How to add a file to /etc in NixOS

nixos

What is the NixOS-way to put a configuration file in /etc?

E.g. I want to drop /etc/nanorc. I found some forum entries talking about programming it into /etc/nixos/configuration.nix, but could not find any documentation about that…

Best Answer

To create a file in /etc on NixOS, use environment.etc in configuration.nix. Here's an example:

environment.etc = {
  # Creates /etc/nanorc
  nanorc = {
    text = ''
      whatever you want to put in the file goes here.
    '';

    # The UNIX file mode bits
    mode = "0440";
  };
};

Related Solutions

How to make a self-signed certificate persist in nixos

You didn't specify what certfile looks like in the first line. If it's a variable thats populated with a builtins.readFile, you can skip that step and just populate the variable yourself.

$> nixos-option security.pki.certificates
Value:
[ "-----BEGIN CERTIFICATE-----
... edited for brevity .... " ]

Default:
[ ]

Example:
[ "NixOS.org\n=========\n-----BEGIN CERTIFICATE-----\nMIIGUDCCBTigAwIBAgIDD8KWMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJ\nTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0\n...\n-----END CERTIFICATE-----\n" ]

Description:

A list of trusted root certificates in PEM format.

Declared by:
  "/etc/nixos/nixpkgs/nixos/modules/security/ca.nix"

Defined by:
  "/etc/nixos/user.nix

So, setting security.pki.certificates [ "insert certificate here" ]; would eliminate the file dependency and then the configuration is self contained.

Otherwise, if you wanted to keep the content out of the configuration, you'd need to create packaging/a derivation for it and add it to the store.

How to split /etc/nixos/configuration.nix into separate modules

Nix expressions

A Nix expression is like any programming language expression: anything that evaluates to a value or a function. A value in this case can also be a list or a set. As a Nix module (file with extension .nix) can contain any Nix expression, you would expect the NixOS configuration file (/etc/nixos/configuration.nix) to contain a single Nix expression as its file contents.

The NixOS configuration file contains a Nix expression of the form:

{config, pkgs, ...}: { /* various configuration options */ }

If you look closely, you can see it's a function, because functions follow the form pattern: form. You can also see it's a function that accepts a set and returns a set. E.g., if you have a function f = {x, y}: {a = x + y;}, then you could call it as f {x=1; y=2;} and get back a set {a=3;}.

So that means that when you call nixos-rebuild switch, something calls the function inside the NixOS configuration file with the set that must contain attributes config and pkgs.

imports

Following example of ./hardware-configuration.nix, the simple way to extract the list of packages into a separate module packages.nix is just to rip the environment.systemPackages option out and put ./packages.nix into imports option. Your /etc/nixos/configuration.nix would look like:

{ config, ... }:    
{
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
      # Include the package list.
      ./packages.nix
    ];
  # SOME STUFF
  # SOME STUFF
}

Your /etc/nixos/packages.nix would look like:

{ pkgs, ... }:
{
  environment.systemPackages = with pkgs; [ emacs gitFull ];
}

How does that work? When you run nixos-rebuild switch, the process that evaluates Nix expressions and decides to install packages and so on calls configuration.nix with a set of attributes, some of which are config and pkgs.

It finds attribute imports inside the returned set, so it evaluates every Nix expression in the modules that imports contains with the same arguments (config, pkgs, etc).

You must have pkgs as an argument (or, technically speaking, an attribute of a set, which itself is an argument) of a function in packages.nix, because, from a Nix language perspective, the process might or might not call the function with the set that contains pkgs. If it doesn't, what attribute would you refer to, when running with pkgs?

You also must have ellipsis, because the function might be called with other attributes, not just pkgs.

Why isn't there pkgs in configuration.nix? You can have it, but if you don't refer to it anywhere in the file, you can safely omit it, as the ellipsis would include them anyway.

Updating an attribute by calling an external function

Another way is just to make a function that returns a set with some attribute, and the value of that attribute you would put inside environment.systemPackages. This is your configuration.nix:

{ config, pkgs, ... }:    
{
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
    ];
  # SOME STUFF
  environment.systemPackages = import ./packages.nix pkgs;
  # SOME STUFF
}

Your packages.nix:

pkgs: with pkgs; [ emacs gitFull ]

import ./packages.nix pkgs means: load and return the Nix expression in ./packages.nix and as it is a function, call it with an argument pkgs. with pkgs; [ emacs gitFull ] is a with-expression, it brings the scope of the expression before semicolon to the expression after semicolon. Without it, it would be [ pkgs.emacs pkgs.gitFull ].