I've been trying to create a public instance of SearXNG by using NixOS, Cloudflare and Nginx, but I can't seem to make it open to the internet and I've ran out of ideas. Is there anything I'm overlooking? ``` services.searx = { enable = true; redisCreateLocally = true; limiterSettings = { real_ip = { x_for = 1;

ipv4_prefix = 32; ipv6_prefix = 56; }; botdetection = { ip_limit = { filter_link_local = true; link_token = true; }; ip_lists = { pass_ip = [ "192.168.0.0/16" "fe80::/10" ]; pass_searxng_org = true; }; }; }; runInUwsgi = true; uwsgiConfig = { socket = "/run/searx/searx.sock"; http = ":8888"; chmod-socket = "660"; disable-logging = true; }; settings = { general = { debug = false; instance_name = "SearXNG Instance"; donation_url = false; contact_url = false; enable_metrics = false; };

ui = { static_use_hash = true; theme_args.simple_style = "dark"; query_in_title = true; center_alignment = true; results_on_new_tab = false; };

search = { safe_search = 2; autocomplete_min = 2; autocomplete = "duckduckgo"; };

server = { port = 8888; bind_address = "0.0.0.0"; secret_key = config.sops.secrets.searx.path; image_proxy = true; method = "GET";

default_locale = "en"; default_lang = "en-US"; base_url = "https://myinstance.org"; public_instance = true; }; engines = lib.mapAttrsToList (name: value: {inherit name;} // value) { "duckduckgo".disabled = false; "brave".disabled = true; }; outgoing = { request_timeout = 5.0; max_request_timeout = 15.0; pool_connections = 100; pool_maxsize = 15; enable_http2 = true; }; }; }; services.nginx = { enable = true; recommendedGzipSettings = true; recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; virtualHosts = { "myinstance.org" = { forceSSL = true; sslCertificate = config.sops.secrets."SSL-Certificates/Cloudflare/Cert".path; sslCertificateKey = config.sops.secrets."SSL-Certificates/Cloudflare/Key".path; locations = { "/" = { extraConfig = '' uwsgi_pass unix:${config.services.searx.uwsgiConfig.socket}; ''; }; }; }; }; }; ```

My solution:

```nix let

nixFilesInDirectory = directory: ( map (file: "${directory}/${file}") ( builtins.filter ( nodeName: (builtins.isList (builtins.match ".+\.nix$" nodeName)) && # checking that it is NOT a directory by seeing # if the node name forcefully used as a directory is an invalid path (!builtins.pathExists "${directory}/${nodeName}/.") ) (builtins.attrNames (builtins.readDir directory)) ) );

nixFilesInDirectories = directoryList: ( builtins.concatMap (directory: nixFilesInDirectory directory) (directoryList) );

...

in { imports = nixFilesInDirectories ([ "${./programs}" "${./programs/terminal-niceties}" ]);

...

} ``` snippet from the full source code: quazar-omega/home-manager-config (L5-L26)

credits:

• base script: comment on "getting all configs from folder" (Reddit) Started developing from that piece that implements the general idea with only builtin functions, so I tried as best I could to stick to the builtins
• isDir: nixpkgs (GitHub) Used to filter out directories from the items to be included

---

I'm trying out Nix Home Manager and learning its features little by little. I've been trying to split my app configurations into their own files now and saw that many do the following:

1. Make a directory containing all the app specific configurations: programs/ └── helix.nix
2. Make a catch-all file default.nix that selectively imports the files inside: programs/ ├── default.nix └── helix.nix Content: nix { imports = [ ./helix.nix ]; }
3. Import the directory (picking up the default.nix) within the home-manager configuration: ```nix {

some stuff...

imports = [ ./programs ];

some other stuff...

} ```

I'd like to avoid having to write each and every file I'll create into the imports of default.nix, that kinda defeats the point of separating it if I'll have to specify everything anyway, so is there a way to do so? I haven't found different ways to do this in various Nix discussions.

---

Example I'm looking at: https://github.com/fufexan/dotfiles/blob/main/home/terminal/default.nix

My own repository: https://codeberg.org/quazar-omega/home-manager-config

Yes I know that there are workarounds for them to set to use the flake inputs but still.. I have set nixpkgs version to 23.11 stable release and that's good, but if I try to use nix shell, nix profile or even nix-env, they all seem to use the latest master/unstable branch to install the packages by default.

Just want to know why aren't they just default to use whatever is defined in flake.nix file? <OR> will it be implemented to use it by default in the near future?

Reason as to why I am asking -> This is what I am using to match nix shell and flake inputs, but as you can see they are just workarounds, plus seem to cause more errors and whatnot, plus by ideology one shouldn't need to specially define it to use some version when everything is already defined.

See I use wofi-emoji but this issue #308357 is haunting me. So I just wanted to know what my fellow users use cuz I guess not a lot of people use wofi-emoji.

I know that if using flakes nix shell is the right command. But I just want to know that is it normal for legacy commands to not work like that one? nix-env works tho.

• Dotfiles

• One thing to note is that, what I am doing temporarily is running it using this nix nix shell nixpkgs#nix-info nix-info

• And the output value is this ```nix

• system: "x86_64-linux"
• host os: Linux 6.1.86, NixOS, 23.11 (Tapir), 23.11.20240417.e402c3e
• multi-user?: no
• sandbox: yes
• version: nix-env (Nix) 2.18.1
• nixpkgs: not found ```

• Notice the nixpkgs: not found, This is also weird to me.

• logs -> ``` error: … while calling anonymous lambda

  at «string»:1:1:

  1| {...}@args: with import <nixpkgs> args; (pkgs.runCommandCC or pkgs.runCommand) "shell" { buildInputs = [ (nix-info) ]; } "" | ^

  error: file 'nixpkgs' was not found in the Nix search path (add it using $NIX_PATH or -I)

  at «none»:0: (source not available) ```

Hi all,

For my sins I've been attempting to build my nix configuration on my build server and subsequently push it into a binary cache.

I'm having an issue where the build is currently failing with the following error

> error: home directory '/homeless-shelter' exists; please remove it to assure purity of builds without sandboxing

The build is being run on a docker image node:20-bullseye to be precise with the following command.

> nix build .#nixosConfigurations.${{ matrix.machine.host }}.config.system.build.toplevel

Any thoughts would be greatly appreciated.

Edit.

Should have mentioned I've ran up the image with docker run and the directory didn't exist

Edit 2.

This is also about 23 minutes into the build when it throws this error; after having built a lot of packages and derivations already. I'm also using cachix/nix-install-action to get nix on the running container.

Edit 3.

Finally got it building this morning, I haven't dug into it but switching from the cachix/nix-install-action to manually installing the determinate systems nix installer (action didn't work for a strange reason).

So i followed the instructions to install virtualbox and added myself to the vboxusers group, but i cant run VMs as a standard user. The GUI message says "VirtualBox kernel driver is not accessible, permission problem" the VM log says "ERROR [COM]: aRC=E ACCESSDENIED (0x80070005) aText={The console is not powered up}"

Someone on mastodon mentioned /dev/vboxdrv and that file is "crw-rw---- root vboxusers". There is also a file /dev/vboxdrvu which is "crw-rw-rw- root root" but changing that to root vboxusers with chown didnt work.

I can run VMs as root just fine. Any thoughts?

Edit: new to NixOS and really enjoying it so far

Edit 2: SOLVED: I had "virtualbox" as a package under "envoronment.systemPackages = with pkgs; [" and wasnt supposed too.

Edit: Solved at https://lemmings.world/comment/1719409

---

Hi there! I'm trying to make php and composer work. I have this in environment.systemPackages:

(pkgs.php82.buildEnv { extensions = ({ enabled, all }: enabled ++ (with all; [ xdebug redis ])); extraConfig = '' memory_limit=2G xdebug.mode=debug ''; }) php82Extensions.redis

The problem is that while running php -m correctly prints that redis extension is installed, composer does not, because it uses a different php:

• file $(which php) prints the path /nix/store/igx8j4qjxy9jyj8kjyccwarnzqq5vsml-php-with-extensions-8.2.9/bin/php
• cat $(which composer) shows that it's a wrapper for '/nix/store/lv4prxa52zifr54ws56iz3b9kdhs1b5w-php-with-extensions-8.2.9/bin/php' --add-flags '/nix/store/avqj0662f4gg2s875zlbbjajx6fm6bl0-php-composer-2.5.5/libexec/composer/composer.phar'

Note that the path to php is different. Is there any way to correct it on my side? I'd like to avoid having to install composer manually