nix-alien
vulnix
nix-alien | vulnix | |
---|---|---|
4 | 4 | |
411 | 397 | |
- | 4.3% | |
8.3 | 1.2 | |
18 days ago | 28 days ago | |
Python | Python | |
MIT License | BSD 3-clause "New" or "Revised" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
nix-alien
-
Nix-Powered Development with OCaml
copy the extracted files over to the nix output dir, and patch-elf all the binaries to link to the nix-version of the dynamic lib.
This sounds more difficult than it is, the result will be a copied over binary file that has its “libc.so” and other dynamic libs replaced in the ELF-header with “/nix/store/hdjdewuieu737-libc/libc.so”. I recommend looking up a package in nixpkgs which has a similar install story, that’s the easiest way to write a new package.
In case you only want to run it locally https://github.com/thiagokokada/nix-alien and similar programs work fine with the binary.
- NixOS 22.11 “Raccoon” Released
-
Gentoo Users: What are your thoughts on NixOS? Have you used it before? How do you think it compares to Gentoo?
You might be interested in tools like nix-alien which help, though to some extent it's always going to be an annoyance.
-
Arch + NixOS at once?
There's also nix-alien to run random binaries and nixos-fhs-compat to FHS your OS (might need some tweaking).
vulnix
-
Is NixOS a thing?
it is very easy to scan your entire dependency tree for known vulnerabilities for Nix, all the way up to a whole OS
-
What Are Your Most Used Self Hosted Applications?
Initially I spent a lot of time as I used it as an opportunity to learn Nix/NixOS. I used Nix intentionally as it's a rolling release and also it's declarative and intended for reproducible deployments, so I don't need to deal with an OS like Ubuntu that slowly gets crufty and out of date and needs a clean-up or upgrade or complete re-install. And if I do need to re-install, it should be mostly a one-liner.
For security there are these scanners:
https://github.com/flyingcircusio/vulnix
https://github.com/andir/nix-vulnerability-scanner
I also run all services in docker and my network uses VLANs behind an OPNSense firewall. I use Wireguard as a pinch point into my network to access most services. So I'm not too worried about the security aspect.
Upgrading on Nix is pretty easy - just bump your lock file and it will get the latest packages, assuming you are on the unstable channel. But unstable does break on occasion. You an also use the latest stable release of Nix and selectively choose unstable packages, which is probably the way to go. I rarely need to fix anything - it's pretty stable. It only starts eating time when I want to add or upgrade some element to the system, but I always make sure to never do any action that isn't captured in Nix config and backed up, so that I don't have to come back and figure out what exactly I did or how something works again. It's been fine. Nix has a pretty steep learning curve, but considering its power, I think it's absolutely worth it.
-
Is there an easy way to see changes made by `nixos-rebuild switch`?
Along with the results of the diff the comment also provides the results of running vulnix
- vulnix: Vulnerability (CVE) Scanner for Nix/NixOS
What are some alternatives?
distrobox - Use any linux distribution inside your terminal. Enable both backward and forward compatibility with software and freedom to use whatever distribution you’re more comfortable with. Mirror available at: https://gitlab.com/89luca89/distrobox
opencve - CVE Alerting Platform
nixos-fhs-compat - LSB&FHS compatibility for NixOS. Intended for containers and VMs.
awesome-selfhosted - A list of Free Software network services and web applications which can be hosted on your own servers
mach-nix - Create highly reproducible python environments
nix.dev - Official documentation for getting things done with Nix.
nixops - NixOps is a tool for deploying to NixOS machines in a network or cloud.
Joplin - Joplin - the secure note taking and to-do app with synchronisation capabilities for Windows, macOS, Linux, Android and iOS.
docker-files
expbox - Vulnerability Exploitation Code Collection Repository
nix-ld - Run unpatched dynamic binaries on NixOS
cyberowl - A daily updated summary of the most frequent types of security advisories currently being reported from different sources.