• 0 Posts
  • 75 Comments
Joined 3 years ago
cake
Cake day: November 28th, 2022

help-circle
  • The past is definitely not a guide for how to achieve a future society or how that society should look, but it does remind us that a society without a state can exist.

    It’s not the hard part, but when we’re told that thoughts of a stateless society are fantastical it’s good to remember that it has been done before.


  • I use NixOS, but it is not for learning how Linux works; realistically it’s for when you already know how Linux typically works, so you can understand when it breaks some of those norms.

    If you want to learn how containers etc work, use straight-up Debian.

    I really don’t recommend arch for a server. On a desktop absolutely but what I want for a server is to be able to let it sit for 6 months, then update it and not have everything break; arch works best with frequent update hygiene.



    1. Software has bugs.
    2. Bugs which interface with and execute untrusted code are high risk.
    3. Browsers are obscenely large pieces of software, which connect a user’s system with random websites which execute JavaScript.

    Browsers are one of the most important things to update on your computer.

    We can talk about whether browsers should be as complicated as they are, but implying security updates are a intended as a vector of control is conspiricist thinking.

    The reason you don’t get security updates backported to your older release of choice is simple: it is so much work.

    Waterfox seems like a good choice, just don’t go around thinking that companies are making security updates in order to sneak in unwanted, they make security updates because they are terrified of being responsible for a major incident.






  • Your personal files e.g. ~/Documents are not recreated, you’ll still need backups of those.

    caveats are you’ve got to use:

    • home-manager to generate your dotfiles.
    • something akin to sops to generate and securely store your private keys and secrets.

    But all this can be written in the one flake, so yes nixos-install --flake <GIT URL>#<HOSTNAME> Is sufficient for me to rebuild my desktop, laptop or server from the same repository.

    I’ve never used Gentoo, and I’m sure there are other methods of achieving the same level of reproducibility but I don’t know what they are.

    Nixos can be as modifiable as Gentoo with the caveat being it’s a massive pain in the ass to do some things. I have a flake for making aarch64-musl systems which has been an endeavour, and… It works? I have a running system that works on 2 different SoCs. I do have to compile everything quite often though.

    There are efforts to recreate Nixos without systemd, but that’s a huge effort; because it’s very “infrastructure as code”, you have to change a lot of code where editing a build script would’ve sufficed on arch/Gentoo.

    As for nix vs guix, guix was described to me as “if you only ever want to write in scheme”, whereas nix feels much more like a means to an end with practical compromises spattered throughout.





  • I wish.

    It was a bcachefs array with data replicas being a mix of 1,2 & 4 depending on what was most important, but thankfully I had the foresight to set metadata to be mirrored for all 4 drives.

    I didn’t get the good fortune of only having to do a resilver, but all I really had to do was fsck to remove references to non-existent nodes until the system would mount read-only, then back it up and rebuild it.

    NixOS did save my bacon re: being able to get back to work on the same system by morning.








  • ~/.config is probably a poor comparison on my part; it’s management is actually done by home-manager rather than Nixos proper, and I can’t think of another OS that fills this same role.

    Nixos generates (for example) /etc/systemd/network to a path in /nix/store and symlinks it to it’s appropriate locations. After the files are generated the appropriate /nix/store paths are (re-mounted? Over-mounted? I’m not sure the implementation) made read-only (by default), but anything that isn’t generated is absolutely both mutable and untracked, and that “not tracking everything in /etc” is more what I’m going on about.

    If you use Nixos as intended (when you find that a package is lacking a config option you want, create your own nix option internally) the distro is effectively immutable, but if you use Nixos for anything moderately complex that changes frequently e.g. a desktop os, you eventually run into the choice: become competent enough to basically be a nixpkgs contributor, or abandon absolute immutability.

    I think the first option is worth it, and did go down that route, but it is unreasonable to expect the average Linux consumer to do so, and so something like fedora atomic is going to remain more “immutable” for them than nixos.

    This need to git gud is thankfully lessening with every commit to nixpkgs, and most people can already get to most places without writing their own set of nix options or learning how to parse //random markup language// into nix, but you’ll eventually run into the barrier.