Programmer in California

I’m also on

  • 7 Posts
Joined 1 year ago
Cake day: May 7th, 2023

  • I think you can mount an ISO image under your running system and make changes. I found a couple of guides that might be helpful:

    How to Mount an ISO File on Linux

    Edit and repack .iso bootable image

    I haven’t done this before, but I think you can chroot into the mount directory, and run package manager commands in the mounted image to install another package.

    Or I have an alternative suggestion that might or might not be easier. I’ve been hearing a lot about immutable/atomic distros, and people designing their own images. You could make your own ublue image, for example, with whatever you want on it.

    A promising looking starting point is github:ublue-os/startingpoint. Ignore the “Installation” instructions, and follow the “ISO” instructions instead.

    Or I saw recently an announcement of a new way to build atomic images that is supposed to be easier than ever, BlueBuild

  • I think there’s a way that might be easy-ish. In short what the services setting does is to get necessary packages, write configuration files, and install systemd unit files. You can build a NixOS configuration, and symlink or copy the necessary systemd units and configuration files. I think that would work, and would not interfere with other stuff on your system.

    NixOS configurations must be built with nixos-rebuild - you can’t use nix-build by itself. You can put your configuration wherever, and run:

    $ nixos-rebuild build -I nixos-config=./configuration.nix

    That will build everything in paths under /nix/store/ without touching anything else on your system. It will create a symlink in your working directory called result/ with a fully-built, bot not installed, NixOS. If you were running NixOS you would run nixos-rebuild switch to update symlinks to point to all of this stuff. But you’d skip that step.

    result/etc/systemd/system/ contains systemd units. There will be a lot of stuff there that you don’t want. You’d need to selectively symlink or copy units from this directory to your /etc/systemd/ tree.

    The units use full paths to binaries in /nix/store/ so you don’t need to do anything extra to install software packages.

    You might need to symlink or copy configuration files for your services. Those should also be somewhere in result/.

    If NixOS and Debian use the same systemd target names your services should run automatically on boot. If not you might have to do some fix-up, or run systemctl commands manually. I think you’d need to run some systemctl commands to start and stop services if you want to update without rebooting.

    You can probably do all that symlinking just once if you symlink everything through that result symlink.

    Edit: Although, taking a closer look at what services.nextcloud does I see that it does a lot, like initializing databases and creating user accounts if you choose to use a local database. It might be a lot of work to chase down all of the configuration that you would have to copy over. Running NixOS is definitely going to be easier.

  • Well you’re really feeding my Nix confirmation bias here. I used to use Ansible with my dot files to configure my personal computers to make it easy to get set up on a new machine or server shell account. But it wasn’t great because I would have to remember to update my Ansible config whenever I installed stuff with my OS package manager (and usually I did not remember). Then along came Nix and Home Manager which combined package management and configuration management in exactly the way I wanted. Now my config stays in sync because editing it is how I install stuff.

    Nix with either Home Manager or NixOps checks all of the benefits you listed, except arguably using a “known” programming language. What are you waiting for?

  • Well ok, they both use symlinks but in different ways. I think what I was trying to say is that in NixOS it’s symlinks all the way down.

    IIUC on Fedora Atomic you have an ostree image, and some directories in the image are actually symlinks to the mutable filesystem on /var. Files that are not symlinks to /var (and that are not inside those symlinked directories), are hard links to files in the ostree object store. (Basically like checked-out files in a git repository?)

    On NixOS this is what happens if examine what’s in my path:

    $ which curl
    $ ls -l /run | grep current-system
    /run/current-system -> /nix/store/p92xzjwwykjj1ak0q6lcq7pr9psjzf6w-nixos-system-yu-23.11.20231231.32f6357
    $ ls -l /run/current-system/sw/bin/curl
    /run/current-system/sw/bin/curl -> /nix/store/r304lglsa9i2jy5hpbdz48z3j3x2n4a6-curl-8.4.0-bin/bin/curl

    If I select a previous configuration when I boot I would get a different symlink target for /run/current-system. And what makes updates atomic is the last step is to switch the /run/current-system symlink which switches over all installed packages at once.

    I can temporarily load up the version of curl from NixOS Unstable in a shell and see a different result,

    $ nix shell nixpkgs-unstable#curl  # this works because I added nixpkgs-unstable to my flake registry
    $ which curl
    /nix/store/0mjq6w6cx1k9907vxm0k5pk7pm1ifib3-curl-8.4.0-bin/bin/curl  # note the hash is different

    I could have a different version curl installed in my user profile than the one installed system-wide. In that case I’d see this:

    $ which curl
    $ ls -la /home/jesse | grep .nix-profile
    .nix-profile -> /nix/var/nix/profiles/per-user/jesse/profile
    $ ls -l /nix/var/nix/profiles/per-user/jesse
    profile -> profile-133-link
    profile-130-link -> /nix/store/ylysfs90018zc9k0p0dg7x6wvzqcq68j-user-environment
    profile-131-link -> /nix/store/9hjiznbaii7a8aa36i8zah4c0xcd8w6d-user-environment
    profile-132-link -> /nix/store/h4kkw1m5q6zdhr6mlwr26n638vdbbm2c-user-environment
    profile-133-link -> /nix/store/jgxhrhqiagvhd6g42d17h4jhfpgxsk3n-user-environment

    Basically symlinks upon symlinks everywhere you look. (And environment variables.)

    So I guess at the end everything is symlinks on NixOS, and everything is hard links plus a set of mount paths on Fedora Atomic.

  • hallettj@beehaw.orgtoLinux@lemmy.mlNixOS - edit system files
    8 months ago

    I did some digging around in the manual, and I tested this option which seems to work: = true;

    On my machine that adds this line to /etc/pam.d/doas:

    auth sufficient /nix/store/fq4vbhdk8dqywxirg3wb99zidfss7sbi-fprintd-1.94.2/lib/security/ # fprintd (order 11400)

    Edit: Note that the NixOS option puts in the full path to That’s necessary because NixOS doesn’t put so files in search paths.

    Without doing more research I don’t know how to add arbitrary options to pam files in case you run into something that isn’t mapped to a NixOS option yet. The implementation for the pam options is here; there might be something in there that would work.

  • Wayland replaces the older X protocol. It doesn’t have to operate with older protocols. You might be thinking of XWayland which is a proxy that receives X API calls from apps written for X, and translates those to the Wayland API so that those apps can run under Wayland implementations. Window managers can optionally run XWayland, and many do. But as more apps are updated to work natively with Wayland, XWayland becomes less important, and might fade away someday.

    PipeWire replaces PulseAudio (the most popular sound server before PipeWire). Systems running PipeWire often run pipewire-pulse which does basically the same thing that XWayland does - it translates from the PulseAudio API to the PipeWire API. It’s a technically optional, but realistically necessary compatibility layer that may become less relevant over time if apps tend to update to work with PipeWire natively.

    So no, both Wayland and PipeWire are capable of operating independently of other protocols.

  • hallettj@beehaw.orgtoLinux@lemmy.mlNixOS is better because...
    9 months ago

    NixOS puts your full system configuration in a portable set of files. You can easily reproduce the same configuration on another machine. I also like that instead of accumulating a growing list of packages that I don’t remember why I installed I have package lists specified in files with comments, and split into modules that I can enable or disable.

    IMO NixOS works best when you also use Home Manager to apply the same benefits to your user app configurations and such. (OTOH you can use Home Manager to get those benefits without NixOS. But I like that I get consistency between the OS-level and user-level configurations, and that both use the same set of packages.) I use Home Manager to manage my list of installed packages, my dot files, Gnome settings, Firefox about:config settings, and so on.

    You might be installing packages imperatively with nix profile install or with nix env -i. If that’s the case you’re not going to see the full benefits of a declarative system in my opinion. I prefer to install packages by editing my Home Manager configuration and running home-manager switch.

    I like that NixOS + Home Manager automates stuff that I used to do by hand. A couple of the things that I do or have done are to,

    • test an experimental window manager, Niri
    • use Neovide (a GUI frontend for Neovim) with a custom patch to tweak font rendering

    Now I have that kind of stuff automated:

    • Since there was no packaging for Niri when I started trying it I wrote my own in my NixOS config with a NixOS module to set up a systemd unit to run it. Because Nix packages are effectively build scripts, whenever I update Nix automatically pulls the latest version of Niri and compiles it without me having to think about it anymore.
    • I use the Neovide package from nixpkgs with an override to compile with my custom patch. Like with Niri my configuration automatically gets the latest Neovide version and builds it with my patch when I update, and I don’t have to think about it anymore. I use this overlay to do that:
    modifications = final: prev: {
      neovide = final.neovide.overrideAttrs (oldAttrs: {
        patches = (oldAttrs.patches or [ ]) ++ [ ./neovide-font-customization.patch ];

    You can see that I compile some things from source. That’s fine on my desktop, but takes a while on my travel laptop. But I don’t need to compile on my laptop because I can use Nix’s binary cache feature. I push my NixOS and Home Manager configurations to Github, and I have Garnix build everything that I push. Garnix stores everything it builds in a binary cache. So when I pull my latest configuration version on my laptop it downloads binaries from that cache.