千万别用 NixOS
让人一眼就爱上的,一定是特征鲜明的东西。
- 声明式配置
- 零污染环境隔离
- 原子更新
- 零依赖地狱
- FHS Free
这些特性,注定了 NixOS 与其他的 linux 发行版都不一样。我看到了 Pyenv + pipenv + docker + docker-compose 的影子,一个无比适合工程师的开发者系统。
如果你经历过被 pkg 的循环依赖冲突支配的恐惧,多版本/多项目并行开发时的环境污染,且永远不知道哪次 desktop-environment 重启后,系统就无法正常启动的尴尬。你就懂我在说什么。
更新系统
NixOS 更新系统很简单,只需要三步。
修改配置文件
安装卸载软件完全由配置文件 configuration.nix 的声明决定,根据需求修改文件内容完成功能配置或软件安装卸载。
[yangshaohong@wipha:~/]$ vim configuration.nix# Edit this configuration file to define what should be installed on# your system. Help is available in the configuration.nix(5) man page# and in the NixOS manual (accessible by running ‘nixos-help’).
{ config, pkgs, lib, ... }:
{ imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ];
# Bootloader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "wipha"; # Define your hostname. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Configure network proxy if necessary networking.proxy.default = "http://127.0.0.1:7897/"; networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
networking.proxy.httpProxy = "http://127.0.0.1:7897"; networking.proxy.httpsProxy = "http://127.0.0.1:7897";
# Enable networking networking.networkmanager.enable = true;
# Set your time zone. time.timeZone = "Asia/Hong_Kong";
# Select internationalisation properties. i18n.defaultLocale = "zh_CN.UTF-8"; i18n.inputMethod = { enable = true; type = "ibus"; ibus.engines = with pkgs.ibus-engines; [ rime pinyin libpinyin ]; };
services.xserver.enable = true;
# Enable the GNOME Desktop Environment. services.xserver.displayManager.gdm.enable = true; services.xserver.desktopManager.gnome.enable = true; services.xserver.desktopManager.gnome.extraGSettingsOverrides = '' [org.gnome.mutter] experimental-features=['scale-monitor-framebuffer', 'xwayland-native-scaling'] '';
environment.sessionVariables = { NIXOS_OZONE_WL = "1"; };
# Configure keymap in X11 services.xserver.xkb = { layout = "cn"; variant = ""; };
services.forgejo = { enable = true;
stateDir = "/home/forgejo/data";
settings = { server = { HTTP_ADDR = "0.0.0.0"; HTTP_PORT = 3000; DOMAIN = "localhost"; ROOT_URL = "http://127.0.0.1:3000/"; }; database = { DB_TYPE = "sqlite3"; }; }; };
systemd.services.forgejo.serviceConfig = { ProtectHome = lib.mkForce false; ReadWritePaths = [ "/home/forgejo/data" ]; };
systemd.tmpfiles.rules = [ "d /home/forgejo/data 0750 forgejo forgejo - -" ];
# services.nginx.virtualHosts."git.local" = { # locations."/".proxyPass = "http://127.0.0.1:3000"; # };
# Enable CUPS to print documents. services.printing.enable = true;
# Enable sound with pipewire. services.pulseaudio.enable = false; security.rtkit.enable = true; services.pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; # If you want to use JACK applications, uncomment this #jack.enable = true;
# use the example session manager (no others are packaged yet so this is enabled by default, # no need to redefine it in your config for now) #media-session.enable = true; };
# Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with ‘passwd’. users.users.yangshaohong = { isNormalUser = true; description = "yangshaohong"; extraGroups = [ "networkmanager" "wheel" ]; packages = with pkgs; [ # thunderbird ]; };
# Install firefox. programs.firefox.enable = true;
# Allow unfree packages nixpkgs.config.allowUnfree = true;
# List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ xfsprogs vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. wget gnome-tweaks gnome-shell-extensions gnomeExtensions.dash-to-dock gnomeExtensions.user-themes gnomeExtensions.unite gnomeExtensions.desktop-icons-ng-ding clash-verge-rev git code-cursor vscode neofetch kicad wechat-uos feishu wpsoffice-cn gimp kdePackages.kdenlive ffmpeg-full blender vlc xbindkeys xdotool xev koreader calibre aria2 freecad logseq xclip ];
# Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; # programs.gnupg.agent = { # enable = true; # enableSSHSupport = true; # };
# List services that you want to enable:
# Enable the OpenSSH daemon. services.openssh.enable = true; services.openssh.ports = [ 22 ]; # 启用系统的 SSH Agent # programs.ssh.startAgent = true;
# (可选) 如果你希望在每个 Shell 启动时自动尝试添加 Key environment.interactiveShellInit = '' if [ -z "$SSH_AUTH_SOCK" ]; then eval $(ssh-agent -s) fi # 注意:这会导致每次打开终端都询问密码,除非 Key 是无密码的 ssh-add ~/.ssh/id_ed25519_yangshaohong@bes 2>/dev/null ssh-add ~/.ssh/id_ed25519_yangshaohongit@github 2>/dev/null ssh-add ~/.ssh/id_ed25519_yangshaohong@lmde 2>/dev/null ssh-add ~/.ssh/id_ed25519_yangshaohong@local 2>/dev/null
'';
# Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ]; # Or disable the firewall altogether. # networking.firewall.enable = false;
networking.firewall = { enable = true; allowedTCPPorts = [ 3000 22 ]; # 允许 3000 端口 };
# This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "25.11"; # Did you read the comment?
fonts.packages = with pkgs; [ inter geist-font libertinus commit-mono noto-fonts noto-fonts-cjk-sans noto-fonts-color-emoji liberation_ttf fira-code fira-code-symbols sarasa-gothic corefonts ];
fonts.fontconfig = { enable = true; defaultFonts = { emoji = [ "Noto Color Emoji" ]; monospace = [ "CommitMono" "Sarasa Mono SC" "JetBrainsMono Nerd Font" ]; sansSerif = [ "Inter" "Sarasa Gothic SC" "Noto Sans CJK SC" ]; serif = [ "Inter" "Noto Serif CJK SC" ]; }; };
fileSystems."/home" = { device = "/dev/disk/by-uuid/0f1828c4-3d4d-4cf8-b0a7-d237de9f85d9"; fsType = "xfs"; options = [ "defaults" "noatime" ]; };
xdg.portal.enable = true; virtualisation.virtualbox.host.enable = true; virtualisation.virtualbox.host.enableExtensionPack = true; virtualisation.virtualbox.guest.enable = true; virtualisation.virtualbox.guest.dragAndDrop = true; users.extraGroups.vboxusers.members = [ "user-with-access-to-virtualbox" ];
}重新编译
重新编译和切换系统。
[yangshaohong@wipha:~/]$ nixos-rebuild switch重启
重启进入新系统。
[yangshaohong@wipha:~/]$ reboot一个全新的系统诞生了!
环境隔离
NixOS 实现开发环境隔离同样简单,只需要执行 nix-shell 指令切换。
[yangshaohong@wipha:~/]$ nix-shell出现这样的提示符,代表系统已经进入了独立的隔离环境,是不是与 pipenv 很像!
[nix-shell:~/]$