Conversation

Notices

Embed this notice
Karl Voit :emacs: :orgmode: (publicvoit@graz.social)'s status on Monday, 20-Jan-2025 00:14:51 JST Karl Voit :emacs: :orgmode:
- raboof
@raboof Wow, thanks for that.

In conversation about 12 days ago from graz.social permalink
- Embed this notice
  Janneke (janneke@todon.nl)'s status on Monday, 20-Jan-2025 00:14:41 JST Janneke
  in reply to
  @publicvoit @nobodyinperson @AngryAnt @raboof
  Wow that's vague.
  Remember, bugs (i.e..sensible bug reports) are hugs!
  
  In conversation about 12 days ago permalink
- Embed this notice
  Karl Voit :emacs: :orgmode: (publicvoit@graz.social)'s status on Monday, 20-Jan-2025 00:14:42 JST Karl Voit :emacs: :orgmode:
  in reply to
  @nobodyinperson @AngryAnt @raboof My problem is that I thought that NixOS is a solution to some issues I had with other Linux distros. That failed and I got additional issues as well.
  When I have to setup my system, NixOS (and Nix) will be a part of my past.
  
  In conversation about 12 days ago permalink
- Embed this notice
  Yann Büchau :nixos: (nobodyinperson@fosstodon.org)'s status on Monday, 20-Jan-2025 00:14:43 JST Yann Büchau :nixos:
  in reply to
  - raboof
  - Emil "AngryAnt" Johansen
  @publicvoit @AngryAnt @raboof Same for NixOS. If a venv does the job for you, use my linked fhs command as the one thing to execute before doing anything Python, then do whatever venv stuff you need to do. If you don't need external system dependencies, do you really need nix?
  
  In conversation about 12 days ago permalink
- Embed this notice
  Karl Voit :emacs: :orgmode: (publicvoit@graz.social)'s status on Monday, 20-Jan-2025 00:14:44 JST Karl Voit :emacs: :orgmode:
  in reply to
  @nobodyinperson @AngryAnt @raboof On any other OS I did never have to use something more complicated than a venv. 😉
  
  In conversation about 12 days ago permalink
- Embed this notice
  Yann Büchau :nixos: (nobodyinperson@fosstodon.org)'s status on Monday, 20-Jan-2025 00:14:45 JST Yann Büchau :nixos:
  in reply to
  - raboof
  - Emil "AngryAnt" Johansen
  @publicvoit @AngryAnt @raboof Well if you need any kind of dependency, a simple `python ./myscript.py` won't work on any distribution. Poetry or uv can ease that step of specifying and fetching dependencies, and work identically across distros. The only difference on #NixOS is that you will need to run everything from within an fhsUserEnv, e.g. execute my `fhs` command here before:
  https://gitlab.com/nobodyinperson/nixconfig/-/blob/main/modules/fhs.nix?ref_type=heads
  This is how I do it.
  
  In conversation about 12 days ago permalink
- Embed this notice
  Karl Voit :emacs: :orgmode: (publicvoit@graz.social)'s status on Monday, 20-Jan-2025 00:14:46 JST Karl Voit :emacs: :orgmode:
  in reply to
  - raboof
  - Emil "AngryAnt" Johansen
  @AngryAnt @raboof Frankly, I haven't even looked at this #NixOS feature.
  My experience so far which doesn't necessarily contradict your comment: if something is working, its "source" looks clean and you can reproduce it a number of times. 👍
  However to get to that point in the first place, I had to bump into too many issues, rely on multiple experts on the Internet to help me with my specific issue until it somehow worked and I did not even understand all the mistakes I did which is a pity with respect to learning.
  My most significant example: simply invoking a local #Python script.
  You could read about the very last mile of that journey here: https://discourse.nixos.org/t/nix-shell-isnt-executing-its-python-poetry-command-and-doesnt-exit/58452
  Note that it took me half a year, at least six iterations of approaches including switching to poetry, various variations of nix-shells/shellscript combinations and so forth.
  And this all for a task that is easy as "python3 ./myscript.py" on all(!) other operating systems.
  Hardly a motivation for me for NixOS.
  In conversation about 12 days ago permalink
  Attachments
- Embed this notice
  Emil "AngryAnt" Johansen (angryant@mastodon.gamedev.place)'s status on Monday, 20-Jan-2025 00:14:47 JST Emil "AngryAnt" Johansen
  in reply to
  - raboof
  @publicvoit @raboof Personally I had that same impression prior to taking on containers, but ended up concluding that this had been me over-estimating complexity.
  It really is one of those areas where NixOS makes doing something complicated easy vs. other distros.
  In conversation about 12 days ago permalink
  Attachments
  1. No result found on File_thumbnail lookup.
    
    complexity.it
    
    Simplicity in complexity
- Embed this notice
  Karl Voit :emacs: :orgmode: (publicvoit@graz.social)'s status on Monday, 20-Jan-2025 00:14:48 JST Karl Voit :emacs: :orgmode:
  in reply to
  - raboof
  - Emil "AngryAnt" Johansen
  @AngryAnt @raboof I can relate to that but this is only achievable with a high level of Nix knowledge.
  So at that stage of Nix(OS), it is no option to me. I failed with much simpler tasks already. 😔
  In conversation about 12 days ago permalink
  Attachments
  1. No result found on File_thumbnail lookup.
    
    knowledge.so
- Embed this notice
  Emil "AngryAnt" Johansen (angryant@mastodon.gamedev.place)'s status on Monday, 20-Jan-2025 00:14:49 JST Emil "AngryAnt" Johansen
  in reply to
  - raboof
  @publicvoit @raboof Personally I like to run my services in NixOS containers with private networking - often with their own network interface passed through.
  
  In conversation about 12 days ago permalink
- Embed this notice
  Emil "AngryAnt" Johansen (angryant@mastodon.gamedev.place)'s status on Monday, 20-Jan-2025 00:14:50 JST Emil "AngryAnt" Johansen
  in reply to
  - raboof
  @publicvoit @raboof Mitigations to avoid that initial foothold include:
  - Having most systemd services configured via NixOS options run with DynamicUser set, enabling lots of system isolation: https://unix.stackexchange.com/questions/635027/systemd-dynamicuser-vs-user#635036
  - The nature & implementation of the nix store precludes whole classes of common exploits like library/dll injection and malicious patching.
  - You can comparatively easily add further isoation to potential entry points by declaring them in NixOS containers.
  In conversation about 12 days ago permalink
  Attachments
  1. Domain not in remote thumbnail source whitelist: cdn.sstatic.net
    
    systemd DynamicUser vs User
    
    To run processes without root privileges you can use DynamicUser= or a static user with User= in systemd. A good explanation for DynamicUser can be found in this blog post: http://0pointer.net/blog/
- Embed this notice
  Janneke (janneke@todon.nl)'s status on Monday, 20-Jan-2025 00:40:31 JST Janneke
  in reply to
  @publicvoit @nobodyinperson @AngryAnt @raboof
  You count complaining on social media as a bug report?
  
  In conversation about 12 days ago permalink
- Embed this notice
  Karl Voit :emacs: :orgmode: (publicvoit@graz.social)'s status on Monday, 20-Jan-2025 00:40:32 JST Karl Voit :emacs: :orgmode:
  in reply to
  @janneke @nobodyinperson @AngryAnt @raboof On, I have plenty messages on that: my downsides start with: https://graz.social/@publicvoit/112197919942153866
  In conversation about 12 days ago permalink
  Attachments
  1. No result found on File_thumbnail lookup.
    
    Karl Voit :emacs: :orgmode: (@publicvoit@graz.social)
    
    from Karl Voit :emacs: :orgmode:
    
    @ktemkin@chaos.social Python is ultimately broken to me. Not as a dev, as a user. I can not express how much trouble this gives me. This might even lead me to throw away Nix(OS) and return to Debian on all of my hosts. Homemanager with flakes is generally recommended but still classified as experimental and with almost none up-to-date documentation or documentation that exceeds the most ultra-simple setup. A x260 shows really poor update performance (sometimes in hours!). See also: https://karl-voit.at/2023/09/12/nix/
  Janneke repeated this.

Public

Conversation

Notices

Feeds