NixOS changes how we manage operating systems
Over the past 16 years I have been working with and managing Linux servers (mostly based on Ubuntu, some Debian and others), where the configuration of the operating system and applications running on it is spread across many configuration files scattered across the file system.
As these configuration files are not centrally managed it is easy to overlook a single configuration change that was made somewhere in the system (for example enabling lingering services in systemd via loginctl enable-linger) as a way to solve some problem.
While tools like Ansible (or Puppet) exist to make automations around configuration changes to (many) systems these still only manage the configuration files specifically written in these configuration tools, any configuration file or database not managed by Ansible or Puppet would go unnoticed.
For Linux network appliances I have always liked VyOS specifically because it has a singular configuration file that describes everything the system does and allows simply copying that file to a new system to basically get the same behaviour.
This is always something that I have missed in regular Linux based operating systems (and this is also the case on Windows server), I miss having a single place where the whole operating system (including applications) is configured from.
How NixOS changes things
Recently I have (some would say finally) started experimenting with NixOS and while it has issues (for example with applications not neatly fitted in the Nix store and way of configuration) it has basically given me what I want.
In NixOS there are modules that describe how to configure basically every component of the operating system and many applications. This is written in the configuration.nix (or flakes but that’s another topic as a whole), the underlying configuration files (PAM, systemd, the boot loader, and more) are read only ensuring any change has to be done in the configuration.nix file.
The readonly nature of /etc (and many application configuration files) means that it is very difficult to make a change to the system that is not put in configuration.nix and as such configuration drift (where the current system state starts to deviate from the expected state defined in for example Ansible roles) is also avoided.
While NixOS is vastly different in terms of management compared to regular Linux distributions I wonder what more it can bring in terms of reproducibility, security and management. While the centralized configuration system of NixOS has it’s challenges (precisely around NixOS modules) I feel it can be a monumental shift in how we manage systems.