Hey folks! After using Fedora Atomic for quite a while and really appreciating its approach, I’ve been eyeing one particular feature from NixOS: its congruent system management. Inspired from Graham Christensen’s “Erase your darlings” post, I’d like to explore implementing something similar to NixOS’ impermanence module on Fedora Atomic as one step towards better state management.

Why not just switch to NixOS? Well, while NixOS’s package management and declarative approach are incredible, I specifically value Fedora’s stringent package vetting and security practices. The nixpkgs repository, despite its impressive scope, operates more like a user repository in terms of security standards.

I’ve already made some progress with the following:

  • Fedora Atomic’s shift to bootable OCI containers has helped with base system reproducibility when one creates their own images. This process has thankfully been streamlined by templates offered by either uBlue or BlueBuild
  • Using chezmoi for dotfiles (would’ve loved home-manager if it played nicer with SELinux)

My current (most likely naive and perhaps even wrong) approach involves tmpfs mounts and bind mounts to /persist, along with systemd-tmpfiles. I’m well aware this won’t give me the declarative goodness of NixOS, nor will it make the system truly stateless - there’s surely plenty of state I’m missing - but I’m hoping it might be another step in the right direction.

Particularly interested in:

  • Best practices for managing persistent vs temporary state
  • Working with rpm-ostree’s (or bootc’) assumptions
  • Tools or scripts that might help
  • Alternative approaches that achieve similar goals

Thanks in advance!

  • QuazarOmega@lemy.lol
    link
    fedilink
    arrow-up
    2
    ·
    11 hours ago

    I don’t remember when this installer was declared stable for use on Fedora, I have installed it in May myself, so after that post.

    In the issues tab there seems to be some problems still, like #1325, for me, at least, it’s mostly all fine, the only issue I still have is that some things don’t work due to the user’s home directory being a synlink to /var/home/<username>, rare enough that I still use it

    • jamesbunagna@discuss.onlineOP
      link
      fedilink
      arrow-up
      2
      ·
      7 hours ago

      lol. I initially had a better written reply that I was about to send, but I clicked on cancel instead of reply. RIP.

      First of all, thank you for sharing your own experiences!

      Secondly, in short, looking at the discord servers that are related to the uBlue project, general folk seem to have moved past Nix and use flatpak and brew instead for GUI and CLI respectively. Though, some community members happily report to be content with Nix. So, perhaps I shouldn’t be necessarily opposed to home-manager.

      Finally, I didn’t expect to find a crossover between brew and chezmoi to effectively become a quasi-home-manager.

      • QuazarOmega@lemy.lol
        link
        fedilink
        arrow-up
        1
        ·
        6 hours ago

        clicked on cancel instead of reply

        Aw man haha

        moved past Nix and use flatpak and brew

        That sounds a bit funny, when those technologies are just (despite me not liking to use this term) inferior, in terms of packaging, only flatpak really shines because of its embedded permission model, one of the reasons why I also still use it, though there are ways to use bubblewrap with Nix packages which I honestly haven’t tried.

        So, perhaps I shouldn’t be necessarily opposed to home-manager

        Yeah, I think you should at least give it a shot and see how you like it, it’s not as easy right out of the box as the other 2 you mentioned, of course, so you should find out for yourself what you feel more comfortable using.

        crossover between brew and chezmoi

        That is kinda neat, but, to me, it really feels more like a last resort when you somehow can’t access Nix, Nix is just that much more structurally sound than all the other 3rd party package managers that you can install alongside your system’s, I say that mostly because of versioning that doesn’t break, and package manager as well as configuration being all cohesively described with a single language, it’s not exactly easy, so I won’t say “what more could you want?”, but look at the features of both to see what you really want first.