NixOS: Not Yesterday’s Linux Distro
By Jack M. Germain
NixOS could be just the distro technology upgrade you have been waiting for. It is both rigorous and flexible to meet every user-case scenario.
You may not yet be using Linux to drive your computing needs. You do know that the Linux OS — both workstation and server — are driving today’s computing technologies in and out of the cloud, right?
Even if you are already using a Linux distribution, you should check out NixOS. This relatively new Linux distro takes a different approach than traditional Linux OSes.
Perhaps its most intriguing design attribute is a unique method NixOS uses to handle package management and configuration. The entire system, which has a GNU/Linux foundation, is built on top of the Nix Package Manager.
This approach is unique and innovative. It varies greatly from other popular package managers adopted by other Linux distro developers. For example, Debian-based distros such as Ubuntu and Linux Mint use the .deb package format. Red Hat-based systems like RedHat Enterprise Linux (RHEL), CentOS, and Fedora use the .rpm format.
The Nix Package Manager builds the complete operating system during installation. It fully assembles the OS components from the kernel to software applications and system packages. It also creates the configuration files that will meet your specifications.
To do this, the Nix Package Manager relies on a declarative system configuration model. You describe system configuration items in a configuration file. Nix does everything else to build that specified configuration for you.
The declarative model makes upgrading systems more reliable and mishap-proof. You will sing NixOS’s praises if you handle multiple machine deployments. The declarative approach makes duplicating configurations for deployment on multiple machines in different locations a snap.
Just copy the configuration file to the new NixOS machine and run the Nix Package Manager. This ensures with one command the machine uses the same kernel, applications, and system services.
NixOS offers you a whole lot more to sing about. Security and simplicity are just two benefits worth a happy tune.
NixOS isolates all its packages. It has a very unique internal structure. For instance, the directory structure lacks any appearance of /bin, /sbin, /lib or /usr directories. Instead, it keeps all packages in /nix/store.
This is a cool aspect not found in other Linux distros. Each package resides in its own /store subdirectory. Each package has a unique identifier that captures all its dependencies stored in a cryptographic hash.
Nix has many other advantages. For example, it is a purely functional Linux Distribution. This means that it treats application packages like values in purely functional programming languages such as Haskell. They are built by functions that lack side-effects to the distro’s performance.
The values never change after the applications are built. This trait enables many powerful features. These include the ability to run multiple versions of an application, the stability from having complete dependency control for each application, the security of multi-user support, and the convenience of atomic upgrades and rollbacks.
Here is a quick rundown on why these unique OS traits matter to you.
- Multiple versions or variants of a package can be installed and run simultaneously. This ability eliminates the kind of DLL havoc that can happen when different applications have dependencies on different versions of the same package. Because of the hashing scheme, different versions of a package end up in different paths in the Nix store.
Thus, they do not interfere with each other. This means that upgrading or uninstalling an application cannot break other applications. Why? Because these operations never destructively update or delete files that are used by other packages.
- Dependency specifications stay complete under Nix package management. Generally, in other package management systems, you have to specify for each package what its dependencies are without any guarantees that this specification is complete. If you forget a dependency, the component will build and work correctly on your machine if you have the dependency installed. But that does not happen on other computers undergoing a separate installation.
Nix does not install packages in universal locations like /usr/bin. Instead, Nix puts the application in package-specific directories. This approach greatly reduces the risk of incomplete dependencies. Compilers do not search in per-package directories such as /nix/store/5lbfaxb722zp…-openssl-0.9.8d/include. With Nix, packages build correctly on your system because you specified the dependency explicitly.
Keep this point in mind. You are assured of finding Runtime dependencies by scanning binaries for the hash parts of Nix store paths. In a nutshell, this process just works.
- Multi-user support means that non-privileged users can securely install software. This happens because in the NixOS you assign each user a different profile with a set of packages in the Nix store. This profile is integrated into the user’s PATH statement.
This gives you two advantages over other Linux distros. One, if a user installs a package that already is installed by another user, Nix does not build or download the attempted installation again. Two, Nix makes it impossible for one user to inject a Trojan horse into a package that another user might access.
- Atomic upgrades and rollbacks are non-problematic. Package management operation never overwrites packages in the Nix store. Instead, it adds new versions in different paths. During a package upgrade, its integrity is protected.
No time window exists where some files from the old version are active along with some files from the new version causing a system crash. Even better, since Nix does not overwrite packages, the old versions remain after an upgrade. So you can always roll back to the old version:
As I said earlier, NixOS offers you a host of advantages and conveniences over more traditional Linux distros. This makes NixOS particularly attractive to sysadmins. Here are a few features to check out.
The garbage collection feature makes this OS more trouble-free. When you uninstall a package, it is not deleted from the system right away. This delay facilitates an unanticipated rollback. It also prevents a problem in other users’ profiles over missing files. Instead, you can delete unused packages safely by running the garbage collector command in a terminal. For example, the three-word command <<nix-collect-garbage>> deletes all packages not in use by any user profile or by a currently running program.
Nix uses simple, functional package language to build from Nix expressions. A Nix expression describes everything that goes into a package-build action. The list includes other packages, sources, the build script, and environment variables for the build script. Turn the Nix expression into a function and call it any number of times with the appropriate arguments.
Transparent source/binary deployment can be a huge win for your system builds. Nix expressions generally describe how to build a package from source. But that can be time-consuming and bothersome. Nix automatically skips building from source by using a binary cache, or web server, that provides pre-built binaries. If none exist, Nix can and will resort to building from source.
Rigorous. Flexible. Declarative. NixOS disrupts Linux package management and configuration.
Please feel free to share below any comments, questions or insights about your experience with NixOS. And if you found this blog useful, consider sharing it through social media.
About the blogger: Jack M. Germain is a veteran IT journalist whose outstanding IT work can be found regularly in ECT New Network’s LinuxInsider, and other outlets like TechNewsDirectory. Jack’s reporting has spanned four decades and his breadth of It experience is unmatched. And while his views and reports are solely his and don’t necessarily reflect those of Linode, we are grateful for his contributions. He can be followed on Google+.
Check out these NixOS doc recently added to our library: