How to install Nix on Fedora Silverblue

GravitySpoiled@lemmy.ml to Linux@lemmy.ml – 42 points –
julianhofer.eu

Today, I wanted to have another go with nix. Previously I just read about it and didn't do anything for a couple of months. Now, I installed nix package manager with very few lines of code and two more to install many packages as described in his post. Installation was very fast on my banana laptop. Until now I used distrobox but I always wondered which distro/ package manager to use. What's your experience with it? For now, I'll test it. It's super easy to use. It may not be straight forward to a linux newcomer but if you know what you want, e.g. ffmpeg you can just add it with home-manager edit and install it with home-manager switch. So far, I love it!

34

Dont. uBlue also switched away from it.

My question is, how do I remove it again?

What does uBlue switching away from it have to do with someone wanting to install it on Silverblue?

He thought it's not possible to install nix on silverblue and another commenter tried to install it on secureblue. It's not possible there. The problem is either somewhere along the supply chain (ublue) or with secure blue

Removing nix is mostly done by deleting /nix, and removing some systemd services, as well as deleting some nix-related users or groups (iirc nixblkd)

Because almost all of nix happens in /nix it doesn't clutter much of the system.

/nix doesnt work on Fedora Atomic, thats the thing. So it has to be somewhere else.

I still have dozens of strange Nix users left

Why does it work on my machine? I'm on silverblue

Dont know how they solve it, but /nix is not possible.

Maybe in /var/nix and symlinked or mounted to /nix

Yes, that's likely the case.

The ahayzen/silverblue-nix guide uses bind mounts from /var/lib/nix to /nix. The latter being created by making / temporarily writeable with chattr +i /.

https://gitlab.com/ahayzen/silverblue-nix#using-nix-on-fedora-silverblue

It's possible to install nix on Fedora Atomic by disabling SELinux and using bind mounts.

disabling SELinux

I hope this is not a serious suggestion?

This needs correct SELinux labels, and not just disabling it.

Dan Walsh is very sad.

It seems the Determinate Nix installer supports Fedora Atomic with SELinux enabled.

supporting SELinux and OSTree based distributions without asking users to make compromises

https://github.com/DeterminateSystems/nix-installer

Edit:

disabling SELinux

I hope this is not a serious suggestion?

Since no nix installer supported SELinux at the time, it was the only way to use nix on Fedora Atomic. With a better option available disabling SELinux is a bad idea indeed.

I didn't disable selinux

It seems the Determinate Nix installer supports Fedora Atomic and SELinux.

On topic:

I really like Nix and home-manager. I've mostly switched to NixOS because it's more convenient for window manager setups than building ublue images imo.

Having to mess with containers for different dev environments and keeping the up to date is imo more annoying than creating a shell.nix

Also being able manage my dorfiles with home-manager and installing software declaratively helps in keeping the system free of clutter.

Bazzite user here and I'm using flatpaks whenever possible and distrobox for everything else; which are the benefits of Nix over these?

Nix has more packages , by far. Nix also automatically handles the dependent libraries for each package, which is something you can't do with brew on immutable systems. This means that Nix can install software like espanso, which wouldn't work on uBlue derivatives otherwise.

I really wish the uBlue maintainers would have opted for Nix over brew for that reason. It's not much more difficult to do nix profile install nixpkgs#package-name over brew install package-name. They could have even aliased it to make it easier.

It's faster than distrobox, it's not within a box but on host, it's easier than most package managers. I still go for flatpak first but for everything else I use nix. Especially for programming environment it looks to be much better than distrobox

Using containers on Linux has basically no performance loss compared to running on the host. They share a kernel and nothing needs to be virtualized (unlike containers on macOS and Windows), so anything you run in a container is basically the same performance as running it on the host.

I still agree though: using Nix is better than using Distrobox for many other reasons.

Sorry, faster because installing a package is faster than with other managers since you don'5 have to deal with any copr, debs or anything and it's really fast on my install. I haven't compared it directly but it feels very fast.

Nix is useful for CLI packages, which aren't very simple to use through flatpak. It also has far more packages, and is very useful for creating development environments.

Homebrew for CLI. Distrobox needs to be used with Arch, at least the Fedora boxes are literally not possible to system upgrade.

I like it, though I've used it very little (just no need, ATM). They have some decent practice examples to go through, but it's definitely a unique way of thinking about package management.

My experience is that nix package configs are tested on NixOS. I used it on other OSes, and I easily encountered misconfigurations and such. The problem is that they are understaffed.

I ended up combining a few package managers due to this, but I'd have preferred to use another manager solely.

Until now I used distrobox but I always wondered which distro/ package manager to use. What’s your experience with it?

The answers found below this post resonate with my own experiences.

I do have a question: When you run the sestatus command in the terminal, what string/description is found corresponding to "Current mode"?

$ sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Memory protection checking: actual (secure) Max kernel policy version: 33

Thank you for the response!

Current mode: enforcing

This is pretty interesting. If I recall correctly, installing Nix onto Silverblue came with the caveat that SELinux' enforcing mode had to be turned off. But, your terminal output tells another story. I wonder what's up.

FWIW, I had lost interest in installing Nix on Fedora Silverblue for this very reason. However, I might have to revisit my stance on this. Once again, thank you (for reinvigorating my interest in Nix)!

I'd like to know if it works for you now. I only ran the commands from the post and everything worked ootb

That's probably why I gave up on it back then as well

I’d like to know if it works for you now. I only ran the commands from the post and everything worked ootb

Aight. Let's give it a go:

Terminal interaction

Well..., for some reason it didn't work. FWIW, I'm on the bluefin-dx-main-userns-hardened image as provided by secureblue.

Line 49

Consider reporting this error using this URL: https://github.com/DeterminateSystems/nix-installer/issues/new?title=%3Cautogenerated-issue%3E&body=%23%23+Error%0A%60%60%60%0AError%3A+%0A+++0%3A+Install+failure%0A+++1%3A+Error+executing+action%0A+++2%3A+Action+%60provision_nix%60+errored%0A+++3%3A+Action+%60create_nix_tree%60+errored%0A+++4%3A+Action+%60create_directory%60+errored%0A+++5%3A+Creating+directory+%60%2Fnix%2Fvar%60%0A+++6%3A+File+exists+%28os+error+17%29%0A%60%60%60%0A%0A%23%23+Metadata%0A%7Ckey%7Cvalue%7C%0A%7C--%7C--%7C%0A%7C**version**%7C0.19.0%7C%0A%7C**os**%7Clinux%7C%0A%7C**arch**%7Cx86_64%7C%0A

Yeah I noticed that line as well. But, I'm a bit pessimistic that it will not be solved. Btw, what's the image you're on?

Boring silverblue 40

Interesting!

So, I guess that at least one of the following 'transitions' is 'blameworthy':

  • Silverblue -> uBlue Silverblue
  • uBlue Silverblue -> Bluefin-DX
  • Bluefin-DX -> secureblue

I guess I'll pass out on it for now. Thank you though!