378
Principal Skinner on Immutable Distros
(infosec.pub)
Post funny things about programming here! (Or just rant about your favourite programming language.)
I agree but I prefer it to things like ansible for sure. I'm also happy to never have to run 400 apt install commands in a specific order lest I have to start again from scratch on a new system.
Another place I swear by it is in the declaration of drives. I used to have to use a bash script on boot that would update fstab every time I booted (I mount an NFS volume in my LAN as if it were native to my machine) then unmount it on shutdown. With nix, I haven't had to invent solutions for that weird quirk (and any other quirks) since day one because I simply declared it like so:
IMO, where they really shine is in the context of declarative dev environments where the dependencies can be locked in place FOREVER if needed. I even use Nix to build OCI/Docker containers with their definitions declared right inside of my dev flake for situations where I have to work with people who hate the Nix way.
No end of interesting shit you can do in Nix, at one point I had zfs and ipfs entries in one of my configs. I got away from it all before flakes started to get popular.
I tried it as a docker host; the declarative formatting drove me around the bend. I get a fair bit of disaster proofing on my docker host with git and webhooks, besides using Proxmox/ZFS to host it all and back it up.
I suspect that the whole Docker thing will improve exponentially now that Nix is on the Docker's radar. I found the OCI implementation to be superior to the actual Docker implementation in Nix.....at least for now. I think the way that Docker isolates things to layers is the biggest barrier to them working together seamlessly at the moment....but I think they'll start to converge technolgically over the coming 10 years to the point where they might work together as a standard someday.