This is more of a personal dilemma, since I keep finding myself switching back and forth between NixOS and Gentoo every now and then. I've done this twice for each so far ever since I immediately started off my Linux journey with Gentoo, making a quick stop at Arch once when I didn't have enough time to set either of them up properly. Both of them provides a massive amount of control over my system and lets me build my system in weird and interesting ways, e.g. musl, clang, and/or SELinux for Gentoo and impermanence for NixOS (it still kind of blows my mind right now). Personally, I find Gentoo more intuitive, but NixOS is more powerful for managing complex systems, but then again, I don't have any complex systems to manage, only a singular desktop system. I'd love to keep switching back and forth, but I feel like it has become sort of a time sink for me, somewhat hindering my studies, and thus I feel the need to decide which one to settle on, and which one to keep in a VM to mess around with. That brings me to the title of the post, which do you think is better for a simple desktop system? Also, I don't know how viable dual booting is, given that I manage my dotfiles almost entirely with home-manager, and I like to have secure boot.
Gentoo is basically a regular Linux distro when you get right down to it. It’s cool you compile everything locally but that’s not exactly revolutionary. And if you want to reproduce your system state you’re in the same place as any other distro; using complicated scripts to try to achieve what NixOS gives you out of the box.
I personally don’t really see the comparison. But if you love Gentoo, you can always just do Gentoo plus Nix and/or Home Manager if you want.
I have heard good things about Nix on Gentoo. I like both distros equally, I just have a difficult time deciding which to use as the main system and which to put on a VM so that I can finally stop distrohopping.
I think NixOS is unlike any other distro out there. Other distros are some combination of prepackaged software and a package manager. That’s cool and all. But NixOS allows you to describe the state of systems and create them in the same way over and over again. That’s significantly more powerful and quite a differentiator.
I ran Gentoo for ~15 years and then switched to NixOS ~3 years ago. The last straw was Gentoo bug 676264, where I submitted version bump & build fix patches to fix security issues and was ignored for three months.
In Gentoo, glsa-check only tells you about security vulnerabilities after there's a portage update that would resolve it. I.e., for those three months, all Gentoo users had a ghostscript with widely-known vulnerabilities and glsa-check was silent about it. I'm not cherry-picking this example—this was one of my first attempts to help be proactive about security updates & found that the process is not fit for purpose. And most fixed vulnerabilities don't even get GLSA advisories—the advisories have to be created manually. Awhile back, I had made a 'gentle update' script that just updated packages glsa-check complained about. It turns out that's not very useful.
Contrast this with vulnix, a tool in Nix/NixOS which directly fetches the vulnerability database from nvd.nist.gov (with appropriate polite local caching) and directly checks locally installed software against it. You don't need the Nix project to do anything for this to Just Work; it's always comprehensive. I made a NixOS upgrade script that uses vulnix to show me a diff of security issues as it does a channel update. Example output:
It doesn't make any difference. Gentoo and NixOS have the same concept. They are holistic systems not designed for multiple permanent changes. I've used Gentoo, it's as much fun as building everything from FreeBSD ports. But some users install the OS to get work done, not to constantly tinker with the system, so now I choose NixOS.