Won’t auto update but you could add the upgrade command to a login script or something.
Won’t lie, nix has a high learning curve to get the most out of it, but installing a single app is pretty simple.
Most startups I’ve applied to are Linux friendly.
I currently work for a fortune 100 and managed to get a Linux machine purchased as a “lab” machine.
I’m fully in control. IT doesn’t even know it exists. I’m not allowed on the corporate network, but I managed to get some internal corporate access through another department’s lab network (IT sanctioned) that has a VPN with a few routes to things like ticketing, time cards, and our internal wiki. Most of the stuff I need to do my job is in AWS and we are allowed to add home IPs to the security groups.
IT still gives me a MacBook. I use it like once every 6 months.
nixos-unstable is the only thing I will use currently.
I’m running bleeding edge stuff like the latest kernel, Hyprland nightly, my own “shell” built from Gnome components and lots of custom stuff using GJS (Gnome JavaScript).
If you get one, and you are free to do whatever on it, encrypt your drives like your job depends on it. I have a memorized passphrase, pin protected hardware key, and a key in TPM. No biometrics.
As far as other nice things to have:
I work in software dev as FYI. For the few issues I have, my team has more issues getting stuff working consistently on macOS for our project. I used that as a justification when requesting the laptop: my dev environment should closely match our runtime environment. Most of that is moot now since we use Nix flakes in our repos for local dev envs.
I use rclone and the Round Sync Android client.
Supports a ton of back ends, self hosted, and commercial options. You can transparently encrypt with private keys you control.
I personally use B2 Backblaze for storage.
My phone backs up every night and Round Sync pushes them to B2. On my desktop I can mount as a volume. I can also access my storage from my phone going the other direction.
I’ve done the same using SFTP if I don’t want the overhead of persistent file storage.
It does not support indexing or previews for searching or finding say a photo. You can put whatever you want for data. So I have caches, indexes, and thumbnails that work in Linux. I can’t really make use of those on my phone though.
Rclones bisync feature is also a bit dangerous when I tried to use it a year ago. I more than once “deleted” everything. B2 doesn’t delete by default, just hides, so I was able to recover. I now do unidirectional syncs from my machines to different buckets until I’m motivated to investigate a proper 3-way merge solution.
I’m using Graphene. The Pixel requirement I believe is due to the Titan chip: https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html?m=1.
https://divestos.org/ has caught my eye. When I last installed Grapheme, you had to install eSIMs using the factory ROM then install Graphene. Divest I guess had support without Google services. I think Grapheme does now also, but before I get my next phone I’ll weigh it as an option.
And track this stuff in git so you don’t need to remember how you did it when you inevitably forget, lol.
I use Nix, even on my Ubuntu machines, to install tooling in my user profile.
Nixpkgs unstable stays pretty up to date. The few I want something on release day or bleeding edge nightlies, I override the derivation source. I use nvfetcher to pull the latest release or head of the default branch as part of my update routine.
I’m pretty new to Nix, so its been slow integrating into my workflow, but I plan to start integrating flake’s into my repos. My team seems to have constant issues with keeping their tooling up to date which breaks things locally from time to time.