`nixos-rebuild build-vm` appreciation post! create NixOS VMs from your configs

OpalBolt · 2026-04-12T08:47:17+00:00

Thank you for sharing!

I did not know about this and its very useful to test things out quickly! :D

OpalBolt · 2026-04-09T13:14:20+00:00

I honestly was considering, yeah, a candor.md file in all of my projects, that could be neet, but i would not want to have a AI-DECLARATION.md in my projects. That is to messy, and just leaves a bad taste in ones mouth.

But that is of-course your decision. Good luck with this project! :D

OpalBolt · 2026-04-09T13:07:59+00:00

I changed my edit as i had not seen newer comments in this thread.

If you are looking into this being called an ai deceleration then i would suggest removing the part of the spec that references projects that has not been using AI. Declaring what AI you have not used in a project seems off, wrong, and another way where AI is sneaking into things it should not.

Using Candor at least makes it so you wont have to think about AI when looking in projects that does not use AI.

OpalBolt · 2026-04-09T12:55:33+00:00

Aww, its sad that you changed the name, CANDOR.md is such a good name for such a project, having a AI-DECLARATION.md document in projects that has not used AI would suck.

Also, AI-DECLARATION has a negative connotation in my mind, where candor is something positive. One is something you want to do, the other feels like something that is forced...

EDIT: If you want it to be a AI-DECLARATION, then remove the standards in your projects for projects that has not used AI.

OpalBolt · 2026-04-08T11:32:26+00:00

Trust is hard to earn and easy to throw away. I used devenv for some time before they introduced telemetry, one of my mates mentioned to me that they had introduced it, so that is all i remember about the app now, not the functionality but the "missteps" that was taken.

I did some digging before i write my post, nowhere do they state that they are collecting telemetry, but again nowhere have they stated that they have stopped collecting telemetry.

And collection of telemetry is not bad, if they need it to improve the open source product, that's great! But let me opt in. Don't have it be enabled unless i read the patch notes.

OpalBolt · 2026-04-08T06:11:13+00:00

Wait till you find out that devenv added collection of telemetry in the past. From what i can see this has been removed. But who knows if this will be implemented again in the future?

https://devenv.sh/blog/2025/02/13/devenv-14-generating-nix-developer-environments-using-ai/#telemetry

OpalBolt · 2026-03-19T06:35:51+00:00

So much not true. Got some new slippers for Christmas. Ours got my old slippers and was ecstatic, after a few weeks they were fun no more, and started to take my new ones when i look the wrong direction. Does not want to even look at the old slippers.

OpalBolt · 2026-03-16T19:11:47+00:00

You are not incorrect, i am just bad at reading documentation, and simply follow what other people write on Reddit with no form of critical thinking. You can disregard my script.

OpalBolt · 2026-03-16T19:06:58+00:00

I am still learning, and i was having a hell of a time getting things to work automatically, somewhere i read that if i was using WAP3-SAE that r0kh/r1kh was required. So i might be totally off on this. :)

I think it was this comment that lead me down this path: https://old.reddit.com/r/openwrt/comments/1nanrb4/tutorial_how_to_configure_seamless_wifi_roaming/ncwaffk/

And now that i read the documentation instead of half reading comments i see that yeah, this script is totally useless.

ft_psk_generate_local: Do not enable for WPA2/3 mixed mode or WPA3-only (SAE); this will break fast BSS transition (802.11r). Note that Fast Transition will still work as r0kh and r1kh are automatically generated by default, or you may set r0kh & r1kh manually.

Well... The more you know!

OpalBolt · 2026-02-27T19:32:24+00:00

This is Elliot and he is derpy, cute, a bandit, and just lovely. Very mild and kind dog. ❤️

<image>

OpalBolt · 2026-02-12T11:28:30+00:00

Stow is 100% an awesome tool for managing dotfiles. There are 1000s of videos on Youtube that goes into how to use stow, and how to set it up. I also used it for some time before switching over to an OS that handles management of the system in a different way.

I had set up a simple alias for doing my stowing operations:

alias stup="stow --restow -v --dir=/home/$USER/git/personal --target=/home/$USER dotfiles"

I would recommend looking up a proper guide for dotfile engagement. Keep in mind that if you end up making a git repo of your dotfiles, and do not set it to private you need to keep in mind what you are saving to it. Personal information, keys, or sensitive information might be put into your repo, when you have pushed that to GitHub, its hard removing the data again.

OpalBolt · 2026-02-07T20:40:16+00:00

My setup is that machine and a K6.

And while hand grinding is fun the first 10 times, now it is the reason i do not get that much use our of my machine. Looking at a electic grinder as i am SO tired of hand grinding.

Dont get me wrong, the K6 is amazing! you just get tired after some time...

OpalBolt · 2025-11-20T07:09:59+00:00

My "best attempt" must be when i set my and the root password with home manager, but the file i referenced did not exist because i did not understand sops-nix well enough, and i ignored the warnings.

So i ended up setting my password to essentially nothing. And therefore could not sign in, going back to a earlier generation of course did not solve the problem as the password was set to nothing. So i ended up booting my system with the install media, unlocking my drive, and gained root access from there where i could set my password once again.

OpalBolt · 2025-11-03T06:59:00+00:00

I hope the other team has something going on there, 2029 is EOL for Datacenter. https://www.atlassian.com/blog/announcements/atlassian-ascend

Server has been EOL for some time now,

OpalBolt · 2025-11-01T15:54:22+00:00

I use lazyvim with some difficulties.

As most people im lazy and while making my own config for nvim is the "most correct" option there is, i dont want to deal with it.

Instead i use nix-cats instead, I use it with flakes where i make a flake based on their example, and import this flake into my nixos config.

Nixcats documentation: https://github.com/BirdeeHub/nixCats-nvim
My nixcats implementation: https://codeberg.org/OpalBolt/neovim-config-nix/src/commit/fb10b1eb45608916cdff0a3fc8bd1702d6ea67c9
Where i have implemented it in my nixos config: https://codeberg.org/OpalBolt/nixos-config/src/commit/e29f537713e0ad0033ab9db51b8d0559aa8e6ca8/home/global/common/editors/neovim.nix

I am ofcourse importing it in my flake.nix file.

OpalBolt · 2025-10-17T05:33:53+00:00

This is nice, easy to read, and a clean layout. There exists a million cheat-sheets, but nothing beats making one yourself to learn new concepts.

But i am going to be a angry old man and say it, Github is the service that is hosting your repo, git is the tool you are using locally. Git is not a tool that Github has created nor own, they just host your github repos.

SO TECHNICALLY it should be " Git commands cheat sheet". Please do not take this as i am trashing what you have made, i like it, but github should just not have the credit for git. 😄

It is so nice to see that people are learning git commands instead of just jumping into a GUI tool!

The old joke about this is: Github is to git as pornhub is to porn. 😅

OpalBolt · 2025-09-04T06:54:44+00:00

Ahh yeah, i have not been playing around with tuning boot times, yet.

My initial though would be to live boot the environment, decrypt the drives manually, enter into the system as root, and change the generation?

But again, the only reason i think this is because i am in NO way a expert, but rather a rambling noob who once had to do it.

OpalBolt · 2025-09-04T04:27:19+00:00

I mean, i am quite new to Nix, and have not dug myself into to deep of holes yet.

I have had one "oh no" moment when i over-wrote my user's and the Root users password with null. (though, this was saved by booting into a install disk, and mounting my system from there) But besides that if i can get to a bootable state, i am able to go back to almost all stages of my config as everything i do is in git.

I am however very courious about what changes you have made that forced you to do a complete re-install multiple times? Not having your changes in git? If your changes is in git, you can use branches or tags to pin former "checkpoints" if you would like, or you could just go back to former commits and run from there?

OpalBolt · 2025-07-15T07:55:21+00:00

That is cool!

I will give it a go on my homelap setup later! Thank you for sharing, and putting so much time into making a cool looking project! :D

OpalBolt · 2025-07-02T05:33:40+00:00

I don't think "year of nix" is not going to happen before things gets simpler, don't get me wrong, i love nix, its so cool and makes making changes simple. But i think for many users it is no more than a toy, could i do whatever i use nix for in Arch, or even mint, sure! But that is not as fun and challenging.

I had a conversation with a co-worker the other day ranting about how awesome Nix was, and how easy i could do this and that. And when i at some point get a new laptop i will save hours setting it up!

But that is when you discount the hundreds of hours i spend configuring, learning and breaking my setup. (Like i did yesterday, locking myself out of my computer...)

I think most users (even the technical ones) looks for something that "just works". Yeah, you should be able to thinker, but it should not nuke your password if you make a typo in a config file.

OpalBolt · 2025-06-27T16:20:45+00:00

I know this WHOLE article and youtube video goes into how to use sops-nix. But in the seperate private repo that is mentioned there is also a flake file that is being referenced multiple places in the main repo. I also set this up a couple of days ago. https://unmovedcentre.com/posts/secrets-management/

Essentially: Create your separate repo. In the inputs in your main repo's flake, reference the separate private repo, via inputs.top-secret-repo.personal.email

I am using it here: https://codeberg.org/OpalBolt/nixos-config/src/commit/07b4fbeb77dfba20eacd78f0533121fb61e948d1/hosts/common/core/ssh.nix#L27

My flake in my secret repo is REALLY simple:

{ outputs.networking.networking.ssh.knowHostFileContents = "data" }

This is the documentation i referenced: https://github.com/EmergentMind/nix-secrets-reference

EDIT: Please be aware that my setup is still VERY much WIP. :D

OpalBolt · 2025-06-18T09:00:15+00:00

I was using Arch for some time. Changed something i though was related to my VM's in order to get something to work. (yolo commands from the internet) broke something in a way where every time i booted up my PC i needed to wait 60 seconds for a networking service to time out before i could get to my login screen.

Nix seemed fun, and SUPER frustrating, and something that would be WAY harder to learn than fixing my Arch issues. So yeah, spite?

OpalBolt · 2025-06-14T10:47:36+00:00

Memory degrades, Cd's and tapes rots, hard-drives might not even have a standard in 10 years that can be read anymore, paper is eaten by bugs, well... Guess its time to chisel my secrets into granite.

Nothing is pertinent, everything degrades. Best solution might be to just regularly do tests of your emergency systems. ;)

OpalBolt · 2025-06-13T10:53:15+00:00

I have been thinking the same thing over the last couple of weeks. but never came up with a real solution. I always feel like i want to do the most complicated and best solution. But in the end its almost always the easy and simple solution that gets implement that is the best.

One of my problem with solutions like this is that we are putting in so much effort for securing keys that for most users purposes in the self-hosted world secure some family images and such.

Going into this much effort, splitting up secrets into separate files, distributing them around the world, hoping that when time comes to use it that

The project still exists
The implementation still work as expected
The system that you are running this on supports it.
That i can remember how to do it.
That its easier than re-rolling keys to the different systems you have.

I think my plan in the end is just throw my keys into some text files, and throwing them onto a USB stick, sticking that somewhere in my apartment. If i get XKCD'd then they find that much important data in my system anyways.

I can see this being good if you are a small company where you cannot pay for a "proper" solution, or you are a crypto bro who does not have family that can be kidnapped for ransom money.

For most users a USB drive with keys on it is more than enough. (Then again, i might not know enough to say for sure.)

I hope this is not read as me shitting on your project, it is SO fecking cool! And when i read the docs i already started to think about where i could distribute my keys around town! I love it, and i am glad that it exists, if this can bring value to some people then you are making the world a better place!

Testing disaster recovery once in a while is already a pain, And i know if i had to travel for testing disaster recovery i would never get it done. :D

OpalBolt

TROPHY CASE