[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Hey, Wow, that's a lot to reply to! I'll try and quote the questions and reply in-line. On 17.10.2025 21:40, Simon Waters wrote:
I'm curious how many of you are using immutable distros, or giving same to relatives? If so which? Particularly for desktop/mobile/tablet use.
So, I primarily use NixOS, and this includes at work. I also toy around with freedesktop-sdk, which uses Buildstream, a similar integration tool to Nix, but configured in YAML, to build lightweight OS images for my Pi Zero doorbell. I also use Bazzite on my GPD Win 4 and GPD Win Max 2.
NixOS, Silverblue and Bazzite seems to be the largest distros that take an approach like this for desktops at least, but the terms seem loosely used, and confused. [ .. snip .. ] I can see why people think these will be successful, with simpler usability and better security (if done right) but they seem to be playing second fiddle currently. I can absolutely see the benefits, but I'm minded they also cross some of the traditional wisdom and usage in the Linux space.
I think with any Linux distro (or, indeed, any software), it depends on the use-case, user, and usage of the system. It's what fits for you, and I know people who use Slackware. Personally I can't imagine going without NixOS now, but I am exploring SB with Bazzite and `bootc`.
So I assume they are harder to fiddle with (matters to hobbyist and devs), harder to develop on, and by breaking the traditional packaging approaches split the packaging effort that some of them rely on, from the users. Also extensive use of non-traditional packages will result in slower performance and more memory use, but perhaps we are prepared to sacrifice that in 2025 given the price of memory versus the maintenance and security benefits.
I think this is less true for SB users, given the underlying package manager is still RPM, but in a OSTree layered way. For Nix, it's a little more difficult, but it certainly surprised me to see so many packages in the packaging repository - Nixpkgs. I now maintain a few packages myself, and the bots help with keeping track of new releases. In terms of slower performance and memory use, I'm not sure if you're referring to OSTree or the Nix daemon and CLI tooling - could you clarify?
Also if you look at them with an attackers hat on, does it actually achieve more security in practice? Are writable file systems protected from execution or suid execution? Do the containerised applications only have restricted access to your personal files (e.g. can your browser still access your email files, or your SSH keys?).
So I think you're refering to SB with containerised applications - this doesn't really happen in Nix, but the Nix 'store' (/nix) is read-only, and only writable by the daemon. In terms of filesystems, in Nix (C’est mon préféré), I don't use anything like `noexec` or `nodev`, but I've seen people who do set these flags for their Downloads folder for example. I think it depends on your threat model.
If I was interested in moving from Debian, or other tradition Linux distro, would you recommend the distro you are using? Also Debian Trixie crashes if I use Wayland or GNOME on my ancient hardware, so I had to poke it to be KDE on X11, does your chosen distro have enough flexibility to even run on my hardware without crashing I wonder.
NixOS still supports X11 for WMs and DEs, and I don't think it's going anywhere soon. Maybe, you could build a custom SB image to run on your ancient hardware, and see if it works for you? If you decide to go for NixOS, definitely start without Flakes first. Go for the simplest config, and iterate over that. My NixOS config (regularly rebased and force-pushed) is split, but the main imports are: https://github.com/shymega/nixfigs.git I hope I didn't ramble too much - any questions, feel free to message me on IRC (@shymega[i]) or on Matrix ! (@dom:rodriguez.org.uk) Best wishes, -- Dom Rodriguez -- The Mailing List for the Devon & Cornwall LUG FAQ: https://www.dcglug.org.uk/faq/