Posts

Visual Studio Code Insiders is a version of VS Code that includes the latest features and updates. It is ideal for developers who want to try out new features before they are released in the stable version. However, there is no prebuilt version of VS Code Insiders in nixpkgs, so the package needs to be installed with an overlay. There is an example of how to do this on the NixOS Wiki, but I encountered several issues when using it. I made this work using a different approach: ...

Introduction In this post, I’ll walk through setting up a complete, redundant DNS infrastructure using NixOS, Knot DNS, and DNSSEC. I’ll provide ready-to-use configurations for both master and slave servers. Directory Structure nix-config/ ├── hosts/ │ ├── master/ │ │ ├── default.nix │ │ └── zones/ │ │ ├── example.com.zone │ │ └── example.org.zone │ └── slave/ │ └── default.nix Zone Files First, let’s look at our zone files that will be stored in version control: ...

We rely heavily on spot instances in our infrastructure, with most of our production workloads running on them. Spot instances are significantly cheaper than on-demand instances, but their prices are not fixed—they can change every minute. Therefore, we must monitor spot prices to ensure we’re not paying more than the on-demand rates. Understanding AWS Spot Pricing AWS Spot Instances operate on a supply-and-demand model where prices fluctuate based on the available EC2 capacity and current demand for compute resources. Here’s how the pricing mechanism works: ...

Zed Editor is a promising new code editor built with performance in mind. Below, I’ll share how I configured Zed using Nix and Home Manager to create a consistent and reproducible development environment. File Structure First, let’s look at how the configuration files are organized: nix-config/ └── modules/ └── darwin/ └── programs/ └── zed-editor/ ├── default.nix ├── extensions.nix ├── lsp.nix ├── settings.nix └── terminal.nix Integration with Home Manager To use this configuration with Home Manager, you’ll need to import it in your Home Manager configuration. Here’s how you can set it up: ...

Aerospace is a tiling window manager for MacOS inspired by i3. It’s currently in public beta, and I have been using it for the last few weeks, and really come to like it. One of the first issues I ran into was that the default keymappings did not play well with a norwegian keyboard layout that I’m running. Quite a few of the default keymappings where in direct conflict with for example |, {}, [], $ and so on. I tend to use these symbols quite a lot. ...

Atuin is a nice tool to sync, search and backup shell history between machines. This post describes how to setup a Atuin server with TLS on NiXOS and how to use home-manager to configure the client. Server setup We are going to install the Atuin service and set up a ngnix reverse proxy to terminate TLS. Add the following to your configuration file of choice, for example configuration.nix security.acme.acceptTerms = true; security.acme.certs = { "atuin.example.com".email = "<e-mail>>"; }; services.nginx = { enable = true; recommendedProxySettings = true; recommendedTlsSettings = true; virtualHosts = { "atuin.example.com" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://127.0.0.1:8888"; proxyWebsockets = false; extraConfig = "proxy_ssl_server_name on;" + "proxy_pass_header Authorization;" ; }; }; }; }; services.atuin = { enable = true; openFirewall = false; openRegistration = true; }; I created a small module to install Atuin on my clients machines. ...

There are a high number of posts on this topic, but I was still not able to find a solution that worked well for me. I don’t believe my setup is that special, but I want everything to be declarative. Short summary of what I’m using: MacOS NiX Home-manager Fish shell No use of ssh-agent from earlier YubiKey 5c Note: The current version of OpenSSH on MacOS does not support the sk-options, so we will need to use a version of OpenSSH from the nixpkgs or homebrew. I’m using a version from nixpkgs. ...

Ngnix is my preffered reverse proxy. I use it both in k8s clusters as an ingress controller, as well on old school servers. As a reverse proxy, it can be used to route traffic to different services running on the same machine. It can also be used to terminate TLS connections and handle TLS certificates. As I’m tinkering with NixOS I wanted to create a simple Nginx configuration that would allow me to route traffic to different services running on the same machine. I also wanted to use Let’s Encrypt to automatically generate and renew TLS certificates. ...