securix: NixOS-based secure operating system. Provides a hardened environment with strong isolation, reproducibility, and policy-driven configurations
12 points by koala
12 points by koala
While researching for a response in another thread about Linux accessibility I started reading about the French government efforts on digital sovereignty, and came across this in the digital sovereignty and Linux migration section of the DINUM Wikipedia article:
To support this transition, DINUM's Interministerial Products Operator (OPI) department is developing Sécurix, a highly secure, reproducible operating system base built on NixOS. Published on GitHub under an MIT License, Sécurix is designed to meet the strict security recommendations of the ANSSI, incorporating features like TPM2 management, YubiKey-based encryption (LUKS FIDO2), and centralized enrollment for Secure Boot. Alongside it, Bureautix serves as a demonstrator and practical implementation of Sécurix tailored for administrative office use, managing configurations declaratively as code via Git rather than relying on traditional centralized directories like Active Directory.
Which might also address some other concerns I've had lately about the maturity of NixOS.
I appreciate that you explained what you mean by maturity. I think that you've conflated maturity with enterprise features for corporate environments.
No matter what, I did not explain myself very well, so I try to elaborate.
What I said in the linked post:
Precisely at work we're spending significantly more effort in "basic" stuff we'd get for free. For example, running validations on GitHub Actions is more involved than your typical project- caching, parallelization, etc. are really important to get robust and performant builds.
That was in the context about the "death" of Garnix, that provided some of those. I also had to find hosting providers, and I wasn't able to find any well-known hoster providing explicit support for NixOS.
I wouldn't call that "enterprise features for corporate environments". "Maturity" is also inadequate- perhaps I should have said "a mature ecosystem".
I also expect that LTS offerings of NixOS will become popular (or a Nix-like system with those will appear). That is frequently associated with enterprise environments, but I don't think LTS is exclusively for enterprises. (Personally, I keep as much as my infrastructure on RHEL derivatives because it's hugely convenient. I set things to patch automatically and this reduces my maintenance burden with little risk. And I think for personal stuff, reduciing maintenance burden might be even more important than for enterprises with deep pockets!)
Although most importantly: some of the maturity I want is better documentation and less "basic features" under unstable warnings. I know lately most people do not appreciate this, but the other perk why I use RHEL derivatives is that I am quite certain that the RHEL documentation will be accurate and that I'll be able to find how to do a lot of things there without having to dig random Internet posts. (For example, in my work Linux adventures, even some seasoned NixOS user struggled with finding the proper way to do things.)
I'll stress it again: the idea behind NixOS is amazing. When I refer to it as "alien", I not only mean "strange". I also mean "technology that is years more advanced than anything else". I hope the Nix approach will "win" over the more common approaches based in container images.
It's just I feel there are lots of opportunities to advance the approaches that Nix pioneers.