Declarative Systems

Hello maintainers!

This video from @j0rge made me switch to OSTree (with Fedora Atomic) and will make me stick to those values and principles
Universal Blue is a project I really liked too, so that’s why I switched to it later

Recently, I was thinking that repeatable systems are the future for sure, and that there were currently two ways to achieve this, which are transactional (OSTree) and declarative (NixOS / Guix) systems

As

• Fedora Atomic is the leader about transactional systems
• Universal Blue is the leading project about Fedora Atomic images
• You are amongst the Linux desktop visionaries

to me

I was wondering,
What is your stance towards declarative systems (such as NixOS / Guix) ?

Wouldn’t nix flake be better than images ?

This is an interesting topic! I would like to share my thoughts as a casual computer user.

The concept of declarative systems is very appealing to me. I like the idea of being able to manage my system with just one file. In theory, NixOS would be my ideal OS. It’s fully declarative and reproducible, the packaging system allows running of programs inside a temporary environment, and it’s being developed very actively.

In practice, however, it is not the ideal OS for my needs and use case. I don’t need to reproduce my system in multiple computers. My environment only consists of one laptop, and I most likely will never get past having to manage more than two computers. I also don’t do development or programming work, or anything that may result in me having to reset my system; I only use my laptop for multimedia playback, browsing, messaging, and office work. That, on top of the high hurdle to even start understanding the language and getting comfortable with the package management system.

Simply put, for me, Nix is “overtechnology”. I’m running my own atomic image right now, and I already consider it overtechnology for my very casual use case! However, creating my own image is something I can somewhat justify - the hurdle is not as high, and I can still enjoy similar benefits: the ability to reset/refresh my system with my defined configurations, system stability, and the opportunity to learn new, recent technology. It’s already perfect for my needs, and at the moment, I don’t need anything more. I’m happy with “pseudo-declarative”.

In my opinion, yes, the Nix way is simpler and more efficient, especially when used in environments where mass-deployments is needed. However, as a “normie” user, I personally do not see the benefit of learning a declarative language, a very complex one at that, which I am very unlikely to ever utilize in my life (unless I am suddenly hired as a sysadmin or an IT lady, which is also unlikely!). It is possible that one day I will wake up and crave to learn Nix though, in which case Nix will have a place in my use case.

Basically, I don’t think Nix is worth the effort for my “normie” use case. While I find it interesting and ideal on paper, I’m not interested enough in it to justify investing many learning hours. In comparison, the Atomic Fedora way gives a better ratio of effort-result for me. Plus, my goal is to have a hands-off, self-maintaining system so solid I won’t ever need to reproduce again, which kind of makes the reproducibility appeal irrelevant for me.

Interesting comment

I have almost the same point of view,
While however being more in a nerd use-case, since I’m an IT Engineering student in my master

This part summarize why I’m also on Bluefin as well

I learnt about nix flakes less than a year ago, and admit it was kind of a way to “import nix modules” if that makes sense;
Which could be a way to extend a nix config and basically cover the OSTree image features

I am a normie basically. I have used Linux as my primary system at home since about '01. NixOS is a neat idea, but for me the learning curve and time commitment is too much.

With that being said, I have considered using the package manager. I think the package manager is a great way to separate things.

My favorite distro is Ubuntu Mate LTS with i3wm. Utilizing Nix package manager, Brew, Distrobox, Flatpaks, and Snaps. I could get pretty close to not touching system stuff.

Aurora/Bluefin & EndlessOS hit the sweet spot for me. I don’t really have to worry much about updating and software is separate from the other stuff.

I am not sure if that’s what you are looking for.

Universal Blue actually supported Nix since quite early on, with ujust commands to setup Nix since back before the DetSys installer supports OSTree distro. I actually only started building my Home-Manager repo and try out NixOS after I tried imperative Nix in VanillaOS 1 and then setup Nix HM in uBlue.

They also supported Fleek by one of the uBlue devs, which is meant to make it easier for people to get started using Nix via Home-Manager, but it has since been deprecated from what I saw in the uBlue Discord.

Additionally, if you consider the Blue Build system to be a core part of the Universal Blue project (I certainly do, being that THAT is the actual original flagship of the ‘cloud-native’ Universal Blue model before everyone focused on the Bazzite, Bluefin, and uCore end-products) then I think you can consider uBlue images/distro/projects to be a quasi or pseudo declarative system - if not outright declarative system depending on how you setup your GitHub repo.

I personally consider the uBlue images to be “Atomic by default, Declarative when needed.”

NixOS is nothing short of amazing!

NixOS does, however; have a few issues which can be sticking points depending on your use case:

1. It currently cannot be easily built without network/internet access. I believe there is some work underway to remedy this, but I am not expecting this solution soon. Sadly, this automatically makes NixOS unusable for some of my use cases.
2. The non FHS compliant fileysystems make it difficult to download code and use it without first setting up a dev environment. Like UBlue, distrobox can accommodate this; but there are builds that don’t work so well in a container (specifically those that want to build containers). In addition, is just annoying to seek out a container or create a dev environment to run a script.
3. Most executables don’t run right away in NixOS due to the linker being on a different path. There are ways to fix this, but it is just one more thing to make the day more difficult.

My limited experience with UBlue makes it seem that UBlue will sacrifice some of NixOS’s flexibility and configurability; but it makes the entire process more accessible to both experienced users as well as beginners.

I have high hopes for being able to replace my home and work networks with a UBlue equivalent consisting of ucore servers, bazzite nodes(at home), and aurora-dx!

No images are better then Nix flakes for simple reason image as a unit is composed seperately from system therefore bugs during composition are less likely to affect your system

i maintain 3 of my own devices and honestly why would i want each of them to compose the entire OS i let the cloud builder to it then ostree just pulls image as single unit and puts it in right place again as single unit

I used to daily drive NixOS, but got overly frustrated with fighting with nvidia drivers, wayland, and portals. I had modularized both the system configuration and home configurations which made customizing different hosts really easy. This is a huge selling point of NixOS. However, getting to that point was and still is a very painful process. It’s probably cliche at this point, but the documentation is still lacking greatly. Also, you cannot reliably look at old message boards and use other peoples’ solutions since Nix configuration options themselves are still evolving. This means that, even if other NixOS users have solved a problem, their solution is not guaranteed to work for you.

If configuration and tools start to standardize and documentation improves, I’d 100% consider going back. Unfortunately, it’s not there yet for me as both a software engineer and gamer.

Ultimately, I want an OS I can easily setup on any machine I have and be up and running within minutes. NixOS got me most of the way there, but I got sick of troubleshooting/debugging my configuration and just wanted to use my computer.

Alternatively, after first installing Silverblue and understanding the philosophy behind it, things just made sense and, more importantly, worked. Personally, working with atomic desktops comes more naturally to me than what NixOS is doing with reproducibility. Also, after rebasing to Bazzite-nvidia, Steam and Lutris just worked (although nvidia + wayland is still wonky on the current release). Essentially, this lets me stand on the shoulder of the giants who figured out the nitty gritty / lower level pieces of system configuration this I frankly have no interest in like nvidia drivers.

Contrast this with my NixOS experience with nvidia + wayland where I had to scour various message boards for potential solutions after even doing everything the official documentation suggested failed to work. Further, I was forced to research topics that, again, I have no interest in like xdg-desktop-portal and figure out how to make sure I had the right ones installed and didn’t conflict with others that got installed by default if you happened to as have Gnome installed as part of your configuration. Many of these sorts of configuration/package conflicts are undocumented, and the error messages felt like gibberish to me. These hidden footguns made the experience that much more difficult and frustrating.

After writing this out, one way I think I could describe the difference between atomic desktops and reproducible desktops is the following:

Silverblue/Bazzite let’s me think more about higher level concepts of my configuration without the need to worry about configuring lower level parts of my system like nvidia drivers and portals. On the other hand, NixOS forced me to care about everything: both high and low level. I feel like this is fantastic for Cloud Engineers who need to deploy to a variety of different hosts and have everything configured to a tee. However, I just want to use my machine for personal projects and some games without much faffing around.

Bonus note: I am using the Nix package manager on my Bazzite install and feel like I’m getting the best of both worlds. Well, I do have an outstanding issue installing certain packages but its not stopping me from actually using my machine. I would highly recommend the combo.

Thanks for that incredibly detailed reply !

I might try the Bluefin + Nix combo to start with

Why Order Matters: Turing Equivalence in Automated Systems Administration

http://www.infrastructures.org/papers/turing/turing.html

Also see point 4

just installed nix package manager and works great. Made a custom script to install:

bash -c "$(curl -fsSL https://raw.githubusercontent.com/tolgaerok/tolga-scripts/main/CUSTOM-SCRIPTS/INSTALL-NIXOS-PKG-MANAGER/SOLUS/nix-pkg-installer.sh)"

image1920×1080 267 KB

TBH nixos is flipping excellent and i was a serious nixos user and had zero issues with nvidia but as a tinkerer i certainly did miss the traditional FHS of a tradional desktop for sure

My personal OLD nixos kde repo and i hope it may help someone in need

nix-env -iA nixpkgs.espeak-classic

then

espeak -v en+m7 -s 165 "Thank you for using! my configuration." --punct=","

Is the non-FHS compliance what makes you not use Nix ?

If so, what made you chose Bluefin out of all the other FHS compliant distributions/images ?

im personally a fedora fanboy and making personal scripts for my fedora workstation wore thin, as with nixos also.

im eagerly awaiting for the nixos offline iso and ill definitely get back onto it.

atm, the connection speeds to the nix servers to western Australia is rather, erratic so i got frustrated with the slow speeds.

i still have nixos gnome on the ssd for the folio laptop and it runs really well

TLDR
I tried NixOS, but I’m sticking with Universal Blue. I’m in the 96% targeted audience.

Long Story…

Well, I finally scratched my itch to try NixOS. I had installed it along side Universal Blue but on a separate SSD and booted to it thru UEFI (keeping bootloaders separate).

From my very limited experience, NixOS does seem amazing to customize the system and it gives a lot of the features/tooling to do so.

The problem for me…
I don’t understand Linux to the degree that I need to enable various settings. For example, when Fedora moves to PulseAudio they do it by default. From my understanding a NixOS install before PulseAudio, wouldn’t have PulseAudio enabled later without it in the config. Thus it would require me to keep “up to date” on all of these tooling.
The same could be said for GRUB to systemd-boot.

In addition, NixOS puts the burden on the user to “do things correctly”. For example, I started to install packages as “system wide” and I should have installed it only for the “user” to have better security. Furthermore, it sounds like that in order for it to be “as secure” as flatpak I would need to specify isolation (sounds like with firejail).
Sure, I could have just used flatpaks instead of Nix packages, but its one of the selling points of NixOS.

I plan to keep NixOS around to “have fun”, but that’s it.

The thing I like about Fedora is that it switches tooling by “default”. This with Universal Blue’s goals of targeting the 96% of people. I am definitely in the 96% and not the 4%.

I was a nixos fanboy and the flexibility nixos provides is 2nd to none. Its amazingly simple to declare and use functional programming once u understand the nixos basics.

Their package manager is the best thats out there and comparing ublue way of creating deployments to nixos creation of generations, ublues way is somewhat ancient compared to nixos way. It literally takes under 15 secs to create a completely new generation on nixos compared to almost 3 or 4 mins to create a deployment or rebase in ublue even when u just install a afew simple small packages via rpm-ostree install. I have to admit ublues way is pathetic. I can understand why theyre going flatpak as it dosnt take a number of minutes to install apps… and i mean alot of minutes

I have afew repos on github. I still have nixos gnome on the laptop and i refuse to replace that with aurora/bluefin as i need functionality and speed when installing packages at base level

I wish I had the time back I’ve wasted on NixOS.
It’s probably fine if you need to set up many identical computers, or if you frequently trash your system and want to rebuild it with a few commands. I understand the dopamine hit of getting something to work.
For me, the time required to learn the language, get things set up, deal with the weird file system, etc. is better spent installing something like Bluefin-dx-stable and getting on with what I need to do.
Just my opinion, and to each their own. It’s good to have options, from LFS and Gentoo, on up.

New meme:
I use Bluefin, .

Those are exactly my biggest concern with declarative systems yet

It would be possible to replicate atomic images - level of maintainability with flakes (talking about the Nix ecosystem)

But for now, there doesn’t seem to be an organization pushing for “batteries-included flakes”, like a Bluefin-on-NixOS flake

However, if a similar idea emerges in the future, it would probably be a better tech and UX than the current linux-desktop-state-of-the-art (which I consider to be Universal Blue)

I also thought about building a tool that would both allow to sync wikis and CLI compilers info DRY with the same information, but it would still not be batteries included but more like “guiding you to batteries” (which is what Arch Linux is, basically)

What do you mean by that ?

Also, are you still using an Universal Blue product ?

Why the

?

Is it because of

?

I have a feeling that you have not found your “perfect” desktop operating system yet

Something as greatly engineered that NixOS, but something that is FHS compliant too

I guess there is a solution in the Nix ecosystem to workaround the FHS non-compliance, probably with virtual environment related tools

Maybe you could also like “KDE Linux” (codenamed “Project Banana”)

Also, Nix has been removed from Bluefin because it broke SELinux

I chat about that with the SecureBlue creator too, lately (see Discord)

This entire thread is based on the premise that declarative systems are new and some kind of magical thing. This is just how Linux is. You don’t need to learn nix to install packages and copy files around, it’s just Linux.

I’m closing this because we don’t use nix, we don’t need it, and it doesn’t solve a problem that we have. There are plenty of other places on the internet to pontificate.