You know why reinstalling Linux is annoying? Because you have to remember (or write down) every piece of config you ever changed. Dark mode in KDE? Change it in settings. Some systemd unit tweak? Change it in /etc/systemd. Want to run some commands at boot? Use systemd (see above), or write an initrd hook (distro-specific). Need a specific version of an app? Need some files in /opt? Need certain packages installed? You better remember to do that!

In NixOS, you "reinstall" your OS every time you change a single setting, because reinstalling NixOS isn't scary at all - everything that needs to be changed is configured in your configuration - just make sure /home and /var/lib are saved (and perhaps some other dirs, I have root on tmpfs and bind mount all persistent files I need to ensure I know what needs to be preserved on clean reinstall and what doesn't).

Want to move it to a different PC? No problem, copy the files in /home and /var/lib and simply install NixOS using the configuration you already have on the new PC. Want to create a boot option with slightly different kernel or kernel options, or maybe even another DE? No problem, specializations got you covered.

And of course, this also means it's easy to share configurations for specific use cases. Want to run on some specific hardware that doesn't work out of the box? Perhaps nixos-hardware got you covered. Want a certain program set up? Maybe there's already a NixOS option for system-level config or a home-manager option for user-level config, worst case you can write it yourself and share for everyone else in the community using flakes, and maybe open a PR to nixpkgs/home-manager. Want to share configuration between systems? That's easy, put them in the same flake and write a common module shared between all of your systems.

Basically, if you're fine with whatever comes out of the box in any Linux distro, you don't need NixOS, but if you need configuration, if you run servers, it is a lifesaver. I switched from Arch, no regrets. I run my personal laptop, my server, which I effortlessly migrated from Oracle Cloud when they quit Russia, and my router on it, here's my NixOS/home-manager config.

The only downsides are the learning curve and the fact that you can't "just" run programs that expect a FHS layout. You can do it with workarounds like steam-run or appimage-run anyway, but overall be prepared to learn to package stuff for NixOS. Also if you have no experience with functional programming, the Nix language may be hard to understand at first.

I use fish + tide

I tried zsh+p10k before fish+tide, but zsh felt annoying in subtle ways that weren't fixable with (existing) plugins, so I switched back to fish, but installed tide to mimic my previous p10k theme.

for example, when you need to copy some files and not the other, you can take your time selecting the specific files you need to copy instead of writing the list of files in one command. When you want to check the contents of a lot of files, you can just open file preview. Etc, basically sometimes CLI isn't as convenient as TUI/GUI

strictly speaking, NixOS doesn't have repositories.

NixOS has "derivations" (rules are written in the Nix language to generate a script that builds a package, which is called a derivation - yes, everything is built from source to the extent possible/reasonable) and "platforms" (the system that builds the derivation OR the system the derivation is built for). A "platform" is e.g. the CPU architecture, the libc used, the target kernel (there's most support for Linux and Darwin, which is the macOS kernel, but e.g. FreeBSD is supported to some extent too). The derivation code may well be shared across platforms, though often platform-specific workarounds are required.

Of course, different platforms have different support. Some platforms have derivations from nixpkgs (the NixOS git repo) regularly built for them and put into the official binary cache (which stores the derivation outputs, i.e. ready-built packages for a certain set of inputs, which generally match what you would've built from source because Nix strives for reproducibility, you're still free to override a package's inputs and build it from source). linux-aarch64 is one of such platforms. Other platforms may only have a small set of core packages like gcc built for them, or simply require building absolutely everything from source.

The reason nixpkgs is not a repository (though I guess you could call it one) is because it only provides rules to build a package, but not the package itself. Some derivations (e.g. for Gog games) even require you to add some non-redistributable files to the Nix store manually. The derivations may or may not build correctly for each platform they're supposed to work on.

The reason the binary cache is not a repository is because it's just a cache for nixpkgs - it stores every derivation's output (if the build doesn't fail), even if that derivation is one that downloads a package's source code (yes, that's a derivation too), even if the derivation is from many years ago (which has historical value, as you can revert nixpkgs to an old version and still be able to download prebuilt versions of packages).

Together, they form something like a repository, but it's still way too different. For example, unlike on Arch, I can stay on the same nixpkgs version for a long time without updating, which I really prefer because I have to build 3 kernels on each update, since I'm syncing the nixpkgs version of my 4 NixOS devices, only 1 of which doesn't require a custom kernel config. Or I can always revert back to an older version of nixpkgs if a new one breaks something and it will still work. Or I can fork nixpkgs and change some stuff, and the stuff with changed inputs will have to be rebuilt locally, with stuff that didn't change still available from the binary cache.

actually many "Unix people" got mad at cat becoming "bloated", because of options like -v (which escapes nonprinting characters)

Race is a social concept. Race is a thing which exists. Gender is a social concept. Gender is a thing which exists. Race is based on ethnicity, but can't be explained by it alone, gender is based on sex, but can't be explained by it alone.

just use the Arch Wiki. The only parts that differ per system and when you really have to read a lot is partitioning (depending on whether you want encryption, etc) and post-install configuration like installing a DE, other than that the installation guide will basically cover everything on a single page

I'm a programmer and I remember 33 digits, but in practice I never use pi because I never have to deal with geometry

Most phones have no mainline Linux support, and require something like ubports, which can use an unholy hack to run Linux userspace based on Android drivers and kernel. I think this one can be installed to just about any Android phone (worst case you can use the generic GSI image, which should work but be slow). Personally, I've never once bricked a phone by flashing it, and I've been doing it since ~2015 (don't remember the year, but it was a Lenovo S660).

OnePlus 6 is a 5 year old phone with a SoC that has comparatively high development velocity (SDM845), which is why it's finally getting close to full mainline support for basic features like calls/SMS/camera/sensors (still not fully there, and yes sensors are needed, they make stuff like autorotate and turning touchscreen off when you put your phone to your ear during a call work). If you want to tinker with Linux, I recommend a Pinephone; though Mobian did mention how frustrating its ecosystem is in their blog. Maybe Pinephone Pro or Librem are better, but they're way way way more expensive. If you want a daily driver, I recommend a OnePlus 6/6T as explained in the article, or some other SDM845 phone, and maybe don't DIY if you don't have the basic experience in working with ARM SBCs and Android ROMs like me lol.

postmarketOS is probably the smoothest experience you'll get on a wide range of devices, and I highly recommend it. Most other mobile Linux distros are often more or less piggy backing off their work (though of course other distros create cool stuff too).

it's the way Nix works too

what do you even mean "don't support encryption"? Do you mean FDE? In that case PostmarketOS supports it, and you can get any other distro to use FDE if you tinker hard enough

enable xdg portal integration in Firefox (assuming you use Plasma which probably has builtin xdg portal support)

finance webapps log you out often for "security", can't do much about that

• full disk encryption on everything except the router (no point in encrypting the router)
  • the server doesn't have a display connected for obvious reasons, so I'm manually unlocking it via ssh on each boot
    • obviously, the SSH keys are different, so the server has a different IP in initrd. That said, I still don't have any protection against malicious modification of initrd or UEFI
• the server scans all new SSL certificates in realtime using certspotter and notifies me of any new certificates issued for my domains that it doesn't know about (I use Cloudflare so it triggers relatively often, but I still do checks on who the issuer is)
• firewall blocks outgoing 25 so nobody can impersonate my mailserver

I use noscript and whitelist javascript URLs per-origin, this coupled with uBlock means even the trackers uBO doesn't block usually don't work

yes, many games have 32-bit builds (though maybe Valve can just use 32-bit Steam Runtime to preserve compatibility)

it only went open-source last week

it's good, but older software doesn't support it

systemd resets the logs when they get big, this isn't the 2000s anymore. But if you want to limit the size of /var/log, any modern filesystem has disk quotas per-directory

you will pry my s/a/b/ from my cold dead hands!

it's fine, but I recommend only enabling autologin at boot so you can lock the screen without shutting down the entire PC

ha ha women objectification funny

no, Unix was proprietary too

VS Code is a text editor with plugins, VS is a full blown IDE with many many many features (it's like 10GB+ out of the box)

In short, Nix reduces the setup time, both for your system and for your projects. If you find yourself spending a while setting stuff up (for example, after a reinstall; or maybe you want to run your project on another PC and need to install the right dependencies), Nix will help. Otherwise, if your desktop is vanilla Fedora or whatever and you don't do much programming (or you don't have any dependency management problems), Nix probably isn't for you.

sway with tabs (i usually dont use actual tiling)+4-5 workspaces

waybar for status display and on mobile also for menu access

rofi as the app launcher (i also plan to write a proper rofi menu for my phone for quick access to useful commands/config but it's heavily wip)

i patched sway for push to talk because wayland spec doesnt support keybindings in a way required for push to talk for now

i also plan to patch it on the phone to completely forbid fullscreen apps (as they hide the menu which i use for workspace/window switching) and show the window bar on all windows (for example, firefox extension/downloads popups)

it looks like it's similar to SmokeAPI which is used by CreamApi, though SmokeAPI has much more code (I don't really know what for, it seems pretty bloated actually, but some of it is an improvement over my version), and more importantly SmokeAPI isn't crossplatform

This would work for something like Ubuntu, but I use NixOS so it's not gonna help much (but the NixOS linux-firmware maintainer does know of the issue)

NixOS is a general purpose distro (I use it on my router, server and laptop, and plan to install it on my phone, it doesn't get any more general purpose). To run packages that aren't in its repo, you write a package yourself. Note that unlike on traditional Linux systems, there's essentially no concept of "installing" packages. Packages are built and put into /nix/store, then you can optionally add them to your system packages or user packages and they will be symlinked to /run/current-system/sw or ~/.nix-profile, but there's nothing preventing you from just using the package without adding it to system/user packages.

applications from the Play Store or App Store are something people have to get and use everyday

I haven't made the full switch to mobile Linux yet, but my Android phone has 0 proprietary apps besides the firmware and it's 100% usable

in my country, if you exclude browser-based banking no bank will work

Well, the question is why are you excluding web banking? While it's less convenient at times, banking apps collect every piece of info about you they possibly could collect, they try to prevent you from "messing" not only with the banking app, but with the phone itself - they are one of the most egregious cases of "normalized privacy invasion", so web banking is much preferable to banking apps. If you're allergic to webapps for some reason (which would be a very weird thing to say for someone who installs banking apps), fine, switch to a bank that allows doing operations via SMS (that's the only feature I miss from Sberbank).

the NFC / contactless payment system here requires either Apple Pay, Google Wallet or a proprietary app develop by a banking alliance

Why are you using contactless payment? Unsatisfied with the amount of data your bank collects, you want to give the same data to Apple/Google? What's the problem with just carrying a card with you? I genuinely don't understand. This certainly isn't a "100% unavoidable requirement", but just a fad you didn't even think whether you could do without

Govt provides electronic versions of your identity card, driving license and a ton of other cards related to the govt that also require an Android/iOS app they make...

That's absolutely true, which is egregious. You should petition your government to open-source those apps (public money = public code), you should reverse engineer those apps to get their functionality without the proprietary code (if they just show a barcode/qr code/picture, it's easy, but it gets harder if it uses NFC). Either way, this isn't something you "need", as carrying your documents around really isn't a problem... for me, anyway, YMMV I guess

Even something simple like setting up a TP-Link Tapo wireless security camera will require an app these days.

...first you buy an IoT device that connects to "the cloud", then you say you need proprietary software to access it. Of course you do, that's the kind of device you bought - the vast majority of IoT devices are made with zero regard to the user's privacy and security, to hackability or right to repair.

That said, it's very easy to find hackable devices if you do the bare minimum research. Examples from my home - Valetudo (FOSS robot vacuum firmware) on Viomi V2 Pro, Tasmota (ESP32 firmware) on an AiYaTo light bulb. This is not a problem with mobile Linux, but rather you choosing a device that's made to collect data from your phone.

In conclusion, everything you listed so far isn't a problem with mobile Linux, but a problem with your approach to software/hardware freedom. Chances are, you aren't a hacker, and by extension aren't a part of the target audience of a Linux phone. That's fine, but don't pretend there's some insurmountable barrier preventing anyone from using it - it's just that you don't need it. Waydroid exists, which makes all of the claims in your comment invalid (besides maybe banking apps which may detect Waydroid), but you won't consider Linux phones viable anyway - because, again, you don't need it.

ssh keys go into my keepass db, keepassxc imports them into gpg agent or ssh agent. Bash aliases and so on are in my dotfiles

https://github.com/nix-community/nix-doom-emacs - declarative

https://github.com/hlissner/dotfiles/blob/master/modules/editors/emacs.nix - imperative (used by the doom emacs author, this is probably more hackable)

Nix doesn't do anything special when launched.

The way it works is very simple - instead of e.g. /usr/lib/libssl.so.3, binaries use /nix/store/openssl-.../lib/libssl.so.3. This is done at build time, not runtime.

Anyone with access to your homeserver can change your password and log into your account. That's why by default, when someone logs into account, their session is unverified and doesn't have access to encryption keys. To verify it and sync encryption keys, you have to mark it as trusted from another device you own (which sends the encryption keys from the old device), or if it's the first session it becomes the only trusted device (and generates new encryption keys).

Note that the homeserver owner can always reset all of your sessions and encryption keys, then log in as the first session. They won't be able to read your past encrypted messages obviously, but they will be able to impersonate you. To prevent that, you can additionally perform the same verification process for the devices of those you chat with - that way they will also know which devices you marked as trusted.

thing is what you want is impossible (background services with no notification). However, Android has per-app notification settings where you can toggle notification categories, so the app can request to not be killed by showing a persistent notification, and you won't see it because you've hidden it

what do you mean by status bar icon? if you mean the persistent notification, it's so element isn't killed by android and can receive push notifications without google play services

tbf the docs are in the format of manuals, i.e. only useful if you already know what you're looking for or have lots of time. If you don't, read blog posts and nixos.wiki.

executable ownership doesn't matter, what matters is the rights of the user running the binary, and whatever sandboxing you have configured. So use Flatpak or Firejail.

yes, if that AUR was in a centralized git repository, and kept track of inter-package compatibility, and centrally cached prebuilt versions of the packages for every single update, and you could also easily modify any of the packages, and there was a way to autogenerate build scripts, and and and...

Okay Ubuntu is bad but it doesn't have anything to do with Oracle... Did you confuse them with Canonical?

But yes, this hasn't been an official Canonical project for a long time... afaik