I wish there was a way to simply choose a set of programs I need (say for example, jupyter with a set of libraries) and download a nixos configuration that I can simply apply to a virtual machine, and get a machine exactly according to what I need (with sane defaults). Does something like this exist now?
I haven’t done this myself, but I’ve seen this talked about on several occasions. I get the impression that you can build a bootable iso from any given config, or you can build directly into a virtualization target.
This is such a cool idea! I at one point built a “try nixos” service where you got 1hr of free NixOS-in-a-VM, but I stopped working on it due to abuse concerns. Maybe it could live on in this way.
This is the question I also wanted to ask here, glad I am not the only one. Is there some way of generating secure configs somewhere, based on your needs? I tried to use Nixos like five times or so, but I always have the feeling I miss entries in the config file that make it less secure compared to my normal hardening of distro’s like CentOS and Debian that I know very well. I don’t know what gets done automagically (quite a bit it seems!) And what not.
And I can find and use other’s config files of course, but who says they are any good? I really think some documented (and up to date) wiki/site/library of sane default examples for a lot of different use cases (i.e. apache/webserver/security headers, database/mysql, certbot/let’s encrypt etc. etc.) would greatly benefit users like me.
But maybe that already exists and I can just not find it. So, if someone knows of something like this, let us know :)
There’s generally the wiki, at: https://nixos.wiki/ (officially unofficial… but unofficially it’s the main one …kinda like in: the only one). There’s also https://nixos.org/nixos/security.html. But given that the NixOS community is not super large in itself, the security sub-community seems even smaller. I think you could try asking on the NixOS security discourse if you have some detailed questions; but given the slow traffic, it may be hit or miss. Or just asking on the main NixOS discourse.
I’ve been playing with NixOS on an old laptop for a while now, a few hours per month here and there. It seems pretty cool but it doesn’t feel like a cohesive desktop experience yet, but I’m not sure it’s intended to be. I feel like I’m a macOS user looking for a Crunchbang++ derivative/lookalike implemented in NixOs, though.
Nix has completely replaced Homebrew for me. I’ll accept that “works for me!” is not always a useful answer, so I’ll qualify this by including my list of globally installed Nix packages (which I actually manage with nix-darwin:
Most of my work is Haskell web development, and I typically do all of this in Nix shells, so I’ll also pull in GHC, Postgres, Redis, Nginx, InfluxDB, collectd, Grafana, and others on a project-specific basis.
Not sure how to give you an objective comparison. It really depends on what you use?
In pure numbers, the official nixpkgs repo has 5,805 packages at this moment whereas brew has 4,747. It’s not exactly a 1:1 comparison, but seems they’re in the same ballpark.
In terms of how active the projects are, nixpkgs has 2,057 contributors whereas brew has 662 contributors. In the past month, nixpkgs merged 1,372 PRs while brew merged 89. Again, not 1:1 comparison since nixpkgs is a much larger scope but I find that it creates a great forcing function for package availability and maintenance. In general, I’ve found the nix community to be super active, responsive, and growing very quickly.
Just to put up a different perspective, my impression has been different. I’m using nix fully instead of homebrew on macos, and from my interactions with the nixpkgs github, the mac support seems rather second class, with pretty clear bugs in important (to me) packages taking a while to be looked at.
E.g. elm-format not being installable alongside elm, or the go compiler erroring without passing CGO_ENABLED=0.
Yea, “second class” is a good way to describe it. The fact that nix even works well as a brew replacement is more of a testament to the design and power of the system than anything. :)
Can you elaborate on this? Both nix and brew are package managers, so I don’t see a connection from nix being a replacement for brew as a testament of power and good design. What am I missing?
Perhaps they referred to the fact that a single package system can be used on NixOS, any Linux distribution, and macOS. Of course, this is not unique, Homebrew has Linuxbrew now and pkgsrc can run on many unices.
For me, a testament to the design and power of nix is that you can invoke a shell with elm and elm-format ;).
The best way to make Nix a first-class system on macOS is to use it and make PRs/issues for any problem you find. macOS will always be harder because it’s proporietary and limited in various areas (which makes e.g. sandboxed builds flaky). But you can really make a difference by helping out. I am by no means an active nixpkgs contributor, but I try to submit fixes for problems that I encounter on macOS.
Mostly what iswrong said. Yes, there’s a long history of making source-based package managers work across platforms. I remember trying to use Gentoo’s Portage on OSX, way back. As you noted, it ends up being a second-class experience outside of the origin platform.
I feel the scope of the nix ecosystem is a fair bit more than that. Here are some things that I think are cool: nix can bootstrap itself entirely in userland (no root permission required). The hydra build system (combined with increasingly reproduceable builds) creates an interesting hybrid of a source-based and binary-based package manager that is available on multiple platforms in a very fluid way. NixOS itself creates an interesting forcing function for the nix packages as the declarative configurations intertwine with each other (certain features enable/disable implicitly based on your configuration state). NixOps is further an interesting platform for pushing out deployments onto other targets.
While a lot of cross-platform efforts end up being “we built it for X, but then we ported it to Y”, whereas I’d describe nix more as “we generalized it to X, Y, Z, and beyond.” That is to say, the problems you run into with using nix on macOS are not fundamental limitations of the platform port, but just transient bugs in the package declaration that haven’t been discovered/reported/fixed yet. That makes me optimistic. :)
What makes it feel not like a cohesive desktop experience?
I’ve been using it for several years now and I’m fully satisfied. You can pick any window manager/desktop you want. The default settings are a delightfully minimal system, which you can then add the things to it that you want by editing a single config file which lasts beyond the life of one computer. nix-shell lets me have different environments at the same time when developing software. I really don’t see myself using anything else in the future.
It doesn’t feel like the experience of Ubuntu or Fedora or whatnot. I feel intimidated by the amount of customization that I think that I’d need to do in order to fashion a desktop experience like those, or even something as minimal as Crunchbang++, the last distro I used before I switched full time back to macOS.
Maybe what I need is a batteries-included spin of NixOS, or really, in NixOS particular idiom, a configuration.nix that builds a system like Crunchbang.
There are a load of configuration.nix files on the Web that you could either copy or take inspiration from, although my Googling shows that the most heavily-customised configurations also seem to be the least like an OSX ‘cohesive desktop experience’, e.g. focusing on minimalism, using tiling window managers, with a heavy focus on terminals and vim/emacs. I can’t offer much concrete advice since I’m one of those too :P
I think this is a fair criticism, and it’s one I think programmers are typically really bad at addressing. Not through any fault of their own, but I think it’s hard for programmers to remember what it’s like to not know everything they know.
I think many people who know what they’re doing go for a bare-bones installation, whereas those less familiar will be intimidated by the void. An example of this is Vim — I think it’s common for beginners to install a distribution like Janus (or just a whole stack of shiny plugins), but then gradually remove things as they learn more.
Maybe NixOS needs its own Janus, where users can gradually strip things away until they’re comfortable with a bare-bones installation.
al years now and I’m fully satisfied. You can pick any window manager/desktop you want. The default settings are a delightfully minimal system, which you can then add the things to it that you
Well, because nix is itself a programming language, people could add an abstraction on top of nixos configs to make it batteries included.
I really like it as well, but I can’t use it as a daily driver; I’m too used to a Macintosh. But man, I wish that there were a alternative to the Mac that had at least Windows’ level of fit & finish, and was managed by a purely declarative system like nix.
Congratulations. I’ve been refreshing nixos.org every morning looking forward to this day.
I wish there was a way to simply choose a set of programs I need (say for example, jupyter with a set of libraries) and download a nixos configuration that I can simply apply to a virtual machine, and get a machine exactly according to what I need (with sane defaults). Does something like this exist now?
I haven’t done this myself, but I’ve seen this talked about on several occasions. I get the impression that you can build a bootable iso from any given config, or you can build directly into a virtualization target.
Relevant links:
This is such a cool idea! I at one point built a “try nixos” service where you got 1hr of free NixOS-in-a-VM, but I stopped working on it due to abuse concerns. Maybe it could live on in this way.
This is the question I also wanted to ask here, glad I am not the only one. Is there some way of generating secure configs somewhere, based on your needs? I tried to use Nixos like five times or so, but I always have the feeling I miss entries in the config file that make it less secure compared to my normal hardening of distro’s like CentOS and Debian that I know very well. I don’t know what gets done automagically (quite a bit it seems!) And what not.
And I can find and use other’s config files of course, but who says they are any good? I really think some documented (and up to date) wiki/site/library of sane default examples for a lot of different use cases (i.e. apache/webserver/security headers, database/mysql, certbot/let’s encrypt etc. etc.) would greatly benefit users like me.
But maybe that already exists and I can just not find it. So, if someone knows of something like this, let us know :)
There’s generally the wiki, at: https://nixos.wiki/ (officially unofficial… but unofficially it’s the main one …kinda like in: the only one). There’s also https://nixos.org/nixos/security.html. But given that the NixOS community is not super large in itself, the security sub-community seems even smaller. I think you could try asking on the NixOS security discourse if you have some detailed questions; but given the slow traffic, it may be hit or miss. Or just asking on the main NixOS discourse.
I’ve been playing with NixOS on an old laptop for a while now, a few hours per month here and there. It seems pretty cool but it doesn’t feel like a cohesive desktop experience yet, but I’m not sure it’s intended to be. I feel like I’m a macOS user looking for a Crunchbang++ derivative/lookalike implemented in NixOs, though.
If you’re looking to dip your toes, you can use nix as a package manager on macOS (as a substitute for things like brew).
How extensive is the set of available packages compared to Homebrew?
Nix has completely replaced Homebrew for me. I’ll accept that “works for me!” is not always a useful answer, so I’ll qualify this by including my list of globally installed Nix packages (which I actually manage with nix-darwin:
Most of my work is Haskell web development, and I typically do all of this in Nix shells, so I’ll also pull in GHC, Postgres, Redis, Nginx, InfluxDB, collectd, Grafana, and others on a project-specific basis.
Not sure how to give you an objective comparison. It really depends on what you use?
In pure numbers, the official nixpkgs repo has 5,805 packages at this moment whereas brew has 4,747. It’s not exactly a 1:1 comparison, but seems they’re in the same ballpark.
In terms of how active the projects are, nixpkgs has 2,057 contributors whereas brew has 662 contributors. In the past month, nixpkgs merged 1,372 PRs while brew merged 89. Again, not 1:1 comparison since nixpkgs is a much larger scope but I find that it creates a great forcing function for package availability and maintenance. In general, I’ve found the nix community to be super active, responsive, and growing very quickly.
Just to put up a different perspective, my impression has been different. I’m using nix fully instead of homebrew on macos, and from my interactions with the nixpkgs github, the mac support seems rather second class, with pretty clear bugs in important (to me) packages taking a while to be looked at.
E.g. elm-format not being installable alongside elm, or the go compiler erroring without passing
CGO_ENABLED=0.Thanks, that’s really useful to know as I use Elm.
Yea, “second class” is a good way to describe it. The fact that nix even works well as a brew replacement is more of a testament to the design and power of the system than anything. :)
Regarding elm-format, what was the problem?
does not work?
Can you elaborate on this? Both nix and brew are package managers, so I don’t see a connection from nix being a replacement for brew as a testament of power and good design. What am I missing?
Perhaps they referred to the fact that a single package system can be used on NixOS, any Linux distribution, and macOS. Of course, this is not unique, Homebrew has Linuxbrew now and pkgsrc can run on many unices.
For me, a testament to the design and power of nix is that you can invoke a shell with
elmandelm-format;).The best way to make Nix a first-class system on macOS is to use it and make PRs/issues for any problem you find. macOS will always be harder because it’s proporietary and limited in various areas (which makes e.g. sandboxed builds flaky). But you can really make a difference by helping out. I am by no means an active nixpkgs contributor, but I try to submit fixes for problems that I encounter on macOS.
Mostly what iswrong said. Yes, there’s a long history of making source-based package managers work across platforms. I remember trying to use Gentoo’s Portage on OSX, way back. As you noted, it ends up being a second-class experience outside of the origin platform.
I feel the scope of the nix ecosystem is a fair bit more than that. Here are some things that I think are cool: nix can bootstrap itself entirely in userland (no root permission required). The hydra build system (combined with increasingly reproduceable builds) creates an interesting hybrid of a source-based and binary-based package manager that is available on multiple platforms in a very fluid way. NixOS itself creates an interesting forcing function for the nix packages as the declarative configurations intertwine with each other (certain features enable/disable implicitly based on your configuration state). NixOps is further an interesting platform for pushing out deployments onto other targets.
While a lot of cross-platform efforts end up being “we built it for X, but then we ported it to Y”, whereas I’d describe nix more as “we generalized it to X, Y, Z, and beyond.” That is to say, the problems you run into with using nix on macOS are not fundamental limitations of the platform port, but just transient bugs in the package declaration that haven’t been discovered/reported/fixed yet. That makes me optimistic. :)
Oh it works fine now, but for a good while the two packages conflicted due to trying to install library dependencies.
What makes it feel not like a cohesive desktop experience?
I’ve been using it for several years now and I’m fully satisfied. You can pick any window manager/desktop you want. The default settings are a delightfully minimal system, which you can then add the things to it that you want by editing a single config file which lasts beyond the life of one computer. nix-shell lets me have different environments at the same time when developing software. I really don’t see myself using anything else in the future.
Maybe cohesive isn’t the right word.
It doesn’t feel like the experience of Ubuntu or Fedora or whatnot. I feel intimidated by the amount of customization that I think that I’d need to do in order to fashion a desktop experience like those, or even something as minimal as Crunchbang++, the last distro I used before I switched full time back to macOS.
Maybe what I need is a batteries-included spin of NixOS, or really, in NixOS particular idiom, a configuration.nix that builds a system like Crunchbang.
tbh I think all you need is
services.xserver.desktopManager.gnome3.enable = true;There are a load of
configuration.nixfiles on the Web that you could either copy or take inspiration from, although my Googling shows that the most heavily-customised configurations also seem to be the least like an OSX ‘cohesive desktop experience’, e.g. focusing on minimalism, using tiling window managers, with a heavy focus on terminals and vim/emacs. I can’t offer much concrete advice since I’m one of those too :PI think this is a fair criticism, and it’s one I think programmers are typically really bad at addressing. Not through any fault of their own, but I think it’s hard for programmers to remember what it’s like to not know everything they know.
I think many people who know what they’re doing go for a bare-bones installation, whereas those less familiar will be intimidated by the void. An example of this is Vim — I think it’s common for beginners to install a distribution like Janus (or just a whole stack of shiny plugins), but then gradually remove things as they learn more.
Maybe NixOS needs its own Janus, where users can gradually strip things away until they’re comfortable with a bare-bones installation.
Well, because nix is itself a programming language, people could add an abstraction on top of nixos configs to make it batteries included.
I really like it as well, but I can’t use it as a daily driver; I’m too used to a Macintosh. But man, I wish that there were a alternative to the Mac that had at least Windows’ level of fit & finish, and was managed by a purely declarative system like nix.