ashuffle-v3.1.0/bin/ashuffle --host 127.0.0.1 --queue-buffer 1

[asmadeus@odin:~/nixos-config]$ sudo find /proc/31726/root/ -maxdepth 3

/proc/31726/root/
/proc/31726/root/nix
/proc/31726/root/nix/store
/proc/31726/root/nix/store/w7alid4mirzwx3ck4hj18q7rnr4yslfh-gcc-9.2.0-lib
/proc/31726/root/nix/store/mxaxvp33wg9sim8qh2kkw041v492bvxj-libunistring-0.9.10
/proc/31726/root/nix/store/hjng28vbd73qq9iz9j8r397x19aa8fp9-libidn2-2.3.0
/proc/31726/root/nix/store/b2bjdvb65p65hm16x6046bz5src4w6za-libmpdclient-2.18
/proc/31726/root/nix/store/9hy6c2hv8lcwc6clnc1p2jf09cs5q9dp-glibc-2.30
/proc/31726/root/nix/store/8n7729hs7658cxyhxmb4wv2bjw9m8ly6-ashuffle-v3.1.0

# Point of attention:
 - more complex services that already add security features (PrivateDevices etc) will remount a /dev or other parts of the tree unwillingly, so the options need to be disabled explicitly.
 - this does not cover other basic sandboxing features; see https://github.com/NixOS/nixpkgs/pull/87661

In particular, LockPersonality ProtectHostname RestrictRealtime etc could always be set.
RestrictAddressFamilies should be adjusted according to service (+PrivateNetwork for local-only services like ashuffle)
MemoryDenyWriteExecute probably for most services and SystemCallFilter on case-by-case basis...

Test VM

[asmadeus@odin:~/nixos-config]$ # demo first!

[asmadeus@odin:~/nixos-config]$ nix-build tests/robinhood.nix
...
machine # [   10.833880] dhcpcd[801]: eth0: adding route to fec0::/64
machine # [   10.835833] dhcpcd[801]: eth0: adding default route via fe80::2
machine: must succeed: mkdir -p /tmp/test/a && touch /tmp/test/{a/b,c}
(0.05 seconds)
machine: must succeed: rbh-find rbh:posix:/tmp/test
(0.10 seconds)
/
/a
/a/b
/c

machine: must fail: false
(0.00 seconds)
machine: must succeed: mkdir -p /tmp/shared/tmpwlq284tm
(0.02 seconds)
machine: must succeed: cp -r /tmp/logs /tmp/shared/tmpwlq284tm/logs
(0.02 seconds)
machine: must succeed: sync
(0.02 seconds)
machine: must succeed: sync
(0.01 seconds)
(12.39 seconds)
test script finished in 12.40s
cleaning up
killing machine (pid 6)
(0.00 seconds)
/nix/store/sz0k83nw5nm1zscxwx6qwx7qs77ffa7j-vm-test-run-unnamed

[asmadeus@odin:~/nixos-config]$ cat ./result/test-output/logs
produces output

[asmadeus@odin:~/nixos-config]$ bat tests/robinhood.nix
───────┬────────────────────────────────────────────────────────────────────────
       │ File: tests/robinhood.nix
───────┼────────────────────────────────────────────────────────────────────────
   1   │ { system ? builtins.currentSystem,
   2   │   config ? {},
   3   │   overlays ? import ../overlays.nix,
   4   │   pkgs ? import <nixpkgs> { inherit system config overlays; },
   5   │   debug ? false,
   6   │ }:
   7   │ 
   8   │ with pkgs.lib;
   9   │ 
  10   │ let
  11   │   commonConfig = {
  12   │       # build-vm does not pass pkgs to eval-config, so override it
  13   │       # to preevent reevaluation and inherit overlays
  14   │       # see https://github.com/NixOS/nixpkgs/issues/65690
  15   │       nixpkgs.pkgs = mkDefault pkgs;
  16   │ 
  17   │       documentation.enable = false;
  18   │   };
  19   │ 
  20   │   # To debug the VM:
  21   │   # $ nix-build tests/xxx.nix -A driver --arg debug true
  22   │   # $ ./result/bin/nixos-test-driver
  23   │   # > start_all()
  24   │   # > machine.forward_port(2222, 22)
  25   │   # $ ssh -oUserKnownHostsFile=/dev/null -oStrictHostKeyChecking=no -p 2222 localhost
  26   │   debugusers = import ../profiles/users.nix { inherit config; };
  27   │   debugConfig = mkIf debug {
  28   │     services.openssh.enable = debug;
  29   │     users.extraUsers = debugusers.users.extraUsers // {
  30   │       root.password = mkForce "";
  31   │     };
  32   │   };
  33   │ 
  34   │   extraConfigurations = [ commonConfig debugConfig ];
  35   │ 
  36   │   nixosTesting = import (pkgs.path + "/nixos/lib/testing-python.nix") {
  37   │     inherit system pkgs extraConfigurations;
  38   │   };
  39   │ 
  40   │ in nixosTesting.makeTest {
  41   │   machine = { pkgs, ... }: {
  42   │     environment.systemPackages = with pkgs; [ rbh-find rbh-sync ];
  43   │   };
  44   │ 
  45   │   testScript = ''
  46   │     machine.wait_for_unit("multi-user.target")
  47   │     machine.succeed("mkdir -p /tmp/test/a && touch /tmp/test/{a/b,c}")
  48   │     print(machine.succeed("rbh-find rbh:posix:/tmp/test"))
  49   │     # "[[ $(rbh-find rbh:posix:/tmp/test | wc -l) = 3",
  50   │ 
  51   │     # examples kept around for demo purpose
  52   │     machine.fail("false")
  53   │     machine.execute("echo produces output > /tmp/logs")
  54   │     machine.copy_from_vm("/tmp/logs", "test-output")
  55   │   '';
  56   │ }
───────┴────────────────────────────────────────────────────────────────────────

[asmadeus@odin:~/nixos-config]$ # a bit of boilerplate, machine describes the VM to start 

[asmadeus@odin:~/nixos-config]$ # testScript is a python script, helpers are described in the "Writing Tests" section of the manual:
https://nixos.org/nixos/manual/index.html#sec-writing-nixos-tests
(there even are functions for x11 testing, OCR and all!)

[asmadeus@odin:~/nixos-config]$ # ... or just see nixpkgs/nixos/lib/test-driver/test-driver.py

[asmadeus@odin:~/nixos-config]$ # Also live debugging is possible (debug is an argument of robinhood.nix)

[asmadeus@odin:~/nixos-config]$ nix-build tests/robinhood.nix -A driver --arg debug true
...
building '/nix/store/123cyd858qw57c7jssvsj9szw3j2c668-nixos-system-machine-20.03.1942.6d68b920eb2.drv'...
building '/nix/store/bar4qh39hbd8z3gimq7d755caqs5gzb9-closure-info.drv'...
building '/nix/store/gdrg92di9v4p2kxi3abf0pryvf0gf8yx-run-nixos-vm.drv'...
building '/nix/store/aj8diz8d0zbr21qnvxyhy5ikcp8lhaav-nixos-vm.drv'...
building '/nix/store/fha8jwzwvz7f3ybmkp4l4y643b24mlal-nixos-test-driver-unnamed.drv'...
All done! ✨ 🍰 ✨
1 file would be left unchanged.
/nix/store/h4lysj0dyg0kbqjx4ab1zqdz71j7262z-nixos-test-driver-unnamed

[asmadeus@odin:~/nixos-config]$ ./result/bin/nixos-test-driver 
starting VDE switch for network 1
>>> start_all() 
...
machine # [   11.084414] dhcpcd[814]: eth0: adding address fec0::5054:ff:fe12:3456/64
machine # [   11.086141] dhcpcd[814]: eth0: adding route to fec0::/64
machine # [   11.088383] dhcpcd[814]: eth0: adding default route via fe80::2
>>> machine.forward_port(2222, 22)
machine: sending monitor command: hostfwd_add tcp::2222-:22
>>>
...(another shell)
[asmadeus@odin:~/nixos-config]$ ssh -oUserKnownHostsFile=/dev/null -oStrictHostKeyChecking=no -p 2222 localhost

[asmadeus@machine:~]$ ... do stuff

>>> print(machine.succeed("echo test"))  
machine: must succeed: echo test
machine: waiting for the VM to finish booting
machine: connected to guest root shell
machine: (connecting took 0.00 seconds)
(0.00 seconds)
(0.00 seconds)
test

>>> ^D
test script finished in 353.93s
cleaning up
killing machine (pid 16650)
(0.00 seconds)

[asmadeus@odin:~/nixos-config]$ # can also run multiple VMs just as easily

[asmadeus@odin:~/nixos-config]$ bat tests/robinhood-mongo.nix

───────┬────────────────────────────────────────────────────────────────────────
       │ File: tests/robinhood-mongo.nix
───────┼────────────────────────────────────────────────────────────────────────
   1   │ { system ? builtins.currentSystem,
   2   │   config ? {},
   3   │   overlays ? import ../overlays.nix,
   4   │   pkgs ? import <nixpkgs> { inherit system config overlays; },
   5   │   debug ? false,
   6   │ }:
   7   │ 
   8   │ with pkgs.lib;
   9   │ 
  10   │ let
  11   │   commonConfig = {
  12   │       # build-vm does not pass pkgs to eval-config, so override it
  13   │       # to preevent reevaluation and inherit overlays
  14   │       # see https://github.com/NixOS/nixpkgs/issues/65690
  15   │       nixpkgs.pkgs = mkDefault pkgs;
  16   │ 
  17   │       documentation.enable = false;
  18   │   };
  19   │ 
  20   │   # To debug the VM:
  21   │   # $ nix-build tests/xxx.nix -A driver --arg debug true
  22   │   # $ ./result/bin/nixos-test-driver
  23   │   # > start_all()
  24   │   # > machine.forward_port(2222, 22)
  25   │   # $ ssh -oUserKnownHostsFile=/dev/null -oStrictHostKeyChecking=no -p 2222 localhost
  26   │   debugusers = import ../profiles/users.nix { inherit config; };
  27   │   debugConfig = mkIf debug {
  28   │     services.openssh.enable = debug;
  29   │     users.extraUsers = debugusers.users.extraUsers // {
  30   │       root.password = mkForce "";
  31   │     };
  32   │   };
  33   │ 
  34   │   extraConfigurations = [ commonConfig debugConfig ];
  35   │ 
  36   │   nixosTesting = import (pkgs.path + "/nixos/lib/testing-python.nix") {
  37   │     inherit system pkgs extraConfigurations;
  38   │   };
  39   │ 
  40   │ in nixosTesting.makeTest {
  41   │   nodes = {
  42   │     mongo = { pkgs, ... }: {
  43   │       services.mongodb.enable = true;
  44   │       services.mongodb.bind_ip = "0.0.0.0";
  45   │       networking.firewall.allowedTCPPorts = [ 27017 ];
  46   │     };
  47   │     client = { pkgs, ... }: {
  48   │       environment.systemPackages = with pkgs; [ rbh-find rbh-sync ];
  49   │     };
  50   │   };
  51   │ 
  52   │   testScript = ''
  53   │     start_all()
  54   │     client.wait_for_unit("multi-user.target")
  55   │     mongo.wait_for_unit("mongodb.service")
  56   │     
  57   │     client.succeed("mkdir -p /tmp/test/a && touch /tmp/test/{a/b,c}")
  58   │     client.succeed("rbh-sync rbh:posix:/tmp/test rbh:mongo:test")
  59   │     print(client.succeed("rbh-find rbh:mongo:test"))
  60   │   '';
  61   │ }
───────┴────────────────────────────────────────────────────────────────────────

Problems

Since nothing is perfect, a few shortcomings:

No agreed canonical way of managing secrets. The most common way of doing appears to be nixops... There also are tentative PRs with in-store encryption or similar mechanisms.
Fully blown programming language: many ways of doing the same thing. This can lead to more complex than necessary configurations
A lot of documentation but not always clear to newcomers...

Resources

http://cgit.notk.org/asmadeus/nixos-config.git/
nix language documentation: https://nixos.org/nix/manual/#chap-writing-nix-expressions
search options online (more friendly version of man configuration.nix): https://nixos.org/nixos/options.html
nixos tests documentation: https://nixos.org/nixos/manual/index.html#sec-writing-nixos-tests
https://github.com/direnv/direnv/wiki/Nix
https://github.com/target/lorri/
https://status.nixos.org/

Contents