In my earlier commit manual: Don't suggest exposing VM port to local network. I made a side change titled Use `127.0.0.1` also on the VM side, otherwise connections to services that, in the VM, bind to `127.0.0.1` only (doing the safe approach) do not work. Unfortunately, that was wrong: QEMU inside the VM always communicates via the virtualised Ethernet interface, not via the VM's loopback interface. So trying to connect to `127.0.0.1` on the VM's side cannot work.
3.1 KiB
Changing the Configuration
The file /etc/nixos/configuration.nix
contains the current
configuration of your machine. Whenever you've changed
something in that file, you should do
# nixos-rebuild switch
to build the new configuration, make it the default configuration for booting, and try to realise the configuration in the running system (e.g., by restarting system services).
::: {.warning}
This command doesn't start/stop user services
automatically. nixos-rebuild
only runs a daemon-reload
for each user with running
user services.
:::
::: {.warning}
These commands must be executed as root, so you should either run them
from a root shell or by prefixing them with sudo -i
.
:::
You can also do
# nixos-rebuild test
to build the configuration and switch the running system to it, but without making it the boot default. So if (say) the configuration locks up your machine, you can just reboot to get back to a working configuration.
There is also
# nixos-rebuild boot
to build the configuration and make it the boot default, but not switch to it now (so it will only take effect after the next reboot).
You can make your configuration show up in a different submenu of the GRUB 2 boot screen by giving it a different profile name, e.g.
# nixos-rebuild switch -p test
which causes the new configuration (and previous ones created using
-p test
) to show up in the GRUB submenu "NixOS - Profile 'test'".
This can be useful to separate test configurations from "stable"
configurations.
Finally, you can do
$ nixos-rebuild build
to build the configuration but nothing more. This is useful to see whether everything compiles cleanly.
If you have a machine that supports hardware virtualisation, you can also test the new configuration in a sandbox by building and running a QEMU virtual machine that contains the desired configuration. Just do
$ nixos-rebuild build-vm
$ ./result/bin/run-*-vm
The VM does not have any data from your host system, so your existing
user accounts and home directories will not be available unless you have
set mutableUsers = false
. Another way is to temporarily add the
following to your configuration:
users.users.your-user.initialHashedPassword = "test";
Important: delete the $hostname.qcow2 file if you have started the virtual machine at least once without the right users, otherwise the changes will not get picked up. You can forward ports on the host to the guest. For instance, the following will forward host port 2222 to guest port 22 (SSH):
$ QEMU_NET_OPTS="hostfwd=tcp:127.0.0.1:2222-:22" ./result/bin/run-*-vm
allowing you to log in via SSH (assuming you have set the appropriate passwords or SSH authorized keys):
$ ssh -p 2222 localhost
Such port forwardings connect via the VM's virtual network interface.
Thus they cannot connect to ports that are only bound to the VM's
loopback interface (127.0.0.1
), and the VM's NixOS firewall
must be configured to allow these connections.