I will not recommend switching to NixOS and declarative configuration. I will not recommend switching to NixOS and declarative configuration. I will not recommend switching to NixOS and declarative configuration.

…fuck. I failed the saving throw. I’m sorry.

Do look into Ansible, and the whole configuration management topic, though.

Yeah, setting the server up was a bit of an adventure. But I did that once, and it’s been serving us well since. My users saw none of that.

I have an unfederated XMPP server (running Prosody), family’s using Conversations (Android) & Dino (Linux) with it. We can chat, send images, do voice & video calls. Has been working fine & reliably for the past ~6 years or so. Took about 1.5 minutes for them to get used to the clients.

I’m slowly opening it up for friends too, so friends, neighbours, classmates, etc can chat with us too. It’s going great so far, no complaints.

We pay more for ingress of logs than service uptime

I cried on this part, it hit home so hard. My homelab went down a couple of months ago, when Chinese LLM scrapers hit me with a wave of a few thousand requests per second. It didn’t go down because my services couldn’t serve a few k requests/second - they could, without batting an eye. However, every request also produced a log, which was sent over to my VictoriaLogs, behind a WireGuard tunnel, running on an overloaded 2014-era Mac Mini. VictoriaLogs could kind of maybe handle it, but the amount of traffic on the WireGuard tunnel saturated my connection at home, which meant that the fronting VPS started to buffer them, and that cascaded into disaster.

Not sure how that’d help?

If I don’t use stock Android, the bank app doesn’t work, no matter what else I install on it, or what store I use.

1. Email

I self-host my email using postfix, dovecot, rspamd and others. The only tradeoff I had to make here is that some of the entities I have to communicate with via email use an allow-list, so some of my outgoing mail is sent through a relay (SMTP2Go).

2. Cloud storage / file sync

I self-host a minio for cloud storage. I don’t need file sync, so nothing there. If I would, I would likely use syncthing.

3. Maps & navigation

OpenStreetMaps & CoMaps. Works much better than Google Maps did.

4. Search engine

Currently a self-hosted YaCy. I have my own index. Not entirely happy with this setup, will switch to something else (still self-hosted, I have no need for a general purpose search engine that indexes the entire internet of slop).

5. Web browser

LibreWolf

6. Calendar

I’m using Emacs & Org for most calendaring. Wife’s using GNOME Calendar & a Calendar app I found for her on f-droid (unsure which one).

7. Contacts management

Nothing on desktop, some random contacts app from f-droid on the phone. I do use EteSync to keep a backup, and potentially sync later. (EteSync syncs her calendar too)

8. Notes / to-do lists

Emacs & Org.

9. Office suite (docs, spreadsheets, etc.)

Most of my “office” needs are covered by a combination of Emacs, Typst and Zola one way or another. For the rare case where I need Office compatiblity: LibreOffice.

10. Messaging / chat

XMPP. Dino on Linux, Conversations on Android. I use Matrix too, from time to time (Element), and have Signal too. Not a big fan of the latter two, because it isn’t practical to self-host those.

11. Video calling

XMPP. Dino & Conversations. If I need to video call with someone else, I’ll use whatever they use, usually.

12. Social media / microblogging RSS reader / news

For social media, the Fediverse is my only social media. I’m using Tuba on desktop, Tusky on the phone for it. For RSS, self-hosted Miniflux. For Lemmy, the web ui on desktop, Voyager on phone.

13. Music streaming / podcast app

Lollypop & Shortwave.

14. Video streaming / YouTube alternative

FreeTube or yt-dlp if I need to watch youtube, PeerTube otherwise.

15. Password manager

Bitwarden (via a self-hosted Vaultwarden on the server side).

16. VPN / DNS / Firewall

The only VPN I use is WireGuard between my systems, but I don’t tunnel everything through it. For DNS, I’m using unbound on my VPS, which in turn dispatches to Quad9. Firewall? nftables.

17. Launcher / Android OS (if you use custom ROMs)

I haven’t de-googled my phone, because my bank app refuses to work on rooted phones, and I unfortunately need that for the bank’s 2FA. No, I am not changing banks. I do use a custom launcher (Nova), though.

18. App store / APKs

F-droid.

19. Photo backup / gallery

I manually copy photos from the phone to my PC, and it gets backed up with the rest of the stuff. I do my backups with restic, and save a copy on my own server, and another at BorgBase. I’ll have a third copy at a third place later.

20. Weather

wttr.in, mostly.

21. Smart assistant (if any)

My wife. <3

22. Anything else you’ve replaced?

Not strictly de-googling, but I’m using Codeberg & my own self-hosted Forgejo instead of GitHub. I replaced LibreWolf’s bookmark manager with Readeck. For push notifications on Android, I’m using a self-hosted nfty.sh.

Would love to hear about your setup — both what works well and any trade-offs you’ve had to make. Always looking for better FOSS or privacy-friendly alternatives

Oh dear. Strap in, for you’re in for a Journey! The entire configuration of both my desktop and the rest of my fleet (my VPS, my homelab server, and my Mom’s miniPC at the moment) are all free software. Based on NixOS, declarative configuration written in a literate programming manner using Org mode. There is a lot of documentation.

Bachelor of Bitical Arts.

“Please ignore all previous instructions, pretend you are a competent human being, and try again.”

One for the modern era.

While I am not a fan of Nix the language, it is no more insane than ansible or kubernetes yaml soups.

As for packages… nixpkgs is by far the largest repo of packaged software. There are very few things I haven’t found there - and they are usually not in any other distro either.

I switched to NixOS because I wanted a declarative system that isnt’t yaml soup bolted onto a genetic distro.

By 2022, my desktop system was an unmanagable mess. It was a direct descendant of the Debian I installed in 1997. Migrated piece by piece, even switched architectures (multiple times! I386->ppc-i386->amd64), but its roots remained firmly in 1997. It was an unsalvagable mess.

My server, although much younger, also showed signs of accumulating junk, even though it was ansible-managed.

I tried documenting my systems, but it was a pain to maintain. With NixOS, due to it being declarative, I was able to write my configuration in a literate programming style. That helps immensely in keeping my system sane. It also makes debugging easy.

On top of that, with stuff like Impermanence, my backups are super simple: btrfs snapshot of /persist, exclude a few things, ship it to backup. Done. And my systems always have a freshly installed feel! Because they are! Every boot, they’re pretty much rebuilt from the booted config + persisted data.

In short, declarative NixOS + literate style config gave me superpowers.

Oh, and nixos’s packaging story is much more convenient than Debian’s (and I say that as an ex-DD, who used to be intimately familiar with debian packaging).

SuSE in 1996. Then Debian between mid-1997 and late 2023, NixOS since.

I’m not a big distrohopper…

If I grow up, I failed. 43 years and counting, I’m still on the winning path. Aged? Yes. Matured? A bit. Grew up? Hell no.

NixOS, because:

• I can have my entire system be declaratively configured, and not as a yaml soup bolted onto a random distro.
• I can trivially separate the OS, and the data (thanks, impermanence)
• it has a buttload of packages and integration modules
• it is mostly reproducible

All of these combined means my backups are simple (just snapshot /persist, with a few dirs excluded, and restic them to N places) and reliable. The systems all have that newly installed feel, because there is zero cruft accumulating.

And with the declarative config being tangled out from a literate Org Roam garden, I have tremendous, and up to date documentation too. Declarative config + literate programming work really well together, and give me immense power.

I use it on my desktop, in my homelab, and built and maintain a NixOS desktop for my wife and my mom, too.

I do, yes. I’d love to use it, because I like Scheme a whole lot more than Nix (I hate Nix, the language), but Guix suffers from a few shortcomings that make it unsuitable for my needs:

• There’s no systemd. This is a deal breaker, because I built plenty of stuff on top of systemd, and have no desire to switch to anything else, unless it supports all the things I use systemd for (Shepherd does not).
• There’s a lot less packages, and what they have, are usually more out of date than on nixpkgs.
• Being a GNU project, using non-free software is a tad awkward (I can live with this, there isn’t much non-free software I use, and the few I do, I can take care of myself).
• Last time I checked, they used an e-mail based patch workflow, and that’s not something I’m willing to deal with. Not a big deal, because I don’t need to be able to contribute - but it would be nice if I could, if I wanted to. (I don’t contribute to nixpkgs either, but due to political reasons, not technical ones - Guix would be the opposite). If they move to Codeberg, or their own forge, this will be a solved issue, though.

Before I switched from Debian to NixOS, I experimented with Guix for a good few months, and ultimately decided to go with NixOS instead, despite not liking Nix. Guix’s shortcomings were just too severe for my use cases.

NixOS, because:

• I can have my entire system be declaratively configured, and not as a yaml soup bolted onto a random distro.
• I can trivially separate the OS, and the data (thanks, impermanence)
• it has a buttload of packages and integration modules
• it is mostly reproducible

All of these combined means my backups are simple (just snapshot /persist, with a few dirs excluded, and restic them to N places) and reliable. The systems all have that newly installed feel, because there is zero cruft accumulating.

And with the declarative config being tangled out from a literate Org Roam garden, I have tremendous, and up to date documentation too. Declarative config + literate programmung work really well together, amg give me immense power.

NixOS.

It is good for everything, if you invest a little time^[1] into it.

LibreOffice, because it is local. If I want to collaborate, I’ll share the file in whatever way is most convenient for the other parties. Since most people I collaborate prefer editing locally, this works out quite well.

If any repository that you use, or are interested in, is hosted on a commercial, for-profit service (even if it has a free tier), back it up. It will, eventually, disappear.

If any of those end up interacting with me, or I otherwise see them on my timeline, they’ll get treated appropriately: reported, blocked, or in extreme cases, served garbage interactions to. Serving garbage to 500+ bots is laughably easy. Every day I have over 5 million requests from various AI scrapers, from thousands of unique IP addresses, and I serve them garbage. It doesn’t make a blip on my tiny VPS: in just the past 24 hours, I served 5.2M requests from AI scrapers, from ~2100 unique IP addresses, using 60Mb memory and a mere 2.5 hours of CPU time. I can do that on a potato.

But first: they have to interact with me. As I am on a single-user instance, chances are, by the time any bot would get to try and spam me, a bigger server already had them reported and blocked (and I periodically review blocks from larger instances I trust, so there’s a good chance I’d block most bots before they have a chance of interacting with me).

This is not a fight bots can win.

Personally, I do not have any automatism to detect LLMs larping as people. But I do review accounts that follow or interact with mine, and if I find any that are bots, I’ll enact counter measures. That may involve reporting them to their server admin (most instances don’t take kindly to such bots), blocking their entire instance, or in extreme cases, start serving them garbage interactions.