from jamesbunagna@discuss.online to linux@lemmy.ml on 19 Dec 20:50
https://discuss.online/post/14450900
Hey folks! After using Fedora Atomic for quite a while and really appreciating its approach, I’ve been eyeing one particular feature from NixOS: its congruent system management. Inspired from Graham Christensen’s “Erase your darlings” post, I’d like to explore implementing something similar to NixOS’ impermanence module on Fedora Atomic as one step towards better state management.
Why not just switch to NixOS? Well, while NixOS’s package management and declarative approach are incredible, I specifically value Fedora’s stringent package vetting and security practices. The nixpkgs repository, despite its impressive scope, operates more like a user repository in terms of security standards.
I’ve already made some progress with the following:
- Fedora Atomic’s shift to bootable OCI containers has helped with base system reproducibility when one creates their own images. This process has thankfully been streamlined by templates offered by either uBlue or BlueBuild
- Using chezmoi for dotfiles (would’ve loved home-manager if it played nicer with SELinux)
My current (most likely naive and perhaps even wrong) approach involves tmpfs mounts and bind mounts to /persist, along with systemd-tmpfiles. I’m well aware this won’t give me the declarative goodness of NixOS, nor will it make the system truly stateless - there’s surely plenty of state I’m missing - but I’m hoping it might be another step in the right direction.
Particularly interested in:
- Best practices for managing persistent vs temporary state
- Working with
rpm-ostree’s (orbootc’) assumptions - Tools or scripts that might help
- Alternative approaches that achieve similar goals
Thanks in advance!
threaded - newest
I’m confused, isn’t Fedora atomic immutable? Shouldn’t that make it stateless automatically?
You would have been right if the entire filesystem were to be immutable. However, for Fedora Atomic,
/varand/etcare writable. Thankfully so, as most people wouldn’t want a totally locked down operating system. Heck, no general-purpose distro (or OS otherwise) tries to achieve that level of immutability by default.I’m a big fan of fedora atomic and derivatives, but haven’t played around with nix or nixos yet. What’s your goal with the impermanence module?
So, the basic premise of the impermanence module is to flush all state on (re)boot. By default, NixOS is already capable of rebuilding your entire system from the config file(s). The impermanence module simply aids in achieving the desired system workflow for no state without reinventing the wheel. In effect, It’s as if you’ve just done a reinstall and setup everything as you like. But you get to experience this on every reboot. For someone that’s perpetually disturbed by state, which has been the case since my Windows-days*, this would finally grant me a peace of mind that I’ve been yearning for years. So, to answer your question, it would help me get (at least one step) closer to stateless Fedora Atomic without giving up general usability.
Sorry, can’t help you there since I’ve found out about that impermanence thing with this post, but I have a question, what is the problem that doesn’t allow you to use Home Manager on Fedora Atomic? AFAIK you just run DeterminateSystems’s Nix installer and everything is set up correctly, aside from maybe a couple of configurations, then you install Home Manager as usual, as the official documentation says
Honestly, you could be absolutely right. I haven’t revisited Nix since Bazzite Buzz #12 informed us on the following:
“The Nix
ujustscript has also been removed due to conflicts with SELinux policies. Users can still install the Nix package manager manually if they so desire at their own risk.”However, the above could be outdated; I simply don’t know. Are you aware of any developments that have changed things for the better?