this post was submitted on 07 Jul 2023
515 points (98.3% liked)
Asklemmy
43857 readers
1872 users here now
A loosely moderated place to ask open-ended questions
If your post meets the following criteria, it's welcome here!
- Open-ended question
- Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
- Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
- Not ad nauseam inducing: please make sure it is a question that would be new to most members
- An actual topic of discussion
Looking for support?
Looking for a community?
- Lemmyverse: community search
- sub.rehab: maps old subreddits to fediverse options, marks official as such
- [email protected]: a community for finding communities
~Icon~ ~by~ ~@Double_[email protected]~
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Quick question: how do you handle updates?
To me NixOS seems like basically a replacement for any distro + Salt (or any other config management platform) + snapshots. The one thing I’m unsure about is patch/update management. Can that be automated?
Happy to answer!
Here's an example commit where I last updated my system packages. I've been on summer holiday so it's already been a month haha.
It's basically going into my dotfile/configuration repo, running
nix flake update nixpkgs
which bumps the lock file as seen in the commit and then runningnixos-rebuild
and committing it. A bit like bumping npm dependencies.If something doesn't work, I just git reset the change and rebuild again, which is almost instant as all the previous packages are still stored on my system until I explicitly garbage collect them.
And if there's a kernel/driver issue I only catch after a reboot, I can just directly boot into the previous build straight from GRUB as nixos automatically manages the grub entries and keeps a history of previous builds.
Of course there's also sometimes cases where some package breaks but I'd don't want to postpone updating the whole system just because of that particular package. For those cases I also have a separate input named "nixpkgs-2111" that tracks the current stable branch of nixos. I can then explicitly configure the specific package to be built from that revision of the repo.
Another nice thing is that once I've bumped the system on my personal computer, I'll just pull the commit on my work laptop and run
nixos-rebuild
on that machine. This way I can guarantee that both the machines have exactly same software versions.NixOS does accomplish those things. However it has also other benefits, such as running multiple versions of the same software simultaneously, guaranteed complete dependencies and the fact that upgrades and rollbacks are atomic. Immutability also ensures no state drift happens.
Thanks so much for the detailed response! I’m still learning the basics, but to me this seems fascinating and potentially very powerful. My goal is to create a “playbook” or strategy I can use in production for, say, web hosting.
This is very novel, and as you noted, has powerful implications on how one manages their environment. I can see potential use cases for developers, researchers, web/app hosting and even plain old daily driver desktop/laptop use.