After more than a year later, I've moved back to NixOS on bare-metal.
WSL is fine and all, but it has enough warts that get really annoying,
especially as a Java developer.
I'll just say it right here. The 'fonts.fonts' thing really bugged me
when I started out with NixOS and still annoyed me after. Its nice to
see it made nicer, even if just for posterity.
Calibre-ewb, while pretty, does not come with a book reader, and so
requires to download the damn book.
That also means it does not sync my status between devices, and defeats
majority of the purpose of running the server <facepalm>. So, remove it
entirely and switch to built-in calibre-server instead.
VictoriaMetrics is known to be less resource intensive compared to
prometheus.
Prometheus' node_exporter is still used to scrape data from systemd,
because it is very good, but entire Prometheus scraper and data storage
is no longer necessary. The complete Node Exporter Full dashboard is
also very nice to look at :)
Now that SMTP is working, Dex does not serve a good purpose any longer.
It might be somehting I'll think of in future, but the complexity of
credential management for little benefit is something I'm not up for
right now.
- Enable acme
- Enable certbot with bare settings
- add and force SSL for bebop subdomain
- enable acme for subdomain
- move music to root for now (to make sure it works)
titan and lapetus are first of two new Raspberry Pi Zero Ws.
While quite anemic and decidedly incapable of running modern NixOS, they
still run Debian well enough, and are still full computers in their own
right.
So they get hostnames, the first of two moons in solar system, starting
from Saturn (should last a while :p), by ascending order of their year
of discovery. After Saturn, it'll be Jupyter, Uranus, Neptune, and then
back inwards starting from Mars. Luna will be last (if we ever manage to
get that far :p)
Ideally this should be split into separate packages, but we'll see. This
commit enables two services for bebop:
- outline (getoutline.com)
A personal notion.so - like note-taking and knowledge base.
I do like and prefer org-mode, but this is nicer looking and useful
for gen-pop.
- paperless
To store all documents in PDF format plus automatically OCR them and
query the OCR'ed text.
shell history backed by sqlite database and spruced up with colorful
interface.
It is a direct replacement for fzf in that regard, and seems to work
quite well, albeit does not interact with fzf satisfactorily. So this is
an experiment to see how it goes.
It also provides syncing of shell history, with end-to-end encryption,
so that's something I'm looking forward to. Let's see how it goes.
I'm not sure whether the passwordless sudo is required, but I'm too
tired to test right now. Anyway, this works.
Also unsure on the statelessness of deploy-rs, but again, its simple
enough, didn't require changing anything else much and it works.
Perhaps some day, I'll see about trying out colmena for deploying
secrets, but until then, agenix is good enough for my needs.
Right now this fails, because what I assume is a failure with emulation
in WSL, but otherwise I'm linking the overall approach of reusing the
preconfigured nixOSConfigurations in the same flake, as well as
lightweight burden of configuration. Doesn't hurt that it is written in
Rust rather than Python.
Although aliases are enabled, I could not figure out a way to get them
to work with my current shell. I think this is because while
home-manager is trying to set aliases, they are set and controlled by
NixOS config, which doesn't have such option for fzf. I'll need to find
a way to set Fish as default shell via home-manager, but right now that
way does not work because home-manager cannot set fish plugins by using
nixpkgs derivation for it directly. :(
On NixOS the full path of binaries is long, obscures the flags/options given,
and is not very useful, since the nix store and hash are quite meaningless.
As such, it makes sense on NixOS to hide the full path of the program.
As for how to find the actual variable names for htop config, this file is
useful:
40104588f3/Settings.c
Its support is very experimental upstream and things break. For e.g. user-level
services just don't work, and have no way to know/fix it. NixOS-WSL maintainer
is not very keen on working around that because of complexity and because
upstream is better place to fix it. As such, and on his advice, its better to
stick to the original state of affairs.
By removing minimal.nix config.noXlib is not set, and includes some other
packages per matrix answer.
But it will allow gtk to build and the rest of the system can now be updated.
After bit of investigation across doom and package wiki and source code, bit
more googling to see why the flags were missing, turns out the font package was
missing from NixOS.
all-the-icons package in emacs closure is not strictly necessary, as doom is
expected to download it automatically, but I'll probably always have it, so its
a safe bet to keep both in sync.
The LSP setup was bit more involved than expected, but it works.
- Create environment variable with ls package path.
- Do this globally because Fish is not yet managed by home-manager
- Use the variable to get package path in Emacs (configured in Doom Emacs
config)
Currently the Elixir stuff is installed globally but this can work as far as I
can see. I might have to synchronise between project and system flake
occasionally, but I think it will be manageable for a while.
I have not used these in a while. I also switched back to Fira Code today, and
it looks a lot better on HiDPI display with larger size compared to 1080p
display.
Julia Mono also wasn't being very helpful with the emojis, so its intended
purpose was not being served anyway.
While I can setup dhcp with bridged networking on WSL, it won't be as friction
free. I'll have to setup a bridged adapter with same name in Hyper-V and then
the imperative state starts accumulating again.
Not fun.
I might have hardcoded hotsts file, which would have had been alright with my
threat model, but I realised only reason I want my DNS is privacy and
ad-blocking. But since neither browser nor any nefarious applications (at least
I hope not) run from within the VM, oit doesn't make sense.
Now the only thing remaining about this is that broken scrobbling in navidrome.
In that case, oh well.. not like all the client applications are fun, so might
as well live with it.
By default WSL generates the hosts file, but since NixOS can do its job, its
better to let it. Previous hosts file must be deleted first for this to take
effect.
resolv.conf generation via NixOS is currently disabled, but I might just do it.
DHCP is disabled so I'm not sure what else needs to be applied, but we'll see.
THe systemd Unit for navidrome in nixpkgs is too overzealous in permission
denials.
It blocks homedir access by default (which I believe is dumb), so if MusicFolder
and DataFolder are anywhere inside homedir, they are not available to service at
runtime.
MusicFolder can be read-only, but DataFolder must be write-able.
This change also force sets user and group. I'm not sure that is necessary, but
since DynamicUser is true, I might just get it over with.
Not that it is working.. I suspect it is another victim of overzealous systemd
unit configuration in Nixpkgs. Anyway I opened a bug report for it on navidrome
repo, probably have some response in next few weeks.
Because WSL is ridden with bugs, I'm going to try running my Music over a
server.
This also provides opportunity to finally unify and start making proper
playlists that will stick.