- cross-posted to:
- nixos@lemmy.ml
- cross-posted to:
- nixos@lemmy.ml
Does Nix need user namespaces, and does it allow good Sandboxing like Podman or Flatpak?
I’ve used flatpak in the past, and although you basically give up the declarative aspect they worked fine as far as I remember
That was not answering the question 😅
Nix packages arent containerized by default. But since every depenedency is clearly defined. there are tools wrap packkages using bublewrap, or tools build layered docker imahes
But building packages happens in sandbox
Great thanks! So Fedora+Nix (maybe some hacky way to symlink it to
/var/nix
on every boot and it can run on Atomic too)+bubblejail (there is a COPR now for use in secureblue) could be a great setup!Any info about namespaces? Hardened kernels block these for valid reasons. Flatpaks can use bubblewrap-suid, Podman is supposedly not compatible (not sure about that)
This bug still exists (using nix-channel without name causes errors, a basic feature IMO) so watch out.
Unfortunately nix still needs work on it’s UX.
Yeah. The UX is not in a great state. This is not an euphemism though, I think the UX is OK for advanced users, but getting used to it takes time.
Honestly given the choice I prefer the status quo, good fundamentals and clunky UX compared to the other way around – it’s all volunteer work and that’s a finite resource.
I’m new to NixOS. Do I have to do anything extra to update NixOS? Or do I just update my flake and run nixos-rebuild switch --flake like I normally do to update packages?
If you are using flakes you should check your flakes’ inputs (probably the one called
nixpkgs
) and then change the URL to match the channel for 23.11. Finally, you should of course rebuild your system.I’m not sure (I’m about to install it for the first time - on this computer) - According to this all you need to do is:
# nix-channel --add https://channels.nixos.org/nixos-23.11 nixos # nixos-rebuild switch --upgrade
This procedure doesn’t work with flakes as they come with “channels included”.
What if I just want to upgrade some packages? Like not change channel, but Firefox needs an update? I’m not op and don’t use flakes btw
If using flakes you could just for instance add another input. You can also set the input URLs to specific states of the nixpkgs repository by eg referencing specific commits. Then, you should be able to just, e.g., pick Firefox from unstable, another package from the current stable channel, and maybe a broken package from a pull request fixing said package.
If you are not using flakes you can also add system wide channels. IIRC you can then import these channels into your configuration.nix and select packages from the corresponding channels. But here the channels/inputs are not part of configuration itself in contrast to when using flakes.
There’s no command to just update all packages without changing the nixos version?
I’m a bit confused about what you actually want? Do you just want to update your packages, but stay on the same NixOS version? Just continue like before. Do you want to stay on your current version, but use some packages from the next version? That should also be possible if you somehow include that channel in your
configuration.nix
(though I don’t know how this would work in practice).Personally, I just run with
unstable
though, then the releases aren’t that important.I think I thought unstable would mean, well, unstable. Like nightly releases or something. Would you use unstable for Firefox?
I think unstable and the fixed versions use the same Firefox package, so you wouldn’t gain anything. The difference is rather in libraries that get used and how the distribution does things. For example, the changes listed in https://nixos.org/manual/nixos/stable/release-notes#sec-release-23.11-incompatibilities just appeared mostly one by one for me; one day, I wanted to update my system and got the error that the fonts option got renamed, so I had to change my configuration.
The fonts.fonts and fonts.enableDefaultFonts options have been renamed to fonts.packages and fonts.enableDefaultPackages respectively.
While when using a fixed point release, these changes won’t happen. Only when you switch releases. That’s what “unstable” refers to.
Update your channel & rebuild
Is that the equivalent to
apt update
andapt upgrade
? I don’t want toapt dist-upgrade
lolWhen not using flakes,
nixos-rebuild switch --upgrade
is equivalent toapt update; apt upgrade
. The equivalent todist-upgrade
isnix-channel add $NEW-CHANNEL-URL nixos
and then performing a regular update.