hallettj
Programmer in California
I’m also on https://leminal.space/u/hallettj
“Atomic” is a catchy descriptor! Atomic distros for the Atomic Age! It could be an umbrella term since NixOS and Guix are atomic, but instead of images and partitions they use symlinks, and patch binaries to use full paths for libraries and programs that they reference. So there are image-based distros, and I guess expression-derived distros which are both atomic.
I haven’t tried image-based distros. This post fills in some gaps for me. Thanks for the write-up!
Oh this is just the thing for playing bard, and casting “vicious mockery” several times per combat
I think NixOS is awesome, but it certainly doesn’t offer “access to (basically) all Linux-capable software, no matter from what repo.” - at least not natively.
I don’t quite agree with this. In NixOS you can write custom expressions that fetch software from any source, and stitch them into your configuration as first-class packages. So you do get access to all Linux-capable software natively, but not necessarily easily. (There is a learning curve to packaging stuff yourself.)
I use this process to bring nightly releases of neovim and nushell into my reproducible config. Ok, I do use flakes that other people published for building those projects, which is a bit like installing from a community PPA. But when I wanted to install Niri, a very new window manager I wrote the package and NixOS module expressions all by myself!
But Flatpak has its fancy “portals” to connect each app with the specific resource it needs which you don’t get with Docker.
Also if the goal is to limit access of apps you don’t want to fully trust, I think Docker doesn’t have the appropriate security properties. Here’s a quote from the readme for Bubblewrap (the sandboxing tool that Flatpak and Nixpak use),
Many container runtime tools like systemd-nspawn, docker, etc. focus on providing infrastructure for system administrators and orchestration tools (e.g. Kubernetes) to run containers.
These tools are not suitable to give to unprivileged users, because it is trivial to turn such access into a fully privileged root shell on the host.
I’ve had ls
aliased to exa
for a while. So it looks like eza is a fork of exa? The git feature looks interesting.
There is another thread on this with a bunch of links: https://beehaw.org/post/502245