573

# build python nix shell from a local `./requirements.txt`
mkdir ./env
cat > ./env/flake.nix << 'EOF'
{
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
    flake-utils.url = "github:numtide/flake-utils";
    poetry2nix = {
      url = "github:nix-community/poetry2nix";
      inputs.nixpkgs.follows = "nixpkgs";

573

I've spent the day trying to get this setup working with GitHub and given the number of gotcha's I encountered, it seemed like a good idea to document how I finally got this working with as few hacks as possible. There's a lot of documentation out there (some of it old and misleading) and committing here for posterity will help me remember this when I inevitably need to do this again.

Rationale

Passwords are simply not enough these days. Regardless of the company, breaches (and the associated Personally Identifiable Information harvested) are a matter of not if, but when. There are a number of things you can do to protect yourself, but being on the tin-foil-hat side of paranoia, means there are a few Commandents that I adhere to (and recommend for other folks)[Insert link to Fight Club Rules for the Secure Internet].

That being said, if you use 2-factor authentication and have committed to using a hardware token such as the Yubikey, then you're already ahead of the curve. The problem is that wh

573

Setup full disk encryption on a Hetzner cloud CX42 machine. No fancy SSH unlock: you have to go to their web based terminal to enter the disk password on boot.

Notes:

• Their web based terminal is /weird/. You can paste things, but it looks like it's set up for a german keyboard, and many characters change ("http://" into "http;//"), sometimes it converts everything to lowercase after a while, sometimes it enters some capslocks mode. I ended up typing as much as possible by hand, and only use alphanumeric passphrases so there are no surprises when copy-pasting those.
• The (qemu) virtual machine doesn't use EFI, but Legacy Boot. Most setup instructions I found are for EFI systems.

there we go

• In the Hetzner UI click the server in the list, go to tab [ISO Images], search for "nix", and mount "NixOS 24.05 (x86_64/minimal)"
• Reboot, and open the terminal. (the's a button on the top with [>_], which is a shortcut for the terminal)

573

The Setup

I wanted to write a module that generates multiple systemd services and timers to scrub some zfs pools at certain intervals. The default scrub config does not support individual scrub intervals for each pool.

I want the config to look like this:

{
  services.zfs-auto-scrub = {
 tank = "Sat *-*-* 00:00:00";

573

let
  nixbuildDomain = "eu.nixbuild.net";
  nixbuildKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPIQCZc54poJ8vqawd8TraNryQeJnvH1eLpIDgbiqymM";
  nixbuildPlatforms = [ "x86_64-linux" "aarch64-linux" ];
  nixbuildFeatures = [ "big-parallel" "benchmark" "kvm" "nixos-test" ];
  nixbuildSSH = ''
    Host eu.nixbuild.net
      PubkeyAcceptedKeyTypes ssh-ed25519
      ServerAliveInterval 60
      IPQoS throughput

573

Getting started with the Nix ecosystem

What is this article about?

When I first started to learn how to use NixOS, the Nix package manager, and how to work with the Nix language, I was overwhelmed. While it did not take me too long to (sort of) get into it, it was not the most pleasant experience. I would say that there is not really a single source of truth, like Arch Linux users have with the ArchWiki, where you can basically look up everything. Instead, the information is spread across many different sources, which can make it difficult for beginners to find out how to do what they want to do.

The "modern nix CLI", also known as "nix3 cli", is another thing that can cause confusion when you are just starting your nix journey. There are some commands that look almost exactly the same, such as nix shell compared to nix-shell or nix-build compa

573

tags
Android Android Things

Set the NTP server of your android device

573

package xyz.faber;

import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.PropertyNamingStrategy;
import com.fasterxml.jackson.databind.cfg.MapperConfig;
import com.fasterxml.jackson.databind.introspect.AnnotatedField;
import com.fasterxml.jackson.databind.introspect.AnnotatedMethod;
import com.fasterxml.jackson.databind.introspect.AnnotatedParameter;
import org.junit.Test;

573

# /etc/nixos/configuration.nix
{ config, pkgs, ... }:

{
  imports =
    [ 
      ./hardware-configuration.nix
    ];

  boot.loader.systemd-boot.enable = true;

573

{
  description = "A nixos cloudinit base image without nixos-infect";

  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs";
  };

  outputs = { self, nixpkgs }:
  let
    system = "x86_64-linux";