Blair’s Science Desk

26. Nixing everything

· Blair Fix

I’ve just finished a big revamp of my computer setup, so today I thought I’d run through what I’ve done. The backstory is that I’ve been a Linux user since 2011. Over the years, I’ve tried a variety of distributions (Ubuntu, Linux Mint, and Arch Linux), but lately I’ve settled on NixOS.

Last year, I wrote a deep dive about the philosophy behind Nix — how it cleverly solves the problem of managing a complex web of dependencies by organizing programs according to cryptographic hashes. On top of this hashing scheme, Nix provides a configuration language that allows you to manage your entire system in a single location. This configuration system is the main reason I use Nix.

There are two advantages of the Nix config system. First, it is reproducible. With your Nix config, you can take a new computer and reproduce a old setup in a few minutes. Magic! Second, the Nix config file is self documenting — it tells you what you’ve done to a system. This is crucial. Any system that runs for a long time inevitably builds up cruft — a hodgepodge of settings, tweaks, and add-ons that are sparsely documented. So when it comes time to update or replace the system, life is hellish. Not so with Nix, where every modification is (and must be) documented in the config file.

As with any new approach, Nix has a steep learning curve. But once you wrap your head around it, there’s no going back. Here’s a quick look at my current Nix set up.

My Nix laptop

My old Dell laptop is the place where I do most of my work — a clunky workhorse that I lug around everywhere. It was the first place I installed Nix. The configuration lives here.

Some highlights. As an R user, I was happy to discover that Nix can manage R packages, included the ones I’ve created for my own use. Nix can also manage Python libraries that would otherwise be installed with something like pip.

Again, the advantage here is reproducibility and self-documentation. I can take my Nix config to a new computer and have my R and Python libraries ready to go in a few minutes. And I can keep track of exactly what libraries I have installed.

My Nix server

My server started life a decade ago as a desktop computer that ran Plex. Over time, things snowballed, to the point that the machine now runs a buffet of web services. These include:

Most of these services run in Docker containers, so Nix is not strictly needed. That said, Nix makes it easy to install and manage Docker. My Nix server config lives here.

My recent project was getting Nix to manage the 30+ scheduled tasks that run on the server. Backing up a bit, the classic way to schedule tasks on Linux is to use the Cron utility, which dates back to the early days of Unix. Cron is simple to use, but frustrating to debug. If a scheduled task fails, you’re left scratching your head about what went wrong.

A more robust approach to scheduling is to use systemd timers. They take more work to implement, but the advantage is that everything is then logged by the systemd journal, allowing for easy debugging and management.

Upping the game further, Nix can manage systemd timers. The advantage here is that with Nix, you must declare the dependencies on which the timer depends. So if the timer runs a Python script, you’ve got to declare the Python dependency.

Now at first, this dependency listing is cumbersome, since you’ve got to remember all the dependencies that a scheduled job calls (some of which may not be obvious). Admittedly, this takes some debugging. But the advantage is that the Nix-managed timer is then completely portable. You can put it on any NixOS system, and the timer will self-install the dependencies that it needs to run. Very cool!

Returning to the various programs hosted on my server, a real game-changer is to have these services run over Tailscale — an easy to use VPN. I put all my family’s devices on Tailscale, which means they can access my self-hosted services anywhere.

My Nix Pi-hole

With the internet increasingly enshittified, having a good ad-blocker is a must. When in a browser, I use uBlock Origin. But how do you block all the adware tied to phone apps? For that, you need a Pi-hole — a nifty little program that provides network-wide ad blocking. My Nix Pi-hole setup lives here.

(The name ‘Pi-hole’ arose because the program was first designed to be installed on a Raspberry Pi. But today, you can run the program on any Linux computer. I run it on a UXX Mini PC.)

As with my server apps, I run my Pi-hole over Tailscale. That way, I can take my ad-free internet everywhere.

My daughter’s Nix setup

My daughter, age 9, has no idea that her computer runs Linux. I’d like to keep it that way. My goal is for her to grow up using only free software, blissfully unaware that there’s a whole other world of bloated crap. So far, my indoctrination project is working well :)

My daughter’s machine runs KDE Plasma, backed by a no-frills Nix config. The highlight is definitely the RetroArch install, where we play a bunch of old console games from my childhood. We’re currently working our way through The Legend of Zelda: A Link to the Past. My daughter does the ‘adventuring’ around Hyrule and I do the ‘boss killing’.

My Nix NAS

My latest project has been to wean myself off Dropbox by creating a NAS server that I’ll store at my parents’ place. The goal will be to have a self-hosted off-site backup of everything.

I’ve been thinking about making an off-site NAS for a while, but was prompted to action when my parents gave me an old desktop computer that couldn’t make the transition to Windows 11. A few new hard drives later, the thing is happily running NixOS and will serve as my off-site NAS. The configuration lives here.

Future projects

Looking to the future, I’m going to continue Nixifying everything. To date, my wife’s Surface laptop is the main holdout. Since the machine can’t run Windows 11, I’ve convinced her that we should put Linux on it when Windows 10 reaches end of life. My main task will be to replace Itunes (and the associated play lists) with free software. I’m sure nothing could go wrong.