 |
Title: Operating systems battle: OpenBSD vs NixOS |
|
Author: Solène |
|
Date: 18 April 2022 |
|
Tags: openbsd nixos life opensource |
|
Description: My feelings about OpenBSD and NixOS, trying to figure out |
|
where each is the best |
|
|
|
# Introduction |
|
|
|
While I'm an OpenBSD contributor, I also enjoy using Linux especially |
|
the NixOS distribution which I consider a system apart from the other |
|
Linux distributions because of how different it is. Because I use |
|
both, I have two SSDs in my laptop with each system installed and I can |
|
jump from one to another depending on the task I'm doing or which I |
|
want to use. |
|
|
|
My main system, the one with all my data, is OpenBSD, unfortunately the |
|
lack of an interoperable and good file system between NixOS and OpenBSD |
|
make it difficult to share data between them without using a network |
|
storage offering a protocol they have in common. |
|
|
|
# OpenBSD and NixOS |
|
|
|
Let me quickly introduce the two operating systems if you don't know |
|
them. |
|
|
|
OpenBSD is a 25+ years old fork of NetBSD, it's full of history and a |
|
solid system, it's also the place where OpenSSH or tmux are developed. |
|
It's a BSD system with its own kernel and own drivers, it's not related |
|
to Linux but will share most of well known open source programs you can |
|
have on Linux, they are provided as packages (programs such as GIMP, |
|
Libreoffice, Firefox, Chromium etc...). The whole OpenBSD system |
|
(kernel, drivers, userland and packages) is managed by a team of |
|
approximately 150 persons (without counting people sending updates and |
|
who don't have a commit access). |
|
|
 |
The OpenBSD project website |
|
|
|
NixOS will be soon a 20 years old Linux distribution based on the nix |
|
package manager. It's offering a new approach to system management, |
|
based on reproducible builds and declarative configurations, basically |
|
you define how your computer should be configured (packages, services, |
|
name, users etc..) in a configuration file and "build" the system to |
|
configure itself, if you share this configuration file on another |
|
computer, you should be able to reproduce the exact same system. |
|
Packages are not installed in a standard file hierarchy but each |
|
package files are stored into a dedicated directory and the users |
|
profiles are made of symbolic links and many environment variables to |
|
permit programs to find libraries or dependencies, for example the path |
|
to Firefox may look like something like |
|
/nix/store/b6gvzjyb2pg0kjfwrjmg1vfhh54ad73z-firefox-33.1/bin/firefox. |
|
|
|
The NixOS project website |
|
NixOS wiki: How Nix works |
|
|
|
## Performance |
|
|
|
OpenBSD is lacking hardware acceleration for encoding/decoding video, |
|
this make it a lot slower when working with videos. |
|
|
|
Interactive desktop usage and I/O also feel slower on OpenBSD, on the |
|
other hand the Linux kernel used in NixOS benefits from many people |
|
working full time at improving its performance, we have to admit the |
|
efforts pay off. |
|
|
|
Although OpenBSD is slower than Linux, it's actually usable for most |
|
tasks one may need to achieve. |
|
|
|
## Hardware support |
|
|
|
OpenBSD doesn't support as many devices as NixOS and its Linux kernel. |
|
On NixOS I can use an external NVIDIA card using a thunderbolt case, |
|
OpenBSD doesn't have support for this case nor has it a driver for |
|
NVIDIA cards (which is mostly NVIDIA's fault for not providing |
|
documentation). |
|
|
|
However, OpenBSD barely requires any configuration to work, if the |
|
hardware is supported, it will work. |
|
|
|
Finally, OpenBSD can be used on old computers from various |
|
architectures, like i386, old Apple powerpc, risc, arm, while NixOS is |
|
only focusing on modern hardware such as Amd64 and Arm64. |
|
|
|
## Software choice |
|
|
|
Both systems provide a huge packages set, but the one from Nix has more |
|
choice. It's not that bad on the OpenBSD side though, most common |
|
packages are available and often with a recent version, I also found |
|
many times a package available in OpenBSD but not in Nix. |
|
|
|
Most notably, I feel the quality of OpenBSD packages is slightly higher |
|
than on Nix, they have less issues (Nix packages sometimes have issues |
|
that may be related to nix unusual file hierarchy) and are sometimes |
|
patched to have better defaults (for instance I'm thinking of disabling |
|
network accesses opened by default in some GUI applications). |
|
|
|
Both of them make a new release every six months, but while OpenBSD |
|
only backport packages security fixes for its latest release, NixOS |
|
provides a lot more updates to its packages for the release users. |
|
|
|
Updating packages is painless on OpenBSD and NixOS, but it's easier to |
|
find which version you are currently using on OpenBSD. This may be |
|
because I don't know enough the nix shell but I find it very hard to |
|
know if I'm actually using a program that has been updated (after a CVE |
|
I often check that) or if it's not. |
|
|
|
OpenBSD packages list |
|
NixOS packages list |
|
|
|
## Network |
|
|
|
Network is certainly the area where OpenBSD is the most well-known, its |
|
firewall Packet Filter is easy to use/configure and efficient. OpenBSD |
|
provides mechanisms such as routing tables/domains to assign a network |
|
interface to an entire separated network, allowing to expose a |
|
program/user to a specific interface reliably, I didn't find how to |
|
achieve this on Linux yet. OpenBSD comes with all the required daemons |
|
to manage a network (dhcp, slaacd, rpki, email, http, NAT, ftp, tftp |
|
etc...) within its base system. |
|
|
|
The performance when dealing with network throughput may be sub-par on |
|
OpenBSD compared to Linux but for the average user or server it's fine, |
|
it will mostly depend on the network card used and its driver support. |
|
|
|
I don't really enjoy playing with network on Linux as I find it very |
|
complicated, I never found how to aggregate wifi and Ethernet |
|
interfaces to transparently switch from one to the other when I |
|
(un)plug the rj45 cable on my laptop, doing this is easy to achieve on |
|
OpenBSD (I don't enjoy losing all my TCP connections when moving the |
|
laptop around). |
|
|
|
## Maintenance |
|
|
|
The maintenance topic will be very personal, for a personal |
|
workstation/server case and not a farm of hundreds of servers. |
|
|
|
OpenBSD doesn't change much, it has a new release every six months but |
|
the upgrades are always easy to handle, most corner cases are |
|
documented in the upgrade guide and I'm ALWAYS confident when I have to |
|
update an OpenBSD system. |
|
|
|
NixOS is also easy to update and keep clean, I never had any issue when |
|
upgrading yet and it would still be possible to rollback to the |
|
previous version in case something is going wrong. |
|
|
|
I can say they have both a different approach but they both work well. |
|
|
|
## Documentation |
|
|
|
I have to say the NixOS documentation is rather huge but yet not always |
|
useful. There is a nice man page named "configuration.nix" giving all |
|
the options to parameter a system, but it's generated from the Nix code |
|
and is often lacking explanations in addition to describe an API. |
|
There are also a few guides and manual available on NixOS website but |
|
they are either redundant or not really describing how to solve real |
|
world problems. |
|
|
|
NixOS documentation |
|
|
|
On the OpenBSD side, the website provides a simple "Frequently Asked |
|
Questions" section for some use case, and then all the system and its |
|
internal are detailed in very well written man pages, it may feel |
|
unfriendly or complicated at first but once you taste the OpenBSD man |
|
pages you easily get sad when looking at another documentation. If you |
|
had to setup an OpenBSD system for some task relying on components from |
|
the base system (= not packages), I'm confident to say you could do it |
|
offline with only the man pages. OpenBSD is not a system that you find |
|
its documentation on various forums or github gists, while I often feel |
|
this with NixOS :( |
|
|
|
OpenBSD FAQ |
|
OpenBSD man pages |
|
|
|
## Contributing |
|
|
|
I would say NixOS have a modern contribution system, it relies on |
|
github and a bot automatically do many checks to the contributions, |
|
helping contributors to check their work quickly without "wasting" the |
|
time of someone who would have to read every submitted code. |
|
|
|
OpenBSD is doing exactly that, changes to the code are done on a |
|
mailing list, only between humans. It doesn't scale very well but the |
|
human contact will give better explanations than a bot, but this is |
|
when your work is interesting someone who want to spend time on it, |
|
sometimes you will never get any feedback and it's a bit sad we are |
|
losing updates and contributors because of this. |
|
|
|
# Conclusion |
|
|
|
I can't say one is better to the other nor that one is doing absolutely |
|
better at one task. |
|
|
|
My love for OpenBSD may come from its small community, made of humans |
|
that like working on something different. I know how OpenBSD works, |
|
when something is wrong it's easy to debug because the system has been |
|
kept relatively simple. It's painless, when your hardware is |
|
supported, it just works fine. The default configuration is good and I |
|
don't have to worry about it. |
|
|
|
But I also love NixOS, it's adventurous, it offers a new experience |
|
(transactional updates, reproducibility) that I feel are the future of |
|
computing, but it also make the whole very complicated to understand |
|
and debug. It's a huge piece of software that could be bend to many |
|
forms given you are a good Nix arcanist. |
|
|
|
I'd be happy to hear about your experiences with regards to OpenBSD and |
|
NixOS, feel free to write me (mastodon or email) about this! |
