Nix is the ultimate DevOps toolkit

I tried Nix a few days ago. I set it up on an existing Arch install. I installed a couple of packages with &quot;nix-env -i [package] and then tried to update them with &quot;nix-env -u&quot; as instructed in the official documentation: <a href="https:&#x2F;&#x2F;nixos.org&#x2F;manual&#x2F;nix&#x2F;stable&#x2F;#ch-basic-package-mgmt" rel="nofollow">https:&#x2F;&#x2F;nixos.org&#x2F;manual&#x2F;nix&#x2F;stable&#x2F;#ch-basic-package-mgmt</a><p>This ended up breaking the entire install. After a few hours of troubleshooting I found that the reason it broke was that it updated itself from version &quot;nix-2.3.10&quot; to &quot;nix-2.3.10-x86_64-unknown-linux-musl&quot; because it saw that package&#x27;s version string as a version bump. The suggestion in the github issue was to instead use an unofficial third party package for basic package management because this was a known, long-standing issue that is not likely to be fixed.<p><a href="https:&#x2F;&#x2F;github.com&#x2F;NixOS&#x2F;nixpkgs&#x2F;issues&#x2F;118481" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;NixOS&#x2F;nixpkgs&#x2F;issues&#x2F;118481</a><p>The experience came across as a massive red flag and I decided not to pursue it further.

I spend a few hours looking at nix about a year ago and found it impenetrable.<p>I simply do not grok the syntax or what the functions do. I tried searching for the functions shown in the examples on the website to no avail. I searched packages, options, and even resorted to ctrl-f while clicking through the site &quot;documentation&quot;...<p>It sounds awesome, but its in dire need of some better documentation if it wants to be accessible, IMHO. I simply didnt have the patience to delve any deeper.

Nix has a heavy learning curve and requires learning the language to feel comfortable. However, overcoming that hump is incredibly rewarding and allows for taming your system in a way that, for me at least, changed the way I look at composing software.<p>At mindbuffer[1] we&#x27;ve started using it for our recent art installations. The big benefits for us are reproducibility, ease of deployment, and the ability to collaborate on the composition of the whole system. I.e. rather than sharing a README of how to install things one by one and hoping each of us has followed it correctly, we just work on the same set of config files via a git repo (like we would any other code) and can be sure we&#x27;re all on the same page as a result.<p>Very much looking forward to Nix 3.0 landing with all its UI improvements and flake support. It seems like these changes will go a long way to making Nix more accessible, and provide a smoother on-ramp to learning the language itself.<p><a href="https:&#x2F;&#x2F;mindbuffer.net&#x2F;" rel="nofollow">https:&#x2F;&#x2F;mindbuffer.net&#x2F;</a>

I&#x27;ve written a few tutorials at <a href="https:&#x2F;&#x2F;nix.dev&#x2F;" rel="nofollow">https:&#x2F;&#x2F;nix.dev&#x2F;</a>, more to come in following months :)

The language and documentation is pretty awful, however I use NixOS (and therefore Nix) on my work desktop and still absolutely love it. The ability to create reproducible builds, test out tools without installing them permanently, and roll the OS back if you break something is just excellent.<p>For example I spent ages this morning trying to get a gRPC Rust environment working and battled the nix file for a good two hours but now it works I know it will always work and never have to do it again.

Nothing should be labeled as the ultimate devops toolkit when its documentation is as atrocious as nix<p>People can commend it as much as they want, but the steep learning curve is largely self inflicted because of their resistance to writing clean, comprehensive, up to date docs<p>It has also led to the community being filled with a lot of arrogance and pretentiousness<p>I wouldn&#x27;t run nix in production because of the lack of accessibility and toxic community. There are other ways to get reproducibility, etc without using an arcane and poorly documented toolkit

The gotcha I have with Nix is it&#x27;s too much abstraction. I have to look at the upstream documentation, then try and map it to Nix&#x27;s config syntax, then hope everything works.<p>Also, regarding DevOps, the tooling around Nix makes it a little brittle for anything event based--rapidly changing configurations on the fly due to network conditions (Consul, Ansible, etc). This is where configuration management is heading, and due to the static nature of Nix, delegating dynamic changes is hard&#x2F;anti pattern.

As an aside, I&#x27;ve just started trying to move my laptop to NixOS this past week, so far it seems pretty nice. I have a Macbook as well, and I think I should be able to share the Nix stuff with that - which would be cool.<p>As for the article, I hadn&#x27;t actually considered using it as a replacement for Ansible etc - but I could see why it might work better. I could pin packages etc to the versions, and get the exact same thing each time - no guarentee with ansible etc that the apt repository hasn&#x27;t been updated since the last install.<p>I think the whole Nix thing is an interesting idea, and I like the ideas behind it, I haven&#x27;t played enough with it yet to dare use it in production (or on my main desktop for that matter) but it is certainly a tempting idea.

A few days ago, I came across RobotNix[0] which uses Nix to deterministically build custom Android images. Since I really want to adapt Android to my needs but have always struggled with building it on my own (what a shitty and complicated build system), I&#x27;m now very inclined to learn Nix. I&#x27;m not sure I like the syntax but hopefully I&#x27;ll get used to it.<p>Another reason I&#x27;m quite excited about Nix is that in my team we&#x27;re currently using a whole bunch of tools like pip, Conda, npm all at the same time to manage our dependencies and it&#x27;s starting to become really cumbersome to set up the dev and production environments correctly across different operating systems and architectures. For instance, Conda doesn&#x27;t exist on arm64, lots of pip packages have to be compiled by hand on arm64 etc. etc. It&#x27;s a mess that I&#x27;d <i>love</i> to get rid of.<p>[0]: <a href="https:&#x2F;&#x2F;github.com&#x2F;danielfullmer&#x2F;robotnix&#x2F;" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;danielfullmer&#x2F;robotnix&#x2F;</a>

There&#x27;s a lot of unexplored potential of Nix in granular build systems and displacing systems like Bazel. If applied correctly, it lets smaller organisations get much of the benefit of Google-style monorepos but without as much maintenance overhead.<p>Some friends and I have been experimenting with this for the last year over at <a href="https:&#x2F;&#x2F;tvl.fyi" rel="nofollow">https:&#x2F;&#x2F;tvl.fyi</a> (code etc. is linked at the page bottom).<p>We&#x27;ve run into some issues with the current implementation of Nix, but stay tuned on that :)

I tried to learn before. But the docs made it incredibly hard. They went into excruciating detail of how it works. I still never made my own nix package. I’m wondering as a solo dev, who uses his personal machine, and two servers, if the hard work of learning it will pay off. But it definitely looks interesting.

My first time seeing Nix, very promising <a href="https:&#x2F;&#x2F;nixos.org&#x2F;#asciinema-demo-cover" rel="nofollow">https:&#x2F;&#x2F;nixos.org&#x2F;#asciinema-demo-cover</a><p>Definitely Nix deserves a try.

Great post! I&#x27;m working on a project called Flox that&#x27;s trying to make Nix easier to use for beginners and easier to scale for enterprises.<p>If that sounds interesting, you can sign up for the public beta: <a href="https:&#x2F;&#x2F;www.floxdev.com&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.floxdev.com&#x2F;</a><p>Here&#x27;s an announcement blog post about our initial release: <a href="https:&#x2F;&#x2F;discourse.nixos.org&#x2F;t&#x2F;introducing-flox-nix-for-simplicity-and-scale&#x2F;11275&#x2F;9" rel="nofollow">https:&#x2F;&#x2F;discourse.nixos.org&#x2F;t&#x2F;introducing-flox-nix-for-simpl...</a>

A lot of this sounds familiar to me— I maintain a hodgepodge build tool&#x2F;pipeline at my org whose current output is a monolithic mega-deb file which is becoming unwieldy on several fronts (storage, transfer, compression time). I&#x27;m really interested in the nix philosophy of separate paths and versioning by hash rather than number, but unfortunately my needs are quite specific, and not having actual experienced nix experts around is a barrier. The temptation right now is to roll our own solution which generates nix-style hash debs that otherwise cooperate with the larger Debian ecosystem we&#x27;re already very familiar with, but I could probably be sold on giving nix itself a closer look if I could hear from folks (or get pointers to documentation) on a few key points:<p>- What is the story in nix for packaging untagged branches of software, or reasoning about &quot;snapshots&quot; where pools of unreleased repos&#x2F;packages are able to be treated as a single versionable unit? (think not just a nightly build, but builds corresponding to unmerged feature branches, etc)<p>- Does the nix hash account for dependencies only changing the hash for ABI-impacting changes such as when a header file changes? Or does it change dependent hashes always? Or never?<p>- I have an existing system for managing packaging metadata which I don&#x27;t want to migrate from. How much trouble will I get into if I want to generate the metadata on the fly each time (as I currently do for my debs)?<p>- How much pain is it to roll a nix package &quot;by hand&quot; (basically with the dpkg-deb equivalent tool rather than the dpkg-buildpackage equivalent tool)?<p>- Nix isn&#x27;t supported in Artifactory (RTFACT-19998 has been open since 2019). Nominally, I can use the dumb WebDAV option, but is that going to affect my user experience and&#x2F;or will it be a maintenance headache?<p>- What is the apt&#x2F;nix interop story? I would likely need it to be bidirectional, so that my nix workspace could depend on system debs that I don&#x27;t want to port over, but also potentially have &quot;gateway&quot; debs which able to do the opposite, of depending on the nix workspace from a deb shim, and installing&#x2F;updating it in the postinst.<p>I&#x27;ve researched all of these in the past at various points and had a lot of trouble finding clear, straight answers on them. I&#x27;d love to hear from other users or nix experts, though, who could help calm our fears on this.

I use nix today for ci&#x2F;cd to build a large C++ project for a variety of architectures using cross-compiles. While it could be done with adhoc scripts, some cross compiler tool environment tool + conan, or something else, I effectively wrote my nix expression once to package up everything, and simply changed the target arch and libc and got what I wanted.<p>It&#x27;s not perfect, but it works, its fast, and its better than the alternatives.<p>I&#x27;m interested in rying Guix at somepoint instead as I think using Guile might be easier than learning the Nix language, cli tools, and more. I think guix could do much what I do now as well.<p>I can&#x27;t see myself using guix as an OS though, since they seem to think systemd is evil or something, and really systemd is quite nice in practice in my experience.

Has anyone explored CD tooling with Nix? And I don&#x27;t mean the deployment of NixOS machines themselves (NixOps, deploy-rs, etc), I mean actually using Nix for deployment tooling and orchestrating deployments using the Nix language.<p>I am yet to find any posts about this or any tools, but have had great success with a small hand rolled tool that essentially lets me decoratively describe cloud resources, parts of my application, deployment &quot;end state&quot;, and run the tools required to materialise that (Terraform, nixos-rebuild, etc) similar to GitHub Actions. Hydra is distributed CI for nix-build but does not handle CD or is designed to handle jobs with side effects AFAIK.<p>NixOS is great, but for me this is even more valuable, as I now have an introspect-able view of my entire deployed real estate, and can essentially `nix run ...` to deploy any part of my application in its entirety along with any dependencies.

I am very much looking forward to trying Nix I just haven’t made the time.<p>That being said the article jogged my memory on some related thoughts...<p>If you’re building deb packages for your own apt repo aptly is a great tool for powering it <a href="https:&#x2F;&#x2F;www.aptly.info&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.aptly.info&#x2F;</a><p>If you haven’t tried asdf for managing versions of tools it generally does what you’d expect and does it well <a href="https:&#x2F;&#x2F;asdf-vm.com&#x2F;#&#x2F;" rel="nofollow">https:&#x2F;&#x2F;asdf-vm.com&#x2F;#&#x2F;</a> It uses pyenv under the hood for Python management AFAIK.

Not a Nix user, but I spent some time trying to understand it. One thing that I wish I would have understood earlier is that &quot;Nix Pills&quot; is a decent, bottom-up Nix tutorial and probably a good place to start. Initially I thought &quot;Nix Pills&quot; was just a collection of recipes (&quot;Nix By Example&quot;), but it is not.

We&#x27;re using Nix packages at Precision Nutrition to manage our dev environments: <a href="https:&#x2F;&#x2F;github.com&#x2F;PrecisionNutrition&#x2F;pndev&#x2F;" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;PrecisionNutrition&#x2F;pndev&#x2F;</a>. It&#x27;s been enormously successful. I highly recommend it.

Obligatory link to its cousin: <a href="https:&#x2F;&#x2F;guix.gnu.org&#x2F;" rel="nofollow">https:&#x2F;&#x2F;guix.gnu.org&#x2F;</a> A package manager or a full distro. I use the package manager on top of Debian, it&#x27;s great, it allows me to get recent package versions the most straightforward way (like the latest Emacs), in exchange of disk space (easily some GB before a `guix gc` cleanup).

I love nix as a concept, but in my experience it isn&#x27;t practical on systems without a ton of memory. I regularly get build errors due to oom errors.

Nix is slowly becoming a major point of contention. In some communities, it’s already scary to even hint that one dislikes it.

A few years ago I was interested in Nix to make handling multiple Haskell projects easier. I dipped my toe in the water by running NixOS in Virtualbox on my laptop. After a while I decided that improvements in stack were enough for my modest requirements, but NixOS was cool.

I think it&#x27;s interesting that the motivating usecase is Python. Python&#x27;s dependency management is extremely bad and many tools exist just to try to cover up how bad it is without solving the core problems. Would Docker have ever become popular without Python?

Well mix was a no go for me for a few technical reasons:<p>* No multihost support, I want to share &#x2F; between many hosts, nixos ideas support this but the implementation doesn&#x27;t (and no I don&#x27;t want to just share the nixstore)<p>* No package security, ideally package deps chains should have a per user&#x2F;group created which won&#x27;t allow broken programs from rm -rf &#x2F; or worse.<p>* Nixos treats a filesystem as an object store, this goes against how most Unix tooling works (e.g how many Unix tools take a s3 obj?)<p>Things that might be incorrect on my part:<p>* No config validation, minor and hard though it would be nice if nixos had config validation.<p>* Single hash for store objects(?), it would be nice to use something like TLSH, etc in addition to a crypto hash

The article is very interesting.<p>Although until the middle of the article I could make little sense of it because I had no clue what Nix was (have never heard of it), until I reach the part where Nix was introduced. Seems to be a very interesting tool.

I participate in development of the cross-platform indie video game written in C++ called Insatia [1]. We switched our CI server to building almost all the binaries using Nix. With Nix we have proper Clang with libc++&#x2F;etc for latest C++ features, cross-compiling Clang (for building Windows binaries from Linux), static linking of any 3rd party libraries (useful for portable builds), Wine-based environment for building Xbox binaries (sounds crazy, but yes, it is faster and more stable in Linux than in Windows VM), and all sorts of hacks and tricks, all laid out in .nix files in a quite comprehensible, self-documented way. Now, given a clean Linux machine with only Nix installed and our game repo checked out, I can run a single nix-build command to build our game for Windows, Linux and Xbox. It will take quite a bit of time (hours) and disk space (tens of Gb), because it builds custom compilers and temporary VMs, but it will be cached in Nix store and only has to be done once.<p>Before that I used giant Docker image with all sorts of build tools installed&#x2F;built, plus persistent VMs which had to be maintained manually, and Nix made it so much easier. Nixpkgs provides a good foundation - it has almost all software you may need and all the utilities to modify it or add new software. Need to patch or switch to custom version some obscure dependency of a compiler building another compiler building a library you use? Override a derivation, and all the dependent stuff will be rebuilt automatically. For building software Nix can be seen as a kind of super-Docker - Nix store allows for more granular caching than just layers, so incremental improvements can be done much faster. Essentially Nix turns files and packages into values in a programming language, so instead of hacky bash scripts trying to imperatively maintain a file dump, you just compose immutable packages by writing expressions.<p>That said, Nix is really hard to understand at first, comparable to Haskell&#x2F;monad tutorials. I remember I made a few unsuccessful attempts at it over a ~6 month period, every time becoming more desperate, and then it finally clicked after careful reading of Nix pills [2] for a few consecutive days. To me, the most interesting thing to discover was that while Nix&#x2F;nixpkgs do necessarily use some &quot;hard&quot; concepts like fixed point, it is in fact quite &quot;old-school&quot; and mostly about Unix, executables, linking, string templating, contains a lot of bash scripts, etc, so it&#x27;s not really another Haskell. In fact, traditional building of C&#x2F;C++ software with autotools is supported in Nixpkgs better than building modern stuff like Rust or Go, due to reliance of the latter on own package managers.<p>[1] <a href="https:&#x2F;&#x2F;insatia.kozinaka.com&#x2F;" rel="nofollow">https:&#x2F;&#x2F;insatia.kozinaka.com&#x2F;</a><p>[2] <a href="https:&#x2F;&#x2F;nixos.org&#x2F;guides&#x2F;nix-pills&#x2F;index.html" rel="nofollow">https:&#x2F;&#x2F;nixos.org&#x2F;guides&#x2F;nix-pills&#x2F;index.html</a>

To truly appreciate what nix provides, take a look at this example script that uses nix-shell as interpreter and marvel at the fact that running it is as simple as running a binary after you have nix installed.<p>```<p>#!&#x2F;usr&#x2F;bin&#x2F;env nix-shell<p>#!nix-shell -p &quot;(pkgs.haskellPackages.ghcWithPackages (ps: [ ps.text ]))&quot;<p>#!nix-shell -i runghc<p>{-# LANGUAGE OverloadedStrings #-}<p>import Data.Text.IO<p>main :: IO () main = Data.Text.IO.putStrLn &quot;Hello, World!&quot;<p>```<p>While nix is sometimes hard to learn, it is often a much simpler solution and it works for all languages so learning it is well worth it.

I feel like I&#x27;m a veteran looking at my stack overflow question from 2009. Basically we had our own approach to the problem using FreeBSD. Also, Nix is among the proposed solutions.<p><a href="https:&#x2F;&#x2F;stackoverflow.com&#x2F;questions&#x2F;1316716&#x2F;reproducible-custom-distribution-build-system-for-linux" rel="nofollow">https:&#x2F;&#x2F;stackoverflow.com&#x2F;questions&#x2F;1316716&#x2F;reproducible-cus...</a>

Chef&#x27;s Habitat is a really powerful nix-like system that I find to be a bit more practical. Like nix though it suffers from being a complete paradigm shift that people coming in from the imperative OS world struggle trying to map their existing patterns into<p>It&#x27;s kind of sad because it&#x27;s a far better way to manage deployments and environments...but it takes 1-2 years of practice to really get proficient at

Reading some of the comments here, it feels like one needs to lay out a lot of context before being able to describe their Nix experience.<p>(Is that Conway&#x27;s law in reverse, or just Occam&#x27;s beard? I can&#x27;t help but wonder.)<p>And I gotta get back to trying to build Deno from Git with Mozilla&#x27;s overlays. Thankfully, Nix pairs well with git submodules...

I&#x27;ve gotten into NixOS for my personal daily driver, but I&#x27;d love to see more resources about how to orchestrate CI&#x2F;CD flows with Nix. It&#x27;s not totally clear how I&#x27;d move from the simple single machine configuration I have now to packaging a large monorepo and deploying it.

Even though the article sounds like it&#x27;s written by educated person, it puzzles me that the author:<p>&gt; Installing packages with APT is not atomic: APTs updates files in-place one by one. Because we start Python processes many times per second, if one started during a deployment, it could import a mix of the old and new code. This regularly lead to puzzling bugs<p>Don&#x27;t you stop all your services in preinstall and start them again in postinstall? Or, if you&#x27;re packaging your python libs in deb pkgs, just stop the services before upgrading the system and start them again once you&#x27;re done.

I like nix, but it is hard as hell to switch to from yaml driven world. If the path was more gradual nix would see more adoption

Nix sounds like SELinux.<p>A great idea in theory, but in practice just too hard.<p>There is a great deal of genius in coming up with these ideas.<p>There is just as much genius in finding the 80-90% solution that incorporates most of the original, but in a workable way.<p>Looking forward to seeing where stuff like Nix ends up.

When those DevOps happen to work with GNU&#x2F;Linux only.

Nix sounds great in theory, but it&#x27;s just not there yet unfortunately. I tried it out but there were just too many workaround to setup my work environment.

Nice, but this is as far from devops as knitting. They covered CI, but there is CD, all the cloud stuff, containers, security and so on.

Odd choice for a name, since Nix is a registered trademark of another tech company.

This reminds me -&gt; <a href="https:&#x2F;&#x2F;xkcd.com&#x2F;927&#x2F;" rel="nofollow">https:&#x2F;&#x2F;xkcd.com&#x2F;927&#x2F;</a>

The merges-straight-to-master give me the willies.<p><a href="https:&#x2F;&#x2F;botsin.space&#x2F;@complainingaboutmastercommits" rel="nofollow">https:&#x2F;&#x2F;botsin.space&#x2F;@complainingaboutmastercommits</a>