| ▲ | trizic 11 hours ago |
| There is something to be said about NixOS, it really is a matter of setting `services.immich.enable = true;` in a configuration file. I find this really powerful and simpler than docker and docker-compose. But don't get me wrong, I am all for containerization when it comes to other OS/distros. Yes, there is a learning curve for the Nix language and creating your own packages. But anyone who can install a distro can install NixOS. Instead of running your apt/dnf/pacman commands, you edit a file with your package names and services you want to enable, and run `nixos-rebuild switch`. Though, you might find standalone binaries such as uv and its portable Python bundles don't work out the box, there is a a few lines configuration to get it working. Having a single language for configuring all services/applications (neovim,nginx,syncthing,systemd, etc) is refreshing. And of course combined with generative AI, you can set up a lot quickly. Immich is one of the only apps on iOS that properly does background sync. There is also PhotoSync which is notable for working properly with background sync. I'll take a wild guess that Ente may have got this working right too (at least I'd hope). This works around the limitation that iOS apps can't really run as background apps (appears to me that the app can wake up on some interval, run/sync for a little and try again on the next interval). This is much more usable then for example, the Synology apps for photo sync, which is, the last time I tried, for some reason insanely slow and the phone needs to have the app open and screen on for it fully sync. Some issues I ran into is the Immich iOS app updating and then being incompatible with the older version of the server installed on my machine. You'd have to disable app updates for all apps, as iOS doesn't support disabling updates for individual apps. In my specific scenario, the latest version of Immich for NixOS didn't perform a certain migration for my older version of Immich. I had to track down the specific commit that contained the version of Immich which had the migration, apply that, then I was able to get back to the latest version. Luckily, even though I probably applied a few versions before getting the right one, it didn't corrupt the Immich install. |
|
| ▲ | mk12 5 minutes ago | parent | next [-] |
| I hope someone will create a Debian package for Immich. I’m running a bunch of services and they are all nicely organized with user foo, /var/lib/foo, journalctl -u foo, systemctl start foo, except for Immich which is the odd one out needing docker compose. The nix package shows it can be done but it would probably be a fair amount of work to translate to a Debian package. |
|
| ▲ | Dedime 10 hours ago | parent | prev | next [-] |
| My problem with NixOS is the second you try to go "outside the guardrails", the difficulty increases 100x |
| |
| ▲ | ivanjermakov 9 hours ago | parent | next [-] | | Kind of the same for docker? Plopping a docker compose file and setting up few environment vars vs writing dockerfiles from scratch. | | |
| ▲ | cromka 8 hours ago | parent [-] | | Not really. No. You can easily checkout repo containing the Dockerfile, add a Dockerfile override, change most of the stuff while maintaining the original Dockerfile instact and the ability to use git to update it. Then you change one line in docker-compose.yaml (or override it if it's also hosted by the repo) and build the container locally. Can't imagine easier way to modify existing docker images, I do this a lot with my self-hosted services. | | |
| ▲ | Ambroisie 7 hours ago | parent [-] | | I'll be honest, that does not sound "easy". It is straightforward, but so is the NixOS module system, and I could describe writing a custom module the same way you described custom Docker images. | | |
| ▲ | jerf an hour ago | parent | next [-] | | It isn't the absolutely easiest process. But it works on Ubuntu, it works on Debian, it works on Mac, it works on Windows, it works on a lot of things other than a Nix install. And I have to know Docker for work anyhow. I don't have to know Nix for anything else. You can't win on "it's net easier in Nix" than anywhere else, and a lot of us are pretty used to "it's just one line" and know exactly what that means when that one line isn't quite what we need or want. Maybe it easier after a rather large up-front investment into Nix, but I've got dozens of technologies asking me for large up-front investments. | |
| ▲ | Xraider72 3 hours ago | parent | prev | next [-] | | This is a familiarity problem. I've never used NixOS and all your posts telling me how simple it is sounds like super daunting challenges to me versus just updating a Dockerfile or a one liner in compose that I am already familiar with, I suspect its the inverse for you. | |
| ▲ | maccard 4 hours ago | parent | prev [-] | | If that’s not easy I don’t know what is. |
|
|
| |
| ▲ | lilyball 5 hours ago | parent | prev [-] | | Is it? Why? If a NixOS module doesn’t support what you need, you can just write your own module, and the module system lets you disable existing modules if you need to. Doing anything custom this way still feels easier than doing it in an imperative world. | | |
| ▲ | maccard 4 hours ago | parent | next [-] | | > you can just write your own module, and the module system lets you disable existing modules if you need to That sounds about 100x more difficult to me | | |
| ▲ | Scandiravian 3 hours ago | parent [-] | | I can see your point that it can be daunting to have all the pain upfront. When I was using Ubuntu on my servers it was super simple to get things running The problem was when I had to change some obscure .ini file in /etc for a dependency to something new I was setting up. Three days later I'd realise something unrelated had stopped working and then had to figure out which change in the last many days caused this For me this is at least 100x more difficult than writing a Nix module, because I'm simply not good at documenting my changes in parallel with making them For others this might not be a problem, so then an imperative solution might be the best choice Having used Nix and NixOS for the past 6-7 years, I honestly can't imagine myself using anything than declarative configuration again - but again, it's just a good fit for me and how my mind works | | |
| ▲ | onionisafruit 3 hours ago | parent [-] | | In the NixOS scenario you described, what keeps you from finding an unrelated thing stopped working three days later and having to find what changed? I’m asking because you spoke to me when you said “because I'm simply not good at documenting my changes in parallel with making them”, and I want to understand if NixOS is something I should look into. There are all kinds of things like immich that I don’t use because I don’t want the personal tech debt of maintaining them. | | |
| ▲ | Scandiravian 2 hours ago | parent | next [-] | | I think the sibling answer by oasisaimlessly is really good. I'd supplement it by saying that because you can have the entire configuration in a git repo, you can see what you've changed at what point in time I'm the beginning I was doing one change, writing that change down in some log, then doing another change (this I'll mess up in about five minutes) Now I'm creating a new commit, writing a description for it to help myself remember what I'm doing and then changing the Nix code. I can then review everything I've changed on the system by doing a simple diff. If something breaks I can look at my commit history and see every change I've ever made It does still have some overhead in terms of keeping a clean commut history. I occasionally get distracted by other issues while working and I'll have to split the changes into two different commits, but I can do that after I've checked everything works, so it becomes a step at the end where I can focus fully on it instead of yet another thing I need to keep track of mentally | | |
| ▲ | Scandiravian 2 hours ago | parent [-] | | I just realised I didn't answer the first question about what keeps me from discovering the issues earlier The quick answer is complexity and the amount of energy I have, since I'm mostly working on my homelab after a full work day Some things also don't run that often or I don't check up on them for some time. Like hardware acceleration for my jellyfin instance stopped working at some point because I was messing around with OpenCL and I messed up something with the Mesa drivers. Didn't discover it until I noticed the fans going ham due to the added workload |
| |
| ▲ | oasisaimlessly 2 hours ago | parent | prev [-] | | Not OP, and not a very experienced with NixOS (I just use Nix for building containers), but roughly speaking: * With NixOS, you define the configuration for the entire system in one or a couple .nix files that import each other. * You can very easily put these .nix files under version control and follow a convention of never leaving the system in a state where you have uncommitted changes. * See the NixOS/infra repo for an example of managing multiple machines' configurations in a single repo: https://github.com/NixOS/infra/blob/6fecd0f4442ca78ac2e4102c... |
|
|
| |
| ▲ | jbstack 3 hours ago | parent | prev [-] | | "Just" write your own module? Have you seen how bad the Nix documentation is and how challenging Nix (the language) is? Not to mention that you have to learn Yet Another Language just for this corner case, which you will not use for anything else. At least Guix uses a lisp variant so that some of the skills you gain are transferable (e.g. to Emacs, or even to a GP language like Common Lisp or Racket). Don't get me wrong, I love the concept of Nix and the way it handles dependency management and declarative configuration. But I don't think we can pretend that it's easy. | | |
| ▲ | femiagbabiaka 2 hours ago | parent | next [-] | | The documentation is not great (especially since it tends to document nix-the-language and not the conventions actually used in Nixpkgs), but there are very few languages on earth with more examples of modules than Nix. | |
| ▲ | fijiaarone 3 hours ago | parent | prev [-] | | I’ve never seen nix, but I’d rather learn “yet another language” than fight yet another yaml syntax. |
|
|
|
|
| ▲ | kalaksi 10 hours ago | parent | prev | next [-] |
| I'm running NixOS on some of my hosts, but I still don't fully commit to configuring everything with nix, just the base system, and I prefer docker-compose for the actual services. I do it similarly with Debian hosts using cloud-init (nix is a lot better, though). The reason is that I want to keep the services in a portable/distro-agnostic format and decoupled from the base system, so I'm not tied too much to a single distro and can manage them separately. |
| |
| ▲ | halz 8 hours ago | parent | next [-] | | Ditto on having services expressed in more portable/cross distro containers. With NixOS in particular, I've found the best of both worlds by using podman quadlets via this flake in particular https://github.com/SEIAROTg/quadlet-nix | |
| ▲ | quag 10 hours ago | parent | prev [-] | | How do you update the software in the containers when new versions come out or vulnerabilities are actively being exploited? My understanding is that when using containers updating is an ordeal and you avoid the need my never exposing the services to the internet. | | |
| ▲ | RadiozRadioz 9 hours ago | parent | next [-] | | If you're the one building the image, rebuild with newer versions of constituent software and re-create. If you're pulling the image from a public repository (or use a dynamic tag), bump the version number you're pulling and re-create. Several automations exist for both, if you're into automatic updates. To me, that workflow is no more arduous than what one would do with apt/rpm - rebuild package & install, or just install. How does one do it on nix? Bump version in a config and install? Seems similar | | |
| ▲ | mixedCase 35 minutes ago | parent [-] | | Now do that for 30 services and system config such as firewall, routing if you do that, DNS, and so on and so forth. Nix is a one stop shop to have everything done right, declaratively, and with an easy lock file, unlike Docker. Doing all that with containers is a spaghetti soup of custom scripts. |
| |
| ▲ | teekert 7 hours ago | parent | prev | next [-] | | Your understanding of containers is incorrect! Containers decouple programs from their state. The state/data live outside the container so the container itself is disposable and can be discarded and rebuild cheaply. Of course there need to be some provisions for when the state (ie schema) needs to be updated by the containerized software. But that is the same as for non-containerized services. I'm a bit surprised this has to be explained in 2025, what field do you work in? | | |
| ▲ | johannes1234321 2 hours ago | parent | next [-] | | It's not that easy. First I need to monitor all the dependencies inside my containers, which is half a Linux distribution in many cases. Then I have to rebuild and mess with all potential issues if software builds ... Yes, in the happy path it is just a "docker build" which updates stuff from a Linux distro repo and then builds only what is needed, but as soon as the happy path fails this can become really tedious really quickly as all people write their Dockerfiles differently, handle build step differently, use different base Linux distributions, ... I'm a bit surprised this has to be explained in 2025, what field do you work in? | | |
| ▲ | rkomorn 2 hours ago | parent [-] | | It does feel like one of the side effects of containers is that now, instead of having to worry about dependencies on one host, you have to worry about dependencies for the host (because you can't just ignore security issues on the host) as well as in every container on said host. So you go from having to worry about one image + N services to up-to-N images + N services. |
| |
| ▲ | zelphirkalt 2 hours ago | parent | prev | next [-] | | I think you are not too wrong about this. Just that state _can_ be outside the container, and in most cases should. It doesn't have to be outside the container. A process running in a container can also write files inside the container, in a location not covered by any mount or volume. The downside or upside of this is, that once you down your container, stuff is basically gone, which is why usually the state does live outside, like you are saying. | |
| ▲ | fijiaarone 2 hours ago | parent | prev [-] | | Your understanding of not-containers is incorrect. In non-containerized applications, the data & state live outside the application, store in files, database, cache, s3, etc. In fact, this is the only way containers can decouple programs from state — if it’s already done so by the application. But with containers you have the extra steps of setting up volumes, virtual networks, and port translation. But I’m not surprised this has to be explained to some people in 2025, considering you probably think that a CPU is something transmitted by a series of tubes from AWS to Vercel that is made obsolete by NVidia NFTs. |
| |
| ▲ | wwarek 10 hours ago | parent | prev | next [-] | | > How do you update the software in the containers when new versions come out or vulnerabilities are actively being exploited? You build new image with updated/patched versions of packages and then replace your vulnerable container with a new one, created from new image | | |
| ▲ | teekert 7 hours ago | parent [-] | | Am I the only one surprised that this is a serious discussion in 2025? | | |
| ▲ | AdrianB1 6 hours ago | parent [-] | | Perhaps. There are many people, even in the IT industry, that don't deal with containers at all; think about the Windows apps, games, embedded stuff, etc. Containers are a niche in the grand scheme of things, not the vast majority like some people assume. | | |
| ▲ | teekert 5 hours ago | parent [-] | | Really? I'm a biologist, just do some self hosting as a hobby, and need a lot of FOSS software for work. I have experienced containers as nothing other than pervasive. I guess my surprise is just stemming from the fact that I, a non CS person even knows containers and see them as almost unavoidable. But what you say sounds logical. | | |
| ▲ | fwip 2 hours ago | parent [-] | | Self-hosting and bioinformatics are both great use cases for containers, because you want "just let me run this software somebody else wrote," without caring what language it's in, or looking for rpms, etc etc. If you're e.g: a Java shop, your company already has a deployment strategy for everything you write, so there's not as much pressure to deploy arbitrary things into production. |
|
|
|
| |
| ▲ | corn13read2 6 hours ago | parent | prev [-] | | pull new container, stop old and start new. can also make immutable containers. |
|
|
|
| ▲ | conradev 9 hours ago | parent | prev | next [-] |
| This is my favorite use of CLI AI coding tools: updating my nix config. I can just ask my computer to configure services for me! |
| |
| ▲ | fijiaarone 2 hours ago | parent [-] | | I remember when people claimed to use NixOs in order to have a deterministic, repeatable setup. | | |
| ▲ | lillecarl 2 hours ago | parent | next [-] | | AI generated Nix is equally deterministic and repeatable. The deterministic behavior makes Nix well suited for AI yolo code, either it evaluates and builds or it doesn't, and if the result isn't functional you revert back to the previous generation. | |
| ▲ | 12345hn6789 21 minutes ago | parent | prev [-] | | That is the use case for NixOS yes, can you clarify how it is no longer deterministic? I have been using it for a few months and was not aware of this change |
|
|
|
| ▲ | behnamoh 11 hours ago | parent | prev | next [-] |
| But what's the performance of NixOS compared to other distros? Also, I imagine CUDA installation is not as simple as changing a few lines of config file? |
| |
|
| ▲ | DeepSeaTortoise 6 hours ago | parent | prev | next [-] |
| Regarding NixOS, I'm mostly afraid of them going on a user purge after their developer purge. You just never know who this group of people will come after next, especially after they started defining "Fascism" as "anyone asking for how they define Fascism". And the jump of getting rid of people you hate who contribute to your project and you can do little harm to, to getting rid of people you hate who are of no use to you and you can do genuine damage to (e.g. by installing a tor exit node) is a step down if you think you could get away with it. |
| |
| ▲ | aacid 5 hours ago | parent | next [-] | | NixOS is open-source, if needed it can be forked anytime and continued to work on with new maintainers. | | | |
| ▲ | embedding-shape 2 hours ago | parent | prev [-] | | > Regarding NixOS, I'm mostly afraid of them going on a user purge after their developer purge ... Why? I don't know what developer purge you're talking about, but getting rid of people running a project almost never means suddenly they'll start to get rid of users, I'm not sure why that assumption is there. Not to mention that they couldn't even "purge users" if they wanted to, unless they make the download URLs private and start including some licensing schema which, come on, hardly is realistic to be worried about... |
|
|
| ▲ | Vinnl 9 hours ago | parent | prev | next [-] |
| Immich was my gateway into NixOS. It did a really good job of showing how well it can work. I'm only a couple of months in, so we'll see if it sticks, but I'm also running it on my laptop now. |
|
| ▲ | globular-toast 10 hours ago | parent | prev | next [-] |
| > There is something to be said about NixOS, it really is a matter of setting `services.immich.enable = true;` in a configuration file. Assuming someone has added it to NixOS, yeah. There are plenty of platforms even easier than that where you can click "install" on "apps" that have already been configured. |
| |
| ▲ | embedding-shape 36 minutes ago | parent [-] | | > There are plenty of platforms even easier than that where you can click "install" on "apps" that have already been configured. Yeah, like TrueNAS, where they've decided it was good entire to run Kubernetes on NAS hardware, with all the fun and speed that comes with. You just hit "Install", wait five minutes, and you get something half-working but integrated with the rest of their "product". I'll stick with configuration I can put in git, patch when needed and is easy to come back to after 6 months when you've forgotten all about the previous context you had. |
|
|
| ▲ | yomismoaqui 5 hours ago | parent | prev | next [-] |
| Nix can be easy,but it's not simple. Obligatory link: https://youtube.com/watch?v=SxdOUGdseq4 |
|
| ▲ | prmoustache 5 hours ago | parent | prev [-] |
| > But anyone who can install a distro can install NixOS. Instead of running your apt/dnf/pacman commands, you edit a file with your package names and services you want to enable, and run `nixos-rebuild switch`. You can do the same with any configuration manager such as puppet, salt or chief. |
| |
