I was thinking about going immutable for a long time and now I’m choosing a distro to hop to.
My question is: what are good immutable distros other than Fedora Silverblue spins, UBlue family and NixOS?
Maybe someone uses/used any? What is/was your experience with it?
There is blendOS which is an arch based immutable distro similar to Vanilla OS with different DE options
Except the installer requires one specific repo mirror to be up, which can’t be customized, which has been down for weeks and the dev isn’t very interested in providing any fix or workaround so a lot of people literally can’t install it.
It’s a bad suggestion, it’s a beta product not fit for end user consumption yet.
Secureblue, GnomeOS (if you like updating daily), VanillaOS, AOSP, SteamOS, blendOS, and many more.
Please don’t hurt me but what’s an “immutable” distro?
It’s a distro that makes all but a few system directories immutable. This means you can’t just install whatever you want in the same way you would install in a traditional Linux system.
This comes with some benefits:
- Malicious and buggy software can’t permanently fuck up your installation. Even root can’t edit those directories.
- Each system update replaces only the system layer, but you can rollback to the previous one if something breaks.
- You can rebase to other images (like going from Fedora Kinoite to UBlue Aurora) with a simple command, and you don’t need to reinstall anything or worry about backing up your /home directory.
- Most software is installed via flatpaks or appimages, keeping a layer of separation between your system and your applications.
- Distroboxes/Podman containers can handle a lot of additional software while keeping it safely containerized.
- The system is generally reproducible, so the core of what you have is the core of what everybody else has.
Some drawbacks:
- You can’t install whatever you want however you want. There are some hard limitations on where files are allowed to go, and installing certain software that interacts with the kernel can be tricky (I’m currently trying to figure out the best way to install my VPN provider’s client).
- There’s a definite learning curve to working with containers. It’s not always as simple as “create container, install thing.”
- There’s a definite learning curve to retraining yourself to think in layers/containers.
Some examples of modern immutable distros are:
- Fedora Silverblue
- Fedora Kinoite
- Universal Blue Aurora
- Universal Blue Bluefin
- Universal Blue Bazzite
- NixOS
- BlendOS
As I understand it, it’s read-only, so the updates you get are basically replacing your current ones but keeping your apps (like flatpaks) installed.
I think about it like this:
Layer 2b: ->> User applications (flatpak, nixpkgs, etc.)
Layer 2a: ->> User data (mutable, persistent no matter what your system layer is)
Layer 1: -> System (immutable/read-only/updated "atomically" meaning all at once)
Layer 0: Hardware
Or, alternately, it’s what macos has been doing with absolutely no fanfare for several versions now. That’s not a knock, btw. It’s an illustration that it can be completely transparent in use, though it may require some habit changes on linux.
Don’t use NixOS.
Source:
- I love NixOS
- I use it as my daily driver on multiple machines.
- I’ve contributed both to NixOS and surrounding ecosystem.
Evidence:
- Learning cliff rather than curve because:
- The state of the documentation should have been unacceptable a decade ago. Very unacceptable now.
- The tooling is also over a decade behind.
- Governance leaves a lot to be desired.
These things are getting better but not fast enough that I’d recommend it.
If you really want to look into nix, use it on another distro and see if you’re still interested after getting a flake-based devshell together. (impossible challenge: do it for a python project that relies on complex dependencies like transformers)
Governance leaves a lot to be desired.
Genuine question from somebody who’s out of the loop and doesn’t use NixOS: How does this affect your day to day using the distro?
I’ve just switched my secondary machine to Nix, and was in the process of switching my main too, so it really is quite a shame. I’m really enjoying the distribution, but if the organization continues to have colossal government issues, and repelling active packagers, that’s really not a good sign
Now that I’m deep in it with flakes + home manager + impermanence + disko/nixos-anywhere, it’s fantastic having this much control and stability on all my systems, and I’m excited to start switching as much of my homelab as I can over to NixOS like my workstations.
But I totally agree, I would not recommend this to anyone who is not super interested in it.
Opensuse Micro