The Nix language itself is the hardest part.
Let me disagree there, the language is trivial. It’s just JSON-lookalike with expressions, with a lot of nice touches that make using it much easier than all the alternatives (e.g. sane multi-line string handling, lazy evaluation, default values, powerful key/value sets, etc.). The only real stumbling for me when first encountering it was realizing that functions can only take a single argument (which can be a key/value set) and that functions are literally just
:(e.g. (a: a + 5) 6 => 11). That’s easily missed if you just look at a file without reading the documentation.The thing that makes it hard is just the complexity of the actual package collection, your configuration contains literally your whole system, and it’s not always obvious where to find the thing you need, since sometimes it’s a plain package, sometimes it is a
services.foobar.enable = trueand sometimes you have to fiddle with override or other package specific things. Knowing that https://search.nixos.org/ exists is half the battle here.There is also the lack of static typing that can lead to rather verbose error messages, but it’s not like many other configuration formats have that either.
There are a few gnarly things about Nix, even for someone who’s familiar with Haskell (the most similar language to Nix that’s even close to mainstream).
- Dynamic typing (you mention this briefly). Some people like the extra flexibility that dynamic typing gives, but there’s a tradeoff: more errors. The thing is, due to NixOS’s complicated structure, the traceback for an evaluation error might not give you any information about where the cause is (indeed, the traceback might not include a single line of your own code!). This makes errors unusually costly in NixOS specifically, so any language feature that causes more runtime errors automatically has a worse impact than it would in a more “normal” language.
- The “standard library” (
builtins) is extremely sparse. You basically have to depend on at leastnixpkgs-libif you want to get any real work done. - No real data abstraction mechanisms. No ADTs, no nominal types. The only composite types are attrsets and lists. The usual way to encode a custom type is as an attrset with a
_typefield or some such. - While we’re at it, very limited pattern-matching.
- Clunky list literal syntax: no commas between list elements. I can’t tell you the number of times I’ve forgotten to surround list elements in parentheses.
- Can anyone remember the rules for escaping
${or''? I have to look them up every time.
Using a language server like nixd also helps a lot with auto completing packages and options in your config.
Apparently people are also working on the nickel configuration language to address some of the nix limitations and difficulties.
I really feel compelled to share that I actually really fucking love nix. I’ve never felt so confident that my computer would turn on no problem. It was hard and it was rewarding.
Idk I guess I haven’t had it for long but once I got my dotfiles the way I like I just stopped messing with it.
Also nix devshells are pretty dope (◕ᴗ◕✿)
If you download a binary you can just
steam-runit and it just works?
This command will just run an executable file on nix. Normally only executables which are installed from the package manager will work.
appimage-runis another option. Which can be used to run, you guessed it, appimages
It’s missing the fact that the nix store can be huge, even if garbage collected regularly. This prevents me from using nix on my Ubuntu laptop with limited HDD space.
NixOS sounds like ansible in OS form and that has never seemed appealing. Happy to hear why my impression is wrong though!
Think about it like this:
-
with ansible, you are responsible for making sure that executing the described steps in the described order leads to the desired result
-
with nix, you describe what you want your system to look like, and then figuring out how to get there is nix’s problem (or rather, is obvious to nix thanks to nixpkgs)
Thanks for explaining
-
Ansible is idempotent with a lot of intent. NixOS is idempotent.
I’ve been stuck on Nix for two weeks because I thought it would be a good idea to put a distro I had never used but that wouldn’t break on my backup laptop in case my main one ever broke. I just couldn’t force myself to install debian, not that I have anything against debian, it’s just… kinda boring, while Nix seemed very interesting. IT SEEMED LIKE A GOOD IDEA AT THE TIME I SWEAR.
Guess what happened… I broke Arch. Then I reinstalled and the next day the laptop broke. Then the next day I tried to get my data back and the hard drive broke. So, backup laptop with Nix for two weeks…
- I really really really like the declarative stuff. Installing packages through config files is so nice I’ll never lose track of what I’ve installed ever again 🥰 🥰 🥰 I was already using a git repo for all my config files + GNU Stow to symlink everything to its proper place, so adding the .nix configs to that setup was very easy.
- Having a clean system on rebuild is great. No more clutter left everywhere that I don’t know about, no more half broken stuff left lying around.
But…
- It’s not Arch. Not Nix’s fault, but I kept hearing that it would be “like Arch but declarative”… and it’s really not 😑 Everything seems over-complicated vs as simple as possible.
- I absolutely hate the language.
- What’s with those error messages from hell???
- And speaking of hell, every language that can’t just use indentations like YAML instead of cluttering the code with {} and [] and () should have been relegated to the darkest pit of hell 20 years ago. But points to Nix for being less awful than JSON (the comma on every line but not the last thingy make me want to build a time machine to go murder the grandparents of whoever thought it was a good idea)
- Packages are out of date even in the unstable branch (I know it’s unfair since it’s not trying to be a rolling release… but… but…)
- Where are the source packages? Is that an Arch only thing? I liked having packages that automatically use the latest git commit without needing to manually install from source and manually reinstall each time I want an update like a medieval peasant… 😭
- Nix packages are weird. Even someone who’s terrible at coding like me can read Arch PKGBUILDS… I miss you Arch 😢
- Apps not working because of paths that don’t exist on Nix… what do you mean I need to patch the package myself? 😭 But at least there’s steam-run, great preserver of what’s left of my sanity.
- Can’t wrap my head around installing some stuff like VSCode extensions (the advice I got was "don’t bother just do it imperatively 😑 )
- Wiki is often sparse on info and not very helpful if you don’t already know what you are doing (and I clearly don’t 😅)
- Hidden configs. Some stuff works on its own like pipewire even though I haven’t installed or configured it (I went with a minimal install that just gave me a tty then build from there, no DE), and how it’s already configured is not in the default config files. It’s very confusing not knowing why some stuff works and how it’s configured by default.
But it’s kinda growing on me. Like mold. Or cancer. Brain cancer.
Where are the source packages?
It’s reproducible, so random updates are a no-no. You can however just dump the Git URL in your
flake.nixinputs and then override thesrcof the package with that. The source gets updated when you donix flake updatenext time. Something like this:inputs { ... mypackage_src.url = "github:myorg/mypackage"; mypackage_src.flake = false; ... }pkgs.mypackage.overrideAttrs (oldAttrs: { src = mypackage_src; version = "nightly-${mypackage_src.shortRev or "src"}"; })Nix has more up to date packages than most distros have packages in total. There’s a bot that goes around updating them automatically if they are from github. Maybe there’s an issue with your package?
Packages are out of date even in the unstable branch (I know it’s unfair since it’s not trying to be a rolling release… but… but…)
Sure, some packages are outdated. But in terms of percentage of up-to-date packages, it’s (AFAIK) the best out of any distro repo. And that’s perhaps even more impressive of a feat when realizing it also sports the biggest repo. For actual stats: https://repology.org/repositories/statistics/pnewest
Wait how does Nix Unstable have a better score than the AUR? With four times less maintainers? That’s really impressive, especially considering how much more simple Arch packages are to make.
Because you end up feeling unsatisfied with running the thing until you package it. I don’t even understand the Nix language and I still messed around with a couple of packages
I wonder what your thoughts on guix would be, especially considering your thoughts on the language
Succinctly : “OH GOD MY EEEEEYES”
I’m not a fan of nested parenthesis… but aside from that I don’t know much about the language, is it more convenient? Does it also suffer from the error messages from hell problem?
I’m just seeing your comment after I recommended Guix, that I could read and understand Guile Scheme is what made me hop away from NixOS, the nixlang is an ungrokable mess
But points to Nix for being less awful than JSON (the comma on every line but not the last thingy make me want to build a time machine to go murder the grandparents of whoever thought it was a good idea)
There’s one evil genius responsible for both JSON and JavaScript? °o°
Yeah, fuck that guy!
I’m sure it’ll get better once I’m more used to it, just venting a bit. Sorry for the rant
I found this very entertaining lol. And it also confirms I made the right choice not using Nix as my daily driver. This sounds like a headache.
Yes it’s a headache if you don’t have a clue what you’re doing and suck at coding like me, but the good parts might make the headache worth it depending on what you want of your distro. A week ago I couldn’t wait to get a new laptop to reinstall Arch, but now I’m actually wondering if I should keep trying Nix… OH GOD HAVE I CAUGHT THE NIX BRAIN CANCER? 😭
I absolutely hate the language
Check out Guix_System_Distribution, it’s just like NixOS but uses a Scheme dialect which is a better language.
While some people love putting Lisp in everything, I really don’t get it. Guix is far uglier than Nix in the language department. Scheme is not a configuration language and thus has none of the nice things that Nix has (multi-line string handling, defaults, lazy evaluation, inline expression, etc.), instead you get multiple levels of macro spaghetti. Furthermore, Guix forces you to turn everything into Scheme, where you can just use plain Bash in your Nix build steps, in Guix that is all Scheme.
I had spent a lot of years with Scheme before starting with Guix and then spend quite a few years with that, but even after all that switching to Nix just felt so much better instantly. Instead of trying to hack a DSL onto of Scheme you just get a language that’s actually build for the task.
If you like parentheses anyway
That is something you can’t quite escape in Nix either. While it doesn’t use parenthesis like a Lisp, the nature of the language and the depths of the sets you are dealing with still makes you end up getting a lot of this at the end of your files:
]; }; }; }; }Having one
}too many or too few is a pretty common issue with Nix and feels very similar to Lisp, even when the rest of the language is quite different.
You use a lot of emojis.
Yes emoji use is proportional to the decrease in my sanity after those two weeks
Relatable.
Skipped to the “ugly” part of the article and I kind of agree with the language being hard?
I think a bigger problem is that it’s hard to find “best practices” because information is just scattered everywhere and search engines are terrible.
Like, the language itself is fairly simple and the tutorial is good. But it’s a struggle when it comes to doing things like “how do I change the source of a package”, “how do I compose two modules together” and “how do I add a repo to a flake so it’s visible in my config”. Most of this information comes from random discourse threads where the responder assumes you have a working knowledge of the part of the codebase they’re taking about.
I always aim at packages and issued inside my nix config cuts all this hassle out atleast for me… Ive got everything pretty meticulously commented and in order of boot process and in general running step by step order. I’m pretty sure I dumb monkey could figure out how it runs. I came from windows then mint then nix. To give you an idea of my PC knowledge. I think the whole point if nix is to keep the system contained and not scattered. I see many posters mentioning system scatter on nix as an issue and I have no idea how theu managed to complicate one if the simplest systems I’ve ever used as far as clean, tidy, goes.
I like the idea of nixos, but I feel like it makes a bunch of daily sacrifices in order to optimize a task I do once every few years? I hardly ever get a new computer, but I install/uninstall/update/tweak packages on my system all the time. With a dotfile manager and snapshots, I get most of the benefit without any of the drawbacks.
You only have one machine? I benefit from sharing configs between the laptop and the desktop. They are not the same, but I can easily copy paste a complex service I defined in my desktop to do the same thing on my laptop
I have a desktop, laptop, and a few VMs and servery things. Dotfile manager (yadm, which is a git wrapper) to sync personal settings, everything else I just do manually. The system-level configs are either different enough that standardizing them isn’t very helpful, or no more complicated than installing packages and activating services.
Activating services is the specific task NixOS is great at, you can just add it and it downloads the packages and starts it and generates the configs
This is a good example of what people consistently overlook/misunderstand, when it comes to Nix.
Obviously you can remount a /home, or just pull the dotfiles from a personal repo, but the strength of Nix is also in that I can re-create my entire config exactly how it is defined. If i were to setup a machine completely from scratch, with a mature enough config, it will get me from 0 to my exact desktop completely unattended.
But there are also many more advantages to it, at least in my eyes. Let’s take trying/tweaking new packages as an example. Yesterday I pulled an old repo for an Outer Wilds mod. The thing needs a dev environment, and a mod manager for the actual game. A
nix shellgot me both, I finished my work, and when I exit out of fish, both are gone, just as I wanted them to be.Another good example would be partial os updates. I’ve used Arch for almost 9 years before switching to Nix, and pretty much a top3 Arch rule is not doing partial updates, or partial rollbacks. In case of a breakage, I would have to manually redownload an older version of a tarball,
pacman -Uthe package, and then hope i’m not cooked. In the case of gcc incompatibilities, it can quickly become a massive pain in the ass. My nix flake would never experience this problem, because I already have two different scenarios available - either i build based on an older lockfile from my git repo, or I create an overlay for a specific input I need, so that it still pulls what it needs, and doesn’t interfere with the rest of my systemFor DevOps, it provides consistency for every CI run and production deployment, especially when a whole system needs to be shipped.
I’m always on the go, swapping PCs, travelling for medical reasons. Buy, sell, trade hardware. Nix allows me to boot into my system as if I never left with a simple hardware config update script. Rock solid consistency.
Is your hardware always the exact same? Because if it isn’t, then I’m sure you have to do modifications to your config file. And at that point you night as well just use a regular distro instead.
You can manage multiple machines with a single Nix configuration git repository and modularize the configuration as much as you want. You can have a config with a desktop environment that you skip on servers, override individual variables for a specific host or do whatever you want. You can even remote deploy it all with a simple
nixos-rebuild build --target-host "user@host"and it works across different architectures too (e.g. build on your fast x86 machine and deploy to a slow RaspberryPi).You run the script that generates hardware config file for you, it’s literally one command
So what the main hassle of switching is that you have to run your hardware file to update for your new hardware, then inside your Nix config rarely will I ever have to edit things (maybe UUIDS if totally new machine fresh nix install/but I usually ssd swap for ease of transition and speed, or even clonezilla multiple drives and use as needed) even drivers for example. I’ve got auto scripts setup to run that will automatically pull any drivers or updates from the base system nix update to any drivers.
There’s really only two files you ever have to touch that I’ve used. Nix hardware, nix config. Once hardware is updated for which system you on you’ll never touch that until you boot a new machine with different hardware. If you setup nix how it’s supposed to be. Nix config is your master file. A single backup of that and when setup correctly. I can boot like I never left my machine. I’m talking librewolf still has my accounts open and logged in. VPN works. It’s all seamless damn near.
You have to learn to play within nixos sandbox meaning understand what your capable of doing and do it all inside config. With a few auto scripts, and 3 or 4 common commands on desktop page for whatever you wanna do and its terminal and memory hands off. I’ve what I call dumb Monkey commented my entire config and its in order if boot process from power on machine to boot, etc to shutdown.
A regular distro still poses many many more challenges when hardware swapping. You have different files to remember fstab, etc etc which can lead to mental memory load and system clutter if you didn’t build and maintain a perfect system from the beginning with stuff like files, sym links, all sorts if tweaks you’ve made over time.
So I switched to nix to mitigate those things. Now I’ve made a master config file copy, auto updates, backups, etc is all automated in the background now. All contained in my nix config. It’s supremely stable. Mental load is zero. Fills my use case. Immutable.
You have nothing to lose and only to gain. Pick any desktop environment and setup to your liking. I came from windows, to mint, to full custom nix all my apps, browsers, luks, apparmour, firejail, the whole stack.
I’ve tried live boots of many other distributions but this is the cleanest, leanest, most manageable of them all. My only true concern is project lasting long-term. For now. Aside from not having GUFW. I’m happy. I think there’s just a lot if misinfo and lack of hands on use from most people or incorrectly setup systems to utilize how nix should be ran. I think that should iron out over time.
I’ve used nixos exclusively lately. It’s been awesome. No system scatter, clutter. It’d immutable. There’s very slight driver hassle (you don’t have GUI for drivers so a simple terminal command fetches everything you need.) in cinnamon. I came from mint. I have all basic commands in executable files on desktop for ease of hassle. It’s not about rebuilding the system. Its about being hands off. Next to zero maintenance because not much in your system gets altered. I went for a full custom install from terminal. The only thing I personally miss being GUI is a firewall like UFW or GUFW.
Overall its more rock solid and workable than likely every distro I have ever tried. The feature set is nice, easy rollbacks, fucking cake backups. All you have to know is your entire system lives on one small editable file called nix. Configuration. Keep it in a micro SD or USB or any backup and it’s as if you never left. Any changes you want you simply tweak in the config then reboot. If it breaks then select your previous gen number on boot and your exactly where you was before.
I diff my edits and keep copies, run auto backups, and more. It’s so hands off that I haven’t found a better replacement yet. My single biggest concern is long-term viability in the project.
I feel like setting up a new machine is just the easiest to explain.
Personally, I find dotfiles messy, as you often just want to change one or two settings, but you always carry along the whole file with all kinds of irrelevant other settings. This also makes it impractical to diff two versions of those dotfiles, especially when programs write semi-permanent settings into there.
I guess, your mileage will vary depending on what programs or desktop environment you use.
For example, I love KDE, but they really don’t do a good job keeping the config files clean. Nix Plasma-Manager generally fixes that, and for example allows defining the contents of the panel in a readable form.I think you over complicating your view here. I daily nix. Your not carrying a bunch if dot files. You have one. A single nix. Config. That’s it. It’s not big, long, messy, what so ever. I have mine commented by section from boot order to auto updates and backups. Your talking about 150 lines of extremely short and almost self explanatory code. I came from mint having never used nix. I figured it out doing a custom luks install and the whole custom build from scratch in no time.
Your diff issue is overblown. The edits you make are small and you cannot get lost in multiple configs unless your doing entire system writes which you would never do. I use a dead light weight diff GUI or terminal. This has to be one if the cleanest, maintenance free distros I have ever used.
It doesn’t seem you have truly driven Nix with this take. No program writes directly to your config, even if there was say your temp scenario you reboot and temps would wipe away like you never did them unless you rebuild nix config. Most of your concerns would fall away once you really drove nix to see how it functions.
Yeah, you understood my comment entirely the wrong way around. When I say “dotfiles”, I mean the non-Nix way of managing application configurations. Nix Home-Manager happens to write to these dotfiles, but that means I don’t have to deal with the dotfiles myself.
deleted by creator
7·1 day agoEphera isn’t talking about nix when they say dot files.
It also is an option to ensure everyone has the same dev environment.
Meh. So is docker.
The docker is not bare metal though.
sigh, yes it is.
Does it matter if the overhead is practically irrelevant?
The biggest downside to containers vs. Nix for me is that Nix can produce binaries for Linux and macOS, whereas docker only helps with Linux unless you can perform literal magic to cross-compile your project on Linux for macOS.
Containers also don’t give you reproducible environments, and Nix does.
That said, Nix documentation is ass, so I usually end up going with containers because they require far less suffering to get working because writing a containerfile is much easier than guessing how to hobble together a Nix flake with a mostly undocumented language.
Feels very arbitrary. Why would I care about say MacOS versus FreeBSD or say NeXTSTEP (just to be provocative)?
Anyway I’m being pulled away from the actual argument, the “bare metal” argument is about performances, isn’t it?
Yes, the systems people actually use vs every system that exists. Very arbitrary
Containers also don’t give you reproducible environments, and Nix does.
Of course it does. 🙄
Care to elaborate? Containers give you repeatable environments, which are not the same thing as reproducible environments.
It could if there are issues accessing hardware directly. Overhead is, as you said, not that important.
Isn’t it what passthrough is for?
Loved nixOS but couldn’t install PIA VPN gui and disliked the workarounds. Also doing .net dev was more awkward than I liked so went back to Arch and wrote some scripts to install all the packages I want instead. Love the idea of nixOS though.
Package your own if you need it
I have no idea how and given there’s been a lot of people asking the same thing I don’t think it’s as trivial as packaging some binaries.
Meanwhile me as a barbarian installing Debian and copying my
~/.bashrcfile (and a few others) if not just remounting/home/in the new installation every few years.One of my machines i’ve been just upgrading in place since debian 8. No need for new installation
Debian isn’t barbaric at all.
Agreed with the article. There’s lots to dislike about Nix, but even with those downsides, NixOS is still better than any OS I’ve tried. Install an update and it’s borked? No worries. New PC and you want everything set up just like your old one? Copy one file over and it’s set up for you.
Unsure about dislikes. You have any desktop spin as you want, complete freedom, immutable, a single small file governs your entire system. I daily Nix currently and I haven’t found an easier distro. I’m not super advanced and I did a full custom build, luks, tweaks, full app installs from scratch. Booted up as if I never left my old PC. Nix is the shit. Most everyone’s concerns are overblown. Most haven’t used it beyond a simple test run or few. The slight learning curve of your config syntax and that’s it. I came from mint then from windows. Newcomers you can do it too!!
Copy one file over and it’s set up for you.
So, I’ve only played around with NixOS on a Raspberry Pi, but… Don’t people usually split their config up in multiple files, and then store than in a Git repository?
The process then still is: check out that Git repository, except there’s another step: copy over your private key so that you can decrypt your secrets.
Is that correct? Or did I make things needlessly complex for myself?
The process then still is: check out that Git repository, except there’s another step: copy over your private key so that you can decrypt your secrets.
I store my secrets in a separate private git repo and automatically decrypt them with my hardware key (https://github.com/balsoft/nixos-config/blob/master/modules/secrets.nix) so for me it’s literally just plug in my yubikey and
nixos-install github:balsoft/nixos-config#hostnameHow do you access the private Git repo then? Don’t you need a secret to access it?
The ssh key to access the private git repo is on the same yubikey as the decryption key (they are technically different GPG slots but I don’t need to care about that, just plug the key in, type in the pin, and it all works automagically)
That’s neat!
Way over complex lol. I don’t copy anything to online source for better or worse. I auto script backups. The only backups you’ll ever need are nix config. Nothing else aside from your home folder obviously. With those two you can boot on any machine, anytime, as if you never left. I am not shilling. It’s been dead stable so far, aside from tweaks I done to break my own builds testing.
Hmm yeah, I guess the question is: is it overly complex if I do want to store my backup of my Nix config online, version-controlled, preferably publicly?
If you do then your golden. That’s the way to go. I dislike online things. Personal preference. There’s advantages going the GIT method as well.
No. There are many of us that do that, I do, I found two random people online that did that and used their configs as a help when I was learning.
I don’t have any secrets in my config or a private key or anything and I’m currently running 4 servers from the same config (it used to be 8 or even more machines at some point even, including desktops).
But yes, it’s a multi-file config, it would be absolutely crazy to not split it up with how large it is.
Is that just because your four servers aren’t used for anything that need a secret? e.g. I wanted to put my wifi password in there, and the password for my user account.
Install an update and it’s borked? No worries
OpenSUSE also does this.
New PC and you want everything set up just like your old one?
Install scripts? Of course the individual apps definitions still need to be set up again, but I’d imagine it’s the same for Nix?
Personally, the stepping stone I needed to know about is Nix Home-Manager, which basically allows you to manage your dotfiles independent of the distro. From what I understand, if I do switch to NixOS, I’ll continue using this code with just some minor tweaks.
But yeah, I agree with the verdict in the post. I like it a lot, but I would not have made it past the initial learning curve, if I didn’t happen to be a software engineer. Sysadmins will probably be able to figure out how to put it to use, too. But it’s just not for non-technical Linux users.
Untrue. I came from windows, to Linux mint, then now I daily nix. I’m an average person who prefers to be terminal hands off. I did a full custom install from my mint setup to nix, apps, luks, the entire swap and booted as if I never left basically. I faltered a few times and had to select previous generations in my boot menu but honestly it’d because somehow I fucked up my UUIDs. The learning curve is there but let me assure you it’s minimal in terms of linux, and it’s dead stable because nothing changes without you doing it. In 1000 years it should still be running Unadultered.
For rollbacks, I’ve been using Timeshift in Mint, and it has worked brilliantly.
This is a well-written post. I agree that “friction” involved with small changes and incompatibility with some Linux binaries are significant downsides. I think NixOS makes a lot of sense for development environments, but it’s not my preference for a personal device
I wonder why nobody has created a simple gui for Nixconfig.
Someone has done just that: https://github.com/snowfallorg/nixos-conf-editor It is part of https://snowflakeos.org/, though I don’t know about its developments atm.
It’s less simple than text because it actually takes more space to view the same amount of configs.
Something like this is really hard to make a gui for. I suppose a GUI would only be useful for discovering config values?
Either way, a gui would likely look like YAST on OpenSuse.
