I Started With Nix, NixOS, Home Manager and Flakes

Update 2023-12-25: Backlink to linuxuser magazine

After over two decades of using Debian-based GNU/Linux distributions (in short: "distros"), I did my first steps with a distro that is also considered as hyped one these days: NixOS.

Although NixOS is already around for twenty years, it only gained more attraction probably in the recent five to ten years or so.

If you're a frequent reader of my articles, you know that I don't follow the latest hype and I certainly would not practice distro hopping just because of the high switching cost.

This article is about my motivation to leave my comfort zone and try something very different, accepting this high switching cost for a higher goal.

Disclaimer: I'm still a Nix beginner and if I may have understood something wrongly, please feel free to leave a comment so that I'm able to fix errors I might have made here.

A bit of a warning upfront: it's complex. Furthermore, NixOS is doing many things very differently compared to other GNU/Linux distributions. It's a deep rabbit hole you may fall into - or not. My article should give you my personal point of view that might motivate or demotivate to use Nix for yourself.

Let's clear up some very basic terms, I party mentioned already. This ecosystem consists of multiple things that are intertwined in my personal setup already.

First and most important, there is this Nix package manager. It's a decent tool that helps in installing software packages and their dependencies. You can run Nix on different operating systems including Windows and macOS. As a matter of fact, many people prefer Nix over Homebrew.

Unfortunately, there is another component named Nix: the Nix language. It's a domain-specific functional language that was created to describe stuff related to this ecosystem. Be aware to realize the difference in context for Nix the package manager and Nix the language. Furthermore, the term "Nix" is also often used as a synonym for NixOS or the whole Nix ecosystem together. Somebody should feel deeply sorry for that mess.

NixOS is a GNU/Linux distribution that is based on this Nix package manager. Meanwhile, you can install NixOS using an easy to use graphical installer. At least that was the setup method of choice for me for two virtual machines and two physical ones so far.

Home Manager is an optional add-on to maintain user-land setup within the Nix ecosystem. You can install software packages only within the user's context and configure software packages for this user as well. Of course, this is all done with Nix.

A second optional component is flakes. From a very high level perspective, flakes is a different way to describe software components and their dependencies within the Nix ecosystem. It also comes with its own set of command line tools. Introduced in 2021, it is still an experimental feature but many people consider it a must for the future.

For searching Nix packages, you search online. For configuration options, you search online as well. If you're using Home Manager, you need to search online. You get the idea.

People are using Nix for a broad variety of reasons. This article here is using the view point of a single person like me, managing a home server/desktop and two notebooks (personal and business).

NixOS is very different to most other distros out there. For example, NixOS doesn't follow the Filesystem Hierarchy Standard on purpose. Instead of having a path like /usr/bin/grep to an installed tool, you get paths like /nix/store/8mzvz6kk57p9aqdk72pq1adsl38bkzi6-gnugrep-3.7/bin/grep.

This way, NixOS is able to keep multiple versions of the same software package in parallel. Either to be used in parallel or just to be able to revert to a previous set of installed and activated software packages in case an upgrade introduced some issues.

With your configuration setup described in Nix files, you get a new system up and running in no time. You just install the base system, get your configuration files onto the new system and run it. Voilà, you get your customized environment.

There are tons of other interesting properties of Nix and its ecosystem but I can't go into further detail here. Just visit the linked resources and lean more on your own if you like.

One interesting detail relates to the NixOS logo which is "affectionately called the Nix Snowflake". It consists of six Lambda (λ) characters that form a circle. The λ characters resemble a reference to the λ-calculus which is the most important entity of functional programming languages like Nix. You can learn more about the logo in this thread. For example, in Latin "nix" stands for "snow". Isn't that beautiful?

To conclude the historic topic here, I have to mention that the whole Nix idea started with the 2003 PhD thesis by Eelco Dolstra. In a footnote on page 81 of this PDF file you'll find the original author's explanation for the name of his project:

The name Nix is derived from the Dutch word niks, meaning nothing; build actions do not see anything that has not been explicitly declared as an input.

To me and every other German person, this is quite funny because in German slang "nix" also means nothing. You can guess that there are plenty of jokes that write themselves here.

Back to the question that might came up in your head: why on earth is Karl switching to a rather exotic GNU/Linux distro when he usually wants to minimize effort and is happy to have some long-term peace?

Well, there are multiple aspects that came together to play around with NixOS for me.

Over a decade, I was using Xubuntu LTS on my notebooks. One is my business workhorse (Lenovo T490) and the other is my rarely used personal notebook (Lenovo X260). Xubuntu once solved many issues related to specific stuff that was once a drag with Debian stable: suspend to disk, suspend to RAM, mounting USB thumb drives, sound, special keys and so forth.

In the recent years, Canonical (the owner of Ubuntu, the distro behind Xubuntu) has made some questionable decisions. More and more software packages were only delivered in snap packages which were not running smoothly at my side and whose concept I very much dislike. Then they started with something that look like withhold software updates if you don't join some paid plans they offer. It just didn't feel like the distro of choice for me any more.

Debian GNU/Linux stable runs my home server which is used as a desktop computer. It's still a great OS. However, any new hardware setup requires much effort to apply all/most of my settings. And I customize a lot. When I switch to a new hardware, I usually have to invest one or two weekends to set up the most basic stuff so that it works as desired.

One annoyance I wanted to fix is not directly related to the distro itself but with how the distro is handling package updates. For example, Firefox has a built-in update feature which is active with the usual Ubuntu or Debian packages. This results in a forced restart of Firefox at random times which is a no-go for using Firefox in a business environment.

Here comes NixOS.

It not only provides NixOS modules convering hardware quirks, it also has an enourmously large set of pre-compiled packages which are usually quite up-to-date compared to other distros. I know, coming from Debian stable and Xubuntu LTS, this is a new things for me as well. A higher level of security by fresh packages (NixOS) versus a higher level of security by maintained back-ports of important security fixes of rarely updated package versions.

Another interesting property is that NixOS keeps its configuration in Nix files of one git repository. So if you modify your setup, you usually do this within those Nix files. This way, any modification only needs to be done once and by synchronizing the Nix files among my different hosts, I just apply the most current setup on each machine to get all the modifications on all machines. Without such a mechanism, setup changes were usually forgotten because of things like I rarely use my personal notebook these days. Therefore, my settings diverge over time across my devices.

Related to the Firefox auto-update annoyance from above, such an auto-update is not working with NixOS in general. As a side-effect, program upgrades are only happening when I upgrade my system for one or two times a week with no bad "this apps restarts now" surprises in-between.

With standard NixOS (without flakes), you can re-create a setup including its installed software packages and settings an a different machine. With flakes, their exact version is persisted as well. This way, you get identical systems which is an interesting property for many use-cases (servers, SW development, ...) but not for me personally.

My dream would be to have a unified setup that can be applied to any new hardware which gets me from zero to "feels like home" including all of my important settings in less than an hour. NixOS is here to provide tools for that.

I might as well re-use my settings on different operating systems: shared Home Manager setup with Linux, Windows, and macOS.

The overall goal is to spend less effort in system setup and maintenance as I get older and my configuration gets more and more fine-tuned and stable.

Furthermore, there is a great benefit when you do have a configurations in text files you can share - more about that in an upcoming section.

There is another GNU/Linux distribution named GNU Guix System that shares many properties with NixOS. That's no coincidence because its package manager and the operating system was heavily influenced by Nix.

Instead of the Nix language, it uses GNU Guile which is a Lisp dialect. Actually, that would be a much better fit for my history given the fact that I play around with GNU Emacs for decades.

Considering the different number of pre-built packages and the different sizes of community, my preferred choice was NixOS.

Sorry for anybody who would have chosen differently. It was more or less a gut feeling.

As I already mentioned before, when you do have a description of installed software packages and their configuration in text files, you can put them into a git repository and synchronize to public services like GitHub or GitLab. I'd prefer GitLab over GitHub (Microsoft) but unfortunately, you can't search for public Nix code on GitLab as easily as with GitHub. For example, when you're looking for something related to xfconf.settings within all public repositories, you may use this query URL. This is a true superpower once you understand its implications.

You can find my personal Nix configuration on GitHub as well.

However, there's a catch as well. Searching for a keyword teleports you into a complex setup by somebody. Then you have to learn how the author was including what files with what concept using what ecosystem-part you're reading. Is it plain NixOS? Is it using Home Manager? Are packages managed via flakes? Those things are not so straight forward all the time. It's not that common to write a README file which describes how to start from scratch, what Nix components are involved and how to spot the parts you can't or should not re-use without adapting first.

To me, the cost of switching to NixOS was enormous. At least I spent three whole weekends and maybe over a dozen evenings learning stuff, debugging issues, trying to fix issues, setting up hosts many different times, ... Maybe I spent even more time - I haven't logged the hours.

It's really debatable if the overall net benefit can still a positive one. Most probably not.

If you're working with IT for over three decades and then you spend two hours while trying to set and retrieve a boolean variable and still failing to do so, this really can be a frustrating experience.

Even the simplest things may turn out really complex challenges. A simple "if $HOSTNAME then foo else bar;" is never that easy to accomplish.

In so many situations you need to decide whether or not you put something on NixOS level or on Home Manager level. With configuration settings you can also symlink some pre-defined dotfiles. Now you have three options where to put something. And it's even worse. Some things don't work, e.g., on Home Manager level but it's not that obvious from the start. For this and other reasons, learning to make NixOS work is a constant try and error game all the time. Another frustrating experience.

Documentation is not always up to date. Something that was perfectly fine a few years ago doesn't work in an up-to-date version, some directions were written before certain changes did happen and you still get the flakes or no flakes situation all the time.

I also faced some issues with the graphical NixOS installer. I can't reconstruct how but to me it seems that LUKS (full disk encryption) and/or swap (essential for hibernation) were not set up although configured. This particular issue cost me additional four different installation processes in three hours or so on my business machine in order to get LUKS which was somehow omitted in the first run.

When LUKS was installed as wished, I faced another issue. On some systems (on floyd), I only get asked for the LUKS passphrase once. If I misspelled the passphrase, I end up in the Grub shell where I can recover using that method:

1. cryptomount -a
2. entering LUKS passphrase
3. insmod normal
4. normal

On my business host, I get asked for the passphrase multiple times. I really can't tell why there is a difference! That's annoying.

When you run NixOS on a host, be prepared to reserve much more disk space to the system itself. Any non-trivial NixOS setup needs at least 30GB disk space for the basic OS and some tools. I started with a 15GB VM, had to extend to 20GB quite soon and ended up extending to 30GB when I tried to run an upgrade that changed more packages. NixOS is a storage eating beast. I equipped the two notebooks with very fast 2TB SSDs - not just because of NixOS alone. The SSD prices were attractive this summer as well.

Of course, there are neat tricks to reduce the storage footprint but in my case they never saved more than a few GB. The more versions of tools you keep, the more space you need, that's clear.

The deviation from the usual UNIX paths to binaries has many implications. The most obvious is probably the fact that you have to make sure your shell scripts do have a shebang like #!/usr/bin/env bash instead of something like #!/bin/bash. If you're using commands within your script, you must not use absolute paths anywhere. So no more /bin/date +%Y_%b_%d_-_%Hh%Mm%Ss. Instead, you can only call programs without their absolute path.

To be fair, I have to add the remark that shell scripts should have been written that way in the first place in order to maximize their portability.

Other nasty issues arise when you realize that tools like Python virtualenv are creating absolute paths to the current Python tools when a venv is initialized. I have asked the NixOS community in a reddit thread. There is no clean solution to the issue from my perspective without adding much more complexity like docker container and so forth. My current plan is to pin the Python version to a hard-coded version. However, this is also something I need to learn how it's done.

My current desktop environment of choice is xfce. Home Manager support for xfce is mixed: there are settings in Home Manager that work, there are settings in Home Manager that should work but don't in my setup and there are settings that aren't available in Home Manager. I'll need to find solutions for that somehow.

Some changes are not even directly related to NixOS. For example, I was using cron to schedule some tasks since the 90s. It's easy to use and has a simple low-profile syntax. Its technical limitations never bothered me so far.

However, with NixOS I learned that I should think of switching to systemd-timers. This also would have the advantage that I don't need to periodically save my current cron jobs into text files so that they're included in my backup setup which doesn't cover those system files. Those scheduled commands would be part of the Nix config files and therefore, it's a much cleaner solution. Again, I need to invest time to learn how to handle systemd-timers and how to accomplish them with Nix methods. Furthermore, I probably would introduce a (minor?) issue. Not every dependency (data and/or tools) mentioned in my scheduled script is available on a new host when things are set up via the Nix setup. Jobs refer to shell scripts which needs to be synced separately, usually later in the host setup phase. I still need to wrap my head around that before I do the switch.

In rare cases, you'll find out that there are some tools missing in the list of pre-compiled NixOS packages. For example, I'm using xdu for various use-cases and xdu is unmaintained. In this case, I found a helpful soul at CCCamp23 who wrote me the code how to self-compile it. It's part of this commit you can find here. In most cases, you can't simply copy over a binary from your previous Linux distro and expect it to work on NixOS.

For some people this would be a subtle comment but I do think that NixOS comes with some more or less fragile dependencies. For example, when GitHub would be out of business or the service is down for some other reason, NixOS would probably be dead. Its main repositories are on GitHub and there is no obvious fall-back concept to other repositories hosted on different services. This will end up in severe issues for Nix someday.

Sometimes, I got the impression that even rather basic concepts of NixOS are still subject to changes. For example, flakes do seem to be a strong candidate to dominate the future Nix setups. It's experimental as already mentioned but many people think that there is no way around flakes in future.

Unfortunately, Nix documentation is always one step behind with respect to changes like that. Although many people do recommend to use flakes, the official documentation doesn't contain many examples explaining things using flakes.

Furthermore, there were some other change in recent years that aren't part of the official documentation either.

So be careful.

I got the impression that all people using Nix are wizards and gurus. I feel stupid when I pose beginner questions. So far, everybody was very friendly to me.

However, the community is very fragmented - I hope that's the word I was looking for to describe my impression. When you do ask for something, you usually get great answers but some of them are heavily opinionated. For example, some people promote flakes, some are more reluctant. Some people propose very elegant but also very complex solutions, others are able to provide simpler but maybe not so sophisticated solutions.

People try to achieve very different levels of NixOS wizardry and people do have different opinions on how others should follow their concept or not.

This is not a bad situation per se. However, as a beginner, it's very hard to judge the "quality" (with respect to my own situation) or usefulness of a certainly correct but maybe not the most practical answer.

Platform-wise, you'll find the NixOS community using this page. I never used Discourse yet. I hesitate using Matrix because it's not that great of an user experience to me. My personal go-to so far was reddit and Mastodon.

You can follow my personal advancement via following my repository on Github. I tried to write a helpful README that explains the basic setup and the concept I developed for my setup. It also contains dependencies to things outside of this Nix configuration and specific settings that shouldn't be applied without checking first.

I'm running NixOS on my personal and on my business notebook. So I made the first big step already.

Migrating my home server running Debian GNU/Linux stable which is also used as my home desktop is much more complicated because of the more complex setup used there. I'm not sure how and when I'll tackle that.

First and foremost, I need to extend and then stabilize my Nix setup even further. There are many open issues I want to address. Some of them may be long runners:

• Implementing a workaround or a solution for the mentioned Python venv issue.
• Debugging issues with xfconf-query where, e.g., keyboard shortcuts can be set in Nix but are not effective afterward. Currently, I tend to think that this is a bug in xfconf-query.
• Probably finding ways of including more of my setup: xfce and many other dotfiles and tools. I don't know if there is a sweetspot when to stop and just copy over $HOME to a new host setup.
• Finding out how to fix some annoyances such as setting the network interface in the xfce Network Monitor every time after I applied my Nix config.
• Integration of my setup for the tool-chain around filetags in tools like geeqie and Thunar.
• QEMU VMs: setup spice tools for dynamic window resizing.
• Finding out how to apply some Nix settings only if certain directories exist. This would most probably "solve" many dependency issues I'd face with a fresh setup.
• Managing secrets (passphrases) within my Nix repository.
• Installing missing packages such as VueScan, nfsd, grml-crypt.

On pages like Paranoid NixOS Setup (by Xe Iaso) you can find plenty of interesting options for long-term ideas such as impermanence.

You can see, there are many options for future time-wasting and yak shaving.

TL;DR: So far, I actually can't tell why somebody actually should invest time and effort to move to NixOS.

Its main goals according to Wikipedia are:

- Abstraction: The software packages making up a system can be configured using the Nix language syntax.
- Reproducible builds : A replica of a system can be created on another machine with one configuration file.
- Atomic upgrades : System upgrades involve less risk of breakage, and if something does go wrong, it is simple to roll back to the previous state.
- Immutability : The software making up a given system configuration cannot be changed once it has been built, preventing accidental or malicious modifications.
- Nix package manager : Packages can be installed without affecting the rest of the system, and can be tested without installing.

Unfortunately, I hate the syntax of the Nix language. For example, the semicolons are really an unnecessary drag and this is only a minor aspect of the language design. I would have preferred re-using any given language syntax. I do think that we've got plenty candidates to choose from. Be aware that this is my personal opinion and I'm not a programming language expert. Sometimes, I got the impression that Nix was designed to be different without good reasons.

Reproducible builds is nothing I personally need in my situation. YMMV.

In almost three decades of using GNU Linux systems, I can't remember when I would have required a roll-back mechanism in order to reboot a previous version of the system. It doesn't work for converted data anyways. If, for example, an upgrade converts some database, this may cause issues when booted with the older software version that was using the previous database structure.

Immutability seems to be interesting. However, I don't understand enough Nix(OS) to fully understand how this feature is provided. Malware with root access (which would be required by malware in all Linux distros) can modify the binaries of a NixOS setup as well. If modification is checked upon each invocation, this would be a neat security feature. Need to read more about that.

Dependencies were handled by other package managers as well.

Temporarily installing software packages was not an issue with other distros as well. In NixOS, those are kept separately in a cleaner way, yes. But not something I do think I'll need that way. Maybe this changes with time, once I start using NixOS for a longer period of time.

I'm not convinced whether or not it's a good idea (in my age) to switch to a distribution where you can't profit from previous knowledge that much any more. For example, most of my general GNU/Linux knowledge I learned in the 90s is still valid these days. I can't say that for Windows or Apple (whatever their OS is called at the moment). For NixOS you need to learn very basic stuff from scratch as well.

As you can read here, I'm in a love-hate-relationship with Nix. I once made a joke to somebody who drove to NixCon23 that I'm glad that I'm not joining his trip. I'd otherwise slap and hug all the participants.

It's not just another distribution. It comes with many different concepts and tools. You can use the whole ecosystem in millions of different ways. You can spend too much time finding the perfect concept for your situation. It's really not just another distribution.

Especially, NixOS is nothing for non-tech savvy people.

My initial approach of jumping into the cold water without learning the basics of Nix was not a wise choice. I thought that with the default setup by the NixOS installer, I can simply add applications and paste short snippets from other people and that's it.

This ad-hoc approach might work for single host setups with no specific customizing besides adding packages. It doesn't if you start with a multi-host setup, exceptions, own variables, if/then/else constructs and so forth.

If possible, start with learning the syntax of Nix to fully understand examples you copy or adapt.

I went all-in with everything at once: Nix, NixOS, Home Manager as well as flakes. I would not recommend you to start with Home Manager or flakes. Just use plain NixOS for a start. Keep it as simple as possible.

I think I do have to apologize.

First, I need to apologize because this article turned out to be a very long one without much optical variety in form of images or similar. I felt that I should explain this whole ecosystem at least to a certain level so that you can follow my story so far. It was written within the last weeks usually between 10pm and midnight. Congratulations if you kept reading until here.

Second, I want to apologize to everybody who expected a welcoming manifesto that urges everybody to start with Nix. My overall impression is not one hundred percent positive.

And thirdly, I need to apologize to everybody who thought that I would demolish this over-hyped Nix thing to the ground. NixOS is an interesting option and I might as well switch all of my hosts to it some day.

As always, the reality lies in the middle and according to my tool choice method, it heavily depends on your personal situation if Nix is something for you or not. You still need to judge by yourself and to do so, you probably need to try it out yourself as well and make different experiences than me. I'd love to read about your story as well, so leave a comment below.

The article ends with a truly humble "thank you" to all the Nix wizards that were so helpful with my nasty questions I asked the community so far. Without a community like that, the best software would not stick.

• 2023-12-25: I got notified that the German linuxuser magazine mentioned this article as recommended read at the end of a NixOS article of linuxuser 2024-01.