Ixxie Ixxie - 1 month ago 16
Linux Question

An Overview of Nix/OS Architecture?

While the Nix/OS wiki and manuals provide a lot of excellent information, I am still having trouble getting an architectural overview. Apologies for the quantity and naivity of the questions; feel free to answer a subset:




1. What constitutes a Nix package?

From my reading of the manual a Nix package is:

    i. A Nix expression that fetches the source and dependencies needed to build.

    ii. A
builder
script.

    iii. A listing on
all-packages.nix
.

The source and the binary along with generated derivations are put in the
nix/store
, and channels automate updates, keeping them up to date efficiently by using a shared binary cache.

    a. Is this correct and complete?

    b. Where are the .nix expressions stored?

    c. May I simply copy a package folders between the
nix/store
s of different machines if they have the same architecture?




2. What constitutes a Nix environment?

    a. Where and how are environments defined?

    b. What about user profiles?

    c. How does the
nix-shell
command work? Is it related to the
nix-env
command?




3. What is the relationship between NixOS's
configuration.nix
and Nix environments?


From the manual and wiki I gather NixOS is a Nix package, and that Nix creates a basic system environment based on
configuration.nix
.

    a. Is this true, and if so what do
nixos-rebuild
and
nixos-install
do besides this?

    b. Is it possible to reverse the process, i.e. generate succinct package or configuration files from an environment?

    c. What can I do with NixOS that I cannot do with Nix?




4. What are best practices when using Nix for creating portable and reproducible environments to share with colleagues?

    a. What are the various approaches to sharing desktop, server and development environments?

    b. What are the use-cases for these approaches?

    c. What are their advantages and disadvantages vis-à-vis portability and accesibility?




5. Open bonus question: what else is critical to note about Nix/OS architecture?

Answer

1.a

Yes, you can view Nix also as a build tool which uses /nix/store as a cache. Nix being a package manager is just a side-effect of this design.

1.b

Where your nix expressions are depends on your setup. To figure this out look into your $NIX_PATH variable which points to locations where copies of nixpkgs repo are located. Those copies were (sometimes still are) managed by the nix-channel tool, but in the future you will could point to nixpkgs like:

export NIX_PATH=nixpkgs=https://github.com/NixOS/nixpkgs/archive/16.03.tar.gz

You can read more about NIX_PATH in this blog post about nix search paths

1.c

Yes, packages can be copied between machines. Actually, there is already a tool for this: nix-copy-closure.

2.a

I believe you are talking here about Nix environments that you manage with nix-env. We usually refer to these as nix profiles. What I said about the nix search path (NIX_PATH variable) in point 1 does no really apply to nix-env.

The nix-env tool uses ~/.nix-defexpr, which is part of NIX_PATH by default, but that's only a coincidence. If you empty NIX_PATH, nix-env will still be able to find derivations because of ~/.nix-defexpr.

2.b

A user profile is just a nix environment (described in 2.a) that you can change to anything else, e.g.:

nix-env --switch-profile ./result

where ./result is something in /nix/store or something that points into /nix/store. Then the above command will switch the ~/.nix-profile symlink with your ./result.

2.c

nix-shell is actually closer to the nix-build command. So let me first explain what nix-build does.

nix-build is used to build .nix files (also derivations, but for that I will have to explain what a derivation is). An example how you would use nix-build:

nix-build something.nix

The above command would produce a ./result symlink, which points to something in /nix/store. Nix command will realize the build and store the output into /nix/store.

nix-shell on the other hand will do exactly what nix-build does except it will not trigger the builder script and will drop you into that environment. That way you end up with an environment that you can use to develop nix expressions, which can also be outside the nixpkgs repository (eg. your private projects).

3.a

Nix installs the binary and NixOS creates configuration for that binary and hooks it up with the init system (systemd currently).

3.b

No. This is what other configuration managers do. Nix works the other way around. The difference in approach is nicely described in this blog post.

3.c

As said in 3.a, nix will only install binaries, while nixos will also make sure that the binary is running.

4.a/b/c

Basically there is no limit, do how you think fits you. Once you understand the basic concepts you find what works best for you. Look at others' dotfiles/configurations and have opinions.

I use my collection of nixos configurations to manage laptops for my family with the help of the system.autoUpgrade service.

To create a (build) reproducible environment I wrote a blog post some time ago.

5.

My personal favorite tool that is coming (or is already here) is vulnix. This will check your current system/project against current vulnerabilities (CVEs). And this makes nix stand out against others, especially since it is so easy to use (no enterprise setup).

Another use case that I found for nix is to build reproducible docker images using dockerTools helpers.