Everything-in-my-life-as-code FTW

Besides everything else you said, I especially love how you can store entire bash scripts in the nix configs, and even populate pieces of said scripts with variables if you so desire.

Also, if you run nixops, it’s much easier to work with if your dev system is also running NixOS.

If you read the linked page:

So far, EU OS is a Proof-of-Concept for the deployment of a Fedora-based Linux operating system with a KDE Plasma desktop environment and bootable container technology in a typical public sector organisation.

Some NixOS native packages and options change the defaults to be more security conscious rather than “easy to spin up.” Doing a basic nginx config in NixOS will be more secure than if you had installed it through debian’s apt or from source. Similar for ssh, you just don’t have to think as much about doing those few obvious config changes you always have to do when spinning up a new machine. Of course, there are some things you have to customize for yourself (like custom ports, paths, etc.), but they make it a little simpler by assuming you’re using NixOS in a production environment.

A couple of other links that you’ll end up referencing all the time if you get into NixOS:

• https://search.nixos.org/packages
• https://search.nixos.org/options

The first link is the native package repo, and the second link are all the NixOS config parameters for each of those packages and the system in general.

they don’t complain but I know it will make their lives easier

Perfect. So when you do provide them with an efficiency boost when they never asked about it, you can be a rockstar and get a raise. Or keep it in your back pocket until they do complain and implement it then for a similar effect 😜

Oh, sweet!

In that case, I highly recommend taking a look at some more real-world examples. My original link is just something that makes self-hosting and small jobs more or less thoughtless for me.

Imagine all those config management tools built into your OS, and that’s NixOS in a nutshell. There’s obviously WAY more it can do if you look into creating your own derivations, or getting into the new-ish concept of Flakes.

Again, though, nixops is the thing that makes me continue to use it, besides just already knowing how to throw together a config in nix’s syntax. The nixops tool basically allows you to federate all your systems, tag them, group them, and do anything under the sun with each machine (or several in batches). It’s hard to get across in a simple text blurb.

In my case (SaaS), imagine having 10 devs that all want their own dev environment that mirrors production within our VPN, then you need a beta and production environment for each client that licenses the app. Each environment has a couple databases, a few different APIs, some background scraper-type applications, and front-ends for everything. Some of that stuff can live on one machine, some needs to be alone and redundant. You can see how very quickly there’s a lot of machines to keep track of.

Now I need to update a couple config pieces to match a new feature in the app itself. Well, all I gotta do is sort out the config, then run a couple nixops command to push to all the dev environments. When ready, do the same for beta, then do it for prod when the fat lady sings.

Being all within one ecosystem, focused on security hardening, is what I really like about it. Hopefully that wasn’t too stream-of-consciousness for ya, lmao.

ETA: links, also note that nixops is undergoing some serious changes in the past year. NixOS itself also undergoes changes fairly regularly in syntax as vulnerabilities are addressed and improvements made.

I can’t tell if you’re being serious or facetious 😅

I assure you it isn’t all that glorious, though, just a lot of configs. NixOS is just my favorite method of infrastructure-as-code, and in conjunction with nixops I can’t imagine going back to anything else unless the project required it for some reason. Disaster recovery is simple, and testing/pushing config changes to hundreds of machines is almost too easy.

I have a clunky set of configs, for self-hosting at home and small side-clients, I slapped together you can look at, but again it’s not all that special and I wouldn’t necessarily follow this for real production stuffs. It also doesn’t utilize any of the fancy NixOS stuff, fairly basic and Docker heavy.

https://codeberg.org/madamegaymes/NixOS-Docker-Framework

I think you misunderstood, hence the downvotes.

OP is asking what a good distro is for a media center PC, as in the PC’s video output will be connected to the TV’s video input. At which point Linux does not give two shits.

Sounds like you thought they wanted to stream/cast via some TV app or something, but that just sounds like a nightmare and I’m not sure that anyone would even want to try to do that. Just run Linux and use the TV as a big monitor, be done with smart TV garbage.

I daily drive NixOS and use it in many other situations. However, I’m also a systems engineer and it’s the distro I use for managing all the environments.

I’m sure it was a joke(ish), but definitely not for the light-hearted or fairweather penguins.

Them: You fixed it! What was it?

Me: No problem, just another ID-10-T error

Besides what the other commenter mentioned, there’s also existing services you can use instead of doing it all yourself and having to keep track of another VPS/Server

https://www.noip.com/remote-access

Especially if all you want to do is access your own server from outside your local off-grid network, then the free tier of the above service is probably perfect. Paid tiers give you a bit more features and can use your own TLD; Oracle also offers something similar that is paid.

Yes! I had the exact same thought after I got my Steam Deck and started using Arch again about a year ago. I remember it being clunky and awful, but now it’s so smooth and simple.

Granted I don’t do anything crazy, I pretty much just load a clip, SHIFT+R at a few time stamps, and render a new file. Maybe add a dissolve or fade. There wasn’t really much that could even do this simple stuff well before KDEnlive beefed up, at least not that I used.

I don’t think the SPF / DKIM / DMARC stuff is overly complex nor the core of the problem.

It’s not the core of the issue, but the average joe that is a hobbyist self-hoster it will be.

IMO, the core issue is that there is no standard whatsoever. People just do whatever the hell they want with these records, pretty much. Microsoft and Google do it differently than each other, even.

The only solution for me is that we move on from email as a society.

Yea, if you are not willing to be meticulous about learning/understanding all the DNS stuff (SPF/DKIM/DMARC), and plan to host this at home, don’t.

I ran this same system for a very long time on a VPS and had no problems with blacklists, but I’m also a career systems engineer that maintained enterprise systems and exchange servers.

Also note how I am speaking of MIAB in the past tense…

I think the better option is to try and avoid email as much as you can, just like SMS. Outdated tech and not secure. At that point, any ol’ existing email service is good enough.