Nix and NixOS

07.11.2017

Content

  • Package managment
  • Nix
  • Nixpkgs
  • NixOS

Package managment

Why?

  • deploying software
  • up- and downgrades
  • manage libraries in different versions

How?

  • modification of the state
    • current filesystem
    • build script
    • modified filesystem

Difficulties

  • unclear dependencies
    • preinstalled libs, side effects
  • different packages requires the same path
    • Filesystem Hierarchy Standard
    • multiple versions of the same program

Difficulties

  • configuration files
    • override, synchronize, uninstall
  • monkey patches

Difficulties

  • missing roll back-features
    • testing alternative software
  • power/system failure
    • still atomic?

Nix

Nix?

  • another package manager
  • by Eelco Dolstra, part of his PhD research
  • for Linux and MacOS

Forget the FHS

  • Nix introduces /nix/store/
    • read-only storage for packages
    • own environment for each package/version
    • created by build scripts
  • /nix/store/qi7n…qylyy-vim-8.0.1150
    • hash is based on input and build script
    • new versions don’t override, they coexist

Nix Store

  • package creates own ./etc, ./bin, …
    • references other objects in store
    • no side effects by other packages
  • garbage collection cleans up

Profiles

  • environment with $PATH
  • allows multiple profiles for different users
    • no need to restrict /nix/store-foo to root
  • new generation after each change
    • switch, roll-back, delete

Source
Source

Ad hoc packages

  • sometimes no need to install a package
    • try a program, dependencies for a script
  • nix-shell creates a temporary environment
    • install package in store, not in global environments
    • nix-shell -p python36Packages.pillow
  • useable as a shebang

Nixpkgs

Packages

  • Nix expression language
  • GitHub repository
    • branches for channels
    • PRs for updated/new packages

Phases

  • unpack, patch, configure, build, install, fixup, dist
    • pre and post phases
  • can be extended or overridden
    • arguments for phases or make, cmake, …
    • Bash scripting

Build system

  • can be used outside of nixpkgs
  • nix-build
    • build script in Nix expression
    • stores result in the Nix store
  • can be installed with nix-env

$ nix-build
these derivations will be built:
  /nix/store/d1lrjldnik6ycqra63ddyvi6rk5hmavd-et.drv
. . . 
/nix/store/jq4hmsmwf6bxl4hfm3p9ss2y412wr72m-et
$ ls -l result
lrwxrwxrwx . . . result -> /nix/store/jq4hm…412wr72m-et/
$ find result/
result/
result/bin
result/bin/et
result/bin/et-status

NixOS

Nix as an OS

  • GNU/Linux distribution
  • declarative system configuration
    • based on Nix and Nixpkgs
    • reliable upgrades
    • atomic upgrades
    • rollbacks

configuration.nix

  • configuration.nix in Nix expression
  • services described in modules
    • services.tor.enable = true;
  • nixos-rebuild switch

nixos-rebuild

  • build: generate new generation
  • switch: new generation and switch
  • boot: new generation after boot
  • test: switch, but don’t boot
  • build-vm: QEMU-VM for new generation
  • --rollback: roll back to previous configuration

Source
Source

Containers

  • systemd-nspawn based containers
  • isolate service to a namespace container
  • own IP address or NAT
  • per default no internet access

That’s it!