How to install Nix on Fedora Silverblue (julianhofer.eu)
from GravitySpoiled@lemmy.ml to linux@lemmy.ml on 19 Jun 19:50
https://lemmy.ml/post/17067985

Today, I wanted to have another go with nix. Previously I just read about it and didn’t do anything for a couple of months. Now, I installed nix package manager with very few lines of code and two more to install many packages as described in his post. Installation was very fast on my banana laptop. Until now I used distrobox but I always wondered which distro/ package manager to use. What’s your experience with it? For now, I’ll test it. It’s super easy to use. It may not be straight forward to a linux newcomer but if you know what you want, e.g. ffmpeg you can just add it with home-manager edit and install it with home-manager switch. So far, I love it!

#linux

threaded - newest

Telorand@reddthat.com on 19 Jun 20:00 next collapse

I like it, though I’ve used it very little (just no need, ATM). They have some decent practice examples to go through, but it’s definitely a unique way of thinking about package management.

SolarPunker@slrpnk.net on 19 Jun 21:22 next collapse

Bazzite user here and I’m using flatpaks whenever possible and distrobox for everything else; which are the benefits of Nix over these?

boredsquirrel@slrpnk.net on 19 Jun 21:29 next collapse

Homebrew for CLI. Distrobox needs to be used with Arch, at least the Fedora boxes are literally not possible to system upgrade.

trevor@lemmy.blahaj.zone on 19 Jun 21:38 next collapse

Nix has more packages , by far. Nix also automatically handles the dependent libraries for each package, which is something you can’t do with brew on immutable systems. This means that Nix can install software like espanso, which wouldn’t work on uBlue derivatives otherwise.

I really wish the uBlue maintainers would have opted for Nix over brew for that reason. It’s not much more difficult to do nix profile install nixpkgs#package-name over brew install package-name. They could have even aliased it to make it easier.

iopq@lemmy.world on 19 Jun 23:11 collapse

There’s a GUI for it too

github.com/snowfallorg/nix-software-center

I just click install and it installs to the profile

GravitySpoiled@lemmy.ml on 20 Jun 05:09 next collapse

It’s faster than distrobox, it’s not within a box but on host, it’s easier than most package managers. I still go for flatpak first but for everything else I use nix. Especially for programming environment it looks to be much better than distrobox

trevor@lemmy.blahaj.zone on 20 Jun 10:39 collapse

Using containers on Linux has basically no performance loss compared to running on the host. They share a kernel and nothing needs to be virtualized (unlike containers on macOS and Windows), so anything you run in a container is basically the same performance as running it on the host.

I still agree though: using Nix is better than using Distrobox for many other reasons.

GravitySpoiled@lemmy.ml on 20 Jun 11:00 collapse

Sorry, faster because installing a package is faster than with other managers since you don’5 have to deal with any copr, debs or anything and it’s really fast on my install. I haven’t compared it directly but it feels very fast.

priapus@sh.itjust.works on 20 Jun 15:06 collapse

Nix is useful for CLI packages, which aren’t very simple to use through flatpak. It also has far more packages, and is very useful for creating development environments.

boredsquirrel@slrpnk.net on 19 Jun 21:28 next collapse

Dont. uBlue also switched away from it.

My question is, how do I remove it again?

Chewy7324@discuss.tchncs.de on 20 Jun 01:22 next collapse

Removing nix is mostly done by deleting /nix, and removing some systemd services, as well as deleting some nix-related users or groups (iirc nixblkd)

Because almost all of nix happens in /nix it doesn’t clutter much of the system.

boredsquirrel@slrpnk.net on 20 Jun 07:57 collapse

/nix doesnt work on Fedora Atomic, thats the thing. So it has to be somewhere else.

I still have dozens of strange Nix users left

GravitySpoiled@lemmy.ml on 20 Jun 08:14 next collapse

Why does it work on my machine? I’m on silverblue

boredsquirrel@slrpnk.net on 20 Jun 11:36 collapse

Dont know how they solve it, but /nix is not possible.

Maybe in /var/nix and symlinked or mounted to /nix

Chewy7324@discuss.tchncs.de on 20 Jun 13:05 collapse

Yes, that’s likely the case.

The ahayzen/silverblue-nix guide uses bind mounts from /var/lib/nix to /nix. The latter being created by making / temporarily writeable with chattr +i /.

Chewy7324@discuss.tchncs.de on 20 Jun 09:12 collapse

gitlab.com/ahayzen/silverblue-nix#using-nix-on-fe…

It’s possible to install nix on Fedora Atomic by disabling SELinux and using bind mounts.

GravitySpoiled@lemmy.ml on 20 Jun 10:58 next collapse

I didn’t disable selinux

Chewy7324@discuss.tchncs.de on 20 Jun 13:20 collapse

It seems the Determinate Nix installer supports Fedora Atomic and SELinux.

On topic:

I really like Nix and home-manager. I’ve mostly switched to NixOS because it’s more convenient for window manager setups than building ublue images imo.

Having to mess with containers for different dev environments and keeping the up to date is imo more annoying than creating a shell.nix

Also being able manage my dorfiles with home-manager and installing software declaratively helps in keeping the system free of clutter.

boredsquirrel@slrpnk.net on 20 Jun 11:35 collapse

disabling SELinux

I hope this is not a serious suggestion?

This needs correct SELinux labels, and not just disabling it.

Dan Walsh is very sad.

Chewy7324@discuss.tchncs.de on 20 Jun 13:00 collapse

It seems the Determinate Nix installer supports Fedora Atomic with SELinux enabled.

supporting SELinux and OSTree based distributions without asking users to make compromises

github.com/DeterminateSystems/nix-installer

Edit:

disabling SELinux

I hope this is not a serious suggestion?

Since no nix installer supported SELinux at the time, it was the only way to use nix on Fedora Atomic. With a better option available disabling SELinux is a bad idea indeed.

GravitySpoiled@lemmy.ml on 20 Jun 05:08 next collapse

Why?

priapus@sh.itjust.works on 20 Jun 15:06 collapse

What does uBlue switching away from it have to do with someone wanting to install it on Silverblue?

GravitySpoiled@lemmy.ml on 20 Jun 16:04 collapse

He thought it’s not possible to install nix on silverblue and another commenter tried to install it on secureblue. It’s not possible there. The problem is either somewhere along the supply chain (ublue) or with secure blue

poki@discuss.online on 19 Jun 23:16 next collapse

Until now I used distrobox but I always wondered which distro/ package manager to use. What’s your experience with it?

The answers found below this post resonate with my own experiences.

I do have a question: When you run the sestatus command in the terminal, what string/description is found corresponding to “Current mode”?

GravitySpoiled@lemmy.ml on 20 Jun 08:00 collapse

$ sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Memory protection checking: actual (secure) Max kernel policy version: 33

poki@discuss.online on 20 Jun 08:15 collapse

Thank you for the response!

Current mode: enforcing

This is pretty interesting. If I recall correctly, installing Nix onto Silverblue came with the caveat that SELinux’ enforcing mode had to be turned off. But, your terminal output tells another story. I wonder what’s up.

FWIW, I had lost interest in installing Nix on Fedora Silverblue for this very reason. However, I might have to revisit my stance on this. Once again, thank you (for reinvigorating my interest in Nix)!

GravitySpoiled@lemmy.ml on 20 Jun 08:22 next collapse

I’d like to know if it works for you now. I only ran the commands from the post and everything worked ootb

That’s probably why I gave up on it back then as well

poki@discuss.online on 20 Jun 10:39 collapse

I’d like to know if it works for you now. I only ran the commands from the post and everything worked ootb

Aight. Let’s give it a go:

Terminal interaction

Well…, for some reason it didn’t work. FWIW, I’m on the bluefin-dx-main-userns-hardened image as provided by secureblue.

GravitySpoiled@lemmy.ml on 20 Jun 10:57 collapse

Line 49

Consider reporting this error using this URL: github.com/DeterminateSystems/…/new?title=<autoge…

poki@discuss.online on 20 Jun 11:50 collapse

Yeah I noticed that line as well. But, I’m a bit pessimistic that it will not be solved. Btw, what’s the image you’re on?

GravitySpoiled@lemmy.ml on 20 Jun 11:52 collapse

Boring silverblue 40

poki@discuss.online on 20 Jun 12:49 collapse

Interesting!

So, I guess that at least one of the following ‘transitions’ is ‘blameworthy’:

  • Silverblue -> uBlue Silverblue
  • uBlue Silverblue -> Bluefin-DX
  • Bluefin-DX -> secureblue

I guess I’ll pass out on it for now. Thank you though!

Chewy7324@discuss.tchncs.de on 20 Jun 13:16 collapse

The source of the determinate nix installer has some mentions of SELinux. E.g. they have an .fc file, but I really don’t know anything about SELinux.

github.com/DeterminateSystems/…/main

eveninghere@beehaw.org on 19 Jun 23:37 collapse

My experience is that nix package configs are tested on NixOS. I used it on other OSes, and I easily encountered misconfigurations and such. The problem is that they are understaffed.

I ended up combining a few package managers due to this, but I’d have preferred to use another manager solely.