A review of Nix/NixOS after using it on all my machines for three years. I'll cover what works, what doesn't, and why it's the first OS that's stuck with me.
Agreed with the article. There’s lots to dislike about Nix, but even with those downsides, NixOS is still better than any OS I’ve tried. Install an update and it’s borked? No worries. New PC and you want everything set up just like your old one? Copy one file over and it’s set up for you.
Unsure about dislikes. You have any desktop spin as you want, complete freedom, immutable, a single small file governs your entire system. I daily Nix currently and I haven’t found an easier distro. I’m not super advanced and I did a full custom build, luks, tweaks, full app installs from scratch. Booted up as if I never left my old PC. Nix is the shit. Most everyone’s concerns are overblown. Most haven’t used it beyond a simple test run or few. The slight learning curve of your config syntax and that’s it. I came from mint then from windows. Newcomers you can do it too!!
So, I’ve only played around with NixOS on a Raspberry Pi, but… Don’t people usually split their config up in multiple files, and then store than in a Git repository?
The process then still is: check out that Git repository, except there’s another step: copy over your private key so that you can decrypt your secrets.
Is that correct? Or did I make things needlessly complex for myself?
Way over complex lol. I don’t copy anything to online source for better or worse. I auto script backups. The only backups you’ll ever need are nix config. Nothing else aside from your home folder obviously. With those two you can boot on any machine, anytime, as if you never left. I am not shilling. It’s been dead stable so far, aside from tweaks I done to break my own builds testing.
Hmm yeah, I guess the question is: is it overly complex if I do want to store my backup of my Nix config online, version-controlled, preferably publicly?
The process then still is: check out that Git repository, except there’s another step: copy over your private key so that you can decrypt your secrets.
The ssh key to access the private git repo is on the same yubikey as the decryption key (they are technically different GPG slots but I don’t need to care about that, just plug the key in, type in the pin, and it all works automagically)
I don’t have any secrets in my config or a private key or anything and I’m currently running 4 servers from the same config (it used to be 8 or even more machines at some point even, including desktops).
But yes, it’s a multi-file config, it would be absolutely crazy to not split it up with how large it is.
Agreed with the article. There’s lots to dislike about Nix, but even with those downsides, NixOS is still better than any OS I’ve tried. Install an update and it’s borked? No worries. New PC and you want everything set up just like your old one? Copy one file over and it’s set up for you.
Unsure about dislikes. You have any desktop spin as you want, complete freedom, immutable, a single small file governs your entire system. I daily Nix currently and I haven’t found an easier distro. I’m not super advanced and I did a full custom build, luks, tweaks, full app installs from scratch. Booted up as if I never left my old PC. Nix is the shit. Most everyone’s concerns are overblown. Most haven’t used it beyond a simple test run or few. The slight learning curve of your config syntax and that’s it. I came from mint then from windows. Newcomers you can do it too!!
So, I’ve only played around with NixOS on a Raspberry Pi, but… Don’t people usually split their config up in multiple files, and then store than in a Git repository?
The process then still is: check out that Git repository, except there’s another step: copy over your private key so that you can decrypt your secrets.
Is that correct? Or did I make things needlessly complex for myself?
Way over complex lol. I don’t copy anything to online source for better or worse. I auto script backups. The only backups you’ll ever need are nix config. Nothing else aside from your home folder obviously. With those two you can boot on any machine, anytime, as if you never left. I am not shilling. It’s been dead stable so far, aside from tweaks I done to break my own builds testing.
Hmm yeah, I guess the question is: is it overly complex if I do want to store my backup of my Nix config online, version-controlled, preferably publicly?
If you do then your golden. That’s the way to go. I dislike online things. Personal preference. There’s advantages going the GIT method as well.
I store my secrets in a separate private git repo and automatically decrypt them with my hardware key (https://github.com/balsoft/nixos-config/blob/master/modules/secrets.nix) so for me it’s literally just plug in my yubikey and
nixos-install github:balsoft/nixos-config#hostnameHow do you access the private Git repo then? Don’t you need a secret to access it?
The ssh key to access the private git repo is on the same yubikey as the decryption key (they are technically different GPG slots but I don’t need to care about that, just plug the key in, type in the pin, and it all works automagically)
That’s neat!
I don’t have any secrets in my config or a private key or anything and I’m currently running 4 servers from the same config (it used to be 8 or even more machines at some point even, including desktops).
But yes, it’s a multi-file config, it would be absolutely crazy to not split it up with how large it is.