My wish for an ideal nix-based distro is a declarative future for everything and not just at system level, but for every part of my system to be declarative, secrets, home management, system-wide management. Practically reducing the state as much as possible.
I wonder what are other people’s ideas for a nix-based distro tbh.
5 Likes
First party support for secrets would be awesome.
8 Likes
My top technical wish for improving on Nix would be for the stable part of the system to be really stable and well documented (like most of nixpkgs already is, but not like current Nixcpp or current flakes).
But actually I care more about governance than about even that.
I wonder whether we can collaborate more with guix - they’re already better than Nix at governance (I’m not saying they’re better than us! just better than Nix) and they’re already better than Nix at “a declarative future for everything” - for example, their equivalent of home manager is built in.
1 Like
I’ve always felt that Nix has an enormous untapped potential as the foundation of a revolutionarily user-friendly desktop distribution.
At the forefront of NixOS is its reputation as a niche advanced distro only suitable for power users and highly dedicated developers. This is completely understandable and partly true considering that NixOS is innately unconventional, not well documented, and has a significant learning curve even if you are already experienced with Linux. That is a massive barrier of entry which I think is greatly hindering its growth. It makes it near impossible for the vast majority of people to experience the declarative nature of Nix which provides a refreshing level of both stability and fine-tuned control over your entire system.
If that wall were pulled down–and I don’t mean just by having better documentation and CLI tools, but specifically by holding the users’ hand with GUI software that people who’ve never heard of Nix or Linux could use reasonably well to interact with config files–I believe that it would have a big impact on the Linux desktop ecosystem.
So in a hypothetical scenario where this already exists: imagine you’re new to Linux and looking for a distro that is dependable and simple to use; Why go through the headache of finding one that ships with all the stuff you like when you can use the Nix-based one with that settings app where you pick it all from a menu? Why bother going through all the confusing steps of installing and running various services when the Nix-based distro lets you just enable them in the settings? Did you break something on accident? The Nix-based distro lets you roll back! Want another OS set up the same? Copy this one configuration file! Want to try a package before adding it to your system? The Nix-based distro–You get the idea.
In a nutshell, if such a distro could let users easily leverage some of the power of Nix on their desktop without ever opening a terminal(A sacrilege notion, I know), it would have the potential to immediately provide a much better experience than most “beginner friendly” distro offers that exist now. Consequently, the entire Nix ecosystem and its approach to computing could receive a substantial injection of users, contributors, resources, and attention.
Apologies for the long post, this is just a thought I’ve had ever since I first used NixOS that never went away. Maybe it’s just wishful thinking, but I think if Nix-based distros heavily focused their efforts on ease of use would do a lot of good.
9 Likes
Yep, shoutout to @VlinkZ for that. SnowflakeOS is the only one I’ve seen that looks to be headed in that direction.
1 Like
Yeah this has also come up in the security stories conversation. I’m with you!
I’m curious how you would measure this? Just so we can understand when we have achieved the goal…
Yeah… I’m about to give the girlfriend a new laptop that runs on Nix/Aux. Was even thinking that if I ever publish that config I might call it NixWaf (Nix + Wife acceptance factor).
3 Likes
I’m thinking of avoiding the bad end of the spectrum, so the measure will be lack of messages all over the interwebs saying “I want to start using Nix and most people are telling me to use flakes but some experts are telling me not to and so is the manual”.
1 Like
Also I wish for neovim configuration that actually understands how neovim configurations work and isnt just a single lua file
6 Likes
Every module that configures a service should let me configure many instances of the service, unless it structurally must be a singleton. Right now running multiple services on a single machine often ends with “oh jeez they both want to use postgres”, and having to go figure out if everyone is okay sharing, because upstream assumes you’re using kubernetes and of course you’ll have a dedicated DB instance.
In a perfect world that wouldn’t be needed, but the world’s not perfect and “oh no I need two nginxes and I can’t” always harshes my mellow. I use NixOS containers heavily as a workaround for this, but it’s a mediocre workaround IMO.
Better NixOS containers, because sometimes I really do want containers. Right now their integration with flakes is super wonky (I spent an unpleasant couple hours to figure out a horrible hack that injects flakes into the container definition), and I can’t shake the feeling that I’m the only user and living on borrowed time. Or rip them out entirely and tell me to run VMs, that’s okay too.
Declarative management of ZFS datasets. Right now I’ve handcrafted something that’s a bit brittle (super easy to drop a server into emergency.target and have to do the walk of shame to rollback). disko seems to be going in that direction.
State of the art system integrity. Continue down the path that Lanzaboote laid out, but go further: seamless dm-crypt and dm-integrity support with TPM-sealed keys that are only available during initrd, so the chain of trust is maintained into the main OS. Use systemd’s TPM-bound credential storage for services where applicable. Measure NixOS state into PCRs and give me a way to precalculate the expected PCRs for a particular system closure, so that remote attestation of the entire OS configuration becomes possible. And so on.
With the caveat that this should all fall back to non-TPM based things if one isn’t available (mostly for older machines, since windows 11 mandates a TPM for new devices), or for folks who don’t want it for whatever reason.
Linux in general is behind the curve on system integrity compared to macOS and Windows. systemd has been closing the low-level tooling gap, but I’d like the OS to go the rest of the way.
Security fixes that ship rapidly. Unfortunately this probably requires a bunch of work to implement something like guix’s grafts, so that fixes aren’t stuck behind world rebuilds. But NixOS’s security story for vulnerability remediation is significantly worse than other distros right now.
Better underlying Nix, which 
Lix will deliver: more intelligible errors, more debuggable errors, faster eval of whole-system derivations, faster nix-copy-closure, better cache and build services that mortals can run with minimal effort.
10 Likes
Co-signing this, I feel like it was ripped straight from my posts and thoughts over the last two years 
1 Like
My ideal nix distro is one my grandma can use. I get a graphical app on a normal OS, select what sane defaults I want like a raspberry pi (username desktop env and such), flash it to a disk, boot, and get greeted with a GUI app store thats connected to flakehub, complete with app icons and app reviews, but the GUI is secretly just editing a serialized yaml file that defines a nix configuration. Home folder is editable, everything else is frozen and controlled through graphical settings on a per-app basis and the graphical nix config.
Thats not just my ideal nix distro though thats just my ideal OS overall
6 Likes
My ideal OS setup:
Buy a laptop pre-installed with a Nix distribution from the store
Unbox it
Power it on
Scan the QR code of my flake
Watch as the system automatically starts building
Maybe something similar for phone: auxdroid? Then I would finally switch from iOS.
Also, no infinite recurssion 
6 Likes
+1 to everything in this thread.
I especially have thought it wouldn’t be too overly difficult to build a UI for managing a NixOS configuration file as long as you didn’t try to include every possible option.
Also this.
This is actually pretty simple. Scanning a QR code of your github or gitlab flake repo should be trivial, however it wouldn’t work for computers that don’t have cameras so we could also generate a barcode on demand that starts the computer hosting a web UI. Go to the web UI and paste in your flake repo. Only real downside is that you’d need to connect to your local network first and access the computer from a device connected to the same network.
I don’t think we should aim to be shipped with pre built machines for a lot of reasons (including that we don’t have M$'s advertising budget), but mostly the community will likely suffer if there’s absolutely 0 barrier to entry. People will think they’re entitled to a level of support they can’t get from the community and the attitudes would likely speed up burn out of contributors.
It might work better to have an extremely simple GUI that is purposefully limited in some ways to encourage users to explore the documentation with tutorials written from the conceptual standpoint of a Windows user who’s just starting out in Linux. Gently and slowly encourage them to learn the language, the package manager, and to contribute to the wider ecosystem.
Some users will probably leave when they realize they need to learn some basics in order to do what they want, but those who stay will either be fine with the very simple setup, or hopefully be funneled into supporting the overall community.
1 Like