[ / / / / / / / / / / / / / ] [ dir / 4am / asatru / cafechan / hikki / imouto / leftpol / sw / v4c ][Options][ watchlist ]

/tech/ - Technology

You can now write text to your AI-generated image at https://aiproto.com It is currently free to use for Proto members.
Name
Email
Subject
Comment *
File
Select/drop/paste files here
* = required field[▶ Show post options & limits]
Confused? See the FAQ.
Expand all images

File (hide): 1a6d85e8ba09647⋯.png (88.42 KB, 1183x1024, 1183:1024, nixos-logo-only-hires.png) (h) (u)

[–]

 No.841287>>841424 >>841436 >>847018 [Watch Thread][Show All Posts]

I've been a Debian user for years, but I've lately become a little disillusioned with the project, what with most of the relatively obscure packages I like to use, like Krita or several game development tools being outdated and with MIA maintainers, or ITPs and RFPs going nowhere. I had considered becoming a maintainer myself, since one of my teachers was a Debian maintainer and could be a sponsor, but I am not sure about it.

So, since I got a new laptop awaiting to put some OS on it, I started looking into other distroes, namely NixOS, which looked at first glance like something I would like, since it's not that hardcore about freedom as GuixSD (which I appreciate, but not enough to descend into manual drivers installation masochism) and I don't really mind systemd (contain your orgasms). I've been reading the manual and shit seems pretty fucking comfy, with the centralized config system you can simply copy around and ease of customizing packages.

So what's the catch? All I have seen is Debian's package tree signing process seems more mature, whereas NixOS has some rudimentary git tree root signing that seems to rely on GitHub. Also, packages are not PIE hardened by default, but considering Debian packages are hardened whenever and however the maintainer seems fit (comes to mind that discussion on the mailing list on hardening Firefox, that was shutdown shortly after the maintainer came in and casually mentioned he didn't know if Firefox would work with those flags, and then proceeded to fuck off forever), it seems like a good tradeoff.

 No.841424

>>841287 (OP)

>So what's the catch?

Nix is more or less another abstraction layer between you and the config files. Nixos is less flexible compared to something like Gentoo. The benefits far outweigh the downsides though, atomic rollbacks and being fully declarative has been pretty comfy. At least on my servers I can't really imagine going back to Debian, it was a mess. Also making custom packages can be a bit challenging since Nix is a DSL.


 No.841428>>842726 >>847018

>systemd

This is the reason why GuixSD will win.


 No.841432>>841437

File (hide): 675a4e3411602d6⋯.png (1.97 MB, 1280x1280, 1:1, 1466534847235.png) (h) (u)

Catch is that it's new so documentation is sparse, googling doesn't get you far, begging in the IRC does though.

For servers it is perfect, if you can't create your server state in a nixos config then you don't want that server running anywhere.

Ever had that server that has been running for 5 years and has incremental patches along with undocumented config changes? You just look at the black box and pray that it doesn't go down on you.

With NixOS this doesn't happen, your nix config is your OS.

Because your programs and services are defined by nixconfigs you can get really understandable configs for a more complex situation, for example:

services.nginx = {

enable = true;

virtualHosts."blog.example.com" = {

enableSSL = true;

enableACME = true;

forceSSL = true;

root = "/var/www/blog";

};

};

This sets up nginx, listens on blog.example.com, enables and enforces ssl, then automatically grabs a letsencrypt certificate.

I have a matrix synapse server running on NixOS(still working on getting a coturn sever integrated) but it's amazing how once it clicks it just werks.

For desktops it's not quite there, they're working on user profile support which will help out a lot, but it still has hiccups.

Remember, there is no such thing as /bin or /usr/lib, you want to run that game? You can't, first you have to define a nix-shell for it so the game can actually see the shared libs, this can be applied to anything that isn't defined in the NixOS pkgs.

Same goes for development, NixOS forces you to work in nix-shells where your app can only see what you've defined, this is good for reproducibility and makes you aware of the dependencies you accrue but the desktop experience still means everything is one extra step for everything.

All that being said I think it's clearly the future of Linux.


 No.841436

>>841287 (OP)

how about you just install gentoo


 No.841437>>841439

>>841432

For desktop use it's absolutely garbage but I get the server point, my hobbyist servers still use gentoo and freebsd because I know how to work them but I can see this working well large-scale.


 No.841439>>841444 >>841450

>>841437

>>841437

>For desktop use it's absolutely garbage

How garbage are we talking about if I am used to shit breaking on a regular basis due to firejail?

I don't really mind a bit of inconvenience at first, specially if they are working on it. As long as drivers work, I don't really mind touching some config files from time to time. It's what I end up doing with firejail and Steam, where I end up losing progress from most games since they save shit in ~/local/share/ and I don't have that folder whitelisted.


 No.841444>>841450

>>841439

The whole issue with PATH is what drove me nuts when using it on the desktop. And the lack of documents is really bad (was at least in early 2017). You can't execute a rogue binary without doing some sort of wizardry, aka you can't ./muh-binary and expect to get anywhere.

t. not an expert on nixos


 No.841450>>841453

>>841439

Steam is in a nix-shell chroot, your save games are fine.

>>841444

There is no such thing as PATH in any traditional sense, each installed binary has an environment set up just for itself which contains symlinks to the specific libs and binaries it requires.

A rogue binary has no config information telling it what it can and can't see, you have to generate an environment for your binary.


 No.841453>>841457

>>841450

I'm not really worried about Steam and my saved games. I was comparing it to the painful experience of running Steam inside a sandbox. Usually, what I do is download the game, test it for a while if it works well, and then I modify the steam.conf firejail file to whitelist the specific folders that game saves its files to, then I reboot Steam.

Sometimes I forget or am too lazy to modify the file, or to stop playing after the first minutes, so I end up having my progress reset several times until I configure it, which is halfways between a frustrating and a Zen-like experience.

>There is no such thing as PATH in any traditional sense

How does the CLI work? If I download and use fish, how would it behave?


 No.841457>>841461

>>841453

Your server environment will know what to look at if it is setup by nixos, so your shell will have symlinks to the appropriate binaries, downloading it? God help you unless you know nix well.

Your base system doesn't follow FHS, for large progams like Steam NixOS creates a FHS jail, it is by default sandboxed in there.


 No.841461>>841471

>>841457

So, say I wanted to edit a file with vim. I open a terminal, and then nix-shell vim into the vim shell, then launch vim. When I finish, I open nix-shell gcc and compile my shit, and finally, I open a nix-shell myprogram (assuming I already configured a package to run my program)? That... doesn't sound very practical.


 No.841471

>>841461

No, vim, if installed by nix, will be in your shells "path".

Your nix package is actually an instruction to compile your program, so really you'd just use vim to create a nixpkg then install your package.

Development of your program would require a nix-shell so you can do testing in your environment.


 No.841621>>842596

I run Debian stable and I wanted to install GuixSD. I just need to see if I can get the WiFi up later. Guix sounds awesome, and the init isn't systemd and it can run GNOME3


 No.842596

>>841621

Tried to do it today and ran into a bug. Seems the solution I read is to update the guix daemon, but I don't know how to upgrade the daemon and have it be usable without rebooting, since I'm using a live USB. For now it's back to Debian. Might try to just install the package manager on top.


 No.842726

>>841428

They still can't figure out how to deal with LVM...


 No.847018

>>841287 (OP)

>systemd-only

>the devs have vested interests in keeping it systemd-only as evidenced by the reaction to anyone so much as suggesting abstracted-init or a different init

That's really the main catch. Other than that it tends to be buggy but it's still early for it so that's not a big issue.

>>841428

Sadly, guixsd is terminally broken. The install media have been known to be broken (don't boot) for a long time, there is fuckall up-to-date documentation (it's all random states of dateness and the config options changed all the time so good luck finding the way to write the right config ever, the templates aren't kept up-to-date either), handling of encryption is rudimentary at best, and it appears to be impossible to deal with lvm + encrypted fs as opposed to a single encrypted partition and the rest being unencrypted (or at least nobody on irc could tell me what the correct config for this was, and the various irc logs and mailing list archives are either unanswered or answered with the workaround to not use this partitioning scheme).



[Return][Go to top][Catalog][Screencap][Nerve Center][Cancer][Update] ( Scroll to new posts) ( Auto) 5
16 replies | 1 images | Page ?
[Post a Reply]
[ / / / / / / / / / / / / / ] [ dir / 4am / asatru / cafechan / hikki / imouto / leftpol / sw / v4c ][ watchlist ]