From 0ed54bca5b489b315fc85ea98f0548a497f3be6a Mon Sep 17 00:00:00 2001 From: Kylian Lichtensteiger Date: Thu, 9 Apr 2026 18:22:12 +0200 Subject: [PATCH 1/2] README: add npins docs --- README.md | 73 +++++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 68 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 1c7ab33..c580ab3 100644 --- a/README.md +++ b/README.md @@ -2,32 +2,41 @@ **A collection of Smallstep software packaged for NixOS/nixpkgs** -## Setup for NixOS +## Setup for NixOS with flakes Flakes is the suggested way to install the packages available on this repository, following are quick instructions to get it working. 1. Ensure flakes and experimental features are enabled in `/etc/nixos/configuration.nix`: + ``` nix.settings.experimental-features = [ "nix-command" "flakes" ]; ``` + 2. Ensure Git is installed: Flakes require git to clone dependencies: + ``` environment.systemPackages = with pkgs; [ git ]; ``` + 3. Rebuild: Run the following command to apply the changes: + ``` sudo nixos-rebuild switch ``` + 4. Initialize flakes: + ``` cd /etc/nixos sudo nix flake init ``` + 5. Add smallstep repository to `flake.nix`, this example also installs the latest `step-agent` package available. Important: + - Update `` to match your NixOS configured host name, as listed in `networking.hostName` in configuration.nix. - Update `"x86_64-linux"` to your CPU architecture, e.g. `"aarch64-linux"`. It will autodetect by default if builtins are available. @@ -42,7 +51,7 @@ Important: }; }; - outputs = { self, nixpkgs, smallstep, ... }: + outputs = { self, nixpkgs, smallstep, ... }: let system = if builtins ? currentSystem then builtins.currentSystem @@ -51,7 +60,7 @@ Important: { nixosConfigurations. = nixpkgs.lib.nixosSystem { inherit system; - modules = [ ./configuration.nix + modules = [ ./configuration.nix ({ pkgs, ... }: { programs.nix-ld.enable = true; environment.systemPackages = with pkgs; [ @@ -63,7 +72,9 @@ Important: }; } ``` + 6. Update flakes and install packages: + ``` sudo nix flake update sudo nixos-rebuild switch @@ -72,10 +83,62 @@ sudo nixos-rebuild switch **Note**: The first time you execute the commands above it will take a bit longer to finish. 7. Check that `step-agent` program was successfully installed by typing the following commmand on a terminal: + ``` $ step-agent version ``` -8. More information about `step-agent` can be found on the following page: [Step Agent docs](https://smallstep.com/docs/platform/smallstep-app/) - +## Setup for NixOS with npins + +If you do not want to use flakes but still want to pin your dependencies you can use a tool like `npins`, `niv`, ... +This guide assumes that you have advanced knowledge of nix and you know how to rebuild your host. +We will use `npins` in this example. + +1. Add this repository as an input + +``` +npins add github smallstep nur -b main --name smallstep +``` + +> If you want to manually update the package you can add the `--frozen` flag. + +2. Configure your host to install `step-agent` + +```nix +{ + sources, # or `sources ? (import ./npins)` + pkgs, # or pkgs ? sources.nixpkgs, + ... +}: +let + smallstep = import sources.nur { inherit pkgs; }; # if you pass pkgs, `step-agent` will use your nixpkgs instead of the locked one (advised) +in +{ + environment.systemPackages = [ + smallstep.step-agent + ]; + # [...] +} +``` + +3. Rebuild and test with `step-agent version` + +## Clasical NixOS setup (discouraged) + +```nix +{...}: +let + smallstep = builtins.getFlake "github:smallstep/nur"; +in +{ + environment.systemPackages = [ + smallstep.step-agent + ]; +} +``` + +More information about `step-agent` can be found on the following page: [Step Agent docs](https://smallstep.com/docs/platform/smallstep-app/) + + + ![Build and populate cache](https://github.com/smallstep/nur/workflows/Build%20and%20populate%20cache/badge.svg) From abe5856c55a6693323c0b717ff98a316916ae620 Mon Sep 17 00:00:00 2001 From: Srylax <71783705+srylax@users.noreply.github.com> Date: Fri, 10 Apr 2026 06:24:47 +0200 Subject: [PATCH 2/2] README: fix npins typo --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index c580ab3..adb5e53 100644 --- a/README.md +++ b/README.md @@ -91,7 +91,7 @@ $ step-agent version ## Setup for NixOS with npins If you do not want to use flakes but still want to pin your dependencies you can use a tool like `npins`, `niv`, ... -This guide assumes that you have advanced knowledge of nix and you know how to rebuild your host. +This guide assumes that you have advanced knowledge of nix, you know how to rebuild your host and have npins already initialized. We will use `npins` in this example. 1. Add this repository as an input @@ -106,12 +106,12 @@ npins add github smallstep nur -b main --name smallstep ```nix { - sources, # or `sources ? (import ./npins)` - pkgs, # or pkgs ? sources.nixpkgs, + sources ? (import ./npins), + pkgs ? (import sources.nixpkgs {}), ... }: let - smallstep = import sources.nur { inherit pkgs; }; # if you pass pkgs, `step-agent` will use your nixpkgs instead of the locked one (advised) + smallstep = import sources.smallstep { inherit pkgs; }; # if you pass pkgs, `step-agent` will use your nixpkgs instead of the locked one (advised) in { environment.systemPackages = [