this post was submitted on 03 Jul 2025
159 points (96.0% liked)
Linux
56002 readers
1019 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 6 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Agreed with the article. There’s lots to dislike about Nix, but even with those downsides, NixOS is still better than any OS I’ve tried. Install an update and it’s borked? No worries. New PC and you want everything set up just like your old one? Copy one file over and it’s set up for you.
So, I've only played around with NixOS on a Raspberry Pi, but... Don't people usually split their config up in multiple files, and then store than in a Git repository?
The process then still is: check out that Git repository, except there's another step: copy over your private key so that you can decrypt your secrets.
Is that correct? Or did I make things needlessly complex for myself?
I store my secrets in a separate private git repo and automatically decrypt them with my hardware key (https://github.com/balsoft/nixos-config/blob/master/modules/secrets.nix) so for me it's literally just plug in my yubikey and
nixos-install github:balsoft/nixos-config#hostnameHow do you access the private Git repo then? Don't you need a secret to access it?
The ssh key to access the private git repo is on the same yubikey as the decryption key (they are technically different GPG slots but I don't need to care about that, just plug the key in, type in the pin, and it all works automagically)
That's neat!
Way over complex lol. I don't copy anything to online source for better or worse. I auto script backups. The only backups you'll ever need are nix config. Nothing else aside from your home folder obviously. With those two you can boot on any machine, anytime, as if you never left. I am not shilling. It's been dead stable so far, aside from tweaks I done to break my own builds testing.
Hmm yeah, I guess the question is: is it overly complex if I do want to store my backup of my Nix config online, version-controlled, preferably publicly?
If you do then your golden. That's the way to go. I dislike online things. Personal preference. There's advantages going the GIT method as well.
No. There are many of us that do that, I do, I found two random people online that did that and used their configs as a help when I was learning.
I don’t have any secrets in my config or a private key or anything and I’m currently running 4 servers from the same config (it used to be 8 or even more machines at some point even, including desktops).
But yes, it’s a multi-file config, it would be absolutely crazy to not split it up with how large it is.
Is that just because your four servers aren't used for anything that need a secret? e.g. I wanted to put my wifi password in there, and the password for my user account.