524: How Our Server Got It's Groove Back
20 August 2023
Can we build an indestructible server that stands up to the test of giving out root login to the Internet?
Sponsors
Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices!
A special offer for all Linux Unplugged Podcast listeners and new Linode customers, visit linode.com/unplugged, and receive $100 towards your new account.
Kolide is a device trust solution for companies with Okta, and they ensure that if a device isn’t trusted and secure, it can’t log into your cloud apps.
Episode Links
- 🎉 Alby — Boost into the show, first grab Alby, top it off, and then head over to the Podcast Index.
- ⚡️ LINUX Unplugged on the Podcastindex.org — You can boost from the web. Once Alby is topped off, visit our page on the Podcast Index.
- Spokane Linux Love, Sat, Sep 16, 2023, 1:00 PM | Meetup — It’s finally happening! Let’s get together at Iron Goat Brewing.
- Best laptops for NixOS - Help - NixOS Discourse
- Mobile NixOS
- Devices List — Mobile NixOS
- Iron Goat Brewing
- LinuxFest Northwest 2023 Sponsorship Prospectus — LinuxFest Northwest 2023 will be held October 20-22, 2023 at Bellingham Technical College. The Fest is a free and open community event dedicated to provide and support educational activities related to Linux and Open Source Software.
- NixOS friendly hosters - NixOS Wiki
- Install and Configure NixOS on a Linode | Linode Docs
- Star-History — We know, you can’t fully trust a project’s GitHub stars alone. It is, however, a good way to determine if a tool is an adequate one and if it’s likely to grow, if you use it correctly.
- disko — NixOS is a Linux distribution where everything is described as code, with one exception: during installation, the disk partitioning and formatting are manual steps. disko aims to correct this sad 🤡 omission.
- nixos-anywhere — You can then initiate an unattended installation with a single CLI command. Since nixos-anywhere can access the new machine using SSH, it’s ideal for remote installations.
- Immutable infrastructure for mutable systems — I erase my systems at every boot.
- [NixOS Series 4: “Stateless” Operating System](https://lantian.pub/en/article/modify-computer/nixos-impermanence.lantian/ “NixOS Series 4: “Stateless” Operating System”) — Here’s the question: is it really necessary to store the contents of /etc on the disk drive? They’re going to be regenerated on each reboot or config switch anyway.
- NixOS ❄: tmpfs as root — One fairly unique property of NixOS is the ability to boot with only /boot and /nix. Nothing else is actually required. This supports doing all sorts of weird things with your root file system.
- Nixos and Erasing My Darlings
- Impermanence - NixOS Wiki — Impermanence in NixOS is where your root directory gets wiped every reboot (such as by mounting a tmpfs to /). Such a setup is possible because NixOS only needs /boot and /nix in order to boot, all other system files are simply links to files in /nix. /boot and /nix still need to be stored on a hard drive or SSD.
- impermanence: Modules to help you handle persistent state on systems with ephemeral root storage [maintainer=@talyz]
- Example ZFS + tmpfs root configuration
- NixOS on Btrfs+tmpfs
- A plan to stabilize the new CLI and Flakes incrementally — Ever since the closing of RFC 49, we’ve had the new CLI and Flakes marked as experimental, with no clear plan forward.
- project Stratis
- Backups - Perfect Media Server
- Podverse GitHub — Podverse has a bounty out for Android Auto.
- Jay Sam Bee in Philadelphia NixOS Bounty — Jay has a bounty for getting Wallabag on NixOS.
- Self-Hosted 102: NixOS is a bit Flakey
- completenoobs.com
- OpenStreetMap.org — OpenStreetMap is a map of the world, created by people like you and free to use under an open license.
- OSMand.net
- OSM is an extensible editor for OpenStreetMap
- OSM is an extensible editor for OpenStreetMap
- StreetComplete — Help to improve the OpenStreetMap with StreetComplete!
- nixpkg.py
Sponsors
Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices!
A special offer for all Linux Unplugged Podcast listeners and new Linode customers, visit linode.com/unplugged, and receive $100 towards your new account.
Kolide is a device trust solution for companies with Okta, and they ensure that if a device isn’t trusted and secure, it can’t log into your cloud apps.