As a final thought, why is protection from malicious apps from the play store being performed on the phone instead of in the store?
In addition, why is known spyware on the top of the recommended list if I were to open the play store: temu, snapchat.
Or getting pissy if I use an ad blocker when their platform has served malicious ads.
I ended up just building a box after looking for the perfect NAS and finding it didn’t exist. The software is usually just crap or the hardware is underwhelming. Got a Node 804 case to slap in plenty of HDD space. Running NixOS so I’m in control of the software. In retrospect I wish I had gotten a rackmount type case. Tossed in an Arc GPU for better transcoding shortly after the initial setup.
Same. Just don’t become too good at it. Now I have to write whitepapers and participate in speaker panels at conferences. Ugh.
No. Its all text file config. You wouldn’t use live CD mode. You define your own how you want it to work.
Its a steep learning curve so if looking for off the shelf solutions, don’t use nix. If you need something custom but through a single config paradigm, nix is awesome.
Soap boxing here but I feel these kinds of use cases is what NixOS is built for.
Declarative config to setup the system, users, and apps.
Declarative and customizable impermanence exactly how you want it.
I use Tails as well but NixOS is my daily driver. Anything not marked explicitly to persist is dropped each reboot. I’m the only user so I keep the last 30 days of non persisted data for like a power outage but that’s something I had to go out of my to setup for my use case.
For our lower environments we use rsync like the author but skip the pipeline altogether. The servers have a watch script to restart when files are rsynced. We then have a local watch script that rsyncs on file changes.
Relatively instant deploy (2-5s) whenever a file is saved.
Good call on a simulated failure. When I first set it up, it was LVM/BTRFS or ZFS as my top choices. It was a coin toss at the time because I hadn’t built this sort of setup before.
I use immutable nixos installs. Everything to redeploy my OS is tracked in git including most app configurations. The one exception are some GUI apps I’d have to do manually on reinstall.
I have a persistence volume for things like:
I have 30 days (or last 5 minimum) of system rollbacks using BTRFS volumes.
The personal files are backed up hourly to a local server which then backs up nightly to B2 Backblaze using rclone in an encrypted volume using my private keys. The local server has a mishmash of drives in a mirrored LVM setup. While it works well for having mixed drives, I’ll warn I haven’t had a drive failure yet so I’m not sure the difficulty of replacing a drive.
My phone uses the same flow with RoundSync (rclone + GUI).
Git repos are backed up in git.
Logs aren’t backed up. I just persist them for debugging and don’t want them lost after every reboot.
Caches/Games are persisted but not backed up. Nixos uses symlinks and BTRFS to be immutable. That paradigm doesn’t work well for this case. The one exception is a couple game folders are part of my personal files. WoW plugin folder, EvE online layouts, etc.
I used to use Dropbox (with rclone to encrypt). It was $20/mo for 2Tb. It is cheaper on paper. I don’t backup nearly that much. Backblaze started at $1/mo for what I use. I’m now up to $2/mo. It will be a few years before I need to clean up my backups for cost reasons.
The local server is a PC in a case with 8 drive bays plus some NVME drives for fast storage. It has a couple older drives and for the last couple years I typically buy a pair of drives on sale (black Friday, prime day, etc). I have a little over 30TB mirrored, so slightly over 60TB in total. NVME is not counted in that. One NVME is for the system, the others are a caching layer (monero node) or temp storage (transcoding as it also my media server).
I like the case, but if I were to do it again, I’d probably get a rack mountable case.
For the networking I found some repos with Nix and Gluetun (OCI containers). I don’t see them in my bookmarks, so it was probably a day project when I set up and didn’t keep the references.
That part is still in docker / podman. So any docker network guide just needs to be translated to nix.
Best resource I’ve found is searching GitHub.
My setup closely follows https://github.com/Misterio77/nix-config.
For servarr I just translated someone else’s docker compose setup to nix. There are some ready made nix ones you can look at like https://github.com/rasmus-kirk/nixarr/tree/main/nixarr.
The complex networking I just picked up over time once I knew my way around a little bit.
GitHub is your best resource. lang:nix search terms.
I wouldn’t run NixOS in a container. With native nix containers I’m pretty sure they share the store. For docker I’d use images built with nix (doesn’t run nix itself) or pull from docker hub.
OS: NixOS (high learning curve but its been worth it). Nix (the config language) is a functional programming language, so it can be difficult to grok. Documentation is shit as its evolved while maintaining backwards compatibility. If you use the new stuff (Nix Flakes) you have to figure what’s old and likely not applicable (channels or w/e).
BYOD: Just using LVM. All volumes are mirrored across several drives of different sizes. Some HDD volumes have an SSD cache layer on top (e.g., monero node). Some are just on an SSD (e.g., main system). No drive failures yet so can’t speak to how complex restoring is. All managed through NixOS with https://github.com/nix-community/disko.
I run stuff on a mix of OCI containers (podman or docker, default is podman which is what I use) and native NixOS containers which use systemd-nspawn.
The OS itself I don’t back up outside of mirroring. I run an immutable OS (every reboot is like a fresh install). I can redeploy from git so no need to backup. I have some persistent BTRFS volumes mounted where logs, caches, and state go. Don’t backup, but I swap the volume every boot and keep the last 30 days of volumes or a min of at least 10 for debugging.
I just use rclone for backups with some bash scripts. Devices back up to home lab which backs up to cloud (encrypted with my keys) all using rclone (RoundSync for phone).
Runs Arrs, Jellyfin, Monero node, Tor entry node, wireguard VPN (to get into network from remote), I2C, Mullvad VPN (default), Proton VPN (torrents with port forwarding use this), DNS (forced over VPN using DoT), PiHole in front of that, three of my WiFi vlans route through either Mulvad, I2C, or Tor. I’ll use TailsOS for anything sensitive. WiFi is just to get to I2C or Onion sites where I’m not worried about my device possibly leaking identity.
Its pretty low level. Everything is configured in NixOS. No GUIs. If its not configured in nix its wiped next reboot since the OS is immutable. All tracked in git including secrets using SOPS. Every device has its own master key setup on first install. I have a personal master key should I need to reinstall which is tracked outside of git in a password manager.
Took a solid month to get the initial setup done while learning NixOS. I had a very specific setup of LVM > LUKS encryption /w Secure Boot and Hardware Key > BTRFS. Overkill on security but I geek out on that stuff. Been stable but still tinkering with it a year later.
I have a few of those. During the reddit exodus when the API changes went live, I had to register on a few servers to finally get a working and stable account. Issues with email or setting up captchas to prevent bots resulted in a few of my accounts not going live until a week+ later on some instances.
https://feddit.org/post/3143093
Download 5 seasons of some show from multiple sources or some artist’s entire discography, and want to normalize all the file names? It is way easier in the terminal.
I’ll check this out, but I use https://github.com/stevearc/oil.nvim for such tasks as I have nvim’s full suite of editor commands to rename all the files way faster than I could in a GUI. I’m sure there are GUI apps to perform a similar task, but I already know how to use nvim.
Let em fight it out!
Ruling class does it all the time. Keep citizens enraged on issues of race, gender, religion, sports, and so on so they are distracted from realising the one true war of ruling class vs everybody else.
/s in a sense that shit flung at the ruling class tends to roll downhill. If nestle loses a bunch of money, they will raise prices to keep the infinite growth machine running. If Russia steals a bunch of money, they have more capital for weapons.
Its kind of lose/lose for us :(
Won’t auto update but you could add the upgrade command to a login script or something.
Won’t lie, nix has a high learning curve to get the most out of it, but installing a single app is pretty simple.
Most startups I’ve applied to are Linux friendly.
I currently work for a fortune 100 and managed to get a Linux machine purchased as a “lab” machine.
I’m fully in control. IT doesn’t even know it exists. I’m not allowed on the corporate network, but I managed to get some internal corporate access through another department’s lab network (IT sanctioned) that has a VPN with a few routes to things like ticketing, time cards, and our internal wiki. Most of the stuff I need to do my job is in AWS and we are allowed to add home IPs to the security groups.
IT still gives me a MacBook. I use it like once every 6 months.
nixos-unstable is the only thing I will use currently.
I’m running bleeding edge stuff like the latest kernel, Hyprland nightly, my own “shell” built from Gnome components and lots of custom stuff using GJS (Gnome JavaScript).
If you get one, and you are free to do whatever on it, encrypt your drives like your job depends on it. I have a memorized passphrase, pin protected hardware key, and a key in TPM. No biometrics.
As far as other nice things to have:
I work in software dev as FYI. For the few issues I have, my team has more issues getting stuff working consistently on macOS for our project. I used that as a justification when requesting the laptop: my dev environment should closely match our runtime environment. Most of that is moot now since we use Nix flakes in our repos for local dev envs.
Yeah I don’t want locally deleted media (to free up space) to sync those deletions to my remote.
My crypted remotes wrap a B2 Backblaze one which doesn’t delete, just hides. Periodically I go clean it up.
BSP Tree (with custom nodes).
With a vanilla BSP-tree you can accomplish your diagram. Simply reordering your splits can do it by making the footer and main content areas first. Better approach is to support splits on non-leaf nodes. In the example below just split the root where all its children go to the new top node and a new bottom bar leaf node is created.
To access neighbors you’ll need your nodes to track their parents (double linked). Then you can traverse until all edges are found. Worst case its O(height+num neighbors that exist) if I am remembering.
Depending on how efficient you want it to be, there are speed ups. It has been awhile, but I do remember keeping the tree as balanced as possible makes the search around log(n). Each split node keeping an index of all children in its sub-tree also reduces how much traversing is needed when you need all children after a split.
Can get a little complicated but it is doable. That said, how many splits will a TUI have? This may be preemptive to do.
Custom nodes is where you support some patterns that could use further optimizations. Tables that will always be a grid. Tab bars that are a 1xn grid could be a further specialized node.
This is all about layout. Fixed/Dynamic width/height windows, padding and margins, borders, are all render processing and don’t effect the layout (unless you want reactivity). By that I mean you have windows that will split differently when the viewport is portrait or landscape and it dynamically adjusts to the window size. Sometimes with different “steps” like a square viewport may be different from both portrait or landscape or 4:3 could be treated different from 16:9.
TUIs are not my day job but I’ve made a few in my day. Above are just my opinions from experiences. There is no “right” answer but hopefully some of this helps your journey.
TypeScript is my day job and using a custom JSX Factory makes it pretty easy to define HTML-like interfaces for devs that can support mixing layout, render attributes, content, and app logic.
Explicit BSP splits:
Custom nodes:
Not sure your stack but throwing it out there as something I’ve used successfully.