Threads for linuxhackerman

  1. 17

    Excellent! I love that it’s enabled flakes by default. The choice of Rust over shell in this case is pretty choice, too. Mac ships an appallingly old bash that is wildly different from … every Linux distribution today.

    Can’t wait to try it. Does it work on FreeBSD?

    1. 11

      Unfortunately it doesn’t support FreeBSD yet. Nix/Nixpkgs itself has pretty poor support for FreeBSD today, so we didn’t build it out yet. We could definitely add it!

      1. 1

        Freebsd has its own port though.

        1. 1

          I haven’t had a lot of luck getting anything to work. If you have some idea/blog/website of how to bootstrap a new system, I’d love to hear about it. The official docs still download a little tarball of binaries built from a pre-existing nix system, and so far as I can tell, it’s not generally available for FreeBSD.

          1. 1

            I’ve been lurking in the Exotic Nix Targets Matrix room, and it looks like the folks there have been putting a lot of good work into supporting less widespread targets, including BSDs and Illumos, recently. That room might be worth joining if you’re interested in those developments :)

      1. 5

        Where would I make use of nix? Day to day I don’t even really touch apt all too much other than to update things. The main place where I do installations where this would seem relevant is in Dockerfiles - is that the intended use case?

        1. 16

          There are many “levels” at which Nix can be useful, for example:

          • you can install it and use it to manage software in container images as @wimpress suggests, if you’re using Dockerfiles to “test the waters” or need to be compatible with other components that only like Dockerfiles;
          • you can build Docker images entirely within Nix, making reproducing images easier and (often) resulting in more compact images;
          • you can use it to manage the everyday software you use on your workstation, simply by installing the software using Nix or by installing and configuring it using home-manager;
          • you can use nix run to try out software without worrying about uninstalling it again later;
          • you can put your entire OS together with Nix, as with NixOS or more specialised setups like liminix;

          All of these are options which will appeal to various people to various degrees, and you can pick and choose which ones you’re most interested in!

          1. 4

            Yes 👍️ You can use the Determinate Nix Installer to “install” nix in Podman and Docker containers.

          1. 1

            I am enjoying all the Linux boot content lately. Hoping for a good post on how exactly secure boot protects you against various attacks and how it does this; anybody know of one?

            1. 4

              Matthew Garrett has a bunch of good material on Secure Boot. isn’t really about the workstation use case, but explains what a secure boot chain can look like (and what it’s there to ensure).

            1. 3

              Didn’t you reinvent docker with your solution? Docker also uses pivot_root and essentially solves the exact same problem with very similar methods. A simple Dockerfile with FROM ubuntu:focal would probably give you the same thing you outlined here, unless I missed some crucial requirement that cannot be satisfied with docker.

              1. 8

                The similarities to Docker end at the systemd-nspawn step. After the systemd pivot-root step, the host userland is shut down entirely and the Ubuntu userland takes over, including privileged hardware access such as the graphics system.

                1. 7

                  Yeah, as hufman says this isn’t running both OSes in parallel, it’s having them installed in parallel – but mimicking a “normal” installation much more closely than one could ever achieve with docker. None of the namespace or cgroup stuff – real direct access to everything the kernel can provide.

                1. 11

                  Original post:

                  I love the clickbait title. QEMU always makes me click.

                  1. 4

                    Glad is here to take that with a bit of humour!

                    To nitpick: neither one is really “canonical” or “original”, one is just my employer’s blog and the other is my own :)

                    1. 4

                      Your blog is way more readable :D