Why?

Just dotfiles work for me, why go further? Having dotfiles on one machine is great, by trying to keep them in sync on multiple machines whilst also keeping them up to date is a pain. Instead of just declaring programing configuration in a dotfile, we declare the entire system in configuration files. Every progrem, every package, every running service. This way we have same experience on every machine, all we have to do is git pull and rebuild.

NixOs

NixOs is a Linux distribution that uses the Nix package manager. Nix is a purely functional package manager. This means that it treats packages like values in a functional programming language. This has some nice properties, like being able to roll back to previous versions of a package, or having multiple versions of a package installed at the same time.It is a very minimal distribution, which makes it very easy to configure. It is also very easy to reproduce a configuration on another machine, since the configuration is just a set of Nix expressions.

Nix Flakes

Nix flakes are a new feature in Nix that makes it easier to work with Nix projects. They are a way to define a Nix project in a single file, and to make it easy to share and reproduce the project. They are similar to Cargo workspaces in Rust, or to package.json in JavaScript. We can you use them to define our system configuration, and split it up into multiple files.

Basic Configuration

The configuration of NixOs is done in a file called configuration.nix. This file is a Nix expression that describes the system configuration. It is a declarative description of the system, which means that it describes what the system should look like, not how to get there. This makes it easy to reproduce the configuration on another machine, since all we have to do is copy the configuration file and run nixos-rebuild switch.

So we don't have to mess around with installing the right packages. If we declare that we want a package installed, Nix will make sure that it is installed. If we declare that we want a service running, Nix will make sure that it is running. This makes it very easy to keep the configuration up to date, aslong as there exists a package for it, we can install it. Luckily NixOs has the largest package repository of all Linux distributions, and has great support on the NixOs community.

My Configuration

I have my configuration on GitHub. It is setup using Nix flakes, the flake.nix file is here the entry point. For every host I have a separate host folder with hardware-configuration.nix and user-configuration.nix. The hardware-configuration.nix file describes the hardware of the machine, like the partitions and the boot loader. The user-configuration.nix describes special packages just for that machine. I for example don't need Steam on my work machine, but I do on my gaming machine.

Every host also has a user.nix here I enable different "modules" that I want to use. These modules are collection of configurations for a special program or service. For example I have a hacking module that install all the tool that I might need for a hacking session. The beaty of this is that I can just dislable the module and rebuild and all the packages are gone. No need to uninstall them manually.

Nix Shell

Nix shell is a tool that allows you to create an isolated environment for a project. It is similar to virtualenv in Python, or to npm in JavaScript. It allows you to install packages in a project-specific environment, without affecting the rest of the system. This is very useful when you are working on a project that has specific dependencies, or when you want to test a package without installing it system-wide. For example for a CTF you might want to try a specific tool like john but you don't want to install it system-wide or keep it after the CTF. Then we can just run nix-shell -p john and we have the tool available in the new shell. When we exit the shell the tool is gone (after a garbage collection).

Conclusion

NixOs might be a bit daunting at first, but once you get the hang of it, it is a very powerful tool. You never have to worry about keeping your system up to date or not having the right packages installed. Just having the nix-shell alone is for me already worth it. I can just spin up a new shell with the right packages in it. I would recommend everyone to at least try it out the package manager on their current system. And you might find yourself switching to NixOs in the future.