Well ok, they both use symlinks but in different ways. I think what I was trying to say is that in NixOS it’s symlinks all the way down.

IIUC on Fedora Atomic you have an ostree image, and some directories in the image are actually symlinks to the mutable filesystem on /var. Files that are not symlinks to /var (and that are not inside those symlinked directories), are hard links to files in the ostree object store. (Basically like checked-out files in a git repository?)

On NixOS this is what happens if examine what’s in my path:

$ which curl
/run/current-system/sw/bin/curl

$ ls -l /run | grep current-system
/run/current-system -> /nix/store/p92xzjwwykjj1ak0q6lcq7pr9psjzf6w-nixos-system-yu-23.11.20231231.32f6357

$ ls -l /run/current-system/sw/bin/curl
/run/current-system/sw/bin/curl -> /nix/store/r304lglsa9i2jy5hpbdz48z3j3x2n4a6-curl-8.4.0-bin/bin/curl

If I select a previous configuration when I boot I would get a different symlink target for /run/current-system. And what makes updates atomic is the last step is to switch the /run/current-system symlink which switches over all installed packages at once.

I can temporarily load up the version of curl from NixOS Unstable in a shell and see a different result,

$ nix shell nixpkgs-unstable#curl  # this works because I added nixpkgs-unstable to my flake registry
$ which curl
/nix/store/0mjq6w6cx1k9907vxm0k5pk7pm1ifib3-curl-8.4.0-bin/bin/curl  # note the hash is different

I could have a different version curl installed in my user profile than the one installed system-wide. In that case I’d see this:

$ which curl
/home/jesse/.nix-profile/bin/curl

$ ls -la /home/jesse | grep .nix-profile
.nix-profile -> /nix/var/nix/profiles/per-user/jesse/profile

$ ls -l /nix/var/nix/profiles/per-user/jesse
profile -> profile-133-link
profile-130-link -> /nix/store/ylysfs90018zc9k0p0dg7x6wvzqcq68j-user-environment
profile-131-link -> /nix/store/9hjiznbaii7a8aa36i8zah4c0xcd8w6d-user-environment
profile-132-link -> /nix/store/h4kkw1m5q6zdhr6mlwr26n638vdbbm2c-user-environment
profile-133-link -> /nix/store/jgxhrhqiagvhd6g42d17h4jhfpgxsk3n-user-environment

Basically symlinks upon symlinks everywhere you look. (And environment variables.)

So I guess at the end everything is symlinks on NixOS, and everything is hard links plus a set of mount paths on Fedora Atomic.

“Atomic” is a catchy descriptor! Atomic distros for the Atomic Age! It could be an umbrella term since NixOS and Guix are atomic, but instead of images and partitions they use symlinks, and patch binaries to use full paths for libraries and programs that they reference. So there are image-based distros, and I guess expression-derived distros which are both atomic.

I haven’t tried image-based distros. This post fills in some gaps for me. Thanks for the write-up!

Oh this is just the thing for playing bard, and casting “vicious mockery” several times per combat

Radium produces the most radiation by miles. The plutonium gives off some alpha radiation that won’t hurt you if you don’t eat it. (Eye protection would be a good idea I suppose.) I don’t remember what U-235 emits but I don’t think it’s a huge amount.

I think NixOS is awesome, but it certainly doesn’t offer “access to (basically) all Linux-capable software, no matter from what repo.” - at least not natively.

I don’t quite agree with this. In NixOS you can write custom expressions that fetch software from any source, and stitch them into your configuration as first-class packages. So you do get access to all Linux-capable software natively, but not necessarily easily. (There is a learning curve to packaging stuff yourself.)

I use this process to bring nightly releases of neovim and nushell into my reproducible config. Ok, I do use flakes that other people published for building those projects, which is a bit like installing from a community PPA. But when I wanted to install Niri, a very new window manager I wrote the package and NixOS module expressions all by myself!

But Flatpak has its fancy “portals” to connect each app with the specific resource it needs which you don’t get with Docker.

Also if the goal is to limit access of apps you don’t want to fully trust, I think Docker doesn’t have the appropriate security properties. Here’s a quote from the readme for Bubblewrap (the sandboxing tool that Flatpak and Nixpak use),

Many container runtime tools like systemd-nspawn, docker, etc. focus on providing infrastructure for system administrators and orchestration tools (e.g. Kubernetes) to run containers.

These tools are not suitable to give to unprivileged users, because it is trivial to turn such access into a fully privileged root shell on the host.

I think these are ebooks. You can self-publish online for free so there isn’t much of a barrier to putting something out there, and hoping a few people fall for it and buy copies.

I’ve had ls aliased to exa for a while. So it looks like eza is a fork of exa? The git feature looks interesting.

There is another thread on this with a bunch of links: https://beehaw.org/post/502245