1. 34
  1. 15

    There are circumstances in which modeling a computer system as a set of immutable artifacts is useful, definitely. But the thing is that a computer system is actually stateful and mutable! That’s the reality. Nix is a useful approach for specific, narrow, use cases. It’s not a panacea.

    1. 21

      NixOS isn’t saying the whole system has to be immutable. It’s an immutable base where your operating systems, applications, and configuration live. You then layer on top your mutable user space.

      1. 1

        The operating system, applications, and configuration are all mutable, though — outside of the narrow context of provisioned servers in purpose-driven organizations.

        1. 2

          Are they though? The configuration is mutable whether it’s windows, Ubuntu or nixos. That’s not taken away. Same for home directories. But the system has been effectively immutable in many ways for a long time. Packages are installed in transactions and removed as a unit anyway. If an Ubuntu system for example got a read-only /usr that automatically unlocks / relocks during dpkg runs - how long would it take a typical non-provisioned-server user to notice?

          1. 1

            Maybe I understand it incorrectly. My understanding is that if I install something with Nix that normally would put a config file at /etc/something.conf, I can’t actually edit /etc/something.conf. Am I wrong?

            1. 2

              You have 2 options. Either 1) do that configuration in nix and then your /etc/something.conf is a symlink to the generated file in /nix/store/… , Or 2) remove the symlink and edit /etc/something.conf as a usual file.

          2. 1

            Nix supports these use cases fairly way in my experience, but it could be better and simpler imo.

        2. 8

          Nix-the-package-manager is not concerned with modelling computer systems at all. It’s all about building software and managing dependencies in a principled, repeatable, generational system. It can run side-by-side with other package managers, is generally self-contained, and is a pretty small piece of software relative to e.g. Aptitude et. al.

          NixPkgs the package set provides a huge set of recipes for packaging all kinds of software, and includes all kinds of utilities for modelling computer systems. Not as immutable artifacts, but as consistent configuration sets. The really cool thing is that i can build (and even cross-compile) any set of software (including a full OS config) and push it peer-to-peer to 1..N machines out in the world, atomically switch to that new software whenever I like, and roll it back if it didn’t work.

          NixOS the realization of a your specific configuration, via the module system. By default it provides a mostly-readonly /etc/ symlink tree and that’s about it. When installing nixos you’re encouraged to customize everything else. you can have a tmpfs backing the filesystem root, some people use ZFS snapshots that rollback on every reboot, and other people leave it completely mutable. All your state lives in /var/ as it always has, /tmp is used by software of all types, and home directories are the same chaotic mutable mess they always have been.

          Nix is a useful approach for specific, narrow, use cases

          This is like saying “GCC is a useful approach for specific, narrow, use cases”. Nix is like a higher-order compiler. It compiles software packages, and links them together into software systems.

          1. 1

            it provides a mostly-readonly /etc/ symlink tree . . .

            This is kind of my point, maybe? As an owner of a computer system that has an /etc directory, it’s important that I can just… edit the files in there, arbitrarily and directly, and observe their effects. I understand the value of enforcing reproducibility and repeatability and all that! But those things aren’t free. They have costs, and those costs are substantial — IMO only justified in narrow circumstances, almost all of which exist in profit- or purpose-driven organizations.

            1. 3

              The experience is similar on NixOS. On a GNU/Linux system with systemd, you might want to do:

              # nano /etc/foo.conf
              # systemctl restart foo
              

              NixOS also has a workflow for editing files in /etc and restarting services:

              # nano /etc/nixos/configuration.nix
              # nixos-rebuild switch
              

              The ability to rollback is free. Reproducibility is as expensive as version-controlling /etc, but thus optional.

              1. 2

                Nah, I run NixOS on several of my own personal machines running software only I use. It’s really cool and useful that I can programmatically specify (and version-control) the state of my Linux system, including the contents of /etc files.

                There is value in being able to edit and experiment with your configuration files directly, although I’m not too concerned if this is /etc/ssh/ssh_conf or the /etc/nix/configuration.nix that generates it. NixOS needs better documentation and perhaps abstractions for a lot of things, one of which is how to easily create overlays in the nix language that let you extend the default methods of configuration with custom ones.

                1. 2

                  I guess i should clarify that the symlink tree in /etc isn’t read-only, but the symlinks point to files in /nix/store/ which are readonly.

                  Nothing stopping you deleting the symlink and putting your own config file there, or mounting an overlayfs over /etc and editing files that way.

                  enforcing reproducibility and repeatability certainly isn’t free, and it’s a choice to take on that level of rigor, but it’s also not particularly hard. It can also really help when you finally fix the issue you’ve been debugging for half a day and have to figure out what changes you made actually fixed the problem.

                  The benefits also compound over time. If you’ve been using the same laptop for 3 years, and want to move to a laptop, how do you bring all your ad-hoc configuration changes with you? is it safe to copy all files in /etc/ across installs? If you have a nix configuration, you only need to copy or git-clone that config onto a new machine and nixos-rebuild will build out a fresh install exactly the way you like it.

                  I don’t think these costs are substantial enough to be only justified in narrow circumstances. Personally, running NixOS has actually saved me more time that it’s cost me. I fully respect that it may not be the same tradeoff to you, but I’m quite happy to invest some time up-front in a technology that will save me more much time down the line.

                2. 1

                  I think it would probably help if the Nix community could find a better naming convention. As it is, it feels like watching old Smurfs cartoons, where every other word they say is “Smurf” but it smurfs different smurfs every smurf they smurf it means different things every time they say it. Then there wouldn’t be a need to break down multiple different things “Nix” means.

                  1. 1

                    I’m aware I’m a month late here but there is exactly one thing called Nix. NixPkgs, NixOS, Nix Expression Language, they all have other names. This is like saying the Java community should come up with a different name for the Java Virtual Machine because it’s confusing that it has Java in the name.

                3. 5

                  Nix models mutation in the same way Git does: with atomically updated references into an underlying content-addressed store.

                  1. 1

                    Right! Sure. And I guess my point is that’s a great model for some computing environments, but not all, or even most. The overhead is an impedance mismatch with the actual needs of the users. IMO, of course.

                    1. 4

                      I think of NixOS as a pioneering project for a really great concept. So I imagine there will be several different NixOS-based distributions. Like imagine Debian is to Ubuntu as ? is to NixOS. There’s not even a graphical installer for NixOS yet. If you make a convenient graphical editor for a curated subset of NixOS’s configuration space, so users can toggle installed packages in an “app store” and tweak their setup in a user-friendly editor—I see no reason why that couldn’t be absolutely delightful and far MORE user-friendly than traditional distributions.

                  2. 2

                    Nix is a useful approach for specific, narrow, use cases.

                    I use Nix for absolutely everything. I work on Atlassian products, host servers, use random software projects (stuff like Python, Go, Haskell, etc) and we deploy using Nix at work. There’s nothing narrow about it.

                    1. -2

                      I work on Atlassian products,

                      I’m so sorry.

                      😉

                  3. 8

                    The way we handle this problem is to wrap the Firefox binary so that we can setup the necessary environment to make it find flash in the nix store.

                    See, I just can’t get excited about Nix because of stuff like this. Purely functional packages? Nice! But wait, you say I have to patch and / or wrap my binaries? Uh, no, hard pass.

                    This is exactly what happened the one time I decided to jump in and use Nix. I realized that a package I wanted to upgrade was using patchelf in its script and it just struck me that this was way more thought than I ever wanted to put into how to install software on my computer.

                    I guess I just don’t care that much about “purity” for its own sake.

                    1. 17

                      I don’t care about purity - it’s about practical benefits to me. I like to view the patching and wrapping shenanigans as the price of being able to run multiple versions of a library or binary on your system. Most Linux systems don’t let you do that without creating a separate distribution with something like chroot or Docker. And those come with their own complexity.

                      Maybe one day the ecosystem will have matured and we wouldn’t have to do all that.

                      1. 5

                        This does get me excited because once one maintainer does the work of parching the library, it won’t ever break again because it can’t find flash or finds an incompatible version of flash because I did an unrelated system update.

                        1. 3

                          Does that happen to you often? I can’t remember the last time something like that occurred. Probably the early 2000s? I mean, I guess on Linux things like that go wrong more often, but that’s part of the reason I don’t use desktop Linux…

                          Side note: does Flash still exist? I thought it was EOL’d years ago!

                          1. 2

                            Yeah, which means if you want to re-live 2004-era Newgrounds, one of the things you need to do to make this happen is get a browser that is capable of executing Flash.

                            Breaking a userspace program because a library it depends on updated doesn’t happen super-often on desktop linux, but it does happen. And if you don’t use linux as a desktop operating system, you’re forced to use non-free desktop operating systems that make it very difficult for you to use your system without creating a real-name account (Windows), creating an app store account with a credit card (Mac OS), or see political messaging creating by the people who work at Microsoft when logging in.

                        2. 3

                          See, I just can’t get excited about Nix because of stuff like this. Purely functional packages? Nice! But wait, you say I have to patch and / or wrap my binaries? Uh, no, hard pass.

                          Not only that, but if I want to package my stuff for it, I have to learn a new language that’s not very much like any of the ones I already use?

                          I think I’m more hopeful for rpm+ostree (as seen here)… it seems likely to carry most of the benefits Nix is advertising (some of which I find appealing) with less disruption. Maybe if I didn’t already know how to make and use RPMs, the math would be different.

                          1. 4

                            Fortunately unless you’re using some very special or custom build system, the correct wrappers are in place. So in most cases you copy the basic sample file, change the name, change the version and you’re good to go. There are exceptions of course… but those require special handling in RPM specs in similar ways.