- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
Inflexible by Nature
This is my biggest concern with immutable distros, but this article says nothing to address it. It gave examples of changing certain parts in NixOS, but I’d rather see a couple of “hello world” type examples for a few other popular immutable distros.
Eg, how do I alter a file, say /etc/fstsb, in Fedora Silverblue, Nitrux, BlendOS etc? Is it as easy as remounting your root as r/w and saving? Or does it require a 100 steps? If it isn’t straightforward, then it may well be considered as inflexible.
Eg, how do I alter a file, say /etc/fstsb, in Fedora Silverblue, Nitrux, BlendOS etc?
I’ll answer for Fedora Silverblue as it’s the only one I’m confident about. So, by default, both
/etc
and/var
are writable. Furthermore a lot of traditionally writable parts (like/home
) are contained within/var
as well. So say you’d want to edit/etc/fstab
(which I’ve done in the past), then you’d literally do it the very same way you’d do it on non-‘immutable’ distros. So; copy (the content of)/etc/fstab
, change whatever you want andsudo
the modified file to/etc/fstab
and you’re done.Perhaps interesting to point out is that, on Fedora Silverblue, all changes compared to the pristine copy of
/etc
(which is kept in/usr/etc
) are being tracked and can even be accessed withostree admin config-diff
. Note that ‘traditionally’ the contents of/usr
has been one of the harder parts to modify on Fedora Silverblue and I’d argue the average Joe should not engage with it as it’s very easy to mess up. However, uBlue actually enables one to engage relatively easily with those harder to modify parts. And the amount of configurability it allows should definitely put anyone to shame that continues to posit that “immutable is inflexible”.Oh crap thanks for letting me know about config-diff! I’ve always wondered if silverblue could tell me what files I’ve changed
Thanks! It’s good to know that
/etc
is writable.But are are you able to elaborate a bit on this please :
However, uBlue actually enables one to engage relatively easily with those harder to modify parts.
What exactly does uBlue do differently to Silverblue, which makes it easy to modify those parts?
What exactly does uBlue do differently to Silverblue, which makes it easy to modify those parts?
Perhaps I should’ve been more precise/accurate. The images offered by uBlue are relatively vanilla but “batteries-included” images of Silverblue/Kinoite etc that include the essentials from RPM Fusion among others and ensure that your system continues to function optimally regardless of ongoing issues related to mesa/Nvidia or whatever. So by themselves, they don’t do anything special necessarily in terms of modifiability except for having baked in functionality for receiving cosigned OCI images. Which is where the fun begins with the template provided by uBlue making it very easy to create your own custom cosigned OCI image that is modified to your liking and which is continuously pulled from whenever your system does a
rpm-ostree update
. As the changes don’t happen at the client-level (read: your device), but instead before/during ‘base-image initialization’, one is able to apply changes to e.g the aforementioned/usr
directory simply by creating those (modified or not) files in the github repo of their custom image. The linked template is far from exhaustive as one is able to customize it beyond that for which one could refer to the Bazzite or Bluefin images to see the possibilities.Note that the template of uBlue is only possible because Silverblue/Kinoite etc supports it. So one is able to forego uBlue entirely and create their own image from scratch (as long as it satisifes some criteria). The beauty of (the template provided by) uBlue is that it enables every mortal to engage with that system as it has been made remarkably easy. Heck, I didn’t have any prior experience with
git
or Containerfiles, but I was able to spin up my own image in like two hours or so.All of that sounds pretty interesting, thanks! Looks like I might need to get my hands dirty this weekend…
In NixOS you can just mount your directories and run
nixos-generate-config
.
I didn’t realize some of these were conceptions. They are totally more secure than windows though, especially qubes.