Title: Operating systems battle: OpenBSD vs NixOS
Author: Solène
Date: 18 April 2022
Tags: openbsd nixos life opensource
Description: My feelings about OpenBSD and NixOS, trying to figure out
where each is the best
# Introduction
While I'm an OpenBSD contributor, I also enjoy using Linux especially
the NixOS distribution which I consider a system apart from the other
Linux distributions because of how different it is. Because I use
both, I have two SSDs in my laptop with each system installed and I can
jump from one to another depending on the task I'm doing or which I
want to use.
My main system, the one with all my data, is OpenBSD, unfortunately the
lack of an interoperable and good file system between NixOS and OpenBSD
make it difficult to share data between them without using a network
storage offering a protocol they have in common.
# OpenBSD and NixOS
Let me quickly introduce the two operating systems if you don't know
them.
OpenBSD is a 25+ years old fork of NetBSD, it's full of history and a
solid system, it's also the place where OpenSSH or tmux are developed.
It's a BSD system with its own kernel and own drivers, it's not related
to Linux but will share most of well known open source programs you can
have on Linux, they are provided as packages (programs such as GIMP,
Libreoffice, Firefox, Chromium etc...). The whole OpenBSD system
(kernel, drivers, userland and packages) is managed by a team of
approximately 150 persons (without counting people sending updates and
who don't have a commit access).
(HTM) The OpenBSD project website
NixOS will be soon a 20 years old Linux distribution based on the nix
package manager. It's offering a new approach to system management,
based on reproducible builds and declarative configurations, basically
you define how your computer should be configured (packages, services,
name, users etc..) in a configuration file and "build" the system to
configure itself, if you share this configuration file on another
computer, you should be able to reproduce the exact same system.
Packages are not installed in a standard file hierarchy but each
package files are stored into a dedicated directory and the users
profiles are made of symbolic links and many environment variables to
permit programs to find libraries or dependencies, for example the path
to Firefox may look like something like
/nix/store/b6gvzjyb2pg0kjfwrjmg1vfhh54ad73z-firefox-33.1/bin/firefox.
(HTM) The NixOS project website
(HTM) NixOS wiki: How Nix works
## Performance
OpenBSD is lacking hardware acceleration for encoding/decoding video,
this make it a lot slower when working with videos.
Interactive desktop usage and I/O also feel slower on OpenBSD, on the
other hand the Linux kernel used in NixOS benefits from many people
working full time at improving its performance, we have to admit the
efforts pay off.
Although OpenBSD is slower than Linux, it's actually usable for most
tasks one may need to achieve.
## Hardware support
OpenBSD doesn't support as many devices as NixOS and its Linux kernel.
On NixOS I can use an external NVIDIA card using a thunderbolt case,
OpenBSD doesn't have support for this case nor has it a driver for
NVIDIA cards (which is mostly NVIDIA's fault for not providing
documentation).
However, OpenBSD barely requires any configuration to work, if the
hardware is supported, it will work.
Finally, OpenBSD can be used on old computers from various
architectures, like i386, old Apple powerpc, risc, arm, while NixOS is
only focusing on modern hardware such as Amd64 and Arm64.
## Software choice
Both systems provide a huge packages set, but the one from Nix has more
choice. It's not that bad on the OpenBSD side though, most common
packages are available and often with a recent version, I also found
many times a package available in OpenBSD but not in Nix.
Most notably, I feel the quality of OpenBSD packages is slightly higher
than on Nix, they have less issues (Nix packages sometimes have issues
that may be related to nix unusual file hierarchy) and are sometimes
patched to have better defaults (for instance I'm thinking of disabling
network accesses opened by default in some GUI applications).
Both of them make a new release every six months, but while OpenBSD
only backport packages security fixes for its latest release, NixOS
provides a lot more updates to its packages for the release users.
Updating packages is painless on OpenBSD and NixOS, but it's easier to
find which version you are currently using on OpenBSD. This may be
because I don't know enough the nix shell but I find it very hard to
know if I'm actually using a program that has been updated (after a CVE
I often check that) or if it's not.
(HTM) OpenBSD packages list
(HTM) NixOS packages list
## Network
Network is certainly the area where OpenBSD is the most well-known, its
firewall Packet Filter is easy to use/configure and efficient. OpenBSD
provides mechanisms such as routing tables/domains to assign a network
interface to an entire separated network, allowing to expose a
program/user to a specific interface reliably, I didn't find how to
achieve this on Linux yet. OpenBSD comes with all the required daemons
to manage a network (dhcp, slaacd, rpki, email, http, NAT, ftp, tftp
etc...) within its base system.
The performance when dealing with network throughput may be sub-par on
OpenBSD compared to Linux but for the average user or server it's fine,
it will mostly depend on the network card used and its driver support.
I don't really enjoy playing with network on Linux as I find it very
complicated, I never found how to aggregate wifi and Ethernet
interfaces to transparently switch from one to the other when I
(un)plug the rj45 cable on my laptop, doing this is easy to achieve on
OpenBSD (I don't enjoy losing all my TCP connections when moving the
laptop around).
## Maintenance
The maintenance topic will be very personal, for a personal
workstation/server case and not a farm of hundreds of servers.
OpenBSD doesn't change much, it has a new release every six months but
the upgrades are always easy to handle, most corner cases are
documented in the upgrade guide and I'm ALWAYS confident when I have to
update an OpenBSD system.
NixOS is also easy to update and keep clean, I never had any issue when
upgrading yet and it would still be possible to rollback to the
previous version in case something is going wrong.
I can say they have both a different approach but they both work well.
## Documentation
I have to say the NixOS documentation is rather huge but yet not always
useful. There is a nice man page named "configuration.nix" giving all
the options to parameter a system, but it's generated from the Nix code
and is often lacking explanations in addition to describe an API.
There are also a few guides and manual available on NixOS website but
they are either redundant or not really describing how to solve real
world problems.
(HTM) NixOS documentation
On the OpenBSD side, the website provides a simple "Frequently Asked
Questions" section for some use case, and then all the system and its
internal are detailed in very well written man pages, it may feel
unfriendly or complicated at first but once you taste the OpenBSD man
pages you easily get sad when looking at another documentation. If you
had to setup an OpenBSD system for some task relying on components from
the base system (= not packages), I'm confident to say you could do it
offline with only the man pages. OpenBSD is not a system that you find
its documentation on various forums or github gists, while I often feel
this with NixOS :(
(HTM) OpenBSD FAQ
(HTM) OpenBSD man pages
## Contributing
I would say NixOS have a modern contribution system, it relies on
github and a bot automatically do many checks to the contributions,
helping contributors to check their work quickly without "wasting" the
time of someone who would have to read every submitted code.
OpenBSD is doing exactly that, changes to the code are done on a
mailing list, only between humans. It doesn't scale very well but the
human contact will give better explanations than a bot, but this is
when your work is interesting someone who want to spend time on it,
sometimes you will never get any feedback and it's a bit sad we are
losing updates and contributors because of this.
# Conclusion
I can't say one is better to the other nor that one is doing absolutely
better at one task.
My love for OpenBSD may come from its small community, made of humans
that like working on something different. I know how OpenBSD works,
when something is wrong it's easy to debug because the system has been
kept relatively simple. It's painless, when your hardware is
supported, it just works fine. The default configuration is good and I
don't have to worry about it.
But I also love NixOS, it's adventurous, it offers a new experience
(transactional updates, reproducibility) that I feel are the future of
computing, but it also make the whole very complicated to understand
and debug. It's a huge piece of software that could be bend to many
forms given you are a good Nix arcanist.
I'd be happy to hear about your experiences with regards to OpenBSD and
NixOS, feel free to write me (mastodon or email) about this!