[Nix-dev] The Church of Suckless NixOS is looking for followers

[Jan Malakhovski]

Hi.

Hope this clarifies our view of Sucklessness.

# Mission Statement

- We agree on SLNOS Wishlist by consensus
- We agree to (eventually) merge any patchset that implements an item from SLNOS Wishlist
- We agree to (eventually) merge any patchset that reduces boilerplate (and docstrings don't count)
- We agree to (eventually) merge any other patchset that makes SLNOS suck less

# Workflow

- We plaintext and docstring everything
  Everything of value should be in the tree and commit messages, not
  chat logs, issues and wikis. Migrating from one chan to the other
  should be painless. Getting censored on GitHub should mean nothing
- We review and exchange patchsets via P2P protocols. We use centralized
  services (like GitHub) for publicity only

# Review Rules

- No authority (anonymous peer review only)
- No bikeshedding
- No hypothetical discussions
    - :-1:s must propose a working alternative solution, or this gets merged
- No discussions when fixing problems is faster
    - We don't care about authorship. Grab, fix, publish

# Relation to NixOS

- We steal everything we like from nixpkgs
- PR our changes to pkgs subtree
- Don't PR our changes to nixos subtree (a waste of time)

# SLNOS Wishlist proposal (2017-03-18 00:00 UTC)

(numbers in parentheses are logarithmic expected effort)

- (2) Show new Changelog entries on configuration build and switch/boot
- (3) Rewrite all source docs into a plain text format (no docbook xml), generate docs into man and info files (no HTML by default)
- (2) Toposort everything
- (5) Replace systemd with sane initd:
    - (3) Rip systemd out
    - (2) Sysvinit + toposorted scripts
    - (2) OpenRC
    - (2) runit
- (4) Replace GNU tools with Suckless base
- (2) Implement Gentoo-like use flags (#12877 in nixpkgs)
- (3) Disallow null buildInputs, use use flags instead
- (1) Set `unfree` meta flag for all unfree packages, including firmwares and blobs
- (2) Interactive GCC shouldn't do any hardening (#18995 in nixpkgs)
- (3) Either sanitize everything by default or drop hardening completely by default
- (2) Replace configuration.nix with centralized machine profiles
- (2) Implement our own nixos-install script
- (2) Implement a pretty wrapper around nix-env, nix-instantiate and nix-store
- (3) Implement multi-instance for nixos services
- (1) Fetch sources via Tor by default
- (2) Build torbrowser and all its extensions from source with our own patches (and no JS by default)
- (2) Add expression for all P2P packages we know about, including the ones you can't get in clearnet
- (1) DNSCrypt (over Tor/I2P?) by default
- (1) Setup Tor, I2P and our torbrowser by default (must fail closed)
- (2) Implement plugable VPN configs (must fail closed)
- (3) Implement better firewall (atomic, declarative, must fail closed)
- (3) Isolate network like in Tails
- (3) Port memory scrubbing from Tails
- (3) Port QubesOS utils to nixos
- (4) Implement Qubes netvm on top of NixOS
- (3) Implement booting with Coreboot
- (3) Port Heads:ROM to nixos
- (3) Support kexec reboot
- (3) Implement kexec chaining (for testing new Heads:ROM payloads before flashing)
- (3) Implement initrd chaining (for encrypted initrds)
- (2) Implement toposort in nix

# SLNOS No Consensus Wishlist proposal (2017-03-18 00:00 UTC)

- (1) Implement `sucksless` meta flag with `allowSucks`
- (0) Disable binary caches by default
- (3) Patch everything for stronger crypto defaults, low-power devices can wait
- (3) Nix closure generation via toposort
- (3) Implement safe storage of private files in /nix/store
- (3) Drop UEFI and BIOS in favor of Coreboot

Cheers,
  Jan and The Pope