For once I feel a little out of touch after I took a bit of a break from following the news to focus on studying, and suddenly everyone is talking about immutable distributions. What are they exactly? What are the benefits and the disadvantages of immutable systems?
Honestly every time I mention NixOS I get someone telling me it’s not a beginner friendly distro
Provided you get to understand the config file which only took a day of fiddling it’s so much easier to use than mutable distros
I add something to my package list and it just works, and nothing else breaks and even if I do manage to screw up my entire system so badly that I can’t boot it anymore I just boot the last working configuration and undo my changes
I believe people have even built UIs around the config to make it more user friendly
https://github.com/nix-gui/nix-gui https://github.com/vlinkz/nix-software-center
I agree, when I was on other distributions I would gradually customize things until something broken; then it was easier to start from scratch than to fix my mistakes. With NixOS it still gives me the ability to tinker with things, but makes it much easier than starting from scratch when I inevitably mess it up.
####For an in the wild example, Steam Deck.
Steam Deck runs Steam OS, which is a heavily customized version of Arch Linux by Valve. But unlike normal Arch installs, Valve has locked the System partition(/) to read-only.
The reasons they’ve done this is two fold. First, there’s actually two copies of the system partition. The reason for this is that when an update is downloaded it’s actually written to the other partition, not the one you’re currently using. This way the update happens in the background, and then you just need to reboot for it to switch partitions and do some house cleaning. What this means though, is that any changes you might’ve normally made to the system partition, disappear, as they are now on the other partition you aren’t using. So if any changes you make won’t matter, not much point in letting people make them in the first place. Using Flatpaks, any applications users install would instead be stored in the user partition, and never touch the OS itself.
The second major reason for doing this, is consistency. If people are discouraged or blocked from modifying the system partition, then any bugs or issues that crop up are, 99% of the time, Valve’s fault. And because of that, Valve can more easily diagnose and try to reproduce any reported issues, because theoretically, the user’s Steam Deck should be configured exactly the same as one at Valve HQ. All that’s needed is for a user to report what they were doing when they encountered the issue, and Valve can follow those same steps and hopefully encounter the same issue, get detailed logs, and hopefully quickly push out a patch as needed.
And that’s one version of Immutability. Valve doesn’t go the full nine-yards here, just enough for their use case. In other Immutable Distros, versioning is taken even further, where you can control multiple versions and reset the OS state on the fly as needed, keeping any changes to a minimum and in controlled sand boxes. There’s a ton of use cases for these, but the most obvious benefits are for enterprise and mass-market solutions, where a single configuration is multiplied across a large amount of servers, or end-user devices, allowing for easier diagnoses of issues and pushing of patches. For end-user clients especially, if they aren’t expected to be customizing the OS to begin with, it makes support much easier for IT.
For your average Linux user, the benefits aren’t as large, as you’ll often want to be able to tweak things to your liking. But your Average Joe that just wants a computer that can surf the web and install some apps that can be found as Flatpaks, an immutable OS that they can’t easily screw up is a plus.
I just have a big shell script that will redo all my changes after updates. I only broke my install once :>
[This comment has been deleted by an automated system]
Security, Stability
the whole concept of immutable is focused on stability and safety of your system – yes, it is still possible to break an immutable distro, but it’s a LOT harder and takes some actual effort – there’s also a few concepts wrapped up into the “immutable” phrasing:
- immutable filesystem – the root filesystem is set as read only, updates are queued up and applied during an upgrade (some distros require a reboot, some don’t)
- VanillaOS keeps two copies of the root system (ABroot), upgrades the inactive copy and then swaps them out
- NixOS has everything defined in a master config file and keeps an archive of previous generations of the config file allowing you to boot into whichever generation you want
- atomicity – updates are applied individually and checked, if the update breaks then it’s reverted to the previous working state (ie. you are never left with a borked system)
- containerized apps – user space apps isolated or sandboxed in some way like Flatpaks or Docker containers or OCI so if they break, they don’t take anything else down with them
- declarative systems – the whole system (and packages and configs) are defined (declared) in one master config file – back up that config file and if something happens to your system, you just need that one file to do a full rebuild (or make an identical copy of your system on another computer) – NixOS and GNU Guix are the two more well-known in this space
- EDIT: minor side-effect of this is you can easily tell exactly what packages are installed on your system at any given time – no hunting through
history
or trying to remember what you installed last month when you were testing out video players
- EDIT: minor side-effect of this is you can easily tell exactly what packages are installed on your system at any given time – no hunting through
I like the idea of containerised apps, especially if you can have multiples of the same app.
A few years ago, when I was pretty much fully on Windows, I used PortableApps to manage a few websites and their emails, and having a simple way to do the same thing is one of the few reasons I’m still stuck with Windows.
On top of that, I like trying out new apps and programs, but uninstalling them doesn’t always get rid of the extras, like new dependencies.