Nix isn’t commonly known or mentioned on Lobsters, but I thought it would be nice to inform you there’s a 2.0 release available with many new features or improvements (merge of nix-* commands into single nix binary, security improvements, cleaning old/redundant features to simplify the whole concept, etc.)
To spark a discussion, let me know - have you ever used a Nix as a sole package/environment manager, or NixOS as a Linux distribution (production, desktop…)? Do you have any stories or opinions related to it?
This is incredible, and not just an every day release! Nix 2.0 has been in progress for years now. I’m so proud of the Nix team: pulling together and getting it out the door. There are some wonderful patches here. The new (pre-release!) of the
nixcommand looks nice, and I’m super excited to write about the newbuiltins.fetchGitsupport – solving a problem I think many people have struggled with.I’m slightly disappointed we don’t have our “marketing ducks” in a row to coordinate some big blog post push or something, but hey – at least we got it out!
Also: Nix 2.0 will be the stable Nix on NixOS 18.03, which will also be coming out at the end of March!
I’m very excited about the 2.0 release, since I’ve been using the new version for about half a year while it was still in development, and it was still rock solid, just with a better user experience.
The new features now mean that I’ll be able to write much more readable scripts and code in Nix and can start pushing for more adoption in my company.
I’ve been using Nix for about 3 years now, and NixOS as my workhorse desktop/server, MacOS config, and for production machines for about 2.
I used Nix(OS) at a startup via NixOps to replace some fragile Ubuntu setups. It nicely deploys and maintains their servers, and took me a few days to package all their custom software reliably.
We got acquired afterwards, and in the new and much bigger company nobody had heard of Nix, nor were they willing to support us with it, so instead I utilized
prootanddockerTools.buildImageto achieve almost the same stability (minus docker bugs…).It’s also a great tool to share your development environment with other people, so you don’t need everyone to remember to install
libzmq-devorlibpgetc. You simply put it into yourshell.nix, and can usedirenvso everyone who enters a project automatically gets everything they need to run it. That same configuration can then be used for building production packages.I have a sick fascination with studying language-specific package managers and replacing them with reproducible, hashed, offline-usable derivations that can’t touch any part of my system that they’re not meant to.
IMHO the biggest things holding Nix back are its “strange” language syntax and a lack of mainstream use, so I’m really hoping at least that it gets a bit more popular and picked up by bigger players.
I love dockerTools.buildImage - Though I wish someone would make a musl libc + busybox configuration somehow, though maybe it exists.
Work on adding musl to nixpkgs (probably as an overlay) is going on. See https://github.com/dtzWill/rfcs/blob/feature/musl-rfc/rfcs/0023-musl-libc.md and https://github.com/NixOS/nixpkgs/pull/34645 where dtzWill did a tremendous amount of work to make this happen.
So in theory it should be possible now. In practice I haven’t tried it yet.
Well, since you asked for a discussion. :)
I used NixOS as a distribution for my primary personal desktop machine for about two years. It was a lot of fun, precisely because it was occasionally a lot of work. It is pretty satisfying that most of the time, once I get something to work inside Nix, it stays working.
Today I still use NixOS for my personal mini-servers, directly for the local ones and under nixops for the VPS-based ones. Running WordPress securely is pretty much impossible, so it’s really cool to know that when my WP server eventually gets compromised, I will be able to re-create it with just a few commands. At some point soon, I want to look into how well it works on the Raspberry Pi or a similar ultra-cheap machine, because I can think of a few simple automation tasks I’d like to use it for.
I’ve never tried the Nix package manager on a non-Nix OS; I do most of my development work remotely these days, so I don’t really feel the need to customize my desktop environment as heavily as I used to.
In general, although it’s fun to tinker deep inside a system and make it do something, I’m at the point in my relationship with computers where I know that anything I customize too heavily is going to be very difficult to understand later. Three or four times now, I’ve had to leave behind machines I had spent years heavily customizing (on Debian, on OS X, on Windows…), and found that I didn’t have a complete mental inventory of what exactly went into them so that I could make sure to preserve the interesting parts for later use. The most exciting promise of Nix, to me, is that it makes a plausible case that there’s a way to avoid being in that situation again. Of course, I won’t really know whether it delivered for at least five years…
I welcome the effort to make the nix commands more intuitive.
WRT to discussion:
I use nixos with full disk encryption on my laptop, and on my desktop. I especially like how I can put my entire OS configuration into git including all packages I normally install and things like cron jobs for backups. The configuration language is also a programming language so you can do things like generate a PC configuration based on a few parameters.
Nix lets you roll back changes atomically, I was sold on nix as soon as i tried experimenting with experimental drivers for my OS. I bricked my system multiple times, but every time i was able to revert the system configuration atomically from the grub boot menu, and try again.
nixops has the ability to deploy a config to either a local vm or a remote google cloud machine, this is extremely convenient for testing locally then shipping code to a remote server.
Nix also lets you freely mix software from anywhere and it becomes a first class citizen on your OS. I use a bunch of esoteric software projects, and simply wrote my own nix package and imported them from my os config file. Now those esoteric projects are part of the base OS seamlessly. No half assed mixture of out of date system packages + manually installed packages is necessary.
The nix package+build system is so powerful and flexible it lets you do things like build go 1.4, use it to build go 1.5, use that to build go1.n then install the final version. Great for self hosted languages with a C bootstrap version.
nix-shell lets you make build environments that are totally reproducible across machines, and don’t interfere with each other. You can freely mix any number of libraries of versions or software on the same machine and they don’t conflict.
Nix does have some downsides though, a tough learning curve and you need to spend effort up front learning how to write nix expressions so you can add your own software.
Woo! Excited to see some Nix stuff being mentioned.
I had been running NixOS on my work Macbook for a while, but due to issues with a mix of HiDPI & non HiDPI displays on Linux - I went back to macOS.
With a new found love though, I was delighted to find out about nix-darwin - LnL has always been really friendly and helpful on #nixos, when I had questions about achieving something with it.
As such, here’s my collection of expressions that declare the system configuration I use across my macOS machines: https://github.com/cmacrae/.nixpkgs
I’d certainly consider myself an absolute novice, but as you can see - even with little experience you can cobble something fairly comprehensive together.
My next plans are formed around my home infrastructure. Currently, I have a little rack - with one shelf occupied by a little Joyent Triton cluster made up of 3 intel NUCs. On top of Triton I run a number of home media services which are in lx-branded OS containers. Right now, I’ve formed a workflow around Packer, Ansible, and Terraform for creating images and deploying services.
I’m planning to introduce NixOS as a base lx-branded OS image, which you could then “inject” Nix system expressions into for declarative, reproducible images for varying deployments and services.
I find nix-darwin and your nixPGS for macOS really interesting. I want to try it out, but am pretty much non-nix smart.
I’ve just ordered a new MacBook, and will need to move everything over.
Is there a way to take your existing configuration and put it into nix-darwin?
Is there an idiot’s guide to getting started and making this all work somewhere?
How do I know the name of the variables I can set?
Keyboardsystem.keyboard = { enableKeyMapping = true; remapCapsLockToControl = true; };
this is awesome, but how could I have figured it out except seeing it in your config?
I’m not exactly an idiot, but around nix, I definitely am :)
I’m afraid there’s no good answer to that at the moment, I should probably look into how nixos builds the configuration.nix manpage. Currently you’ll need to use the darwin-option command or look at the sources.
Hey, I’m pretty much non-nix smart too!
The only means of taking your existing config and putting it into nix-darwin is to express it yourself.
The NixOS manual and Nixpkgs manual are the best resources for learning.
Regarding knowing the expressions you can use, I’ve found it’s a combination of what you learn from the NixOS manual and digging through the available modules in nix-darwin. It’s pretty easy to understand what’s possible with these when reading them. Nix is pretty verbose, so it should be clear what values you can/cannot pass to module parameters.
On top of that, you also have my config to go on! And LnL has an ‘examples’ directory in the ‘modules’ part of nix-darwin that you may also be able to learn a bit from.
Poking me on irc is also an option, I’m happy to answer any questions you have. As for things that are not supported yet feature requests or contributions are very welcome.
This seems like a step in the right direction, with a more accessible user interface.
What does “released” mean, though? How do I upgrade my existing nix install?
nix-channel --update ; nix-env -i nixdoesn’t get me 2.0.Did some more digging. I am on
nixpkgs-unstable(not on NixOS though). But it seemsnixpkgs-unstabledidn’t get the 2.0-release of nix yet, either. There’snixUnstablethough, which is at version2.0pre5968_a6c0b773: https://hydra.nixos.org/build/69873027.Digging further, it’s just not in
nixpkgsyet: https://github.com/NixOS/nixpkgs/commits/master/pkgs/tools/package-management/nix. And the relevant PR for switching nixpkgs’s nix to 2.0: https://github.com/NixOS/nixpkgs/pull/34636(And as an aside, this kind of need to dig to figure out the answer to a pretty straightforward question is typical for my nix experience – it always ends up making sense in some way, but you need so much knowledge and have to dig so deep to find out how/what/why.
git grepin a nixpkgs clone seems part of the required tool set for a nix user.)Yeah, I think there have been great strides on documentation over the past year, but there’s a long distance still to go.
I’ll keep talking to myself here. Following a suggestion from the announcement post on news.ycombinator, I got the new nix:
Which… doesn’t seem to know about nixpkgs? At least
nix searchdoesn’t find anything. Andnix log nixpkgs.hellodoesn’t findnixpkgs.Hey, that was my suggestion, so I perhaps should also mention that
nix log nixpkgs.hellodepends on you having something likeNIX_PATH=nixpkgs=/path/to/your/nixpkgs/checkout.Nix ≠ NixOS. But in NixOS, Nix 2.0 would be present in 18.03 release, which would be released in March this year. But you can also freely upgrade to their “unstable” channel (I forgot the proper name though) which has these all nice things with cutting edge versions available.
I have used NixOS a couple of times on desktop, and tried to use it in server. The bad part is perhaps obvious: the system is too clever for me. If I do something wrong, I don’t seem to have many ways to find out what it was. It’s the good old “debugging is twice as hard as developing”, and seems like the “developing” part is already reaching the limits of my capabilities. I’m not surprised that Haskell devs are into Nix.
The maintenance burden for maintaining all the small changes almost every application needs seem quite high to me, but the team seems to manage it well so perhaps I’m wrong. That or they’re very arduous.
Good parts: robust per-user application management that uses the exact same system as the system-level application management does. Fun times had when incrementally moving towards a final system, and then storing the configuration in git. Quite up-to-date software, and almost everything included in the main distribution’s channels.
I’m looking into simpler ways to infrastructure/applications/allthatstuff-as-code bliss through HashiCorp tooling (packer, terraform, consul, nomad). It seems quite a lot more accessible. On the desktop, Homebrew is easy to use and works superbly.
I’m curious about NixOS. Atomic updates sounds really nice. Can NixOS give me Arch but with atomic updates and rollback? Right now on Arch I run the 4.15 kernel but a default NixOS install seems to have 4.9. Maybe I just need to use the unstable channel but I saw that it wasn’t recommended in production.
I use NixOS when I need to Linux, and I’m going to try and get PCI passthrough working under QEMU so I never have to reboot to use Windows or OS X. It is the first Unix system I have felt right about using since pretty much ever — I have always regretted the Unix underpinnings of OS X and Nextstep before it.
I used it for a while in 2012-ish. The documentation was pretty poor, but I stuck with it for a while because the underlying design was very solid. I was excited to have a way to pull in new versions of certain packages without compiling from scratch, which could often interfere with things installed via
apt-getin unpredictable and difficult-to-debug ways. With nix I knew if I ran into trouble I’d just roll back and that would be that.In the end I quit using it simply because I didn’t need it–Debian’s repos caught up with my needs, and now the only software I compile manually is software that I’m actively contributing to. And the things I do build from scratch can usually be used straight from the checkout; there is no need to install them into
/usr/local.I use nix every day with a Goldbergian setup to manage my environment and configs.
Yet, this issue is still open? https://github.com/NixOS/nixpkgs/issues/18995
This is a new release of
nixthe package manager, notnixpkgsthe repository of packages. It doesn’t seem like that bug is a bug in the package managing part, or is it?I was responding to this question:
I stopped using nixpkg and went back to pkgsrc because of that particular issue.