I use Fedora Kinoite daily and find it to be the only OS to make sense really.

I find Fedora CoreOS totally confusing (with that ignition file, no anaconda, no user password by default, like how would I set this up anywhere I dont have filesystem access to?)

But there are alternatives. I would like to build my own hardened Fedora server image that can be deployed anywhere (i.e. any PC to turn into a secure and easy out-of-the-box server).

As modern server often uses containers anyways, I think an atomic server only makes sense, as damn Debian is just a pain to use.

Experiences, recommendations?

    • JustinA
      link
      fedilink
      English
      arrow-up
      2
      ·
      9 months ago

      This wiki page has an example on how to do automatic updates on a normal install of nixos:

      https://nixos.wiki/wiki/Automatic_system_upgrades

      But this won’t work for nixos-generate because nixos-generate doesn’t have a configuration.nix file in the booted system.

      Here is the code I use for my nixos-generate flake that I use to generate all of the nixos images in my homelab:

      https://codeberg.org/jlh/h5b/src/commit/763a873c5bb7a4706ad021ea5ac3634b4efeadce/nodes/common.nix#L113

      The way this works is that it includes the flake source code as a folder in the nix store on the booted system, and the nixos-upgrade timer will then use the flake to build an updated version of itself. Note that nixos-generate uses the packages output of the flake, while nixos-upgrade uses the nixosConfigurations output of the flake. I have written the flake so that they build identical systems, but it means there’s some code that I had to write twice in flake.nix.

      Feel free to try it out yourself, though note that you will probably have to rip out the agenix stuff to get it to build.

      Nixos isnt really that user friendly yet, but insanely powerful once you understand how it works. Feel free to ask questions if anything seems confusing.