A review of Nix/NixOS after using it on all my machines for three years. I'll cover what works, what doesn't, and why it's the first OS that's stuck with me.
I like the idea of nixos, but I feel like it makes a bunch of daily sacrifices in order to optimize a task I do once every few years? I hardly ever get a new computer, but I install/uninstall/update/tweak packages on my system all the time. With a dotfile manager and snapshots, I get most of the benefit without any of the drawbacks.
You only have one machine? I benefit from sharing configs between the laptop and the desktop. They are not the same, but I can easily copy paste a complex service I defined in my desktop to do the same thing on my laptop
I have a desktop, laptop, and a few VMs and servery things. Dotfile manager (yadm, which is a git wrapper) to sync personal settings, everything else I just do manually. The system-level configs are either different enough that standardizing them isn’t very helpful, or no more complicated than installing packages and activating services.
This is a good example of what people consistently overlook/misunderstand, when it comes to Nix.
Obviously you can remount a /home, or just pull the dotfiles from a personal repo, but the strength of Nix is also in that I can re-create my entire config exactly how it is defined. If i were to setup a machine completely from scratch, with a mature enough config, it will get me from 0 to my exact desktop completely unattended.
But there are also many more advantages to it, at least in my eyes. Let’s take trying/tweaking new packages as an example. Yesterday I pulled an old repo for an Outer Wilds mod. The thing needs a dev environment, and a mod manager for the actual game. A nix shell got me both, I finished my work, and when I exit out of fish, both are gone, just as I wanted them to be.
Another good example would be partial os updates. I’ve used Arch for almost 9 years before switching to Nix, and pretty much a top3 Arch rule is not doing partial updates, or partial rollbacks. In case of a breakage, I would have to manually redownload an older version of a tarball, pacman -U the package, and then hope i’m not cooked. In the case of gcc incompatibilities, it can quickly become a massive pain in the ass. My nix flake would never experience this problem, because I already have two different scenarios available - either i build based on an older lockfile from my git repo, or I create an overlay for a specific input I need, so that it still pulls what it needs, and doesn’t interfere with the rest of my system
I’m always on the go, swapping PCs, travelling for medical reasons. Buy, sell, trade hardware. Nix allows me to boot into my system as if I never left with a simple hardware config update script. Rock solid consistency.
Is your hardware always the exact same? Because if it isn’t, then I’m sure you have to do modifications to your config file. And at that point you night as well just use a regular distro instead.
You can manage multiple machines with a single Nix configuration git repository and modularize the configuration as much as you want. You can have a config with a desktop environment that you skip on servers, override individual variables for a specific host or do whatever you want. You can even remote deploy it all with a simple nixos-rebuild build --target-host "user@host" and it works across different architectures too (e.g. build on your fast x86 machine and deploy to a slow RaspberryPi).
So what the main hassle of switching is that you have to run your hardware file to update for your new hardware, then inside your Nix config rarely will I ever have to edit things (maybe UUIDS if totally new machine fresh nix install/but I usually ssd swap for ease of transition and speed, or even clonezilla multiple drives and use as needed) even drivers for example. I’ve got auto scripts setup to run that will automatically pull any drivers or updates from the base system nix update to any drivers.
There’s really only two files you ever have to touch that I’ve used. Nix hardware, nix config. Once hardware is updated for which system you on you’ll never touch that until you boot a new machine with different hardware. If you setup nix how it’s supposed to be. Nix config is your master file. A single backup of that and when setup correctly. I can boot like I never left my machine. I’m talking librewolf still has my accounts open and logged in. VPN works. It’s all seamless damn near.
You have to learn to play within nixos sandbox meaning understand what your capable of doing and do it all inside config. With a few auto scripts, and 3 or 4 common commands on desktop page for whatever you wanna do and its terminal and memory hands off. I’ve what I call dumb Monkey commented my entire config and its in order if boot process from power on machine to boot, etc to shutdown.
A regular distro still poses many many more challenges when hardware swapping. You have different files to remember fstab, etc etc which can lead to mental memory load and system clutter if you didn’t build and maintain a perfect system from the beginning with stuff like files, sym links, all sorts if tweaks you’ve made over time.
So I switched to nix to mitigate those things. Now I’ve made a master config file copy, auto updates, backups, etc is all automated in the background now. All contained in my nix config. It’s supremely stable. Mental load is zero. Fills my use case. Immutable.
You have nothing to lose and only to gain. Pick any desktop environment and setup to your liking. I came from windows, to mint, to full custom nix all my apps, browsers, luks, apparmour, firejail, the whole stack.
I’ve tried live boots of many other distributions but this is the cleanest, leanest, most manageable of them all. My only true concern is project lasting long-term. For now. Aside from not having GUFW. I’m happy. I think there’s just a lot if misinfo and lack of hands on use from most people or incorrectly setup systems to utilize how nix should be ran. I think that should iron out over time.
I’ve used nixos exclusively lately. It’s been awesome. No system scatter, clutter. It’d immutable. There’s very slight driver hassle (you don’t have GUI for drivers so a simple terminal command fetches everything you need.) in cinnamon. I came from mint. I have all basic commands in executable files on desktop for ease of hassle. It’s not about rebuilding the system. Its about being hands off. Next to zero maintenance because not much in your system gets altered. I went for a full custom install from terminal. The only thing I personally miss being GUI is a firewall like UFW or GUFW.
Overall its more rock solid and workable than likely every distro I have ever tried. The feature set is nice, easy rollbacks, fucking cake backups. All you have to know is your entire system lives on one small editable file called nix. Configuration. Keep it in a micro SD or USB or any backup and it’s as if you never left. Any changes you want you simply tweak in the config then reboot. If it breaks then select your previous gen number on boot and your exactly where you was before.
I diff my edits and keep copies, run auto backups, and more. It’s so hands off that I haven’t found a better replacement yet. My single biggest concern is long-term viability in the project.
I feel like setting up a new machine is just the easiest to explain.
Personally, I find dotfiles messy, as you often just want to change one or two settings, but you always carry along the whole file with all kinds of irrelevant other settings. This also makes it impractical to diff two versions of those dotfiles, especially when programs write semi-permanent settings into there.
I guess, your mileage will vary depending on what programs or desktop environment you use.
For example, I love KDE, but they really don’t do a good job keeping the config files clean. Nix Plasma-Manager generally fixes that, and for example allows defining the contents of the panel in a readable form.
I think you over complicating your view here. I daily nix. Your not carrying a bunch if dot files. You have one. A single nix. Config. That’s it. It’s not big, long, messy, what so ever. I have mine commented by section from boot order to auto updates and backups. Your talking about 150 lines of extremely short and almost self explanatory code. I came from mint having never used nix. I figured it out doing a custom luks install and the whole custom build from scratch in no time.
Your diff issue is overblown. The edits you make are small and you cannot get lost in multiple configs unless your doing entire system writes which you would never do. I use a dead light weight diff GUI or terminal. This has to be one if the cleanest, maintenance free distros I have ever used.
It doesn’t seem you have truly driven Nix with this take. No program writes directly to your config, even if there was say your temp scenario you reboot and temps would wipe away like you never did them unless you rebuild nix config. Most of your concerns would fall away once you really drove nix to see how it functions.
Yeah, you understood my comment entirely the wrong way around. When I say “dotfiles”, I mean the non-Nix way of managing application configurations. Nix Home-Manager happens to write to these dotfiles, but that means I don’t have to deal with the dotfiles myself.
The biggest downside to containers vs. Nix for me is that Nix can produce binaries for Linux and macOS, whereas docker only helps with Linux unless you can perform literal magic to cross-compile your project on Linux for macOS.
Containers also don’t give you reproducible environments, and Nix does.
That said, Nix documentation is ass, so I usually end up going with containers because they require far less suffering to get working because writing a containerfile is much easier than guessing how to hobble together a Nix flake with a mostly undocumented language.
Loved nixOS but couldn’t install PIA VPN gui and disliked the workarounds. Also doing .net dev was more awkward than I liked so went back to Arch and wrote some scripts to install all the packages I want instead. Love the idea of nixOS though.
I like the idea of nixos, but I feel like it makes a bunch of daily sacrifices in order to optimize a task I do once every few years? I hardly ever get a new computer, but I install/uninstall/update/tweak packages on my system all the time. With a dotfile manager and snapshots, I get most of the benefit without any of the drawbacks.
You only have one machine? I benefit from sharing configs between the laptop and the desktop. They are not the same, but I can easily copy paste a complex service I defined in my desktop to do the same thing on my laptop
I have a desktop, laptop, and a few VMs and servery things. Dotfile manager (yadm, which is a git wrapper) to sync personal settings, everything else I just do manually. The system-level configs are either different enough that standardizing them isn’t very helpful, or no more complicated than installing packages and activating services.
Activating services is the specific task NixOS is great at, you can just add it and it downloads the packages and starts it and generates the configs
This is a good example of what people consistently overlook/misunderstand, when it comes to Nix.
Obviously you can remount a /home, or just pull the dotfiles from a personal repo, but the strength of Nix is also in that I can re-create my entire config exactly how it is defined. If i were to setup a machine completely from scratch, with a mature enough config, it will get me from 0 to my exact desktop completely unattended.
But there are also many more advantages to it, at least in my eyes. Let’s take trying/tweaking new packages as an example. Yesterday I pulled an old repo for an Outer Wilds mod. The thing needs a dev environment, and a mod manager for the actual game. A
nix shellgot me both, I finished my work, and when I exit out of fish, both are gone, just as I wanted them to be.Another good example would be partial os updates. I’ve used Arch for almost 9 years before switching to Nix, and pretty much a top3 Arch rule is not doing partial updates, or partial rollbacks. In case of a breakage, I would have to manually redownload an older version of a tarball,
pacman -Uthe package, and then hope i’m not cooked. In the case of gcc incompatibilities, it can quickly become a massive pain in the ass. My nix flake would never experience this problem, because I already have two different scenarios available - either i build based on an older lockfile from my git repo, or I create an overlay for a specific input I need, so that it still pulls what it needs, and doesn’t interfere with the rest of my systemFor DevOps, it provides consistency for every CI run and production deployment, especially when a whole system needs to be shipped.
I’m always on the go, swapping PCs, travelling for medical reasons. Buy, sell, trade hardware. Nix allows me to boot into my system as if I never left with a simple hardware config update script. Rock solid consistency.
Is your hardware always the exact same? Because if it isn’t, then I’m sure you have to do modifications to your config file. And at that point you night as well just use a regular distro instead.
You can manage multiple machines with a single Nix configuration git repository and modularize the configuration as much as you want. You can have a config with a desktop environment that you skip on servers, override individual variables for a specific host or do whatever you want. You can even remote deploy it all with a simple
nixos-rebuild build --target-host "user@host"and it works across different architectures too (e.g. build on your fast x86 machine and deploy to a slow RaspberryPi).You run the script that generates hardware config file for you, it’s literally one command
So what the main hassle of switching is that you have to run your hardware file to update for your new hardware, then inside your Nix config rarely will I ever have to edit things (maybe UUIDS if totally new machine fresh nix install/but I usually ssd swap for ease of transition and speed, or even clonezilla multiple drives and use as needed) even drivers for example. I’ve got auto scripts setup to run that will automatically pull any drivers or updates from the base system nix update to any drivers.
There’s really only two files you ever have to touch that I’ve used. Nix hardware, nix config. Once hardware is updated for which system you on you’ll never touch that until you boot a new machine with different hardware. If you setup nix how it’s supposed to be. Nix config is your master file. A single backup of that and when setup correctly. I can boot like I never left my machine. I’m talking librewolf still has my accounts open and logged in. VPN works. It’s all seamless damn near.
You have to learn to play within nixos sandbox meaning understand what your capable of doing and do it all inside config. With a few auto scripts, and 3 or 4 common commands on desktop page for whatever you wanna do and its terminal and memory hands off. I’ve what I call dumb Monkey commented my entire config and its in order if boot process from power on machine to boot, etc to shutdown.
A regular distro still poses many many more challenges when hardware swapping. You have different files to remember fstab, etc etc which can lead to mental memory load and system clutter if you didn’t build and maintain a perfect system from the beginning with stuff like files, sym links, all sorts if tweaks you’ve made over time.
So I switched to nix to mitigate those things. Now I’ve made a master config file copy, auto updates, backups, etc is all automated in the background now. All contained in my nix config. It’s supremely stable. Mental load is zero. Fills my use case. Immutable.
You have nothing to lose and only to gain. Pick any desktop environment and setup to your liking. I came from windows, to mint, to full custom nix all my apps, browsers, luks, apparmour, firejail, the whole stack.
I’ve tried live boots of many other distributions but this is the cleanest, leanest, most manageable of them all. My only true concern is project lasting long-term. For now. Aside from not having GUFW. I’m happy. I think there’s just a lot if misinfo and lack of hands on use from most people or incorrectly setup systems to utilize how nix should be ran. I think that should iron out over time.
I’ve used nixos exclusively lately. It’s been awesome. No system scatter, clutter. It’d immutable. There’s very slight driver hassle (you don’t have GUI for drivers so a simple terminal command fetches everything you need.) in cinnamon. I came from mint. I have all basic commands in executable files on desktop for ease of hassle. It’s not about rebuilding the system. Its about being hands off. Next to zero maintenance because not much in your system gets altered. I went for a full custom install from terminal. The only thing I personally miss being GUI is a firewall like UFW or GUFW.
Overall its more rock solid and workable than likely every distro I have ever tried. The feature set is nice, easy rollbacks, fucking cake backups. All you have to know is your entire system lives on one small editable file called nix. Configuration. Keep it in a micro SD or USB or any backup and it’s as if you never left. Any changes you want you simply tweak in the config then reboot. If it breaks then select your previous gen number on boot and your exactly where you was before.
I diff my edits and keep copies, run auto backups, and more. It’s so hands off that I haven’t found a better replacement yet. My single biggest concern is long-term viability in the project.
I feel like setting up a new machine is just the easiest to explain.
Personally, I find dotfiles messy, as you often just want to change one or two settings, but you always carry along the whole file with all kinds of irrelevant other settings. This also makes it impractical to diff two versions of those dotfiles, especially when programs write semi-permanent settings into there.
I guess, your mileage will vary depending on what programs or desktop environment you use.
For example, I love KDE, but they really don’t do a good job keeping the config files clean. Nix Plasma-Manager generally fixes that, and for example allows defining the contents of the panel in a readable form.
I think you over complicating your view here. I daily nix. Your not carrying a bunch if dot files. You have one. A single nix. Config. That’s it. It’s not big, long, messy, what so ever. I have mine commented by section from boot order to auto updates and backups. Your talking about 150 lines of extremely short and almost self explanatory code. I came from mint having never used nix. I figured it out doing a custom luks install and the whole custom build from scratch in no time.
Your diff issue is overblown. The edits you make are small and you cannot get lost in multiple configs unless your doing entire system writes which you would never do. I use a dead light weight diff GUI or terminal. This has to be one if the cleanest, maintenance free distros I have ever used.
It doesn’t seem you have truly driven Nix with this take. No program writes directly to your config, even if there was say your temp scenario you reboot and temps would wipe away like you never did them unless you rebuild nix config. Most of your concerns would fall away once you really drove nix to see how it functions.
Yeah, you understood my comment entirely the wrong way around. When I say “dotfiles”, I mean the non-Nix way of managing application configurations. Nix Home-Manager happens to write to these dotfiles, but that means I don’t have to deal with the dotfiles myself.
deleted by creator
Ephera isn’t talking about nix when they say dot files.
It also is an option to ensure everyone has the same dev environment.
Meh. So is docker.
The docker is not bare metal though.
sigh, yes it is.
Does it matter if the overhead is practically irrelevant?
The biggest downside to containers vs. Nix for me is that Nix can produce binaries for Linux and macOS, whereas docker only helps with Linux unless you can perform literal magic to cross-compile your project on Linux for macOS.
Containers also don’t give you reproducible environments, and Nix does.
That said, Nix documentation is ass, so I usually end up going with containers because they require far less suffering to get working because writing a containerfile is much easier than guessing how to hobble together a Nix flake with a mostly undocumented language.
Feels very arbitrary. Why would I care about say MacOS versus FreeBSD or say NeXTSTEP (just to be provocative)?
Anyway I’m being pulled away from the actual argument, the “bare metal” argument is about performances, isn’t it?
Yes, the systems people actually use vs every system that exists. Very arbitrary
What I mean is that MacOS is proprietary and runs on specific hardware, it’s by design not meant to be interoperable so it’s not “just” popularity.
Of course it does. 🙄
Care to elaborate? Containers give you repeatable environments, which are not the same thing as reproducible environments.
But for like 99% of development teams “repeatable” is Good Enough™.
It could if there are issues accessing hardware directly. Overhead is, as you said, not that important.
Isn’t it what passthrough is for?
Loved nixOS but couldn’t install PIA VPN gui and disliked the workarounds. Also doing .net dev was more awkward than I liked so went back to Arch and wrote some scripts to install all the packages I want instead. Love the idea of nixOS though.
Package your own if you need it
I have no idea how and given there’s been a lot of people asking the same thing I don’t think it’s as trivial as packaging some binaries.