What would you make immutable? Ok, let’s go though the root:
special filesystems:
- proc
- dev
- sys
shouldn’t be read-only:
- tmp
- var
- run
- home
trivial to make read-only:
- bin
- lib
- lib64
- usr
already read-only:
- nix
could be read-only:
- etc
- root
/root is the home of the root user, it could be made read-only, but I don’t think there’s much to gain from this and it would make rescuing a system slightly annoying.
/etc is really the only directory that would benefit from being read only. We already have /etc/static which is a symlink to /nix/store and contains all generated files. Every other file is either a link to /etc/static or was written imperatively, so you’d think you could make the whole /etc/ a symlink, however there are some caveats:
-
passwords, users, groups are generated at activation time. These are intentionally not stored in /nix/store but should still be present under
/etc. -
resolv.confneeds to be writable at runtime by programs usingresolvconf. -
more generated files used by programs like CUPS or LVM.
So, the only way to make /etc read-only would be to use an overlay filesystem that combines the /etc generated by NixOS and some writable path under /var or /tmp. I think it shouldn’t be too difficult to achieve, but it doesn’t look like much of an improvement over the status quo.
Instead of trying to make the whole root read-only, I think the better approach is to make it impermanent. This means every change you don’t care about will be lost when restarting the system.