377
Principal Skinner on Immutable Distros
(infosec.pub)
Post funny things about programming here! (Or just rant about your favourite programming language.)
I went through a NixOS phase, and for a user that isn't trying to maintain a dev environment, it's a bloody lot of hassle.
I'm all behind immutable distros even though I don't particularly have the need for them, but declaritive OSs are kinda niche.
I agree but I prefer it to things like ansible for sure. I'm also happy to never have to run 400 apt install commands in a specific order lest I have to start again from scratch on a new system.
Another place I swear by it is in the declaration of drives. I used to have to use a bash script on boot that would update fstab every time I booted (I mount an NFS volume in my LAN as if it were native to my machine) then unmount it on shutdown. With nix, I haven't had to invent solutions for that weird quirk (and any other quirks) since day one because I simply declared it like so:
IMO, where they really shine is in the context of declarative dev environments where the dependencies can be locked in place FOREVER if needed. I even use Nix to build OCI/Docker containers with their definitions declared right inside of my dev flake for situations where I have to work with people who hate the Nix way.
No end of interesting shit you can do in Nix, at one point I had zfs and ipfs entries in one of my configs. I got away from it all before flakes started to get popular.
I tried it as a docker host; the declarative formatting drove me around the bend. I get a fair bit of disaster proofing on my docker host with git and webhooks, besides using Proxmox/ZFS to host it all and back it up.
I suspect that the whole Docker thing will improve exponentially now that Nix is on the Docker's radar. I found the OCI implementation to be superior to the actual Docker implementation in Nix.....at least for now. I think the way that Docker isolates things to layers is the biggest barrier to them working together seamlessly at the moment....but I think they'll start to converge technolgically over the coming 10 years to the point where they might work together as a standard someday.
They're the bee's knees if you have a homelab, though.
Maybe homelab stuff that you mess with a lot and need to revert or stand up a multitude? I tried it for self-hosted apps and frankly a docker host is way easier. JB guys were pushing it for Nextcloud and it was a nightmare compared to the Docker AIO. I guess you could stand it up as a docker host OS, but I just use Debian, it's pretty much bulletproof and again, less hassle.
I recently switched to nixos, because my ACME image was failing all of a sudden and I didn't know enough what was going on under the hood to fix it.
It was a steep learning curve, but the infrastructure as code approach just works too well for me, since I just forget too much what I did three years ago, when doing things imperatively.
i mean, provided that the OS has a proper graphical configurator (like most normie OSes), isn't being declarative just a straight upgrade? Configure everything once when installing and then you never have to repeat that process again.
I think your "proper graphical configurator" is doing some heavy lifting there. Of course, there's no such thing right now, so you're dealing with the coding yourself in a pretty oddly designed syntactical language, and the terrible official documentation that is the current state of affairs to do it with.
Other than that, sure, a declaritive and atomic OS would be the way to go.
the thing is that distros like fedora and ubuntu have had them for ages
I thought you meant for a declarative OS like Nix. Which does not have a GUI configurator, nor does any comparable declarative OS. Isn't that what we've been talking about this entire thread?