Linux

People often think you need VMware, Hyper-V, or at minimum Proxmox to run a “real” hypervisor. Something with a web UI, enterprise features, the whole package. But here’s the thing: KVM with libvirt can do virtually everything those commercial hypervisors do. Live migration, memory ballooning, CPU pinning, GPU passthrough, SR-IOV, nested virtualization — it’s all there. The Linux kernel has been a production-grade hypervisor for over a decade. I run NixOS as my hypervisor. No Proxmox, no web UI, just declarative Nix configs and virsh. Let me show you what’s possible. ...

I’ve written about Talos Linux as the immutable Kubernetes OS, and I’ve compared Arch vs NixOS for workstations. But there’s a question I get asked often: what about NixOS for Kubernetes nodes? Both NixOS and Talos are declarative. Both can be immutable. Both version their configuration. So why would you choose one over the other for running Kubernetes? I’ve run both in production. Here’s what I’ve learned. The Philosophical Difference Before diving into specifics, understand the core difference: ...

The first time I tried to SSH into a Talos node, I got nothing. No shell, no connection, no familiar Linux prompt. My immediate reaction was confusion, then mild panic. How am I supposed to debug this thing? That was three years ago. Today, I can’t imagine running Kubernetes on anything else. What is Talos Linux? Talos Linux is a Linux distribution designed specifically for Kubernetes. But calling it a “Linux distribution” undersells how different it is. Talos strips away everything that makes a traditional Linux system… traditional. ...

I’ve run both Arch and NixOS as my daily driver workstation. Not in VMs, not as a weekend experiment — as my actual work machine where I do professional DevOps/platform engineering work, and as my personal machine where I do everything else. Both are excellent. Both have serious trade-offs. And the “best” choice depends heavily on your life situation and how much time you have for system maintenance. Here’s the thing: I have kids now. The days of spending a Saturday afternoon debugging a broken Xorg config are gone. My system needs to work, reliably, every time I open the laptop. But I’ve also learned that Arch’s “instability” is largely a skill issue — with the right practices, Arch can be just as reliable as NixOS. ...

I spend my evenings doing Hack The Box challenges and CTF competitions. Not because I want to become a pentester — I’m happy in platform engineering. But because the skills I learn there make me significantly better at my day job. This isn’t obvious at first. What does pwning a vulnerable web app have to do with running Kubernetes clusters? More than you’d think. Forensics and offensive security train you to think about systems differently. You learn to investigate, to trace, to understand what’s actually happening rather than what should be happening. And that mindset — plus the tooling — is exactly what you need when debugging production issues at 3 AM. ...