Theoretically you could download the .rpm file which quite a few developers provide on and install it on Tumbleweed too? But I am not 100% sure about that so please correct me about that if I’m wrong.
Yeah that’s not going to work in the general case. A trivial RPM package might be fine but every additional dependency increases the chance that it depends on some package that OpenSUSE doesn’t know. There’s a reason OpenSUSE is usually considered an independent distro and not a “Fedora-based” one despite some shared components.
I don’t think security wise there’s much of a difference between running random software directly or via distrobox. Note that distrobox mounts your entire home directory into its containers, which removes any security benefit that containers could theoretically bring. In both cases you either need to audit the software yourself or you need to trust whoever you’re downloading the software from.
Out of the third party repositories you mentioned, I would personally consider Nixpkgs the most trustworthy because package specs are actually code reviewed, unlike the AUR into which anyone can publish packages with zero oversight. That doesn’t mean it’s impossible for Nixpkgs to end up with malware in it, but the AUR sets a low bar. Using Nix (not NixOS) is also not actually that hard, you can just run nix-env -iA nixpkgs.yazi and it does exactly what you would expect, even if NixOS users would scoff at the “imperativity”.
That being said, the OpenSUSE repositories really aren’t that bad. Especially if you combine them with Flatpak, and especially if you install Firefox and VLC (or equivalents of your choice) from Flatpak so you don’t need proprietary codecs in your base system. I used OpenSUSE Tumbleweed for years and got by just fine without Nix, homebrew or distrobox.
You can download tarballs with the precompiled Nix, though you’ll still need to run an install script (but you can at least read it to convince yourself it’s not malicious), see the relevant documentation for that.
Something that slipped my mind is that since OpenSUSE uses SELinux now, that means the recommended multi-user mode won’t work. Single-user mode should be fine afaik, but it’s a bit less convenient.
The
nix-env -iAdoes actually install the software locally, not completely unlike how azypper inwould. For running a program without installing you would use something likenix-shell -p yazi --command yazi. Of course that still downloads and “installs” the program, it just won’t add it to yourPATHor create a GC root, which means the next time Nix does “garbage collection” it will be removed again.And yeah I would recommend just trying OpenSUSE out and then if you realize you actually really do need stuff from third party package managers, then you can worry about whether getting into Nix is a good idea or not. Or fall back to the Arch/AUR in distrobox idea which is probably simpler to do overall, especially since from what I understand that’s what you’re supposed to do on the immutable spins like Aeon.
Late edit: I’ll also note that there are several OpenSUSE specific third party repos too. Packman has some proprietary codecs that OpenSUSE doesn’t want to ship (in case you really don’t want your browser to be a Flatpak), and the Open Build Service (OBS) which is basically the AUR for OpenSUSE. They’re not as useful because they’re nowhere near the size of the AUR, but if you just need one specific package (perhaps one with questionable legality like yt-dlp or something) they might just have it. And of course you can also build stuff from source and put it in your
~/.local/bin, which has been common practice since before Linux was able to run on real hardware.