[HN Gopher] NixOS for the Impatient
___________________________________________________________________
NixOS for the Impatient
Author : yarapavan
Score : 69 points
Date : 2023-06-09 16:54 UTC (6 hours ago)
(HTM) web link (borretti.me)
(TXT) w3m dump (borretti.me)
| JamesLeonis wrote:
| > There was a time when the idea of spending an afternoon typing
| cryptsetup incantations into a terminal would have been
| appealing.
|
| Oddly enough, I use NixOS as a network-disabled USB live image
| for handling my Yubikey, SSH, and GNUPG setup. I'm bashing
| cryptsetup all the time!
| bryanlarsen wrote:
| AFAICT, you can get much of the benefit in a polished package
| without the pain by using Fedora Silverblue/Kinoite/Sericea for
| the OS and then creating dev sandboxes using either Fedora's
| toolbox or by harnessing the incredible Nix ecosystem using
| JetPack's devbox.
|
| I haven't tried that combination. I'm currently using NixOS and
| loving part of it, but am bleeding on the sharp edges.
| bketelsen wrote:
| We built Bluefin - https://ublue.it for just this case. A
| custom version of Silverblue, primed for Nix with Devbox +
| Fleek global profiles.
| speed_spread wrote:
| I'm currently using Fedora Kinoite with a few toolboxes (one
| for Rust, one for Node, etc). While not as fancy as a full Nix
| setup, it's an incredibly robust system that's modern and easy
| to maintain. A+ would recommend.
| kertoip_1 wrote:
| The fact that such articles appear shows an untold problem of
| NixOS which is: complexity.
|
| I've been a programmer and Linux user for many years, I know a
| lot of terminology behind it and I think it's a lot less of a
| problem for me to read technical documentation than for the
| average user. When I heard about NixOS I thought: "how awesome,
| it solves some of the problems that I have". But then I started
| to read official docs and dig into all of it and got quickly
| discouraged. It might solve "some of my problems" but at a time
| cost that I just couldn't afford. Well, maybe it's just not for
| me...
| 0zemp3c wrote:
| nixos for the REALLY impatient:
|
| its a giant pile of symlinks
| outofpaper wrote:
| Well at least it's not a pile of hardlinks like apple's time
| machine. Actually that might be an interesting option for an
| OS... constant versioning.
| aidenn0 wrote:
| FWIW, you _can_ repack the nix-store to be a pile of
| hardlinks...
| turboponyy wrote:
| NixOS is not for the impatient. Maintaining your system
| configuration is an exercise in software development like any
| other - if you lack rigor or discipline, your codebase will
| become painful to work with. Nothing is ever one shell
| incantation away - it has to be carefully architected into the
| existing system.
|
| That being said, once you get the hang of things, you reap
| amazing benefits:
|
| - You can clone your system to any machine, and immediately have
| an identical environment
|
| - You can share system configurations as code (declare the means
| for hosting a website in its repository, for example)
|
| - You can use a fully-fledged programming language to configure
| any part of your system
|
| - You can make use of an extensive ecosystem of easily
| composable, prebuilt NixOS modules
|
| - You can seamlessly integrate with Nix, allowing for ephemeral
| development environments and shells with packages, eliminating
| much of the need for imperative package management
|
| - Everything in a Nix-based system must be derived strictly from
| (lockfiled) inputs, making the reproducibility guarantees
| incredibly strong (barring any network errors or resources being
| taken down)
|
| - The declarative nature of anything Nix-based means that every
| change is documented - your system never shifts from the source
| of truth, compared to other distros where discipline is required
| to maintain reproducibility
|
| - Nix is so robust that you could even nuke your filesystems on
| every log out, if you'd like
| smoldesu wrote:
| > You can clone your system to any machine, and immediately
| have an identical environment
|
| It's arguably the killer feature of NixOS, if stability and
| purity means nothing to you.
|
| A few weeks ago I bought a little SBC (Quartz64) for my
| homemade NAS project. Since I'm already a NixOS user, the
| bootstrap process was easy:
|
| - Build ARM image for NixOS and boot off the device
|
| - Clone my dotfiles and symlink my config folder into
| /etc/nixos
|
| - Rebuild my system
|
| And boom. Everything is there, my shell and coreutils and
| things I've come to expect all get rolled into the system.
| Updating it just means git pull and a system rebuild. As you
| say - it's not for the impatient. You have to maintain your
| config pretty regularly, and covering multiple devices across
| multiple architectures requires some deliberate config
| organization.
|
| I'm not sure where I fall on the patience spectrum, but NixOS
| worked out pretty great for me. It's on my desktop, laptop and
| homeserver, and I haven't had a single bad update in my 8
| months of daily driving it.
| skavi wrote:
| How do people deal with isolating system specific config in
| Nix? Like stuff for a particular graphics card?
| throwaway22032 wrote:
| I have "if hostname == xyz" in my config, or I use a little
| config file with flags like "is_laptop".
| JamesLeonis wrote:
| In addition to the other suggestions, you can create
| different files for (e.g) each machine and use common
| includes for your apps and settings.
| evil-olive wrote:
| personally, the way I do it is:
|
| /etc/nixos/roles/foo/default.nix has config for the 'foo'
| role (eg, I have a desktop role that enables all my GUI
| options)
|
| configuration.nix and hardware-configuration.nix in
| /etc/nixos/ are symlinked to the actual files in
| /etc/nixos/hosts/<hostname>/
|
| in the imports section of each machine's configuration.nix,
| I import /etc/nixos/roles/foo for each role the machine
| should use. for your graphics card example, I have 'nvidia'
| and 'nvidia470' roles that pull in their respective nvidia
| driver (due to an old gaming laptop that requires the
| legacy driver version)
|
| I have a 'core' role that all machines import, with the
| global config I want on every host
|
| this allows me to version-control my entire /etc/nixos
| directory (managed as a private git repo, replicated using
| syncthing rather than pushed to Github/Gitlab/etc). the
| symlinks in /etc/nixos are in .gitignore because they're
| machine-specific, and the actual per-host config files are
| able to be tracked in their own directories.
| huijzer wrote:
| I use symlinks from configuration.nix and hardware
| -configuration.nix and point to specific instances for
| specific systems.
| aidenn0 wrote:
| There are lots of ways to do this; pre-flakes e.g. you
| might have a root configuration file for each host which
| only includes other files, or have if statements.
|
| Nix flakes lets you define as many configurations as you
| want, and (if you don't specify one) will select based on
| the hostname.
| techhazard wrote:
| I use colmena[1] to manage one nixos configuration for
| multiple machines: - laptop - desktop - server - rpi nas
|
| I also wipe my entire rootfs every boot with a zfs snapshot
| rollback[2] using the impermanence module[3] to keep
| specific stateful data one one of two datasets with regular
| snapshots: one is backed up with zfs send, the other is
| just for cache between reboots.
|
| It took a little puzzling to get started, because I didn't
| know about the impermanence module at first, so I built my
| own hacky solution. But I really love this setup. And the
| way I don't have cruft to clean.
|
| Also my backups are so much smaller now :'-)
|
| [1]: https://colmena.cli.rs/
|
| [2]: https://grahamc.com/blog/erase-your-darlings/
|
| [3]: https://github.com/nix-community/impermanence
| smoldesu wrote:
| There are a few solutions to this, but I keep separate
| configs for each device and link them into the entrypoint
| (/etc/nixos/configuration.nix) as-needed when I set things
| up. Then I have other "module" files for my terminal
| environment and my desktop environment, as well as an extra
| file that enables Wine/gaming packages.
| anotherhue wrote:
| I mount '/' as a tmpfs so yes, I nuke my OS every reboot.
|
| It's reconstructed from the /nix/store and obviously my homedir
| is on a persistent volume.
| eikenberry wrote:
| If this setup could be combined with an easy way to customize
| things, like ublue (https://ublue.it/) lets you customzie
| fedora silverblue using Dockerfile configs, I'd adopt it in a
| heartbeat.
| bfrog wrote:
| I'd think configuration.nix would be enough?
| anotherhue wrote:
| I have yet to find a non customisable nixos component. It'd
| a source system that's excellent at building from source so
| there's always a way.
| eikenberry wrote:
| Sorry, I was unclear, by easy I meant simple. Dockerfiles
| are simple. I've yet to find an equivalently simple way
| with Nix.
| anotherhue wrote:
| I haven't tried it but I would suggest looking here for
| some inspiration https://nixos.wiki/wiki/NixOS_Containers
| peoplearepeople wrote:
| What does the config for doing that look like?
| SkyMarshal wrote:
| https://elis.nu/blog/2020/05/nixos-tmpfs-as-root/
|
| https://elis.nu/blog/2020/06/nixos-tmpfs-as-home/
| abathur wrote:
| They are likely talking about using https://github.com/nix-
| community/impermanence, which is inspired by ideas in
| https://grahamc.com/blog/erase-your-darlings/
|
| Edit: comments on the latter at
| https://news.ycombinator.com/item?id=22856199
| anotherhue wrote:
| That's quite fancy, I use use a tmpfs mount for root and
| a few bind mounts for what I need to persist.
|
| https://news.ycombinator.com/item?id=35390782
| anotherhue wrote:
| I posted a snippet before if you feel like checking my
| history Edit https://news.ycombinator.com/item?id=35390782
| nektro wrote:
| great writeup
___________________________________________________________________
(page generated 2023-06-09 23:01 UTC)