Real talk: NixOS

I mean, the ability rollback is just one of many advantages of NixOS so…yes.

That is one of the downsides of NixOS, it doesn’t use FHS.

AppImage quality is so widely variable it is hard to answer that. One big problem with AppImage is that such a large percentage of them are poorly assembled or built with long out-of-date libraries that you almost have to look at them one at a time. That isn’t to say that all AppImages are bad either.

While nixpkgs isn’t perfect either, it is in much better shape, on average.

I have been intrigued by Nix, so one day I decided to look into how they handle package security and I started reading their forum. I found this which seems quite interesting

I’ve been using NixOS for about two weeks now, after dedicating some time beforehand to studying the wiki and getting familiar with its features.

I’m genuinely thrilled with my experience so far. It took me a week to perfect my declarative configuration file, but now my system is exactly as I want it.

One of the standout features for me has been the ability to recover from a broken configuration by simply loading a previous config snapshot during boot. This functionality is a game changer and offers a far superior snapshot and rollback implementation compared to other systems.

Although some argue that NixOS is more challenging than Arch Linux, I don’t agree. There’s a learning curve, but it’s mainly because NixOS is quite unique compared to distros like Arch and Debian, which share more similarities. For instance, I had to configure my NFS drives using the declarative configuration file rather than fstab. This was fine with me since it avoided the need to install additional utilities like nfs-utils. Similarly, NixOS integrates the firewall into the OS itself, which I appreciate.

Admittedly, Arch has a better wiki, making it easier to learn independently. However, the NixOS community, especially on Reddit, is very supportive and quick to offer help.

What I love is that my backed-up config file is all I need to perform a clean installation on a new device and get my system running exactly how I want it. This makes the initial time invested in setting up the configuration file worth it.

Currently, my main challenge is using applications outside the nix repo. Some apps, like those in AppImage format, aren’t launching, so I’m working on finding a workaround. Despite this, everything else is running smoothly.

I firmly believe that many power users in the forum would enjoy NixOS if they pushed through the learning curve. I’m not a Linux expert, and many would expect someone like me to shy away from NixOS, but the reality is quite the opposite. With some effort, anyone can master it, and in the end, it’s definitely worth it.

I am using the unstable channels on my current setup.

Here’s my config file with edits for anyone curious what it takes to set up a typical home system:

{ config, pkgs, ... }:

{
  imports =
    [ ./hardware-configuration.nix ];

  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  boot.initrd.luks.devices."REDACTED";

  boot.blacklistedKernelModules = [ "snd_hda_intel" ];

  services.udev.extraRules = ''
  ACTION=="add", SUBSYSTEM=="sound", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="085e", ATTR{driver}="snd_usb_audio", RUN+="/bin/sh -c 'echo 0 > /sys/%p/device/authorized'" '';

  networking.hostName = "nixos";
  networking.networkmanager.enable = true;

  services.tailscale.enable = true;
  services.tailscale.useRoutingFeatures = "client";

  time.timeZone = "America/Miami";

  i18n.defaultLocale = "en_CA.UTF-8";

  services.xserver.enable = true;
  services.displayManager.sddm.enable = true;
  services.desktopManager.plasma6.enable = true;

  services.xserver = {
    layout = "us";
    xkbVariant = "";
  };

  services.printing.enable = true;

  hardware.pulseaudio.enable = false;
  security.rtkit.enable = true;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
  };

  users.users.nomad = {
    isNormalUser = true;
    description = "Mister Nomad";
    extraGroups = [ "networkmanager" "wheel" ];
    packages = with pkgs; [
      home-manager
      bitwarden-desktop
      vivaldi
      floorp
      betterbird
      libreoffice-fresh
      gimp
      inkscape
      jitsi-meet-electron
      zoom-us
      zapzap
      signal-desktop
      telegram-desktop
      hexchat
      discord
      qbittorrent
      spotify
      piper
      vlc
      filezilla
      upscayl
      popsicle
      simplescreenrecorder
      ventoy-full
      fastfetch
      zip
      unzip
      qt5.qtbase
    ];
  };

  programs.firefox.enable = false;

  nixpkgs.config.allowUnfree = true;

  environment.systemPackages = with pkgs; [
    kdePackages.kate
    kdePackages.kcalc
    kdePackages.kaddressbook
    kdePackages.korganizer
    kdePackages.kolourpaint
    kdePackages.kdeconnect-kde
    kdePackages.partitionmanager
    pavucontrol
  ];

  system.stateVersion = "24.05";

  # Enable NFS client service
  services.rpcbind.enable = true;

  # Define NFS mounts with nofail option
  fileSystems."/mnt/nas/NetworkHome" =
    { device = "192.168.1.2:/volume1/NetworkHome";
      fsType = "nfs";
      options = [ "nofail" ];
    };

  fileSystems."/mnt/nas/NomadHome" =
    { device = "192.168.1.2:/volume1/homes/nomad";
      fsType = "nfs";
      options = [ "nofail" ];
    };

  fileSystems."/mnt/nas/Work" =
    { device = "192.168.1.2:/volume1/Work";
      fsType = "nfs";
      options = [ "nofail" ];
    };

  fileSystems."/mnt/nas/Media" =
    { device = "192.168.1.2:/volume1/Media";
      fsType = "nfs";
      options = [ "nofail" ];
    };

  # Configure firewall to allow NFS traffic
  networking.firewall = {
    allowedTCPPorts = [ 2049 ]; # NFS default port
    allowedUDPPorts = [ 2049 ]; # NFS also uses UDP
  };
}

Thanks for your addition to this experience question. Can you elaborate what makes the NixOS rollback functionality better when compared to a snapshotted BTRFS with grub boot entries? I’m genuinely curious. For the BTRFS snapshot the restore way would be to boot into the snapshot, restore it, then reboot again. How does that compare to a NixOS rollback?

I recently wanted to get some experience with NixOS as well because the declarative part seemed interesting to me and I have experience with Ansible. I got my configuration setup and at one point I split up my configuration to make it more modular so if I were to want to create more systems I could select in my host specific configuration of what to include. I then switched it back to one configuration file again so it’s easier to read and debug because I realized I wasn’t going to install more NixOS systems.

Good things about it:

• Declarative configuration, you can save your setup in Git.
• Being able to run applications without actually having to install them
• Huge collection of software in the default repos, it seemed I had more choice than from the default Arch repos
• Home-manager being able to declare your dotfiles and have them placed for you
• Generations where you can booted from your bootloader menu into a previous generation if one doesn’t work. It would be similar to booting off a btrfs snapshot with Grub if you need a comparison.

The things that aren’t so nice about it:

• High learning curve if you aren’t familiar with scripting, programming or Ansible
• Documentation was horrible or sometimes out-dated and I found my information else-where at times.
• If you want to go beyond what is available for the settings you can use for your system you will have to learn the Nix language.

I had fun with it but the last point of the things that aren’t so nice about it is the reason I stopped using it because I wasn’t willing to invest in learning Nix for just running my desktop. What I ended up doing was setting up my entire Arch Linux configuration in Ansible, so that I could run a playbook after having run a minimal archinstall and have my entire configuration setup including the AUR.

I ran that for a bit but I finally realized I don’t really care much about tweaking every bit of my os anymore after having played around so much with NixOS and Arch again. Don’t get me wrong, it was fun and I enjoyed it but I realized when running distributions like Arch and NixOS I end up spending most of my time playing around and trying out new things and constantly trying to make my setup better.

So I decided I am tired of all that and now I am back on Fedora Silverblue the first Immutable/Atomic distribution I had tried after having switched to it from Arch to figure out what Immutable/Atomic distributions are all about. I’m still happy with my choice and I can do everything I want and need to do, but I do have to say it’s not for everyone.

Anyone try CachyOS ?

NixOS’s rollback functionality is integrated directly into the system’s boot process, making it highly efficient. When you make changes to your configuration, NixOS creates a new system generation, while preserving previous generations. If something goes wrong, you can select an older generation from the boot menu at startup. This means you can instantly revert to a previous, stable configuration without needing to manually restore files or settings.

In contrast, with BTRFS snapshots, the process is a bit more manual and involves multiple steps. First, you need to boot into a snapshot through GRUB. After that, if you want to revert to that snapshot permanently, you typically have to manually restore the snapshot and then reboot again. This process involves more steps and can be less intuitive, as it requires extra actions to restore the snapshot properly.

NixOS’s rollback feature also benefits from its declarative configuration model. Each system generation in NixOS represents a complete, immutable system state defined by your configuration files. This makes it straightforward to switch between different configurations, since each generation is a complete snapshot of your system’s state, including all installed packages and system settings.

With BTRFS, while you do get snapshotting capabilities, the management of these snapshots can be more complex and less integrated into the boot process. You have to manage snapshots and restoration manually, which can involve additional tools and steps compared to the built-in and streamlined approach of NixOS.

In summary, NixOS offers a more seamless and user-friendly rollback experience by integrating it directly into the boot process, while BTRFS snapshots require additional steps and manual intervention to achieve a similar outcome.

Way off topic, I’d suggest making a new post or searching the forum (I think someone has mentioned it before)

This is where I’m at right now. Everyday feels like I’m playing System Admin Simulator on NixOS

NixOS has more packages than AUR and Pacman repo.

My question is about security: On average, can I trust NixOS repo more than Pacman repo and AUR if I want to setup a server?

A few weeks ago, I gave up on my most recent attempt to use a NixOS desktop. For me, the issue is the state of nixpkgs as it relates to desktop packages. They just aren’t well maintained. Many are out of date and some frequently go into a broken state and stay that way for months.

That is a hard question to answer. The server-related packages are maintained much more consistently than the desktop packages since there are so many more people using NixOS as a server than a desktop.

I would say this, while it varies depending on what you are doing with your server, it is generally much easier to maintain a server on NixOS than Arch. The lack of library/application stability on Arch can make running a server on Arch a painful process.

Yeah, dependency hell on an Arch server is a problem if I don’t want to update every week or month.

I’m also unsure why NixOS has so many packages: Maybe untrustworthy random users are just releasing Nix packages without PGP signatures or verification?

How can I check that Nix packages are trusted before installing them?

nixpkgs aren’t like traditional repo packages.

This is what a nixpkg looks like.

This is worth reading I think: