[EnigmaCurry]

I'm happy to see this, and I have lots of thoughts about this. Building declarative services on Nix is a far superior way of distributing Linux to VMs than most any other way I've tried. I am working [1] on very similar things, but I've been leaning more on the self-hosted path, my VM template targets libvirt and Proxmox VE with a single CLI api. I even have an experimental branch that targets DigitalOcean. For VMs especially, I want my OS to be immutable. My VMs should contain no state other than my application state. Upgrades should be a full image replacement and reboot.

So in my template, I have created the VMs with two disks: first one is for NixOS and is built from an image, and it is read-only. The second is mounted to /var and is used for all system configuration as well as application state. If I have multiple VMs, they can all share the same base image (thin provisioned). That's the mode that I want for my deployments of services, immutable and as stateless as possible. For agent use, its different, you actually want a mutable NixOS root so that the agent can do what it wants.

I built three modes: immutable, semi-mutable, and mutable. mutable removes the read-only lock on the root, and just lets you manage the VM as a pet. semi-mutable adds an ephemeral overlayfs that gets wiped the next time you upgrade the base image. So that gives you kind of the best of both worlds: an immutable read-only base image and the ability to "nix profile add" whatever you (or your agent) wants, but with the contract that these imperatively installed things will disappear the next time you upgrade. Are you planning on adding a LICENSE to your machine0-nixos repo?

[1] https://github.com/EnigmaCurry/nixos-vm-template

[OhSoHumble]

I tried out NixOS a few years ago but recently transitioned back to Rocky Linux and Ansible. I know that Nix is treasured by some but it always came across as an esoteric tool for functional programming idealists. I found the community to be split between people who were genuinely helpful and people who were just... not.

I found Nix just really hard to work with. The documentation was just so poor and every aspect of Nix just seemed to be divorced from pragmatism.

An example of this, years ago, was that I wanted to do something VERY simple: codify the creation of a directory in NixOS. It took me 6 HOURS to find the relevant code for doing that. I couldn't even get an answer out of the Discord server.

I don't know if I'll ever pick it up again. The learning curve was incredibly steep and it's just not on job descriptions and I've never worked in a shop that has used it. I tried it out as a curiosity, found that it was hair pullingly frustrating to use, and moved on.

[bwm]

Yea, I totally get it. The thing is agents change the game. You no longer need to worry about the learning curve or how best to implement.

Just point your agent at a machine0 VM and say "make a machine that does X", then you get code you can use to build on any nix box and you'll always get the same result.

Once you experience this, it's hard to go back to a "traditional" OS, you'll want to nixify everything :)

[astralkraft]

I could say the same about Atomic distros and reproducible builds. Nix no longer has an exclusivity here. I find Ansible w/ Alma 10 Atomic (there's an rpm-ostree driver, cargo, pipx, etc.) gets the job done with less tokens, and less cognitive load on my team, that already doesn't want to work on configuration. Does Ansible have perfection? No, but neither does posix. Papering over this bump with a perfect abstraction isn't as useful in our imperfect world.

All that being said, I'm glad people like you are pushing Nix forward. Competition here is a good thing.

[mplanchard]

I do think the community recognizes this to be an issue and is steadily working on improving beginner-friendly docs. I am about seven years into using Nix for various things, and can mostly solve most problems, but I won’t deny that the learning curve at the beginning was brutal. The real and most meaningful unlock is learning to read the nix language well enough to follow what is happening, then checking out nixpkgs locally to look at crate derivations and such to understand what idioms exist in “real code.” The module system also took ages to click for me, but was a big unlock.

Anyway, I hope the community continues to make the onboarding process more welcoming and easy. Personally, I am hopeful that guix will really take off at some point, because even though I get it now, I’d way rather read lisp than nix.

[bwm]

Always happy to meet others that are working with NixOS :) I've just added the License - it's MIT.