A bit conflicted about NixOS

I originally wrote More airgap questions because I was trying to create an offline NixOS mirror so that I could leverage NixOS for a project at my office. I know that some will say that this type of feature isn’t important to the community, because it is a feature that is normally only required for business use. It seems that most of NixOS features are the type that are mostly rewarded by business use.

Ultimately, it didn’t matter that it was possible to put together something that would allow me to rebuild NixOS offline, because of the few packages which come with the distribution that are not pulled when attempting to clone the source or the cache server. Because I don’t know where those packages come from, I could never paint a good picture for my network security department that NixOS is transparent enough to considered safe or at least traceable.

I am one of those people who consider NixOS to be the best Linux distribution available. Since I have run NixOS, things have just worked for me. I didn’t have Fedora or SUSE’s codecs problems. My steam ran with my controllers. My password manager seamlessly integrated. I can rebuild every computer on my home network from scratch and remotely. I create, configure, and deploy containers directly from vscode. I make NixOS sdcards for raspberry pi’s with ease. My backups work. My desktops even wake-up from sleep at night to perform backups.

My entire family uses NixOS. Not only do we run desktops and laptops, but I also provide cloud-type services for our cell-phones and tablets. My home home office and home automation runs on NixOS.

And then I had this issue at work, and it made me doubt…

My first inclination was to run to back to Fedora, but like so many I am cautious about the stance RedHat has taken lately. I decided to try SUSE, but really they have never been in RedHat’s position and may make the exact same decisions. I checked out Arch, but my entire family uses Linux. I cannot afford a distribution that I can mess up or that I have to spend too much time reseaching. Other than NixOS, the only major community controlled distributions at this point seems to be debian in the server realm and Linux Mint in the desktop.

I learned Ansible and I got a similar home configuration to work using Alma Linux, Fedora, and Tumbleweed; but it does not work like NixOS. Ansible can only partly be idempotent since order matters with everything that it does and it can never start over from scratch. I constantly go back to Ansible scripts that were working only to find that now they almost work, but since I hadn’t rebuilt from scratch in some time I didn’t realize there were issues.

So after all of that work and exploration I am considering not switching distros at home even though I cannot use it at work. This would be very new for me. I normally run the same thing at my house in order to constantly stay on top of work knowledge. I normally have pet development projects at my house so that my coding skills don’t become antiquated with time.

I am sure I will get flamed for this post, but for the record, this is not an angry “I am leaving” message.
In truth, I haven’t made up my mind yet and nothing that could come from this will likely make any difference at this stage, nor do I believe that anyone cares what I do with my home network.

Just in case I don’t get a chance to say it later, though. Just in case I don’t eventually get to help make these things possible myself.

There are 2 things that I really wish NixOS could provide that I believe would make so much difference. I believe it would make even more difference in a time where Linux users are starting to mistrust corporate backed distributions and the value of immutability is becoming ever more appreciated.

I wish:

  1. NixOS could have a solid recommended method for offline deployment. It does not necessarily need to redeploy an entire mirror of all packages, but it does have to be reconfigurable while offline.
  2. NixOS would find the straightest path to supplying a method of install for Gnome Software Store and Discover. I realize there will always be more that can be provided in terms of updating configs, updating home manager, and supporting the nix package manager without NixOS; but until all of that is ready it would be nice to be able to add a nix-env package through the software store. In most cases, if you are adding through the software store, you aren’t wanting that package to be part of your configuration management anyway.

Those are my two requests if it should matter to anyone.

6 Likes

Do you have a list of what these packages are? The entirety of NixOS is defined within GitHub - NixOS/nixpkgs: Nix Packages collection & NixOS + any flake inputs you’re using so, using something like ripgrep should make it very easy to trace where a package is coming from.

There’s also Off-grid nixpkgs feature · Issue #300669 · NixOS/nixpkgs · GitHub which has some ideas around offline deployments. I too would like this sort of functionality but to be fair on the community - a completely air-gapped installation (without an HTTP proxy) is a fairly niche usecase.

I too would like this sort of functionality but to be fair on the community - a completely air-gapped installation (without an HTTP proxy) is a fairly niche usecase.

For personal use? Absolutely, but for professional use in critical infrastructure systems, or government, defense, and medical systems, this may be mandated by security policy. I’d love to see systems like that running NixOS. I’m starting with all my personal machines and projects, and am slowing working towards getting adoption in my organization, but this is one of the hurdles I will need to tackle infrastructure-wise before I can achieve that adoption.

3 Likes

Packages may be the wrong word. “Files” is probably the term I should have used.

In this post Using NixOS in an isolated environment - #23 by ejpcmac @ejpcmac discusses a process for pulling down a copy of the cache server from the channel list, then checking for missing packages which are required for building the current NixOS system that don’t exist in that cache and pulling them from the local nix-store. I don’t know what those files are. I think most of them are Latex files, but I would need a better answer than that.

It would be whatever hydra doesn’t build (unfree packages, mainly). I don’t know what exactly hydra does and does not build, but I hope that little information gives you an idea of what to investigate, or cues others to expand on it.

Hi im the author of the offgrid github issue, the issue solution is being disscused on Pre-RFC: Implement dependency retrieval primitive - #4 by RaitoBezarius

i will add that this is not a niche capacity, right now you only have to options, install with an image that has all you need or setup your own nixpkgs server, both options are not convenient neither useful for something as simple as for example install ripgrep, firewall utilities…

4 Likes