Not an average or "normal" computer user? Granted. Not a normal person? No.

$50 that xeiaso.net will overtake justine.lol this year. (Kidding of course, they're two of my favorite sites.)

Not that that makes it objectively better or worse. The config shtick of NixOS can also be really annoying to someone who just wants to install stuff and move on. It comes down to personal preference.

NixOS in its unofficial "endgame" is more like a container where you can strictly define what files to keep between reboots and everything else gets thrown away. Except unlike a container it covers your entire filesystem (not just a single application) and it's actually usable for things like a laptop since you don't have to reboot between making changes. There's a popular blog post titled "Erase your darlings" that explains it in more detail[1]. And, like with a container image (but different in how it's done), NixOS forces you to write any and all changes to your system's programs or config as code that can be introspected and delivers repeatable results.

This is definitely not to everyone's taste but for me this is now the only way to keep computers "clean" in the long term (sans specialized distros like Talos Linux). I can just look at the source code to know exactly what I'm running and I can delete stuff I no longer want without having to think about leftover files or anything like that. Backups also get a lot simpler when you only have to think about the persistent volume of your system and your config and full restores are just a matter of reinstalling with your config in place.

macOS is gorgeous and I love how everything just works pretty much (except defining global keyboard shortcuts). But I've been so spoiled by NixOS catering to my config management obsession that everything else feels kind of primitive in that regard. My dream would be the macOS userland and kernel on top of Apple hardware but built and assembled with the Nix module system. And then some APFS magic to make an ephemeral root filesystem work.

(Also yes I've tried nix-darwin. Love it and I'm infinitely grateful it exists because I'm also using a MacBook at work but it's not the same kind of "complete" experience that NixOS provides.)

[1] https://grahamc.com/blog/erase-your-darlings/

> 6. Ask HN: Imagine a world with 1Tb/s internet. What would change?

> 7. OpenSSH Backdoors (isosceles.com)

- Manage it out of band. That negates all of the benefits of NixOS, at least for those files. (I.e. you would need additional deployment steps, rollback wouldn't work, you would have to stop and migrate system services that depend on those secrets yourself, etc.)

- Encrypt it and only decrypt it on activation (which happens when switching to a new config or on boot). agenix and nix-sops (the premier SOPS/NixOS integration) are two libraries that you can include in your config to do that. With this, the world-readable store only contains encrypted secrets.

Of course with #2 you still have to manage your private keys (age or whatever SOPS uses) out-of-band but that is significantly less work since those aren't expected to change nearly as much. You can also generally decouple that from your day-to-day deployment workflow.

On https://www.freedesktop.org/wiki/Accessibility/AT-SPI2/ it even says:

> Wayland

> Works just the same :D

Apart from that while it's true that the compositor has to do everything, some of the interfaces seem to be shared (standardized? I don't know enough about Wayland development tbh) across different compositors: https://wayland.app/protocols/

Oh and you don't have to use large power-hungry IDEs that don't integrate with any sort of config management to get a decent experience! (/hj)

If I ever learn Haskell it's over for y'all though.

(Agree with OP btw, using codegen to get the enums I want is a workable remedy for Go's lack of enums.)

Edit: Ok, apparently it natively supports Windows for Windows containers and for everything else there's a Hyper-V integration. Not sure if you can write a portable Dockerfile script like that though.

But the phrasing on that page does not exactly inspire confidence ("...good defaults that will work for most archived types...", "...it's not possible or feasible to ensure data integrity with these use cases..."). Is this actually usable for untrusted data or is it mostly used in scenarios where you already know the data is fine?

Is there anything to watch out for (e.g. w.r.t. bounce mail) in this setup?

Edit: Maybe you don't even have to set up an MX record for the external provider (unless you want to use it as a fallback for incoming mail).

When I started learning/using NixOS about two years ago I found it useful to start out with just Nixpkgs (i.e. what you get out of the box) and only add libraries when I felt they would help me. My first configs where ugly as hell and full of bad practice but the cool thing about Nix is that it gives you a lot of safety nets to enable experimentation and refactoring.

Otherwise it would be an interesting idea but also more or less what Lombok is for Java.

[1] https://humungus.tedunangst.com/r/fungo