Immutable Operating Systems: Yay or Nay?

simple@lemmy.world to Linux@lemmy.ml – 44 points –

I've seen a lot of talks on the benefits of immutable distros (specifically Fedora Silverblue) but it always seemed to me as more of a hassle. Has anyone here been daily driving an immutable distro? Would you say it's worth the effort of getting into?

43

You are viewing a single comment

I use NixOS, which is kind of a middle thing. The OS is generally immutable, except through one central config. This allows to tweak the OS to exactly the way you want it, whilst preventing any accidental changes and allowing atomic rollbacks.

Learning Nix configuration syntax is a bit of a bump in the road, but once you've got that it's smooth sailing

How long did it take you to migrate from the distribution before and what's your experience in this space in general?

I like the idea of a declarative configuration, but I find it hard to justify when Ansible has the potential to do the job 99% as effectively.

Also, what do you feel are the most "killer features" in nixOS?

I've recently switched over to NixOS in gradual rollouts to my systems:

Stage 0 (~2h):

  • Installed NixOS with Gnome on my Laptop for testing an getting a feel for it (I prefer testing on bare-metal initially)
  • Tweaked it a bit via the config: removed gnome apps that came with the preset, installed all programs I needed and tested them

Stage 1 (~3d):

  • Installed NixOS minimal on my primary system
  • Set up sway according to the wiki
  • Bodged together something similar to my previous arch setup, mostly my linking old config files with nix to programs installed with nix

Stage 2 (~4d):

  • Moved all configs I could from my linked config files to the nix module declarations
  • Seperated config file into files ordered as like config-tree
  • Achieved a similar working state to my previous arch install
  • Moved channel from 22.11 to unstable (rolling release)

Stage 3 (~7d):

  • Set up home-manager
  • Finally moved all config declarations into nix modules, no non-nix files left in my config
  • Also copied the config to my laptop, a single activation and I switched from gnome to sway without any problems

Stage 4 (~21d):

  • Looked at a bunch of other peoples system configs
  • Recreated everything as a flake, similar to dunklecat's config from sourcehut
  • Applied the config to my primay system and laptop
  • Wrote a bunch more config modules

Stage 4.5:

  • Wrote some tools to make moving around nix easier for me, but mostly to get accustomed to the ecosystem

Stage 5 (~6d):

  • Created and applied further system configs for a hetzner server & VMs

Stage 6 (tbd):

  • Refining my config
  • Adding further modules

Edit 1 (added personal experience): I'm a computer science student and have been using *nix as a daily driver for half a decade, my previous daily driver was arch for about two years. I spend ~1000h/y coding on non-University or Work related projects. I'm at a point where I can typically pick up a the basics of a new language in two to three weeks and write simple programs with it -> library/specific knowledge comes with usage.

Nix(OS)'s biggest killer feature for me is that I never had to update, wait for updates or fix updates after setting up the modules properly and getting CI set up for my git repo -> all systems are build before the update is rolled out, if the build fails, the update won't be rolled out. Systems decide for themselves when to update and how they should handle them (i.e. server vs. desktop).

That goes for all my systems: Laptop, PC, Servers and VMs

I like the idea of a declarative configuration, but I find it hard to justify when Ansible has the potential to do the job 99% as effectively.

From my point of view, the strength of NixOS compared to sensible is not that it does the stuff you declared in your configuration. It's knowing that the description is complete and your system does nothing else (because it's basically selectively built at boot). Sure, some options have implications that might not be visible at first glance, but nothing can hide in the long term. You have no such guarantee with Ansible.

Ansible is a good solution, but it doesn't do as much as nix on NixOS.