I feel like NixOS might be the only distro that could realistically handle all these use cases, but I’m a bit scared of the learning curve and the maintenance work it’d take to migrate everything over.

It’s a very steep learning curve, but I personally think it is worth it if what you want is to sync up all your various devices to a single common baseline configuration. I sought a single-distro solution for all of my systems for a long time and always ended up fragmenting them eventually because nothing I tried until NixOS was capable of handling such a diverse set of use cases in a way that would satisfy me.

I am similar to you, in that I regularly use a three server cluster, a gaming desktop, a multi-purpose personal laptop, and a work WSL instance on my work laptop. I still have some purpose-built distros where it makes sense; I use Proxmox for the actual server hosts themselves and then run NixOS VMs on them, along with running VMs for Home Assistant OS and TrueNAS (with the drives passed through, of course). All of these things I could do on raw NixOS (even Home Assistant is packaged in Nix, and there is a project to port Proxmox UI and tooling to NixOS) but I like the stability of the dedicated and battle-tested distros for critical infrastructure, especially for stuff whose configuration is very specific to a given task.

With NixOS, each other device has a consistent shared configuration and package set, they all get updated to the exact same versions thanks to flakes so everything works the same and as expected no matter where I am, and it’s all declaratively configured and documented in one spot. Spinning up a new system or rebuilding an existing system is as easy as pulling the config and changing a few relevant lines, and from there it effectively assembles itself from scratch to the exact state I want it to be in. There’s never any lingering packages or configuration cruft because the system is assembled from scratch every time it updates. Much of my home configuration is also managed, so aliases, environment variables, even vim configs are consistent across the board and set in one location.

The main downside is resource efficiency. Nix is designed to be reproducible and declarative, not fast or lean. It uses much more storage than a typical package manager, and packages are built with wide compatibility in mind so you often are leaving performance on the table from not using newer instruction sets like CachyOS. You can compile your own packages to fix that part, but that obviously takes a lot of spare processing power. I’ve been considering setting up my server cluster to do automatic building for me, but haven’t gotten around to it yet.

My main use case is using it to protect my exposed Home Assistant instance in a way that doesn’t require a VPN that family can screw up. I can just install the cert into the app for them and it Just Works. I also use it for my own Gotify notifications.

As a more general rule, I apply it to anything I want to expose but can’t easily protect using OIDC logins. I used to put more behind it, but I recently opened up my services to friends and family, so I moved to using Authentik as my primary defense for most things. mTLS was great when it was just me, I can easily install the cert into my own browser and all of my Android apps (except Firefox Android…) but friends and family just zone out when I explain why their new phone doesn’t connect, so I had to adjust my systems to compensate.

I’m a socialist and I agree with them.

The reality is that not everyone wants to own and maintain their current home, for a variety of reasons. So long as homes are commodified, which they effectively will be for the long-term forseeable future until we live in a true post-scarcity society, renting a home will be a necessary option that a functioning society must provide. Building housing is expensive in terms of labor and resources, and that labor must be compensated somehow, and not everyone will want or be able to front that entire cost. Or maybe they simply don’t want to settle down permanently where they are now, or even ever, and therefore homeownership would saddle themselves with unwanted debts and the trouble of selling the home when they do move.

The flaws we see in modern day landlords are largely a function of capitalism. Housing is a necessary resource for survival, but one that we’ve rendered artificially scarce through social and economic policy inflating the price, and then it gets bought up by the only people who can afford it and rented out to those who can’t. There’s nothing inherently wrong with, for example, a worker-owned cooperative leasing out housing and providing maintenance services at a fair price for those homes for people who don’t want to do it themselves. Ownership alone isn’t a job and such rentseeking would be forbidden in a sane and just society, but under a better system there would still be room for such a service that provides genuine value to society.

It’s definitely dried up a fair bit over the last couple of years. In January 2025 I got some recertified 12TB Ironwolfs for $140 each from GoHardDrive, and that was already a fair bit over what they historically had been. Same drives are now $200 on GoHardDrive, and $220 on Amazon. You can just get them new $250, so at that point I barely think it’s worth it to get recertified unless you’re really stretching a budget. I’m sure the businesses are very happy with the demand they got now, but it’s hard to escape the conclusion that LTT and other Youtubers covering these sites really drove up demand and prices.

Also, the smaller drives are a lot harder to find recertified these days since enterprise users will usually go for much larger capacities, so yeah, for 4TB you’ll probably have to go for new. You could also just get a larger drive and only use 4TB of it, assuming this is going into some kind of array. Upgrade the other one at a later date, then just expand your pool!

Authentik has done the opposite of enshittification. As they’ve gotten more successful, they’ve taken enterprise features and moved them into the community edition. I’ve been extremely happy with Authentik so far and the dev has been nothing short of fantastic every time I’ve seen them interacting with the community.

Reddit is mildly left of center as a whole. It is not leftist. You do not find many people there who are genuinely anti-capitalist, which is a prerequisite for any flavor of leftism.

Something you might want to look into is using mTLS, or client certificate authentication, on any external facing services that aren’t intended for anybody but yourself or close friends/family. Basically, it means nobody can even connect to your server without having a certificate that was pre-generated by you. On the server end, you just create the certificate, and on the client end, you install it to the device and select it when asked.

The viability of this depends on what applications you use, as support for it must be implemented by its developers. For anything only accessed via web browser, it’s perfect. All web browsers (except Firefox on mobile…) can handle mTLS certs. Lots of Android apps also support it. I use it for Nextcloud on Android (so Files, Tasks, Notes, Photos, RSS, and DAVx5 apps all work) and support works across the board there. It also works for Home Assistant and Gotify apps. It looks like Immich does indeed support it too. In my configuration, I only require it on external connections by having 443 on the router be forwarded to 444 on the server, so I can apply different settings easily without having to do any filtering.

As far as security and privacy goes, mTLS is virtually impenetrable so long as you protect the certificate and configure the proxy correctly, and similar in concept to using Wireguard. Nearly everything I publicly expose is protected via mTLS, with very rare exceptions like Navidrome due to lack of support in subsonic clients, and a couple other things that I actually want to be universally reachable.

I envy your life, as it feels like every year the browser assimilates and consumes more and more.

You’re greatly overestimating how many people that is; additionally, it was largely people that aren’t very committed to FOSS that got mad. The project maintainers and most users are fine with it. People who are committed to FOSS ideals are overwhelmingly progressive to leftist. That’s why those codes of conduct were added in the first place, and were largely uncontroversial amongst most actual contributors of those projects.

Agree with the former, not the latter.

I have no idea how you’re getting packages older than Debian. Unstable is a rolling release and stable has a 6 month release cadence with no LTS. Were you pulling from an old dead repo? If you followed an outdated guide, they probably linked you to an old one.

I do agree that the learning curve is steep and the knowledge is nontransferrable though. In my case, that just encouraged me to unify all my systems onto NixOS at home. Not sure if that’s a solution or addiction yet.

I always come back to Smart Launcher. I grew up with category-based application menus on on PC, I can’t stand having a giant unorganized app drawer. It’s so cluttered and messy. I’m always surprised at how little mention it gets and instead everybody talks about these “minimalist” launchers that are literally just unorganized app drawers.

No that’s true, open source is superior is proprietary

“Let’s remove the social element of our social movement”

Great so what’s left at that point, the free value FOSS provides to corporations?

Criticizing people’s past and current actions relating to the subject and bringing up their direct history relavent to the subject is not a personal attack, nor is it out of line to point out he does his to advance his political agenda within the project, which is why he got banned in the first place. All of this directly relates to the subject at hand.

You know what doesn’t relate to the subject at hand? Your random little “sjw gender terrorists” comment. But it does make it rather clear why you want to obfuscate the facts about Srid’s history with the project, subsequent ban, and continued amplification of drama and general shit-stirring ever since.

You made one reply to me whining that I attacked the person by pointing out his beliefs, and then made another reply to me about “gender terrorist SJWs”. Do you just lack any form of self-awareness?

I attacked his beliefs which is perfectly valid. You should critically examine the motives and biases of people who feed you information.

You should know that the guy you cited in the second link, Srid, is a well-known right-wing shit-stirrer who is banned from basically all NixOS spaces because he cannot peacefully coexist. He literally gets up day after day with the seemingly sole purpose of fueling drama and causing problems. Don’t take his opinion at face value, he wants to see the project burn down and this colors his interpretation of events.

NixOS is going through a rocky moment for sure, but there’s no indication it will implode currently.

Whatever you get for your NAS, make sure it’s CMR and not SMR. SMR drives do not perform well in NAS arrays.

I just want to follow this up and stress how important it is. This isn’t “oh, it kinda sucks but you can tolerate it” territory. It’s actually unusable after a certain point. I inherited a Synology NAS at my current job which is used for backup storage, and my job was to figure out why it wasn’t working anymore. After investigation, I found out the guy before me populated it with cheapo SMR drives, and after a certain point they just become literally unusable due to the ripple effect of rewrites inherent to shingled drives. I tried to format the array of five 6TB drives and start fresh, and it told me it would take 30 days to run whatever “optimization” process it performs after a format. After leaving it running for several days, I realized it wasn’t joking. During this period, I was getting around 1MB/s throughput to the system.

Do not buy SMR drives for any parity RAID usage, ever. It is fundamentally incompatible with how parity RAID (RAID5/6, ZFS RAID-Z, etc) writes across multiple disks. SMR should only be used for write-once situations, and ideally only for cold storage.

… Yes. You will have to behave like a civilized adult. If your opinion is that you shouldn’t have to, then you are correct that I do not respect that opinion.