I would like to be able to set up a rootless partition setup (aka “Erase your darlings”) using the Graphical Installer.
Impermanence out-of-the-box
One popular motivation and a compelling reason to use NixOS, I believe, is the ephemeral rootfs setup (aka impermanence). A partitioning scheme and boot configuration that allows you to have the feeling of e “fresh setup” every time you boot your machine.
I’d need this setup in a family environment (think: small office) with the Nix configuration living on a Git repository somewhere and users logging in with LDAP integration (i.e. no setup of local users). Ideally, everyone having a laptop should be able to perform the initial installation using a USB stick (or a Netboot image).
Option in the Graphical Installer
I found this kind of setup challenging to implement generically, though it sounds like a very common use case for the average NixOS user. Wouldn’t it make sense to integrate a base setup for this as a (partitioning scheme) option in the Graphical Installer? Has this been discussed before?
Impermanence isn’t something you should be doing if you have any need for the graphical installer.
I’m not saying this to gatekeep, I’m saying this because using Impermanence is simply not as easy as setting a tickbox or choosing a different partitioning scheme.
You need to manually go in and declare which your state you’d like to keep and which you don’t. To do that, you need to know which state you even need which depends on your configuration. It’s impossible to predict at install time what you might potentially configure your system for or how you intend to use it and do all of that for you; you must do this yourself, manually. (Although there’s tools to make that part more convenient. Not any easier, just more convenient.)
If you’re technologically inclined, I’d recommend you to set up this machine config beforehand and just point nixos-install at the correct config manually for the handful of times each decade that you need to set up a machine for your family.
If not, just do plain old NixOS. Impermanence is for nerds like me who have high standards for state purity, not for any practical purpose that would be relevant for family PCs.
I get your point, it’s a stereotype, but I think you are mistaking my point. I’m not asking to add a convenience setup for Linux beginners here. The setup is meant to be what most people know from the Puppet world as “managed machines”. And you’re right, likely 99.5% of all Puppet users certainly manage hosts without graphical user interface.
I did this Puppet setup for a small fleet of desktop computers (Linux-based developer laptops and project manager laptops) with The Foreman as a management interface, a few years ago. (I held a talk about it at PyCon Italia in 2018, video in the description, the last third explains the setup.) With NixOS and the impermanence setup this could go mainstream.** Obviously, everyone using it must understand what it entails. But I take this as a given. Let’s put the option in a section of “Advanced use cases” – just like “Select your partitioning scheme manually” – and everyone selecting it will understand that this is for nerds that are dogmatic about standards.
**) What I mean by that is that the users (think: managed setup) can setup new machines with a few clicks themselves, just like they did the self-service reinstalling with a single click and a reboot on the Puppet+Foreman setup (note the ⏻ power button in the screenshot below).
NixOS configuration in a Git (example) repository, cloned in an appropriate place for a multi-user setup.
User management via NixOS configuration (as a starting point, to be replaced by LDAP auth, later).
Not every person is the same, not every family is the same. We’re talking about a managed setup for a (small) office, if you want so. We’re on the same side, but you might want to install the machines yourself, while I want everyone to be empowered and take responsibility.
Note that this is not what I said. I said that if you are at a level where you could successfully use impermanence, you do not have any use for the graphical installer. This argument doesn’t care whether the installer is graphical or not; the installer part is what this is about.
All the installer does is create a basic partition setup and then templates you a basic NixOS config based on a few GUI choices. If you are at a level where you could successfully manage an impermanence setup, you will already have a NixOS config and have no need for the installer’s templating.
The problem you’re also ignoring here is that the hard part of impermanence is figuring out what state to keep, not the initial installation. The installer simply cannot solve that problem. Its job is to bootstrap a NixOS installation for those who have never had a NixOS installation, not provide a means to continually configure an existing NixOS system.
Besides, it’s not like switching to an impermanent setup is a big change to an existing NixOS system really. You can trivially transform an existing NixOS system into an impermanent one by changing 3 settings:
Make fileSystems."/" a tmpfs
Mount your root filesystem (containing /nix/) somewhere else (e.g. /persist/)
Bind-mount the Nix store subdir of your persistent storage (e.g. /persist/nix/) to /nix/
It’s also trivial to transform back by simply rolling back your config.
This is already possible using Disko. It can create a USB stick that, upon boot, formats the machine’s disk and installs your NixOS config of choice onto them.
If you like to live dangerously, it can even do this without requiring a single user input.
The problem is that if they cannot even install the machine themselves with an impermanence setup, they will also not be able to continually manage an impermanence setup successfully.
I am again not saying this to gatekeep but because they require the same baseline of experience.
The initial setup is the easy part of an impermanence setup. You cannot “empower” someone by throwing them into a system that you have made to have a special quirk where you have solved none of the actually hard problems introduced by said quirk.
Experienced users or people who like to figure stuff out can solve these problems. To anyone else, it will not be user-friendly or empowering in any way.
Can’t comment about Erase your Darlings, but building full immutable disk images is pretty straightforward: NixOS Manual. I do this for all my systems, so I can test them in an emulator before deploying + boot them off USBs when hard drives fail / when traveling.
