Installing the nix package manager and how it’s useful
Install nix package manager
Install on Macos/Linux
On a macos or linux system, you can use the DeterminateSystesm nix-installer to install linux.
Simply run (not as root):
curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- installWindows
Firstly, open a powershell prompt to run these commands.
wsl --install debianwsl --set-version debian 2You may need to do a:
wsl --updateSince nix does not support linux, you need to install it in WSL.
In the microsoft store, you can install one of many linux distributions or versions. I recommmend debian
You then need to enable systemd, you can follow Microsoft’s official insturctions: https://devblogs.microsoft.com/commandline/systemd-support-is-now-available-in-wsl/
Once WSL2 with systemd is installed, you can follow the macos/linux install instructions.
Now, nix is installed. You should be able to access the nix commands in your terminal. For example, the nix-shell command can be used to create a temporary shell environment with packages, environment variables, and more. For examples, see below.
Installing home-manager
Home manager is a way to declaratively manage a user environment, including packages installed, configuration files, and environment variables. It uses nix as the langauge of configuration.
To install home manager, you can follow the steps from their docs
To use home-manager, you can edit the configuration file located at $HOME/.config/home-manager/home.nix For an example, see my my blog post about this
Using nix
Connecting your github account to git from the terminal
First, make sure you have git installed, but you probably do already, if you are here.
Then: nix-shell -p gh. This installs the github cli tool.
gh auth login # logs you into github
gh setup-git And with this, git is configured to use the github cli as a credential helper
git config --global credential.helper store with this, git stores the credentials permanently.
Now, while still in the nix environment:
git push while in the local copy of a repo you have stored in github.
Check the /home/yourusername/.git-credentials file to make sure your git credentials are stored.
And then you should be good to exit the nix environment. Because your credentials are saved, you can now run git push from the command line.
Deleting sensitive detail, or large binary files from a git repo
Git tracks every change. So if you store something like an image, or a binary in a git repo, if you delete those files later, they will continue to eat space and be wasteful, even if you commit the deletions later on. Or, if you have sensitive data, like passwords or api keys in a repo, even if you delete them in later commits, they will still be present.
To alter every past commit, you can use special tools, which are very easy to install using nix.
nix-shell -p git-filter-repo
From here, you can use the git-filter-repo command to nuke files or folders:
First, cd into your git repo.
git-filter-repo --invert-paths --paths path/or/file. git-filter-repo works by only taking anything that matches an expression, so by inverting that, it takes everything except what matches that path.
Alternatively, the bfg-repo-cleaner tool can be used. I did not opt for this to clean out the images of my git repo, because it doesn’t seem to be able to delete entire paths, or even individual files, only matching filenames, or doing text replacement. However, apparently, it is much faster than git-filter-repo for large repos, due to a different implementation.
To replace sensitive data with bfg:
nix-shell -p bfg-repo-cleaner
bfg-repo-cleaner --replace-text passwords.txt
Where passwords.txt contains data you want to replace.
passwords.txt
secretapikey ==> ***REMOVED*** is the default if you don't have an arrow
secretpassword ==> but you can replace it with anything
glob:*baddata* ==> glob matches work tooTo push the changes to github, or your remote repository:
git push --force --all
And then it should be done. This should be seamless, but if you encounter any hiccups, like I did with slow internet speeds causing it to fail, there are some commands you can run:
git gc --aggressive optimizes the repository
git config --global http.postBuffer 524288000 if you are on a slower network (high latency), this gives it more grace.
But for me, because I am currently on vacation and didn’t have access to the internet speeds I do at home, the only thing that worked was actually getting up and moving my laptop to an area with faster wifi.
Now, I did this to delete unused images from my repo, however, if you are trying to clean sensitive data off of the internet, there are some extra steps you may want to take.
Renaming flash drives
nix-shell -p exfatprogs install utilities to manipulate the exfat file system used by usb flash drives.
Then:
sudo extfatlabel <device> <new label>
You can see the device with the lsblk tool, which lists all attached drives.
Installing packages
nix profile install nixpkgs#packagename will install a package.
If you need a specific version of a package, then you can use Lazamar’s site, or nixhub to search for old revisions of the git repo.
And then:
nix profile install nixpkgs/revisionhash#packagename