Dominic's Dev Diary Nix exploration - TheEvergreenStateCollege/upper-division-cs-23-24 GitHub Wiki

I was attempting to continue rustlings on my PC instead of my laptop and decided to try to use the nix flake instead. However, it doesn't seem to be working. Giving this error if you do nix develop image

and this if you use nix-shell

image

Now is this me using it wrong or is this the flake file being done wrong. I do not know yet. But, as I want to explore nix and have done some already this seemed like a good time to start documenting that process.

rustlings says this for context image

So we can clearly see that something has changed sense then. I assume, by these error message (more or less) matching that rustlings updated and the flake file wasn't changed. So, lets see if we can look at the flake file to see what we can do.

While I do not know what clap is, its clear that it needs rustc (the rust compiler) version 1.74 instead of 1.72 is what this flake is aware of. So, lets see where the flake gets its rustc from.

In the flake we see image Were defining devShell from things within pkgs.mkShell.

this line of:

buildInputs = with pkgs; [ #this
  cargo
  rustc
  rust-analyzer
  rustlings
  rustfmt
  clippy
] ++ cargoBuildInputs;

means all of these things after start with pkgs. (I think) so cargo rustc and all that jazz. comes from pkgs. so where is pkgs defined?

image Here we can see that pkgs is some sub component of nixpkgs which seems to be created from this: image Ok. so.. what does that mean?

Donno yet. this is clearly apart of the nixpkgs repo but this bit of legacy is concerning. I think that means it needs to use something that is old. So lets see how we can edit this.

OK, so, using nix repl ./ we can load a nix file in our current directory if we then go devshell. we get to see all the things we can build for. I am on x86 linux so im going to look there. and if we look at build inputs we can see this: image

So we can see we have the version rustc-1.72.0. Great, I mean, we knew that but now we know for sure.

At this point. You dear reader may have noticed nix is a bit like quantum physics in that it sorta does a super position thing until it collapses. Which is cool, but confusing.

after doing some searching, it seems that the most up to date version of rustc is 1.73 inside of nixpkgs. SO, thats a problem..

In my previous nix config for WASM, I was using fenix, fe as in iron, nix as in.. you get it. But that is updated nightly. That is the big appeal. So, I might need to convert this to use fenix, which.. is going to be a lot of work. sigh

It also might be possible to tell nix to use an old version of clap, the thing that is failing to build.

further inspecting the rustlings repo, this was fixed already! Interestingly. all just by changing the .lock file. soo. I need to figure out what that means.

SO. getting back to this. Rustlings moved forward and the flake,lock wasn't updated. All one needed to do was tell nix to force it to update. But this should be used sparingly as it could destroy reproducibility. So useful but dangerous.

OK, Today were going to start exploring a nix config for a series of servers. These nix files include hashed passwords and credentials. Were going to explore how it does that safely.

Lets start by looking at the repos root image

Were going to care a lot about this folder labeled secrets but we need to start by looking at its root flake, if you will.

In inputs for the base nix flake. we have a few things. The first two are different nixpkgs. The next two are two different niche fixes that are more or less self explained. image

image Here we have rage (rust age) and age two versions of age. an encription algorithm

Lets talk about Follows. Follows means that this particular "instantiation" uses this particular instance of something, in this case, nixpkgs, instead of trying to use its own.

Some other fun things. Nix is immutable. so, we have all these big things like this line: image This syntax {self, ...} is a set, that contains self. if the splat ... was not there, then it would be exclusively the set that contains self. What is self? great question. Self is from flakes specifically.

Self basically exists like this:

let 
  flake = import ./flake.nix;
  result = flake.outputs (flake.inputs // { self=result; });
in
  result

Self is then our inputs combined with the result of outputs. Set theory is fun. ( // means concatenate these two sets )

Alright, lets see what and where age and rage are being used. While rage doesnt seem to be used in this file (ill need to ask Nina about that) age is used within the outputs function and it looks a little like this image So lets see what these repos say about set up.

In agenix. We have this little sliver of info image This last bit is really interesting. It kinda sounds scarry on paper. I wasnt sure what that means. But after a little more research, what it's actually saying is that its using ssh keys to gain permission to other keys that the server in question needs.

its worth mentioning that this repository, is not just a nix config for one server. Its a config for A series of servers, and Nina's personal computer, all in one repo. Its user settings and tools that need to be put onto systems. The scope of this repo is wide and a bit cumbersome but very flexible.

From agenix-rekey we can see that is for making it so secrets.nix isn't needing to manually maintained. Ideal for something set and forget like nix wants to be. It automatically re-encrypts secrets if they change. You then have a master key to decrypt all secrets.

⚠️ **GitHub.com Fallback** ⚠️