Skip to content

Latest commit

 

History

History
152 lines (111 loc) · 4.51 KB

dontreadme.md

File metadata and controls

152 lines (111 loc) · 4.51 KB
Raw

About

Things you can do but you shouldn't do on NixOS.

Caution

Don't tell anyone.

Configuration with TOML

NixOS Can be Configured with TOML:

# configuration.nix
imports = [
    (builtins.fromTOML (builtins.readFile ./config.toml))
]
# config.toml
[boot]
loader.systemd-boot.enable = true

[programs.git]
enable = true
lfs.enable = true

Misc

Possible to configure with others e.g. JSON: builtins.fromJSON (builtins.readFile ./config.json);. See configs directory.

Compiling with LTO and PGO

You can add advanced compiler flags to your stdenv with a configuration like this:

self: super: {
  stdenv = super.withCFlags ["-flto" "-funroll-loops" "-O3"] super.stdenv;
}

These flags will be applied to everything built with stdenv. However, PGO cannot be added to the entire system easily because it requires a different compilation procedure. A version of GCC built with PGO is available in pkgs.fastStdenv.

To handle packages that fail to build due to these compiler flags, use overrides to replace the inputs of derivations. For example:

self: super: {
  stdenv = super.withCFlags ["-flto" "-funroll-loops" "-O3"] super.stdenv;

  coreutils = super.coreutils.override {stdenv = super.stdenv;};
}

For PGO, refer to this example. You can also look at the Firefox derivation to see how to implement LTO.

For LTO in the kernel, see this example.

Misconceptions

  • LTO (Link Time Optimization) does not affect reproducibility but requires recompilation and consumes more resources, especially if you use FatLTO instead of ThinLTO.
  • PGO (Profile-Guided Optimization) can affect reproducibility if the profile differs across builds. PGO should not cause reproducibility issues if you store and reuse the profiles used for optimization.

Applying GCC Flags Globally

Not all packages in NixOS are built from source; many are unpacked from pre-compiled .deb files. To apply GCC flags globally, refer to system/nix/build-flags.nix.

Compiling All Packages from Source

For instructions on compiling all packages from source, see system/nix/build-flags.nix.

Ccache

Using Ccache system-wide is not possible. However, it might be feasible to specify individual packages that should use the cache, depending on how a derivation is packed. For more information, refer to the unofficial NixOS wiki here.

Sccache

To enable sccache to use its cache, you need to disable the Nix sandbox. The sandbox restricts filesystem and network access, which interferes with sccache functionality.

Use different version of a package in NixOS

Follow this example (source):

{
  services.xserver.windowManager.i3.package = pkgs.i3.overrideAttrs (previousAttrs: {
    name = "i3-next";
    src = pkgs.fetchFromGitHub {
      owner = "i3";
      repo = "i3";
      rev = "90432jkfdkjf92343290842343290dsfiu";
      hash = pkgs.lib.fakeHash;
    };
  });
}

Use local source code for a package

Follow this example (source):

{
  environment.systemPackages = [pkgs.myfortune];

  nixpkgs.overlays = [
    (final: prev: {
      myfortune = prev.fortune.overrideAttrs (previousAttrs: {
        src = ./fortune-src;
      });
    })
  ];
}

Use a different dependency for a single package

Follow this example (source):

{
  nixpkgs.overlays = [
    (final: prev: {
      maven-jdk8 = prev.maven.override {
        jdk = final.jdk8;
      };
    })
  ];
}

Apply a security patch system-wide

Follow this example (source):

{
  nixpkgs.overlays = [
    (final: prev: {
      openssl = prev.openssl.overrideAttrs (previousAttrs: {
        patches = previousAttrs.patches ++ [
          (fetchpatch {
            name = "CVE-2021-4044.patch";
            url = "https://git.openssl.org/gitweb/?p=openssl.git;a=patch;h=758754966791c537ea95241438454aa86f91f256";
            hash = pkgs.lib.fakeHash;
          })
        ];
      });
    })
  ];
}