Linux Endgame - NixOS
I began my Linux journey in 2001 with Mandrake Linux 8.1. Over the past 23 years, I have “distro hopped” a fair amount, covering distributions based on Red Hat, Debian and Arch.
With my background in enterprise business, I always found myself returning to Fedora as my daily driver, mainly driven by my familiarity with the Red Hat Enterprise Linux (and the DNF package manager), as well as the fact that I am a long-time GNOME user (starting with GNOME 1.4.1).
In 2021, I flirted with Fedora Silverblue, which is an immutable operating system from Red Hat (IBM).
The purpose of an immutable operating is to ensure the host is protected from accidental or malicious modifications, improving security, stability and performance by guaranteeing the integrity of the core system.
I am very supportive of this approach and am not surprised to see it become a “standard” with modern operating systems.
Unfortunately, I could never make Fedora Silverblue operate well with my workflow. For example, Fedora Silverblue is essentially one big system image, which expects all applications to be installed in a container via Flatpak. This is a great architecture, except for when an application/service is not available (or viable) as a Flatpak. For example, Node.js, Docker, Virt-manager, etc.
In this scenario, you have two primary options. Use rpm-ostree to add a new layer to the base image with the required packages or create a mutable environment running on Fedora Silverblue. I found rpm-ostree overly complicated to manage and the process of creating “walled gardens” for specific applications/services has an impact on security and usability.
Over the past 18 months, the LINUX Unplugged community has become increasingly passionate about NixOS, it even won their Linux distribution of the year at the 2023 Tuxies.
I have listened intently, but only recently had the available time to test NixOS. I also caution anyone within the Linux community about “jumping on the bandwagon” too early, as it takes time for a Linux distribution to prove itself as a viable long-term option.
NixOS is a free and open-source, immutable Linux distribution based on the purely functional Nix package manager. NixOS is composed using modules and packages defined in the nixpkgs project.
Similar to Fedora Silverblue, the NixOS base image is immutable and read-only. However, the individual user can decide what is included within that immutable image by following a declarative configuration model. For example, the entire operating system, including the kernel, applications, system packages, and configuration is declared in a configuration file (typically located in /etc/nixos), using the Nix language.
The advantage of this approach is that it creates a reproducible system configuration, which can be maintained and versioned as code. This configuration improves visibility, consistency and integrity of the running configuration, whilst also providing a recovery and migration path that is guaranteed and very easy to trigger.
Similar to Fedora Silverblue, NixOS still promotes the use of Flatpak, providing a clear separation between the base image and applications. However, with 80,000+ packages available as part of the Nix package manager, NixOS is incredibly flexible and versatile.
I have been testing NixOS on my Framework Laptop 13 (AMD Ryzen) and have been incredibly impressed. I have created a fully-encrypted, lightweight/minimal Linux distribution (running GNOME) that feels just like Fedora, but with the added benefit of being immutable, whilst still incorporating every application/service required for my workflow.
In addition, the configuration I have established is maintained as code within GitHub, therefore I can easily modify and experiment, knowing that this configuration can be deployed to any number of systems.
Over the coming weeks, I plan to share some of my initial findings, including my current configuration. Stay tuned!