Tag about-nix

7 bookmarks have this tag.

NixOS, Nix, nixpkgs and also Guix, Tvix and stuff.

A Nix DSL for defining DNS zones

github.com/nix-community/dns.nix
about-networking,about-nix,is-repo,to-try

nix-output-monitor: fun build progress display

github.com/maralorn/nix-output-monitor
about-nix,about-tools,is-repo,to-try

the nix iceberg

cohost.org/leftpaddotpy/post/3885451-the-nix-iceberg

sadly, doesn’t provide links, but most is googlable

about-nix,is-blog,to-show

nix-std: no-nixpkgs standard library for the nix expression language

github.com/chessai/nix-std
about-nix,is-repo,to-try

tips for systemd services management and hardening in NixOS

git.selfprivacy.org/alexoundos/articles/src/branch/master/systemd-hardening-in-NixOS/article.md

When it comes to security, we care about limiting access of each entity of a system to as few other entities as possible. Network input, executables and users must be able to reach only those resources, which are necessary to perform the defined server tasks. Principle of least priviledge.

Generally, it's better to implement as many layers of security as possible. Although, there is no way to make a server 100% bullet proof - it's a huge endless topic, this article covers some feasible essential systemd tunables that give us a layer of protection.

about-nix,is-blog,to-read

Colmena

colmena.cli.rs/unstable

Colmena is a simple, stateless NixOS deployment tool modeled after NixOps and morph, written in Rust. It's a thin wrapper over Nix commands like nix-instantiate and nix-copy-closure, and supports parallel deployment.

about-nix,about-tools,is-project,to-try

garnix | the nix CI

garnix.io

Simple, fast, and green CI and caching for nix projects

about-nix,about-tools,is-project,to-try