ONIX

atomic musl base / persistent Nix toolbox

ONIX

A small operating system built from scratch where moss owns the machine and Nix owns the toolbox.

The base is musl, transactional, and auditable. The software long tail lives above it in a persistent multi-user Nix plane. The point is not novelty for its own sake; the point is a machine that can move forward and roll back without dragging your working environment through the blast radius.

core rule moss controls the machine. Nix controls the toolbox.

Architecture

Two planes and a deliberately narrow seam.

machine plane

Atomic state

moss owns /usr, the kernel, initrd, boot entries, firmware, Mesa, PipeWire, portals, and the compositor. It is the hard layer.

integration seam

Declared glue

onix-nix-integration seeds nix-daemon, nixbld users, defaults, shell hooks, runtime dirs, and graphics bridge state.

toolbox plane

Persistent work

Nix owns /nix, user profiles, dev shells, flakes, language stacks, and GUI leaf apps. It is the living workspace.

Ownership contract

No surface has two owners.

ONIX should make ownership boring and visible. If a rollback happens, you should know exactly which plane moved and which one stayed still.

Surface Owner Reason
/usr moss stateless machine payload
/.moss moss content store and transaction history
/boot moss kernel, initrd, BLS entries
/etc/nix onix-nix-integration declared defaults, no installer drift
/nix Nix persistent store, daemon, profiles
/run/opengl-driver ONIX seam host graphics bridge for Nix apps

CLI shape

$ onix status
active fstx: 6649-a17c
boot entry:  onix-6649-a17c.conf
nix daemon:  healthy
etc drift:   2 local overrides
opengl:      coherent

$ onix rollback
plane:       machine
/nix:        untouched

Alpine is the forge

The quarry host is scaffolding: build moss, boulder, and the first stones there, then discard it.

The base stays short

Busybox first, uutils after proof, and only the essentials. Nix covers the long tail.

Graphics is a system boundary

/run/opengl-driver is the bridge where Nix GUI apps meet the active machine stack.

Validation

The composition matrix is the real release gate.

01

Nix tool survives reboot

nix profile install nixpkgs#ripgrep, reboot, and confirm it remains on PATH.

02

moss rollback leaves Nix alone

Roll machine state back and verify profiles, store, and daemon remain consistent.

03

GC boundaries hold

moss state prune and nix store gc run back-to-back without cross-corruption.

04

OpenGL bridge coheres

Rollback Mesa and confirm Nix GUI apps render against the previous active stack.

Roadmap

Small gates. Real exits.

phase 0

Forge

moss and boulder running on the Alpine musl quarry

phase 1

Base

first self-owned musl stone set and local repo

phase 2

Image

bootable ONIX VM with moss state rollback

phase 3

Nix

multi-user Nix plane with independent rollback tests

phase 5

Desktop

Wayland, Mesa, portals, and the OpenGL bridge

Website

Static by construction.

The Rust generator emits plain files to dist/. GitHub Actions publishes that directory to gh-pages with CNAME set to onix-os.com.

nix develop
just build
just serve