It’s quite new but I’ve been cooking up some new bootstrapping features with mise which people may find relevant here: https://mise.jdx.dev/bootstrap.html
It’s for things like dotfiles, apt/brew packages, and LaunchAgents/systemd.
I am quite intrigued. With the sorry state of security, I am doing everything in VMs and have been trying to settle on the best way to setup a new machine. The process is so clunky that I end up defaulting to bigger instances than I should (more pets than cattle).
Being able to centralize this config is far more attractive than having a separate Ansible or pyinfra setup.
I learned about Stow after I found out about Chezmoi, and felt like Chezmoi was the better fit for me. I make heavy use of templating to keep work / personal aliases and functions separate, and could not be happier with the outcome.
I'm pretty committed to the `nix` ecosystem (I rewrote `nix` from scratch to unbreak it: https://gist.github.com/b7r6/90107d8e8ebe81fb0577b9c033b6ab0..., so, pretty committed), but I can't endorse it in it's current form after learning how the sausage is made and enough math to know why it's not just buggy but conceptually unsalvagable with the current `nixpkgs` and the current purity dogma.
And `home-manager` is maybe the most glaring instance of a tool that is demonstrably ill-posed where the "you're holding it wrong" from the community is a the community problem, not anyone holding anything wrong. From the Zed editor configuration stanza in `home-manager`: https://github.com/nix-community/home-manager/blob/a78606767.... That's not a Zed problem, that's a Nix problem. No one is holding it wrong, XDG config paths get mutated.
There is absolutely nothing "impure" about taking content-addressed bytes from a CAS (Xet in this instance) and surfacing them as a derivation. The "impurity" is called a "coeffect" and the action over the coeffect is called "grade discharge". This is thoroughly studied and works properly, it can cope with all of these cases and it's creates scope for dramatically more reproducible systems that are much easier to reason about (they are possible to reason about). Also, if you can't download shit from HuggingFace in 2026 without a weird hack where the name of the field is a scolding? That's gonna be putting downward pressure on adoption.
And most of the high-friction shit in Nix is like this, ignorance hardened into dogma hardened into theology. To wit:
- FHS vs. zany one-of-a-kind filesystems are nothing to do with purity or hermeticity or reproducibility, it's pure theology and the constant breakage with all the `patchFail` jank is at this point a jobs program, it's totally unnecessary. Namespaces/unshare, we have all the stuff to do this properly (`patchelf` and `unshare --bind-mount` are mathematically dual but only one blows content addressing).
- `drv` hash addressing is a reproducibility war crime. Floating CA is fine it's just broken upstream and in Determinate, it's not a valid ideological debate, it's bugs.
- there is absolutely no reason why the builder where a binary is produced needs to have the same filesystem layout or find libraries in the same place as the resulting artifact runs in any more than an adult needs to live in the same house they grew up in. `patchelf` works.
- having `libcuda.so.1` and friends at `/run/opengl-driver/lib` is dark comedy and source builds of `NCCL` when NVIDIA-certified binaries are in a wheel (zip file) on PyPI is the sequel. this is straight up bad for the planet and we should feel bad we haven't fixed it.
I could go on, but the main point for this thread is to the people who are on the fence about Nix: you're not holding it wrong the `nixpkgs` maintainers are holding it wrong, and more and more of us are getting serious about fixing it. Don't give up on declarative and reproducible systems that you can reason about because Nix is stuck in a weird place as software and as a community. There are reformers on the case.
Even just as a user of nix there has been this problem of how to manage dotfiles - people have git repositories for them but they are copies, because the actual dotfile in use is never tracked
For a System administrator the problem is many orders of magnitude worse
People shy from Nix because of supposed complexity but it really is the only real solution to this sort of problem. It's not really that much more difficult to learn, and in fact if you are willing, AI works really well generating nix config.
It's not complexity its questionable documentation. Picking up Nix is really hard yet the best we got is a mishmash of unofficial recourses and many of them are out of date and/or focus on the packaging side which is terrible for introduction.
It took me a single afternoon to learn the basics and start using it. Contrary to what I initially thought, I didn't have to migrate all of my dotfiles at once. Then over the next couple of days, Codex migrated everything else for me.
One major benefit for me is that I no longer need to have once-in-a-while tools installed, because I can always spin up a temporary shell with `nix-shell -p packageName`. This significantly decreased the amount of software I have in my environment.
This works great with agentic coding. Agent wants to run `ripgrep`, but you don't have it? Tell it to run `nix run nixpkgs#ripgrep` instead.
But the biggest benefit is that now that you know Nix! So you can start using it to create reproducible development environments and uninstall mise, asdf, nvm, pyenv, etc. You can spin up reproducible servers running NixOS and never touch Ansible again. You can even install it in your router.
Or you can do none of that and continue just using it for your dotfiles. It plays nice with other tools.
Once you hit the Chezmoi stage, you're only about 6 months from Nix and Home Manager. I mean, why climb _almost_ to the top of a mountain and then just sit down?
I've bounced off Nix every time I tried it, before I even started trying something like Home Manager.
I've been using (and contributing to) chezmoi for ~6 years now. Given that it has first-class integration with secrets managers, I suspect that it does things that Home Manager can't.
It's great to manage your dotfiles, but I took it a step farther. I rebuilt the minimal Linux desktop environment of my dreams (startx, xinit, i3, i3status etc) with Ansible. It begins from a vanilla Ubuntu server 24.04.4 install. I bootstrapped it using a KVM + spice setup (using a spare physical SSD rather than a virtual one) and iterating over and over again until I finally got everything mostly working. I then booted off that physical disk, and kept iterating until everything was perfect. I've since adapted the setup to work on virtual aarch64 on macOS. I just recently tuned it to work on a crappy old Haswell Dell laptop, now properly detecting and configuring hardware vaapi capabilities, backlight, battery, trackpad, trackpoint, etc.
Pretty snazzy, watching YouTube in Firefox on a 13 year old laptop with hardware h264 decode and everything tuned exactly to my liking.
I tried GUIX a few times, but ultimately I couldn't quite get it working exactly the way I wanted it to work. I also didn't like the ugly filesystem layout that the store requires. I may get over it and revisit at some point. It will be a lot of work, but on the plus side I'll have a reason to learn scheme.
I looked at Stow and Chezmoi and also have stuck with YADM. The exact reason is that YADM is so simple and intuitive because it's basically Git-for-dotfiles with so little to learn. Yet it also manages to support alternate and template files.
Switched to Chezmoi from random assortment of manually authored scripts. The workflow takes some getting used to, because I constantly edit the actual files without calling `chezmoi edit` first, and have to merge.
I like that when combined with `mise` (https://mise.jdx.dev) I can roll out a new computer in 2-3 commands and have my entire environment configured the way I like, with neovim and all the plugins and language servers.
I must've tried to set up stow five or six times over the years, in between various hand rolled custom setups. I can't put my finger on why but I set up chez moi & it's been my setup since, much longer than any previous solution.
Chez moi is definitely not without its rough edges but it seems to have gotten the subtle essentials right enough for adhd me to not have abandoned it yet.
Same here. I would say chezmoi has almost a bit too many features. If one is into yak shaving there is a lot to explore. It's only a negative for me because I forget half of them everytime I read the docs. But I can hardly blame it for that, it's great!
I’ve always managed this problem in a different way. I don’t know if my way is better, but it works really well for me.
I treat my powerful desktop computer as my main machine. Then I have a bunch of laptops.
Then I just rsync my entire home directory out to all the laptops.
From there. The rule is quite simple. Any file created on a laptop are considered ephemeral. If I create data that I have to keep. It gets rsynced back the other direction to the main machine.
This process has served me well for at least 15 years now and is supported by a small handful of shell scripts to automate this process
Interesting. I go about this differently. I have one master setting and from there ruby just autogenerates anything I'd ever need on other computers. If ruby is unavailable then I just copy the generated files. But I only edit the master setting to enable what I need.
> This process has served me well for at least 15 years now and is supported by a small handful of shell scripts to automate this process
I feel in a similar way but not with shell scripts. Ruby autogenerates them if I need them too. Ruby is my ultimate glue to hold together everything.
Chezmoi strikes a nice balance between the overkill of home-manager while still being more powerful than simpler solutions.
Yadm is another alternative, the main thing I don't like about it though is that I'm not a fan of cross OS dotfiles. Having niri files on my work Mac and aerospace dotfiles on Linux annoys me quite a bit.
As powerful as the templating in chezmoi is, I think it should be considered a last resort and only used for simple files. They break your editor features like highlighting.
I hate . dirs. In fact, I hate them so much that I don't use them.
My configuration lives primarily in .yml files. These are kept
super-simple. When need be and another format is required, ruby
autogenerates these for me. For instance, all my bash aliases
are kept in .yml files which then get turned into bash rc files
or any other target format for other shells. Same for most of my
other configuration too - not always .yml but usually some text
file. I never understood the neet for .foobar directories or files.
They just hide a system that is intrinsically ugly and needlessly
complicated.
It’s for things like dotfiles, apt/brew packages, and LaunchAgents/systemd.
Being able to centralize this config is far more attractive than having a separate Ansible or pyinfra setup.
I think Chezmoi's templates and file naming conventions don't click for me, but it's nice to see a good variety in this problem space.
And `home-manager` is maybe the most glaring instance of a tool that is demonstrably ill-posed where the "you're holding it wrong" from the community is a the community problem, not anyone holding anything wrong. From the Zed editor configuration stanza in `home-manager`: https://github.com/nix-community/home-manager/blob/a78606767.... That's not a Zed problem, that's a Nix problem. No one is holding it wrong, XDG config paths get mutated.
Another example and this is the one that really shows the shape of the thing: https://github.com/nixified-ai/flake/blob/bbd3a04fa1ae294096....
There is absolutely nothing "impure" about taking content-addressed bytes from a CAS (Xet in this instance) and surfacing them as a derivation. The "impurity" is called a "coeffect" and the action over the coeffect is called "grade discharge". This is thoroughly studied and works properly, it can cope with all of these cases and it's creates scope for dramatically more reproducible systems that are much easier to reason about (they are possible to reason about). Also, if you can't download shit from HuggingFace in 2026 without a weird hack where the name of the field is a scolding? That's gonna be putting downward pressure on adoption.
And most of the high-friction shit in Nix is like this, ignorance hardened into dogma hardened into theology. To wit:
- FHS vs. zany one-of-a-kind filesystems are nothing to do with purity or hermeticity or reproducibility, it's pure theology and the constant breakage with all the `patchFail` jank is at this point a jobs program, it's totally unnecessary. Namespaces/unshare, we have all the stuff to do this properly (`patchelf` and `unshare --bind-mount` are mathematically dual but only one blows content addressing).
- `drv` hash addressing is a reproducibility war crime. Floating CA is fine it's just broken upstream and in Determinate, it's not a valid ideological debate, it's bugs.
- there is absolutely no reason why the builder where a binary is produced needs to have the same filesystem layout or find libraries in the same place as the resulting artifact runs in any more than an adult needs to live in the same house they grew up in. `patchelf` works.
- having `libcuda.so.1` and friends at `/run/opengl-driver/lib` is dark comedy and source builds of `NCCL` when NVIDIA-certified binaries are in a wheel (zip file) on PyPI is the sequel. this is straight up bad for the planet and we should feel bad we haven't fixed it.
I could go on, but the main point for this thread is to the people who are on the fence about Nix: you're not holding it wrong the `nixpkgs` maintainers are holding it wrong, and more and more of us are getting serious about fixing it. Don't give up on declarative and reproducible systems that you can reason about because Nix is stuck in a weird place as software and as a community. There are reformers on the case.
For a System administrator the problem is many orders of magnitude worse
One major benefit for me is that I no longer need to have once-in-a-while tools installed, because I can always spin up a temporary shell with `nix-shell -p packageName`. This significantly decreased the amount of software I have in my environment.
This works great with agentic coding. Agent wants to run `ripgrep`, but you don't have it? Tell it to run `nix run nixpkgs#ripgrep` instead.
But the biggest benefit is that now that you know Nix! So you can start using it to create reproducible development environments and uninstall mise, asdf, nvm, pyenv, etc. You can spin up reproducible servers running NixOS and never touch Ansible again. You can even install it in your router.
Or you can do none of that and continue just using it for your dotfiles. It plays nice with other tools.
I've been using (and contributing to) chezmoi for ~6 years now. Given that it has first-class integration with secrets managers, I suspect that it does things that Home Manager can't.
Pretty snazzy, watching YouTube in Firefox on a 13 year old laptop with hardware h264 decode and everything tuned exactly to my liking.
I like that when combined with `mise` (https://mise.jdx.dev) I can roll out a new computer in 2-3 commands and have my entire environment configured the way I like, with neovim and all the plugins and language servers.
Chez moi is definitely not without its rough edges but it seems to have gotten the subtle essentials right enough for adhd me to not have abandoned it yet.
`make dotfiles` just creates a bunch of symlinks, takes 5 minutes, all good and happy. Everything is modular, declarative, simple. Never looked back.
I treat my powerful desktop computer as my main machine. Then I have a bunch of laptops.
Then I just rsync my entire home directory out to all the laptops.
From there. The rule is quite simple. Any file created on a laptop are considered ephemeral. If I create data that I have to keep. It gets rsynced back the other direction to the main machine.
This process has served me well for at least 15 years now and is supported by a small handful of shell scripts to automate this process
> This process has served me well for at least 15 years now and is supported by a small handful of shell scripts to automate this process
I feel in a similar way but not with shell scripts. Ruby autogenerates them if I need them too. Ruby is my ultimate glue to hold together everything.
stow is an indispensable tool for me to manage /usr/local for manually installed software. my workflow goes:
now, myapp and all its supporting files are in the right place in /usr/local. if i want to "uninstall", i just runYadm is another alternative, the main thing I don't like about it though is that I'm not a fan of cross OS dotfiles. Having niri files on my work Mac and aerospace dotfiles on Linux annoys me quite a bit.
As powerful as the templating in chezmoi is, I think it should be considered a last resort and only used for simple files. They break your editor features like highlighting.
My configuration lives primarily in .yml files. These are kept super-simple. When need be and another format is required, ruby autogenerates these for me. For instance, all my bash aliases are kept in .yml files which then get turned into bash rc files or any other target format for other shells. Same for most of my other configuration too - not always .yml but usually some text file. I never understood the neet for .foobar directories or files. They just hide a system that is intrinsically ugly and needlessly complicated.
‡: https://github.com/b3nj5m1n/xdg-ninja
;)