I am a Computer Science undergrad Nix/NixOS user with over 2 years of experience in this [0], and I tried to apply Nix at $WORK.

We use it to set up dev environments to use Blender with some extra sauce and libraries, so we can replicate the same environment basically everywhere. We found a way to use Blender as a Jupyter Kernel based on someone else’s code [1].

Initially, we used Google Colab to run some stuff we need, and we were able to run it there by using a script I did [2].

Now we use a beefy machine for the number crunching, so we use Nix to build container images to run there. The same common code is reused, the difference is basically the entry point.

My advice is to not try to use it everywhere. Is it cool? Yes! But it can get overkill very quickly. It is giving very nice fruit for this Blender specific use case, but for training stuff it’s better to just stick with one of the many ready-made supported containers.

Another advice is that for iterative work just build the base container and when you are using that in the final machine just pass the code folder as a volume. We had a lot of iterations to set it up, but after it’s done we didn’t have to rebuild and upload the image anymore.

A not so cool thing about Nix containers is that it’s not integrated with Docker. When you run docker build it builds and consequently adds to the local storage. With Nix, you use buildLayeredImage to generate that script, then you must docker load it later. It also sucks if you want to set up stuff to run on Kubernetes. Another reason to stick with that code volume strategy.

If you need GPU stuff you will need NixGL and you need to be careful because the way NixGL is built is based on impure derivations, so if you build the image in your Intel you have to figure out how to generate the NixGL for that Nvidia card or your code will probably not find the GPU. The nixpkgs Blender has no support for CUDA by default, so you will want to stick with nix-warez’s Blender [3].

[0] https://github.com/lucasew/nixcfg/

[1] https://github.com/cheng-chi/blender_notebook

[2] https://github.com/lucasew/nix-on-colab

[3] https://github.com/edolstra/nix-warez/blob/master/blender/flake.nix

At Toitū Te Whenua LINZ we’re using Nix in a few places. Two open source repos include Geostore and emergency management tools.

Pros:

• Reproducibility between developers and CI. Expecting everything which works locally to work elsewhere is a superpower.
• Free build cache at Cachix (no affiliation).

Cons:

• The learning curve is a cliff, as I’m sure you’re aware. I had to read and use it a fair bit before trusting it for work. This is probably the biggest point against it, so be prepared to mentor others on their journey.
• Mixing traditional packages and Nix can be a pain. In the case of poetry2nix, because Python packaging is such a mess, it’s constantly having to add overrides to deal with packages not declaring their build dependencies, or build dependencies being non-Python and therefore not declared anywhere machine readable. In case of bundix, it’s built like a tool to generate a file which you need to keep in sync with your Gemfile, rather than a simple overlay like poetry2nix.

Some friends and I have been quietly using NixOS for appliances and servers for…christ, coming up on four or so years now depending on which of us you talk to.

It’s made several things–for example, tomorrow’s OpenSSL3 vulns–fairly easy to patch and manage. It also has made, once the incantations are written, admin work tremendously boring.

I myself totally blew off Nix itself back in 2011 when somebody tried to educate me. I didn’t really understand the problem space and thought it rather silly–I’ve since realized the error of my ways. Just a reminder to always accept that today’s strongly held belief may end up looking silly a decade later.

We use nix very conservatively. We only use it for managing local developer environments, ie. build toolchain and other cli tools (ansible, terraform, etc). That has worked out amazingly for us.

I’m in general a lot more skeptical about nix for production. You don’t clearly get the kind of support like you would from, for example, Ubuntu’s packages. There’s no “LTS” as far as I know for nix, merely the stable NixOS release. Though, that being said, nixpkgs tends to be way ahead of other package managers’ versions of software.

We’ve started messing around with using nixpkg’s docker tools for some web projects. That would be the first time that we’d be using nix in our production environment.

In general, it’s really easy to go overboard with nix and start using it really inappropriately. But if you use some discipline, it can be an amazing tool. It’s completely solved our python problems related to installing ansible. That’s invaluable.

Myself and a few colleagues all run NixOS. I use home-manager to manage the finer things. At $work we use nix for everything. All projects must be able to go from zero to running/built with a nix-build.

One of the important trade-offs (imo) is that everything a thing needs is laid bare by using Nix to wire it all together.

This can be super annoying (see other comment regarding the sad state of Python packaging), but the flip side is that you have what you need pinned down and can then rely on them being fixed.

• Nothing side-loading crap without you knowing about it.
• Easier to leverage upstream fixes because you can pin even dependencies of your dependencies.
• Since everything is pinned (as long as you avoid diamond paths: <nixpkgs> etc) then Sally will see identical output to Bob. Modulo the ebb and flow of servers on the internet.

Other comments here make the point that the learning curve is a cliff and that’s not too far wrong. There is more and more information available to ease this process, but it’s still a process. The pay off in the end is well worth it however.

personally, I find nix far too complicated for most use-cases, to me it looks like an absolute support nightmare.

docker is much more understood if we’re interested in portability - and shell scripts are what I push when we’re talking about light dev tooling. it’s hard for me to find the right use-case for nix - i always wind up feeling like there’s something simpler.

At my job, we use Nix top to bottom for everything. The more samples I see from the folks that are really good at it, the more I’m convinced Nix is currently the best way to make reproducible software and can replace a lot of existing tooling. This isn’t to say there isn’t a learning a cliff or some Kool-Aid to drink, but it’s something worth chewing on instead of Docker or similar. What seems a real shame is only using Nix for its devShells because you take something that could be reproducible and instead do everything in a stateful shell which really doesn’t help you much.

As more people see the power, hopefully more will migrate and help maintain NixOS and nixpkgs.

At the present, my laptop is NixOS and all of my current projects have been converted or will be converted to Nix. Many have started with just the devShell, but as my own skills have increased, everything is getting package‘d up. I also maintain a few of the packages on nixpkgs (though I really wish they’d move off of GitHub).

Switched from thirty years of macOS to Linux in 2019, landed on NixOS in 2021.

Personal use:

• Laptop.
• Tablet.
• Family computers.
• Home server.

Work use (gamedev, cross-platform including console, multiplayer servers, self-hosting team services, tooling, consulting):

• Workstation.
• Services.
• Docker container hosts.
• Deployment.
• Live systems.

I also maintain a couple of nixpkgs and have too many I should clean up and push as well.

The nix syntax is really dumb. I’ve accepted the fact that it is just never going to stop being dumb.

Also if there’s an officially supported docker container for a service, I am unlikely to look elsewhere than just loading that up in podman on NixOS. I err on the side of pragmatism, which is why I went for NixOS in the first place.

I kept an eye on NixOS for a very long time, feeling it was definitely way too scary, until deciding to just rip off that bandaid, follow the short & simple step by step install instructions in the manual, and most importantly just go with a completely default generated initial config with a desktop environment rather than sitting in the installer forever, worrying about reaching a perfect setup in one go.

A core (to me) beauty of NixOS is the iterative nature of it. Just embrace that from the very start and realise that compared to any other OS there just isn’t any real punishment for “getting it wrong”.

I’m still hard smitten by NixOS for personal and work use. It gave me a solid sensation I’ve not had since Computer Science of “this is how computing is supposed to work”.

I use nix to configure my three systems— 1 OSX, 1 NixOS, 1 Linux remote dev env. Each gets a flake, and there are flakes for common things such as neovim and zsh. I have some scripts to install, rebuild, and update. On NixOS, things are installed using nixos-rebuild as you would expect. On non-NixOS systems, I do nix print-dev-env > $HOME/.zshrc to construct a shell environment that contains everything from that Flake.

I’ve been using Nix for about two years, and this particular multi-system setup for 8 months (previously, I exclusively ran NixOS).

I predominately write Haskell at home and work, so Nix has been an excellent fit. I have been on NixOS for personal machines for ~5 years now and it’s a dream once you set it up. The first time I saw Ansible (years before I saw NixOS), I remember thinking, “What the hell? Removing the requirement to have a package present just leaves it lying around?” It turns out that to do this right, you have to rethink everything from the ground up, and that requires an effort like NixOS.

For personal projects, it’s an absolute godsend: I can GC away things I don’t need, confident that they’ll reappear when I need them. My keyboard configuration needs a specific revision from the firmware repo, plus a couple of patches, plus a specific version of GCC, and writing Nix to get those has preserved my sanity.

At work, I’m the Nixpert, and probably the most conservative about its adoption. We use it a lot for development environments, and once people saw how smooth nix-shell was on the Haskell project, they started wanting it on the legacy Ruby code. Private gems mean we provide ruby and bundler via nix-shell, but let bundler fetch the Ruby dependencies. We only started using Nix for Haskell builds when forced; we had to start statically linking Haskell binaries with uncommon libraries, which is really only practical with haskell.nix.

As for your proposed push:

• I wouldn’t push all the way to NixOS. Nix alone is a massive QoL improvement, and then let people get excited and help them adopt home-manager. If you have existing servers, porting over all the established monitoring etc., is a pain; we have continued with Ubuntu + Chef here.
• The language really is a curve for people. Even though we have a lot of Haskell and Elm, and people familiar with “yeah it’s another pure functional ML-style language”, the idioms are still really different, and syntactic misfeatures (like space-separated lists) trip people up.
• Good development shells are a great first step, and can often replace a lot of YAML in a CI setup. This is a good step towards bringing Nix from “parallel experiment” to “real infrastructure that’s relied upon”.
• Probably more than even ordinary GNU/Linux, you need to know which hardware to get. A colleague purchased a dual GPU XPS laptop with a HiDPI screen, and it was one nightmare after another. I stick with lower-density screens, Intel GPUs, etc., and things have been great.

I use it heavily in private (laptop, home server, random projects, building docker images), as well as in isolation at work (home-manager for my dev laptop).

Previously, over many years, I used puppet, chef and salt in large environments and in my opinion nix is ~2 generations of tooling ahead of them. I drank the koolaid and joined the nix project as a maintainer. If some place was building infrastructure from scratch, I’d definitely consider using nixos or building containers through nix. I’d be more cautious suggesting migration to that system though.

In practice, for server environments I see only positive things from the technical side. For desktop… it’s not great with how it requires workarounds for GPU drivers. (now a huge issue for occasional usage)

The big issues start with the non-technical side. While I think the difficulty of learning nix is a bit overblown if you can teach others and provide standards/examples, it is still an extra skill. The real difficulty is trying to figure it out on your own. (Then again, for example chef seems nice and approachable until you have to write your own resource ordering hacks) It’s also not what people are used to, so functional/lazy approach may not sit well with everyone. The debugging of issues is both hard and very rare in my experience once you have existing files you update over time. It’s the initial setup that may be tricky.

I’m a bit torn on the stability side. I believe the stable channels are really well managed and the security fixes land in the unstable faster than advisories are published for other distros. (I made a spreadsheet out of interest and for a month of CVEs the time to fix was mostly negative) And while things feel very much like a “best effort” situation in terms of backwards compatibility of updates - it’s the easiest system to revert one specific package, or apply specific patches. (for example managing today’s/tomorrow’s openssl vuln is easier on nixos than other systems https://discourse.nixos.org/t/openssl-3-0-7-update-2022-11-01-faq/22875) So while personally happy to explain the trust on a technical level, I really wouldn’t want to write a justification for higher level management.

I use Nix (or rather, home-manager + Nix) to manage my own computer. NixOS scares me too much (I have tried to do the install on a VM a couple of times and don’t really have a high success rate of getting to boot).

I tried to get Nix to be useful for a Python-based thing at work, but at the end of the day Docker and docker-compose did what I needed and was more along the beaten path (with VS Code integration in particular being very powerful). If someone were able to make a “turn this Dockerfile into some nix expressions” thing that would be very fun and cool, though.

We got a looooot of value out of using Bazel for testing and the like, and I feel like the learning curve is easier (imagine that lol). I think if you have certain kinds of tech stacks it can be an easy onboarding process.

I use Nix + direnv at work. When I joined, they didn’t have a Dockerfile, so I set out to make an environment using Docker and docker-compose but it failed terribly because most of the other engineers are using Apple Silicon machines. In order to run our test suite, we have to download a prebuilt chromedriver and that build isn’t available for aarch64 in Linux. All of the M1 folks had to emulate the test suite in Docker. It was really slow and didn’t see a lot of adoption.

Fast forward a bit, I made a shell.nix file with all of the prerequisites to install dependencies. This change was very welcome, especially with the frontend devs. It took overall bootstrapping from something like (at least) 2 days of each engineer having a unique fiddling-with-the-stack setup to about 2 hours with a brand new machine having a working stack.

Needless to say, I’ve jumped from using Docker for side projects into isolated Nix environments. It’s way more ergonomic to not have the Docker layer getting in the way.

I use nix at both my company and personally.

At my company the nix is very bloated using way to many nix sources (revs set to old hashes) and involves quite a bit of impurity. Part of this is due to the repo being migrated to nix as well as the people setting up the project not knowing anything about nix before. This has lead to the decision to get rid of nix within the company.

Personally I use nix, this has proven to be more successful as the projects are often simpler with less complex pipelines and needs to have these different dependencies.

Going forward I plan to use nix entirely in my home projects.

We manage one project in development with nix (node2nix), but it’s deployed with a dockerfile on flyio.

nix + docker (I don’t write nix packages for most services)

I run NixOS on my personal/dev machine and my homelab, and nix-darwin on my laptop: https://github.com/samhh/dotfiles. Happy to answer any questions.

We use Nix for dev environments on my team at work. I’d highly recommend it despite its immaturity.

I’ve been using Nix and NixOS for around 8 years. I use it for everything. My work laptops have run NixOS for each of the jobs I’ve had in that time. I’ve had servers that I use for development environments and they run NixOS. I run a webservers, Matrix nodes, media servers, etc. all using NixOS. I use Mobile NixOS on my e-reader and I’ve put NixOS on a handheld game console.

I used to work on Atlassian Marketplace which uses nixpkgs’ dockerTools to create Docker images which are pushed and deployed to Atlassian’s internal PaaS. There’s around 5 or so production services using Nix packaged Docker images. Even repositories which aren’t deployed using Docker (e.g. Ansible scripts, Terraform code and our frontend JS) use a shell.nix to have a consistent environment. Outside of Atlassian Marketplace, Jira has used Nix in the past but got rid of it.

I’ve used Nix:

• On my personal machines, as NixOS
• At my now-defunct small business, via nixops
• In containers at work, using FROM nixos/nix for new Dockerfiles

Compared to RPM, APT, or Portage, Nix has no technical downsides. All anti-Nix sentiment is memetic, either from the difficulty of understanding capabilities or the difficulty of learning a new programming language. At the same time, NixOS is not perfect; GNU/Linux is a flawed platform, and UNIX was not meant for capabilities.

The top use case of Nix for myself and coworkers is trying out new software via nix-shell.

Being able run and share commands like nix-shell -p simplescreenrecorder --command "simplescreenrecorder" and not have to worry about anything else is pretty sweet.