Comment by turtleyacht
9 hours ago
It would be nice to set up immutable config down to the granularity of a git commit, sharing it as a single file, and be able to reproduce that setup on anyone's machine. Instant onboarding and mirrored production (barring secrets).
With the caveat of it not being a portable single file, I find custom image-based Linuxes fill this gap perfectly.
There's of course Fedora Silverblue / Fedora Bootc with https://universal-blue.org/ and https://blue-build.org/ being good examples.
Recent developments have seen the creation of bootc images for non-Fedora distros too, and at this point I've seen quite a few cool arch-bootc custom images, completely customized to the author's desires. See: https://github.com/bootcrew/, https://github.com/tartaria-dev/tartaria
For me, this is the holy grail. Every time I switch laptops, I lift all my config files and such over, but there's always so many system level configs and other things that you have to go and manually fiddle. On top of that, some apps don't really behave well when you just move config files to e.g. under a different username etc. Would be nice if there was a comprehensive solution to this problem, need to try nix-darwin out.
nix-darwin is essentially this. I have a small bootstrap script to install Xcode CLI and Nix, git clone my dotfiles and activate the config. That in turn sets up the system, also installs Homebrew, installs apps from the App store and sets up all my configs. The only thing I need to do after is sign into some accounts.
Speaking from the viewpoint of a whole operating system images, the main challenge is that while Nix allows you to create ephemeral environments, many people (myself included) have various hard-coded paths for mounting hard drives. If you want something to be shareable, you have to create a workflow in which the user environment is activated interactively after a tty session is acquired. Same goes for any system services that need persistence -- these have to be configured to be activated at runtime. It's a lot of work for a party-trick. It's probably possible to configure the system such that the log-in needs a FIDO2 key which is also used for LUKS drives, which would be similar to how macOS handles log-ins. But abstracting this such the login works on every machine possible suddenly requires filesystems to be networked, and so on.
That being said, we used NixOS images to boot several Windows PCs of my friends into RAM to play Halo 3 multiplayer split-screen. Most of my friends were mainly confused why they could play with any gamepad they had in their shelf. They also left the event with no permanent changes to their PCs.
I haven't used Nix yet, but I have done exactly this a number of times with Guix now. I assume Nix has the same capabilities. In Guix you can specify a home configuration that includes packages, configuration files, and running services all in one manifest.scm file. If you want to make sure that it's isolated from whatever else is set up on the system you can launch that manifest in a container with a single extra flag
this is basically the purpose of nix flakes, which take in inputs (usually git repositories) and provide outputs (compiled files, docker images, etc). it's a pain to get going, but not tremendously difficult with some googling. It's a lot easier with AI as well.