What are your thoughts on a possible NixOS without systemd?

I like the idea of nixOS and will definitely try it in the future to see how portable I can make the setup be (hopefully a couple of files that can configure the entire machine).

But the only thing in my mind that is stopping it not being the absolute almost perfection of a tech-savy distro is the reliance of systemd, which has software that I as a user will never going to touch which adds unnecessary bloat to the init (also more unnecessary attack vectors). And if I really needed to have some of the systemd programs, there are replacements out there that do the job that can be later installed when needed, like having log files and stuff.

What do you think of some day seeing a fork of nixOS that uses other init systems and works well? Or is it just me that likes this idea? Like a voidish nixOS 🤔

Vilian,

the init is just a binary, the others systemd features are different programs from different binary, and you are not forced to use them, you can use only the init and don’t use the others, it’s not gonna affect security, systemd init is the most tested one

and you can’t, a lot of technology that make NixOS and others immutable distros works exists only because of systemd

and if others init system worked as well, the entire of the linux community would not have changed voluntarily nor indenpendently to it

What do you think of some day seeing a fork of nixOS that uses other init systems and works well? Or is it just me that likes this idea?

doubt, is too much work just to make a systemd alternative, without the reliability and support that systemd have, but i think it could be a fun hack

lupec,

My understanding as a NixOS user is a lot of its fundamentals are very strongly coupled to systemd. It’s responsible for things like running system activation scripts and managing any services it exposes options to, so replacing it sounds like a tall order.

I’m not aware of any Nix-based alternatives, but I’d definitely welcome them! Oh and also, as others have pointed out, Guix might fit the bill depending on your needs.

BlanK0,

Thx, I will check out Guix. Seems a very interesting distro 🔥

lupec,

It really does, I need to check it out sometime!

lemmyreader, (edited )

If you like NixOS for its packages, you can install a Systemd free OS, and then add Nix package manager. For example Nix-bin is packaged for Debian and the Systemd free Devuan : pkginfo.devuan.org/cgi-bin/policy-query.html?c=pa… Here is a very old howto for Void Linux, but maybe still works : voidlinux.org/…/Using-the-Nix-package-manager.htm…

atzanteol,

Log files are “bloat”? Yeesh…

BlanK0,

From a forum:

“Systemd provides a lot of network functionality in systemd-networkd, journald, timesyncd, etc. that is remote attack surface. All the systemd “cloud of daemons” is tightly coupled by dbus interfaces that enable an attacker to move from one exploited system service to the next. Even if the attacker doesn’t manage to find an exploit in another system service, DoS is easily possible because the DBUS interfaces are quite fragile. Even as a benevolent admin it is easily possible to get the system into a state where e.g. clean shutdown is no longer possible because systemctl doesn’t want to talk to systemd any longer and you cannot fix that. systemd-udevd also has raceconditions galore, so sending any message to it in the wrong order relative to another one will kill the system, maybe even open exploit vectors. At the very least I would, for hardening, recommend not using any network-facing systemd functionality.

And lines of code are not ridiculous, they are the best first-order estimate available. Of course an actual inspection of the code is better for a comparison, but that is a huge task. sloccount is quick and easy.”

Vilian,

err, why would a forum post single-handed prove that the entire linux enterprise world are being stupid, and how you can prove that he is even correct?, he is alone, against the entire world, red hat sell that shit, if it wasn’t secure companies wouldn’t buy it

BlanK0,

I am not saying this proves single-handedly that systemd has vulnerabilities but it is one of probably many out there. I am not saying enterprise is stupid but I could definitely see some sacrifice being possibly made to spend less time setting up utilities on every systemd machine for enterprise work.

atzanteol,

I could definitely see some sacrifice being possibly made to spend less time setting up utilities on every systemd machine for enterprise work.

I’m not sure how much time do you think anyone spends setting up systemd utilities… but as a home admin systemd has saved me a ton of time over the ragtag collection of shell scripts we had in the past. And a lot of that is because of its vastly improved logging.

I suppose if you consider logs to be “bloat” you won’t understand though. I consider them to be essential services.

BlanK0,

I was saying that you do spend less time cause it is already there. Also you can have logs on other init systems, what I said on the post is that if later I wanted logs I could just setup instead of being already there (and the other utilities, not just the logs of course).

yianiris,
@yianiris@kafeneio.social avatar

s6/66 simplifies dependency of running/starting, automatically enables an s6-log for each service/daemon/bundle it is much faster and smaller than systemd (by a factor of 10 maybe), and once it is up and running it is virtually impossible to bring down without its own routine. Servers have run consistenly for a decade with s6, including skarnet.org

@atzanteol @BlanK0

atzanteol,

Neat.

fl42v,

It’s called guix.

Daeraxa,

GNU Guix?

BlanK0, (edited )

GNU Guix, definitely going to check out! I think also most of the packages I have are foss, for non-foss I have flatpak anyway 🤔👍

  • All
  • Subscribed
  • Moderated
  • Favorites
  • linux@lemmy.ml
  • localhost
  • All magazines
  • Loading…
    Loading the web debug toolbar…
    Attempt #