244
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 15 Oct 2023
244 points (100.0% liked)
Linux
48670 readers
406 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
NixOS is immutable and highly reproducible, with the ability to rebuild identical systems with a declarative configuration file--including installed packages.
So in the case of multiple public computers, you would only need to create/maintain one configuration file that defines all of the user profiles, permissions, restrictions, settings, software packages, you name it.
It would without a doubt be what i'd choose for a fleet of public library computers. Extremely reliable and easy to setup to prevent tampering or misuse.
I wouldn't. Relying on a cookie-cutter distro like NixOS is a recipe for disaster in the long run, IMO. I mean, sure, you could set it all up exactly how you want, but the next person coming in to replace you may not be familiar with NixOS. And there's no guarantee you'd be around to train them - in my circles we call this the "getting run over by the bus" problem. More importantly, organisations need to be able to get reliable support - support from an actual organization they can count on, when shit hits the fan.
Choose an industry standard, well-supported distro like Debian/Fedora/OpenSUSE (or immutable variants like Fedora Silverblue/openSUSE MicroOS) deploy it using Kickstart/Preseed/Cobbler, and configure/maintain it using Ansible. If you've got large number of users to manage, use a centralized user/identity management system like FreeIPA or JumpCloid.
Don't go for cookie-cutter distros unless you want to be their IT person forever.
What does "cookie-cutter" mean in this context?
It means DIY/hobbyist/niche.
If the config file is well documented, you don't need to worry too much about that bus. And it isn't several user accounts, it's a computer that needs to be accessible to nearly everybody. Like said in other comments, a script to destroy everything on logout, and then add a configuration to logout on idle.
That's not the point though, the point is about support.
The main issue is with cookie cutter distros like this is, things break, and when that happens, getting support can be a PITA. In fact I experienced this myself on more than a couple of occasions. Most recently, I ran a
nix-channel --update
which then brokenixos-rebuild switch
. I couldn't figure it out, asked online and they said nothing was wrong with my config, so I ended up restoring to a previous snapshot. This was just a VM btw so not a big deal, but I'd never run NixOS as my main, never mind putting it on user-facing machines in a public organization.The library won't be able to find someone to support a random OS like "NixOS". Just imagine putting out a job advert for that. Actually, they probably won't be hiring a dedicated IT person in the first place, so they'll reach out to some MSP and it's highly unlikely they'll be able to find some company willing to support it.
Just because you're good and familiar with some obscure piece of technology doesn't mean that it's the right choice for an organization - because that's how you build up technical debt. This sort of stuff happens all the time, I work for a MSP and often come across some adhoc DIY thing built by some random employee who left the company ages ago and now no one knows how it works, so they never maintained the thing and everyone's scared to touch it lest it breaks something.
I agree that this is a good choice. But I doubt library staff will have the technical background to set this up. But if some local volunteer could do it, it would be a good option.
People couldn't tamper with it even if they wanted to. Like literally how do I tamper with it??
-sincerely, trying to learn NixOS