Skip Navigation
I wish there was a right click install button for deb files
  • Sorry for not answering sooner - got bogged down with work yesterday. I see you already got a response, but thought I'd write up what I had in mind anyways :)

    The benefits

    I want a computer that just works, to the extent that that’s possible. I’ll fix stuff that needs fixing, but ideally I don’t need to do much.

    That's great, and good news, this is very easy to achieve with NixOS.

    As the other commenter said, rather than (imperatively) running commands like apt install, you configure the entire system through your "nix config". In the simplest scenario, that's just a single file which gets auto-generated when you install NixOS, and if all you need/want is to add some packages, then that's enough (I'll get to different approaches below). In other words, NixOS is declarative rather than imperative: you use the config file to "declare" what the system should look like, and it's Nix's job to ensure that your system adheres to this.

    I need to emphasize though, that this is not just about packages, but about every single piece of configuration you could possibly touch on your system. I am currently managing 30+ NixOS machines from a single centralized config, and I have not once edited or even opened a single config files on any of these machines, ever.

    Nix comes with a vast package repository: repology.org repository size.freshness map, but just as importantly, with a vast collection of "modules". Think of modules as an abstraction for all the little things you would need to configure to get something running.

    Let's take everyone's nightmare configuration as an example, getting Nvidia GPUs to function properly. This is the ArchWiki article on how to do so, and the Debian Wiki does not make it look any simpler. For NixOS, it should be as simple as adding this to your nix configuration file:

    hardware.nvidia.enable = true;
    hardware.nvidia.open = true; # use the open source drivers; set to false if you want the proprietary ones
    hardware.nvidia.nvidiaSettings = true; # optional - will enable the Nvidia settings menu
    

    Of course, all the same complicated steps as with any other distro are necessary "under the hood", it's just that with NixOS, someone else already has "declared" what the system needs to look like for Nvidia GPUs to work, and abstracted it behind these easy-to-use config options. There's currently more than 20.000 such configs options defined, which sounds intimidating, but you only need to use those you actually want to use. For example, let's say you want to install and configure a jellyfin server.

    Again, all that is necessary to be up and running is

    services.jellyfin.enable = true;
    

    but if you want to customize the install, you can simply search for all available options. Also note that if you ever disagree with how a package/module is built/installed/configured, you can just overwrite the "official" way, though at least in my experience, that is basically never necessary.

    OK, back to you.

    Let's say you have successfully configured the system as you want it to be - KDE5 installed, your favorite packages installed, Steam configured with programs.steam.enable = true;. Now the worst case happens, and your SSD hits the shitter; it's dead, completely unrecoverable.

    Good news: as long as you have a copy of that configuration.nix file, you can be up and running with the a new harddrive and exactly your same, old system in a matter of minutes.

    Another scenario, let's say you manage to brick your install (somehow). No sweat, reboot your PC, the previously used NixOS configuration is available as a grub (or systemd-boot) entry. Does not matter if you ripped out all the drivers, switched from KDE to Gnome in the mean time or anything else.

    Essentially, disaster recovery is easy in NixOS, even if it is necessary very, very rarely, because nix will already warn you "yeah this doesn't work" when you are building the system.

    The Nix language

    You have already seen some of it above. Most people say NixOS is not a beginner distro, and that opinion is mostly due to the Nix language. It's... not pretty, but its learning curve is not bad if you just want to do "basic" stuff like configuring your system in the way shown above. For more advanced topics, there is a steep, but not very long learning curve. If that is worth it is up to you; there is no need for it, but it does allow you to write your own modules, and to leverage a full turing-complete programming language inside your configuration. But IMO, just learn as you go, no need to try and study the language just to use NixOS.

    Going wild

    For a single machine, the single configuration.nix file is perfectly fine. If yo only have a single machine anyways, I'd say stick with that.

    As soon as it's 2 or more machines though, it makes sense to move the configuration elsewhere, in a single project which you can back up (usually, via git). This also allows you to reuse parts of your config - for example, if your user is always the same, and KDE should always be there,.., you can define that once and then import that into the inidividual machine's config. You then simply tell nix "build this config on that machine".

    There are a ton of awesome projects in the "nix ecosystem", so to speak, which you can also leverage: for example, you can add home-manager to your config, and then use your existing configuration but extend it with config for inidividual users' environments, like customizing KDE itself, configuring git, ssh, your terminal,... You said you are not a customizer, so this probably does not apply to you that much, but it's still good to know that it is easily possible.

    Other projects add capability for secure secrets management, for things like turning Nix into a very good approximation of SteamOS,...

    TL;DR:

    NixOS makes tedious things simple, and disaster recovery trivial. It offers more (and fresher) packages then even the allmighty AUR, while being stable as a rock.

    You will never have to re-solve a problem, no matter how long ago you originally solved it.

  • Jellyfin over the internet
  • I host it publicly accessible behind a proper firewall and reverse proxy setup.

    If you are only ever using Jellyfin from your own, wireguard configured phone, then that's great; but there's nothing wrong with hosting Jellyfin publicly.

    I think one of these days I need to make a "myth-busting" post about this topic.

  • Stubsack: weekly thread for sneers not worth an entire post, week ending 22nd June 2025
  • I don't like that it's not open source, and there are opt-in AI features, but I can highly, highly recommend Kagi from a pure search result standpoint, and one of the only alternatives with their own search index.

    (Give it a try, they've apparently just opened up their search for users without an account to try it out.)

    Almost all the slop websites aren't even shown (or put in a "Listicles" section where they can be accessed, but are not intrusive and do not look like proper results, and you can prioritize/deprioritize sites (for example, I have gituib/reddit/stackoverflow to always show on top, quora and pinterest to never show at all).

    Oh, and they have a fediverse "lens" which actually manages to reliably search Lemmy.

    This doesn't really address the future of crawling, just the "Google has gone to shit" part 😄

  • Theoretical Private Age Confirmation -- Possible?
  • While that's true from a technical perspective...

    How/where do you keep the certificate? If you either need an app for it, or need to manually install it on your device, most users would probably be out. The benefit of my suggestion is that you need absolutely nothing except a way to authenticate with GOV.

    1. is a Problem with all of these, that's for sure.

    I fjnt get the part about the info service tbh

  • Theoretical Private Age Confirmation -- Possible?
  • I think that at the bare minumum, the PORN<->GOV connection must not occur. How about this (simplified):

    • USER visits porn site
    • PORN site encrypts random nonce + "is this user 18?" with GOV pubkey
    • PORN forwards that to USER
    • USER forwards that to GOV, together with something authenticating themselves (need to have GOV account)
    • GOV knows user is requesting, but not what for
    • GOV checks: is user 18?, concats answer with random nonce from PORN, hashes that with known algo, signs the entire thing with its private signing key
    • GOV returns that to USER
    • USER forwards that to PORN
    • PORN is able to verify that whoever made the request to visit PORN is verified as older than 18 by singing key holder / GOV, by checking certificate chain, and gets freshness guarantee from random nonce
    • but PORN does not know anything about the user

    There's probably glaring issues with this, this is just from the top of my head to solve the problem of "GOV should know nothing".

  • Theoretical Private Age Confirmation -- Possible?
  • Not sure. How about this (simplified):

    • USER visits porn site
    • PORN site encrypts random nonce + "is this user 18?" with GOV pubkey
    • PORN forwards that to USER
    • USER forwards that to GOV, together with something authenticating themselves (need to have GOV account)
    • GOV knows user is requesting, but not what for
    • GOV checks: is user 18?, concats answer with random nonce from PORN, hashes that with known algo, signs the entire thing with its private signing key
    • GOV returns that to USER
    • USER forwards that to PORN
    • PORN is able to verify that whoever made the request to visit PORN is verified as older than 18 by singing key holder / GOV, by checking certificate chain, and gets freshness guarantee from random nonce
    • but PORN does not know anything about the user

    There's probably glaring issues with this, this is just from the top of my head to solve the problem of "GOV should know nothing".

  • NSFW
    collaborator rule
  • Works for most videos as well for me, but not for those were you actively have to click "I understand, continue" after getting a warning on maturity of a video.

    There's an open issue on the yt-dlp github repo as well

  • Who the hell can afford a printer
  • Got a simple brother laser printer. Duplex, BW only, works flawlessly with Linux and as a network printer.

    4-5 times a year I'll need to print 10 pages. Add an additional one every two weeks.

    The printer definitely paid for itself in convenience.

  • How would I go about gaining access to a locked-down Linux device I own.

    Five years ago, I bought a Supernote A5. It was (and mostly still is) a great device for reading and writing on an eInk display, and it runs plain old linux.

    The deciding reason I went for this device instead of the competition is that I was "under the impression" that they were about to enable full SSH access to the device! Awesome!

    "Why were you under that impression?", I hear the skeptics ask. Well, their spokesperson has stated that they would do so. Via mail, and on reddit, publicly, multiple times. I was still torn, so sent them a DM, asking if this was ineed factual. "Yes", they said, "the next quarterly update will enable SSH access!".

    Great!

    Well, it's been 5 years. They did not follow through. A couple updates were published, none contained the promised functionality, the spokesperson stopped answering questions about SSH. The last software update I received is from 2.5yrs ago. Mentions of the original Supernote A5 have largely been scrubbed from their website.

    Let me be clear, the device still functions perfectly. But it is in danger of becoming e-waste because it is so needlessly complicated to get stuff on the device. I'm currently in need of an ebook reader with (ideally) OPDS capability, and I am pretty confident I'd be able to get something like koreader running on this, or at least just run a script to sync files over SSH. Also, I frankly feel wounded in my pride having a Linux device in my possession which refuses to do my bidding (I'm joking of course, but also I am 100% serious).

    Here's all I know:

    • plugging it in via USB, the device reads as an MTP device, with access only to the documents/books/... stored on it
    • you can place an update.zip file (obtained from the SN website) into the root of that MTP directory, and upon reboot, the device will update. To me, this appears to be the most promising route of gaining access.
    • unfortunately, the zip file is encrypted. The decryption key clearly has to be known to the device, but since I have no access to it,...

    I'm a software engineer, but I have zero knowledge of the "dark arts", so to speak. If anyone could help me (or point me into the right direction!), I would really be grateful. I don't want this (generally nice) product to turn into a paperweight instead of a paper replacement :(

    29
    Self-Hosted setup for remote music lessons?

    Basically, the title. After years of inactivty, I'll be taking music (cello) lessons again, with my teacher of yesteryear, from whom I've moved half a country away.

    She has suggested Zoom but is open to alternatives. I don't particularly like Zoom, plus I have a feeling better quality can be had through a custom solution - but I'm at a bit of a loss as to what exactly would be a good fit for this project.

    Maybe Jitsi? Does someone here have experience with it and could tell me if it's possible to set something like a "target" audio quality?

    For hardware, I basically have two options. Both are already in use, for different things, and have sufficient processing capabilities - albeit no GPU:

    • host everything at home. Plus: lowest possible latency from me to the server. Not sure how much that is worth though.
    • root server in the Hetzner cloud: much faster network speed. Again though, not sure how beneficial that is, the ultimate bottleneck will always be my upload speed (40Mbit)

    OK, I realize that this post is a but of a random assortment of thoughts. I'd be really happy about suggestions and / or hearing about other's experiences with similar use-cases!

    33
    Can't use Crunchyroll via WireGuard

    Hi,

    not sure where else to post this. For a while now, I've unsuccessfully been trying to get WireGuard to work with Crunchyroll.

    Setup is as follows:

    • dedicated server hosts a wg-quick instance in [neighboring country]
    • OPNSense acts as peer on a single IP
    • I have a rule for routing the entire traffic of some source device via that IP

    This works just fine. Handshake successful, traffic is routed via the server. traceroute shows the server as the hop immediately after my device's local gateway. The connection is stable, and fast.

    ...except for Crunchyroll. The site / app itself is fine, but I can not, for the life of me, get a video to play. It just keeps loading forever.

    I don't think this is an issue with CR recognizing that I'm not where I say I am - looking online, it seems pretty easy to use CR with a VPN. I've also tried from multiple other devices, all with the same symptom.

    If anyone has suggestions, I'd love to hear them 😅

    EDIT: It was MTU. Had to manually set it to 1500 on both devices.

    Nope, still the same issues. I was using the fallback interface there briefly.

    EDIT: It WAS MTU related, I had to enable MSS clamping on the OPNSense.

    17
    InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)SM
    smiletolerantly @awful.systems
    Posts 6
    Comments 500