Posts

HTTP/3 is the latest version of the HTTP protocol, built on top of QUIC transport protocol. It offers improved performance, especially on unreliable networks, and better connection handling. In this post, I’ll show you how to enable HTTP/3 on NixOS using nginx. Prerequisites To use HTTP/3, you’ll need: NixOS (any recent version) A domain name SSL certificate (we’ll use Let’s Encrypt) Firewall Configuration First, we need to open the necessary ports. HTTP/3 uses UDP port 443 for QUIC, alongside the traditional TCP ports: ...

Visual Studio Code Insiders is a version of VS Code that includes the latest features and updates. It is ideal for developers who want to try out new features before they are released in the stable version. However, there is no prebuilt version of VS Code Insiders in nixpkgs, so the package needs to be installed with an overlay. There is an example of how to do this on the NixOS Wiki, but I encountered several issues when using it. I made this work using a different approach: ...

Introduction In this post, I’ll walk through setting up a complete, redundant DNS infrastructure using NixOS, Knot DNS, and DNSSEC. I’ll provide ready-to-use configurations for both master and slave servers. Directory Structure nix-config/ ├── hosts/ │ ├── master/ │ │ ├── default.nix │ │ └── zones/ │ │ ├── example.com.zone │ │ └── example.org.zone │ └── slave/ │ └── default.nix Zone Files First, let’s look at our zone files that will be stored in version control: ...

We rely heavily on spot instances in our infrastructure, with most of our production workloads running on them. Spot instances are significantly cheaper than on-demand instances, but their prices are not fixed—they can change every minute. Therefore, we must monitor spot prices to ensure we’re not paying more than the on-demand rates. Understanding AWS Spot Pricing AWS Spot Instances operate on a supply-and-demand model where prices fluctuate based on the available EC2 capacity and current demand for compute resources. Here’s how the pricing mechanism works: ...

Zed Editor is a promising new code editor built with performance in mind. Below, I’ll share how I configured Zed using Nix and Home Manager to create a consistent and reproducible development environment. File Structure First, let’s look at how the configuration files are organized: nix-config/ └── modules/ └── darwin/ └── programs/ └── zed-editor/ ├── default.nix ├── extensions.nix ├── lsp.nix ├── settings.nix └── terminal.nix Integration with Home Manager To use this configuration with Home Manager, you’ll need to import it in your Home Manager configuration. Here’s how you can set it up: ...

Introduction to Aerospace Aerospace is a tiling window manager for MacOS inspired by i3. It’s currently in public beta, and I have been using it for the last few weeks, and really come to like it. This guide will help you set up and configure Aerospace, with special attention to non-US keyboard layouts. Keyboard Layout Challenges One of the first issues I ran into was that the default keymappings did not play well with a norwegian keyboard layout that I’m running. Quite a few of the default keymappings where in direct conflict with common symbols like: ...

Atuin is a nice tool to sync, search and backup shell history between machines. This post describes how to setup a Atuin server with TLS on NiXOS and how to use home-manager to configure the client. Server setup We are going to install the Atuin service and set up a ngnix reverse proxy to terminate TLS. Add the following to your configuration file of choice, for example configuration.nix security.acme.acceptTerms = true; security.acme.certs = { "atuin.example.com".email = "<e-mail>>"; }; services.nginx = { enable = true; recommendedProxySettings = true; recommendedTlsSettings = true; virtualHosts = { "atuin.example.com" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://127.0.0.1:8888"; proxyWebsockets = false; extraConfig = "proxy_ssl_server_name on;" + "proxy_pass_header Authorization;" ; }; }; }; }; services.atuin = { enable = true; openFirewall = false; openRegistration = true; }; I created a small module to install Atuin on my clients machines. ...

There are a high number of posts on this topic, but I was still not able to find a solution that worked well for me. I don’t believe my setup is that special, but I want everything to be declarative. Short summary of what I’m using: MacOS NiX Home-manager Fish shell No use of ssh-agent from earlier YubiKey 5c Note: The current version of OpenSSH on MacOS does not support the sk-options, so we will need to use a version of OpenSSH from the nixpkgs or homebrew. I’m using a version from nixpkgs. ...

Understanding Nginx on NixOS Nginx is my preferred reverse proxy solution, which I use extensively in both Kubernetes clusters as an ingress controller and on traditional servers. As a reverse proxy, it excels at: Routing traffic to different services on the same machine Terminating TLS connections efficiently Managing and automating TLS certificate lifecycle Load balancing and high availability Providing robust caching capabilities While setting up Nginx can be complex on traditional Linux distributions, NixOS makes it remarkably straightforward with its declarative configuration approach. ...