Your personal files e.g. ~/Documents are not recreated, you’ll still need backups of those.

caveats are you’ve got to use:

• home-manager to generate your dotfiles.
• something akin to sops to generate and securely store your private keys and secrets.

But all this can be written in the one flake, so yes nixos-install --flake <GIT URL>#<HOSTNAME> Is sufficient for me to rebuild my desktop, laptop or server from the same repository.

I’ve never used Gentoo, and I’m sure there are other methods of achieving the same level of reproducibility but I don’t know what they are.

Nixos can be as modifiable as Gentoo with the caveat being it’s a massive pain in the ass to do some things. I have a flake for making aarch64-musl systems which has been an endeavour, and… It works? I have a running system that works on 2 different SoCs. I do have to compile everything quite often though.

There are efforts to recreate Nixos without systemd, but that’s a huge effort; because it’s very “infrastructure as code”, you have to change a lot of code where editing a build script would’ve sufficed on arch/Gentoo.

As for nix vs guix, guix was described to me as “if you only ever want to write in scheme”, whereas nix feels much more like a means to an end with practical compromises spattered throughout.

Perhaps, but when I accidentally nuked my system by dd’ing to one of the hard drives, being able to install the exact same system back onto it by pointing the installer to my git repository was an excellent experience.

Statically linking is absolutely a tool we should use far more often, and one we should get better at supporting.

Tailscale edits /etc/resolv.conf, since your DNS isn’t working start by making sure that file is how the archwiki suggests rather than what tailscale changes it to.

An uninstalled tailscale may still have left that file modified.

I wish.

It was a bcachefs array with data replicas being a mix of 1,2 & 4 depending on what was most important, but thankfully I had the foresight to set metadata to be mirrored for all 4 drives.

I didn’t get the good fortune of only having to do a resilver, but all I really had to do was fsck to remove references to non-existent nodes until the system would mount read-only, then back it up and rebuild it.

NixOS did save my bacon re: being able to get back to work on the same system by morning.

A few months ago I accidentally dd’d ~3GiB to the beginning of one of the drives in a 4 drive array… That was fun to rebuild.

It seems a lot of new developers want to do some things differently; old guard devs can either make some compromises, or accept that fewer new devs will want to be part of upstream.

Dunno man, when what the dev of 30+ years said was more or less “fuck off”, it seems that advice was in fact heeded

It’s a chicken and egg problem; manufacturers aren’t going to care to upstream drivers if not enough of their users are on Linux, which slows new hardware. It’s much better than it was, but still ongoing.

Amd’s 7000 series amdgpu driver was busted in several ways for like a year post launch, and is still missing tunables for many GPU features.

Manufacturers are capable of making out of tree and unfree modules, but honestly I prefer the slow progress if it means most driver work stays in-tree.

I actually think this is more an attempt to exploit Trump’s worldview; he’s well-known to view inter-state relationships as purely transactional, and from that lens it seems like a good deal.

Thing is, depending on how the war goes either Russia or the US will take everything they possibly can from Ukraine; it may well be that offering Trump something the US was probably going to try to take anyway is just about the smartest way to turn somebody who was initially hostile to continued aid into someone personally invested in the outcome.

Either Linus or Greg K-H, likely after feedback from many others.

We should be looking at his given reasons, not making assumptions based on some ineffable set of considerations that he might have.

Christof’s given reason of complexity is sensible, it’s also one already considered when allowing R4L in the first place; adding rust language support has been deemed worth the additional complexity.

~/.config is probably a poor comparison on my part; it’s management is actually done by home-manager rather than Nixos proper, and I can’t think of another OS that fills this same role.

Nixos generates (for example) /etc/systemd/network to a path in /nix/store and symlinks it to it’s appropriate locations. After the files are generated the appropriate /nix/store paths are (re-mounted? Over-mounted? I’m not sure the implementation) made read-only (by default), but anything that isn’t generated is absolutely both mutable and untracked, and that “not tracking everything in /etc” is more what I’m going on about.

If you use Nixos as intended (when you find that a package is lacking a config option you want, create your own nix option internally) the distro is effectively immutable, but if you use Nixos for anything moderately complex that changes frequently e.g. a desktop os, you eventually run into the choice: become competent enough to basically be a nixpkgs contributor, or abandon absolute immutability.

I think the first option is worth it, and did go down that route, but it is unreasonable to expect the average Linux consumer to do so, and so something like fedora atomic is going to remain more “immutable” for them than nixos.

This need to git gud is thankfully lessening with every commit to nixpkgs, and most people can already get to most places without writing their own set of nix options or learning how to parse //random markup language// into nix, but you’ll eventually run into the barrier.

I’d argue it’s closer to a mutable distro than an immutable one.

Nixos tends to lean on the term reproducible instead of immutable, because you can have settings (e.g files in /etc & ~/.config) changed outside of nix’s purview, it just won’t be reproducible and may be overwritten by nix.

You can build an ‘immutable’ environment on nix, but rather than storing changes as transactions like rpm-ostree, it’ll modify path in /nix/store and symlink it. Sure, you can store the internal representation of those changes in a git repo, but that is not the same thing as the changes themselves; if the nixpkgs implementation of a config option changes, the translation on your machine does too.

Is that why they prevented it from being open sourced? I thought I read a while back that they just wanted to keep the code in-house.

It definitely has its roots in Debian, but when you need to use that weird closed source application for work, if it has a “supported” (for a given value of support) Linux distro it’ll be Ubuntu.

I personally prefer straight Debian myself, or something entirely different but when asked for a recommendation by friends it’s Ubuntu.

I disagree about rejecting funding from intelligence agencies. I hate the concept of their existence, as well as what orgs like the CIA have done (and proceed to do) but given the fact of their existence, they do have legitimate reasons (in this case I mean reasons that align with Signal’s current goals rather than in order to change them) to fund Signal, and if that results in funding secure software, all the better.

I used ZFS with Arch for a while, the volume manager was what I’d call the largest benefit; in my opinion nothing else comes close to being as useful and well integrated.

I stopped because ZFS incompatibility with recent kernels (which I needed for GPU reasons) made me have to rescue my system more often than was ideal.

Some other minor downsides:

• boot can take ages due to ZFS using udev-settle.
• deduplication status is… Complicated.
• you’re kind-of stuck with the performance of your slowest vdev; L2ARC & a metadata device don’t really compensate well for a zpool that is predominantly a raid-z2 of spinning rust.

In addition to the downsides mentioned here about privacy regarding Google, there is a major upside to using this service: it offloads all of the authentication logic to google, so in theory it reduces your risk surface area, or it may be more accurate to say it concentrates your risk to your Google account.

You’d like to hope most websites use using common security best practices and keep on top of things but the amount of websites I had accounts on (on websites I had long forgotten) which have been pwned over the years tells me otherwise. Using google auth sets your account security to be exactly as secure as your Google account.

What you’re after, transparent wifi roaming, is actually mostly handled by the client; what you need is wifi access points that don’t get in the way.

I don’t have much experience with new OpenWRT supporting products, but the kicker is you only need one of them. If you have multiple routers, they will require some setup to play nice with each other. An “Access point” is just the wifi provider, can be hooked up to provide whatever the one router manages, and are generally cheaper than a router.

To that end, I’d suggest a single router, and multiple access points. I do this with Ubiquiti access points in my home, their PoE has been nice and they have been pretty “setup once and forget” for a few years now. I’m sure there are some other brands that’ll do well; Ruckus and Mikrotik come to mind.