Notes

git add -u will stage changes to all tracked files and leave untracked ones alone

Services being routed by caddy-tailscale are treated as full-fledged Tailscale nodes and thus follow the ACL policies of deny-by-default. If I want to be able to ping a Tailscale address from the server I will have to add an ACL grant allowing the server’s tag to access the tag applied to the service. This was necessary today for the Firefly-iii data importer to be able to access the Firefly-iii instance running on the same server.

Found this awesome reference for the NixOS module system: https://nix.dev/tutorials/module-system/index.html

Systemd runs all units that specify Type=oneshot to completion in a blocking manner which is what causes my NixOS configuration switching to sometimes get stuck with a long-running task. The solution is to use Type=simple and instead configure the restart policy to not fire unnecessarily.

Nix vendors Golang dependencies in a fixed-output derivation (FOD) which will give confusing errors if the contents change but you don’t update the hash or name. Concrete example: refreshing the update-tailscale.patch file for caddy-tailscale will fail with mysterious “this module is using a different version” until you change either pname or vendorHash to force a rebuild of the FOD and reveal any real errors.

The nix-update CLI allows updating unstable packages to Git commits via --version=branch

Tailscale on NixOS requires setting services.tailscale.useRoutingFeatures = "client" on the non-exit-node machines to allow routing to work.

Git has a GIT_EDITOR variable that can be overridden in specific contexts to change the editor used by Git for rebase/commit etc. I’ve configured Zed to use itself as my commit editor from the integrated terminal, which makes for a nicer experience in the IDE than having to use the terminal text editor.