Distro agnostic packages like flatpaks and appimages have become extremely popular over the past few years, yet they seem to get a lot of dirt thrown on them because they are super bloated (since they bring all their dependencies with them).
NixPkgs are also distro agnostic, but they are about as light as regular system packages (.deb/.rpm/.PKG) all the while having an impressive 80 000 packages in their repos.
I don’t get why more people aren’t using them, sure they do need some tweaking but so do flatpaks, my main theory is that there are no graphical installer for them and the CLI installer is lacking (no progress bar, no ETA, strange syntax) I’m also scared that there is a downside to them I dont know about.
deleted by creator
In terms of the memory usage, it’s a reasonable approach these days. It gets hairy when we consider security vulnerabilities. It’s far easier to patch one system-wide shared library than to hunt down every single application still bundling a vulnerable version.
The nice thing about Nix/Guix is that each version of a library only needs to be installed once and it wont really be “bundled” with the app itself. So it would be a lot easier to hunt down the packages that are depending on a bad library.
Nix is a bit of a middle ground. Each package has a specific set of dependency version. It calculates the hash of each dependency and compares it to those that you have installed. If it is installed, it uses that, if it isn’t, it installs it. This means that packages can have different versions and dependency hell is impossible, whilst also reusing existing dependencies if they’re the exact same.
You’ve just answered a question I didn’t realize I had.
If you use any accelerated graphics (GTK4 anyone?), you cannot and must not bundle all your dependencies.
Conceptually, graphics drivers have two parts: The part in the kernel (e.g. amdgpu), and the part loaded as a library from the system into the application (e.g. Mesa).
Mesa - or any other GL/Vulkan implementation - is loaded from the system into the application as a library. Mesa relies on system libc, system LLVM (!!!), a particular libc++, etc.
If you ship libGL (and LLVM etc), you must re-release your software with upgraded deps whenever new graphics cards are released (and should whenever bugs are fixed). Your software is literally incompatible with (some) newer computers.
For the proprietary Nvidia libGL - which, again relies on system glibc - you can’t legally include it.
Flatpak solves this by separating out ‘graphics driver libraries’ as a unique type of runtime, and having a removedload of special rules & custom hacks to check the system libGL, open source or proprietary, maybe substitute a Flatpak provided libGL, with all the deps that libGL needs, and make it compatible with whatever app & whatever app runtime.
Actually correctly solving the libGL debacle is half the value of Flatpak to me.
Well the issue for me is internet speed, yesterday night I had to leave my pc on for two hours to update my flatpaks, I don’t even have that many of them, but the updates were mostly drivers and runtimes.
I love it when every basic application is an entire operating system under the hood
deleted by creator
Windows apps have been doing this for ages with disasterous security results due to the lack of mandatory OS sandboxing. E.g. CVE for admin level RCE via Adobe Flash. This model works with third party apps only when sandboxed. This was done from the get go on Android and now with Snap and Flatpak (I assume). It’s absolutely the way to go once the security framework is in place.
One reason is probably that people don’t know about them.
-
As you can see from the state of this thread, people see nix or nixpkgs but read nixos. There’s no momentum from the community to push it as an extra package manager, while every thread is spammed with nixos.
-
No gui integrations for casuals. For example Discover integrates flatpaks and snaps, but for nix you need to use the terminal.
-
The documentation is abysmal. I spent days trying to figure out how to use nix as a declarative package manager before I accidentally came across home-manager. Even the manual leads you down the wrong path. A quick start guide with a few examples for home-manager and flakes, and a few basic commands, would’ve had me going in 5 minutes. That problem is made worse by the fact that almost all sources of info focus on nixos instead.
Edit:
if anyone’s interested in trying it out, here’s a part of my other comment in this thread
It’s just a list of packages, and an optional flake to control the repositories (stable/unstable) and add packages from outside of the official ones.
To update everything nix related I just run:
cd ~/dotfiles/nix/ && nix flake update && home-manager switchYeah, if it wasn’t for my niche needs and desires of using my SteamDeck without touching the system partition, I probably wouldn’t have messed with Nix because of how much of a confusing mess of modes and switches there are, and I’ve used terminal based package managers for years. It’s very far from the simple “it just works” of Flatpaks.
https://linuxgamingcentral.com/posts/steamos-getting-nix-support/
Dunno if this ever came to fruition though.
They added the Nix directory in SteamOS 3.5 and linked it to the User partition, so now Nix survives SteamOS updates without any workarounds, which is part of why I tried using it.
Imagine this: a quickstart script to install nix and home-manager, and generate an example home.nix and it’s flake. If those files included a few comments on basic usage and what commands to run in order to install and update everything, I legit wouldn’t have had to google anything.
Literally: here’s a list, this is how you add packages to it, this is how you ensure everything on it is installed to the newest possible version, enjoy!
It’s not click flatpak in a GUI level of simplicity, but it would’ve saved me days of frustration.
The more ive learned to code and the better I’ve become at solving my own problems on Linux, the more I’ve been absolutely removeding bewildered about how so many people can spend so much time and effort into projects they care deeply about and fail to include even the most basic of necessary instructions. Like “this one simple step is crucial and you can’t do removed all else if you don’t do it”, kind of necessary
I think they want people to use the things they built, right? And yet, here’you are in a Kafkaesque nightmare with no visible exit, seemingly alone as if you’re the only person to ever actually need the crucial but of instructions necessary to make this thing work.
You wonder: am I just an idiot? Iss everything else in on something that I just don’t get? So you spend hours pissing into the wind as Google tantalizingly dangles tangential words at you, having become the internet equivalent of a bully snatching away the toy you brought for show and tell while swearing THIS is the last time, and you soldier onwards for hours, determined that you’re going to get this removeding thing working even though you know that for the sake of your sanity and our limited time on earth the better choice would be to give up. You make a point to leave a comment about your struggle on GitHub, just in case someone else finds themselves in your position one day, feeling less like an accomplished problem solver and more like someone who’s had to pop their own dislocated shoulder into place after dropping a piping hot pizza and falling on black I d. You’ve learned something, you’re more self reliant, this will be less serious in the futurre, but you can’t shake this weird feeling growing ever more insistent, a question you just can’t seem to answer: why? You’ll never know, and though it bothers you, you set to work trying to get this new image generation model to make you some anime women with comically oversized tits and worryingly unnaturally thin waists.
I’m glad it’s not just me.
-
Because it has abominable documentation. Some tools built on top of nix on the other hand have stellar documentation (devenv and jetbox come to mind). The tools even try hard to hide nix because they know it’s a goddamn nightmare for beginners to use it.
The CLI is a mess due to the indecisiveness of the nix maintainers whether they want flakes or not. So much so that the official manual doesn’t use flakes, but many guides on the internet immediately go into
nix dev#yadadadawhich leaves beginners and mid-term users alike very confused.Another point is that graphical applications can’t use OpenGL without dirty hacks like nixgl. Not only that, installing GUI applications using nix doesn’t make them show up in your desktop environment (start menu, finder, whatever). No, you need to either manually create
.desktopfiles or install another tool likehome-managerto have them show (and not work properly because of OpenGL).To top it off, unless you know better, it’s command-line only. SnowflakeOS is building GUI tools around nix, but they aren’t like say Discover or the Gnome Appstore: you can’t install the GUI and have everything working - no, you need to figure everything out.
In short,
nixis absolutely nowhere close for desktop user adoption, much less mainstream linux adoption (dev, sysadmin, tester, or whatever other technical role exists).Flakes confuse me.
Guides online say “oh yeah just do this, it’s easy” and don’t mention flakes at all.
So I try the thing and it says ARE YOU removedING SURE, YOU IDIOT, YOU ABSOLUTE MORON, YOU CAN’T DO ANYTHING WITHOUT ENABLING FLAKES AND YOU HAVEN’T DONE THAT SO YOU CLEARLY DON’T DESERVE NICE THINGS but like, is there just no non-flakes version of that thing, what’s the point of having an option that’s not enabled by default if you can’t do anything without it on@moonpiedumplings@programming.dev shares my pain and also explained what I was doing wrong:
https://programming.dev/comment/7537131Flakes is still experimental. NixOS devs takes a bunch of time to release that. So most experienced users have enabled Flakes since years. Two different systems are available, which does not help ease of learning.
Right but like “be able to do anything” requires you to have Flakes enabled
Learning curve? I’ve meant to get around to it but my to do list is pretty big so far.
Nix is on the destinations to visit but the configurations are still confusing at a glance.
If you use Nix the imperative way (
nix profile blah), you don’t need to learn the Nix language at all, or write config files. Installing/removing/upgrading packages is just a single command, similar to other package managers.Eg:
- To search for
baton nixpkgs:nix search nixpkgs bat - To install
bat:nix profile install nixpkgs#bat - To upgrade all packages:
nix profile upgrade '.*'
Ref: https://nixos.org/manual/nix/stable/command-ref/new-cli/nix3-profile
Or just home-manager with a list of packages, and you avoid all of the issues imperative PMs have.
- To search for
Stop making a list and start with eg: Nix Pills
I’m going to go against the grain and say that the Nix and Guix package managers are very good, but they really belong in their respective distros where they’re a core part of the system. That’d be Guix System for Guix and NixOS for Nix.
They may have advantages for a foreign distro too, but they are lesser (Guix System can boot into a backup of the system before the last update, for example, but that advantage doesn’t exist on, say, Debian.
Also, can we agree to not recommend these systems to new users for the time being? While they’re very powerful, they’re absolutely designed for power users, and until they’re more polished and they have fancy GUIs and stuff for installation and package management, I think it’d be best to keep recommending normal distros like Debian for now.
You can do rollbacks if you’re using something like home-manager on a foreign distribution. It’s just a bit more janky admittedly.
Guix System can boot into a backup of the system before the last update, for example, but that advantage doesn’t exist on, say, Debian.
Yeah, why would I ever want to have bleeding edge userland packages on Debian? Nobody needs something like that or the option to rollback the entire update or pin specific versions of packages…
Also, can we agree to not recommend these systems to new users for the time being?
Did anyone do it in this thread? OP is literally just asking about a list of packages to home-manage. Beginners can most certainly handle it if they don’t need a gui to update their system.
No, nobody did mention it, I was just making a side-point.
I also said there are advantages to Guix/Nix on foreign distros.
deleted by creator
Nix packages are a pain to manage on non-nix systems and basically all documentation exists for nixos, not nixpkgs.
Dont know where you are getting this. Nixpkgs is a breeze to manage compared to apt repo. Also it does not matter if you are on nixos or non-nixos system, the only difference is that nix does not take care of services on its own. What kind of docs do you miss? Nix has its own extensive nix docs page, and for packaging you also have nixpkgs documentation page - also official and not much related to nixos itself. Also nix has quite good man pages.
I’m not saying it’s not easy, I’m saying there’s not really any documentation about it.
I had to figure out for myself that I needed to do symlinks to get menu entries for nix packages
I had to figure out for myself that I needed to do symlinks to get menu entries for nix packages
Home-manager: I didn’t have to touch anything to get PATH and XDG working, it’s all automated.
But you don’t get hardware graphics acceleration unless you use nixgl, and if you want to integrate it into home manager that breaks XDG entries, which I never figured out.
Also, you are illustrating the point of the commenter you replied to: nowhere on the official docs does it recommend home manager for non nixos systems, at least not when i was scrolling through them. I learned about home manager, nixgl, and the like via forum posts, either by finding them via a web search, or by asking myself.
For example, I only found code to integrate home manager with nixgl on the nixos discourse.
For example, I only found code to integrate home manager with nixgl on the nixos discourse.
Could you please share some examples? I tried searching the forum for it, but no luck.
Did some searching, also can’t find the original forum post lol.
https://github.com/nix-community/nixGL/issues/114#issuecomment-1585323281
and this: https://pmiddend.github.io/posts/nixgl-on-ubuntu/
The latter looks like what I originally used, but what I originally used broke the generated application menu entries.
But you don’t get hardware graphics acceleration unless you use nixgl, and if you want to integrate it into home manager that breaks XDG entries, which I never figured out.
Thanks, I didn’t know that.
Also, you are illustrating the point of the commenter you replied to
Oh yeah, this is a part of my reply to the OP:
The documentation is abysmal. I spent days trying to figure out how to use nix as a declarative package manager before I accidentally came across home-manager. Even the manual leads you down the wrong path. A quick start guide with a few examples for home-manager and flakes, and a few basic commands, would’ve had me going in 5 minutes. That problem is made worse by the fact that almost all sources of info focus on nixos instead.
And where in the documentation is that?
Nix docs are hot garbage, but I’m pretty sure it tells you to reboot when you finish installing either nix or home-manager. It didn’t appear to me in a dream.
to clarify, i was talking about home-manager
I maintain some software, and Nix is by far the hardest to deal with. To package config files are relatively complex, and to submit a package you have to download the entire Nix repo, which is huge. Getting a package to build correctly can be a challenge.
It’s a pretty large ask for software contributors, who may have to iteract with a half dozen different distros. Now, you could say, leave it to the distro people to do the packaging, but it remains a barrier for entry and is by nature exclusive.
I don’t use NixOS, so I have little motivation to stay conversant with Nix and, frankly, it’s so demanding I don’t bother anymore. I can make RPM, deb, and aur packages trivially, and without having to hold Gb of some package repo (which I otherwise don’t use) on my disk.
git clone --depth 1will clone a git repo without older stuff. Without this, the nixpkgs git repo is like 13-14 GB, but with a depth of 1, it’s only 200 mb.
Flatpaks are much better than AppImages because they don’t bring in all of their dependencies, they inherit them from a runtime.
it’s the way Nix works too
Yeah so I don’t know why OP is using that argument
Could you elaborate? I was under the impression that NixPkgs stored the hash of their dependencies and when launched create an environment to use them, this way two apps can share the same library when the version is the same.
Nix doesn’t do anything special when launched.
The way it works is very simple - instead of e.g. /usr/lib/libssl.so.3, binaries use /nix/store/openssl-…/lib/libssl.so.3. This is done at build time, not runtime.
It’s about Nixpkg, not Appimage.
the aur has everything I need
Part of the reason is that people are still finding out about it, Project has no marketing so it grows organically, in the last year the number of contributors grew by 25 percent.
Another problem is that it still needs polish in term of ease of use, for example it takes me forever to search for packages using the nix-env command but using the website it takes less then a second, That’s a basic feature that still does not work correct, Plus their documentation is still not great in my opinion, I actually helped improved it and the improvement they made is still not really good IMO.
It’s cause you’re not actually supposed to use nix-env: https://stop-using-nix-env.privatevoid.net/
You’re actually supposed to be using
nix search nixpkgs#packagenameto search andnix profile install nixpkgs#packagenameto install.However, to use both of those, you need to have the “experimental” (not really though, most of the community uses them) features of nix-command and nix flakes enabled, which they aren’t by default.
And of course, nowhere on the main documentation did I find any if that, I only found it via the pain of using it wrong, and forum posts.
Nix’s documentation is horrific. I’ve had situations where I only got help via discord…
TL:DR; they’re the package managers of the future, and I shill for them, but they’re still buggy in some areas.
Guix and Nix user here. For all I can shill about store-based file hierarchy, ephemeral environment isn’t perfect yet in both of these apps, at least from a GUI application perspective. It’s a bug that I’ve found in Nix, but that should also reflect in Guix. Basically, what’s happening here is that due to some impurity in the environment, it uses libraries from the system instead, and apps may stop working. This is a very serious issue, and is directly related to what you’re talking about. This problem hides itself when using GuixSD in Guix or NixOS in Nix, but in other foreign distro that have dated libraries, it is very much visible, and you’ll be forced to use outdated channels.
Of the future? They’re a duplicate of what Apple was doing with software as far back as the mid 90s.
Every ounce of performance we squeeze out of our hardware is replaced with pounds of bloat like this.
It’s fine for a utility or something you’ll hardly ever need to use, but running every day software like this is a complete waste.
There’s no bloat, nix are system packages
If there’s no bloat why is there a garbage collector?
The garbage collector removes all packages/derivations that are not (transitively) used any more. So it is similar to apt-get autoremove. I don’t think that classifies as bloat. You could just regularly run the garbage collector.
Rollback, reproducibility, safety.
Would you call btrfs snapshots or some other backup system bloat?
It actually serves an important purpose for the user. Meanwhile apt is leaving around random libraries and man pages you need to autoremove.
Having every application load their own version of a library into memory is bloat.
They don’t, they share the same library version if they were built against it.
Lots of software won’t even work if the library version is different, so it’s a benefit, not a downside
Right. That’s why you build the software against a common library version.
In which case it’s shared in NixOS and there’s no bloat
What do you mean? Apple doesn’t have a package manager at all. Brew is a removeding mess that takes ages to do anything.
The applications have binaries and libraries bundled for multiple arches. I wasn’t speaking to the package manager.
The way nix installs in my root directory in another distro is a no-go for me
deleted by creator
You’re not exactly comparing apples to apples here.
Flatpak and appimages tend to be used in any distro because they can just be downloaded in a one off manner and installed then you’re running the application (for the most part). They offer a manager of sorts but you don’t need it to use the packages.
For nixpkgs, whike I’m sure I can get a package from the sounds of the sizes the package covers only the application or the library, meaning I still need the dependencies.
So what exactly would make me the user trade my built in tools (apt/pacman/dnf) for nix? Keep in mind no matter how great you feel it is, you need to provide reasoning that motivates me to install and learn this new tool instead of the old ones I have.
Flatpak still depends on runtimes though, I have a few different runtimes I had to install just because of one or two flatpaks that required them (like for example I have both the gnome and kde flatpak runtimes, despite not running either of those desktop environments)… and they can depend on specific versions of runtimes too! I remember one time flatpak recommended me to uninstall one flatpak program I had because it depended on a deprecated runtime that was no longer supported.
Also, some flatpaks can depend on another flatpak, like how for Godot they are preparing a “parent” flatpak (I don’t remember the terminology) that godot games can depend on in order to reduce redundancies when having multiple godot games installed.
Because of those things, you are still likely to require a flatpak remote configured and an internet connection when you install a flatpak. It’s not really a fully self contained thing.
Appimages are more self contained… but even those might make assumptions on what libraries the system might have, which makes them not as universal as they might seem. That or the file needs to be really big, unnecessarily so. Usually, a combination or compromise between both problems, at the discretion of the dev doing the packaging.
The advantage with Nix is that it’s more efficient with the users space (because it makes sure you don’t get the exact same version of a library installed twice), while making it impossible to have a dependency conflict regardless of how old or new is what you wanna install (which is something the package manager from your typical distro can’t do).
All of these points are completely correct and paint an accurate picture of the inherent issues with both technologies.
My intent with my earlier comment was to show how flatpaks and appimages were different from traditional package managers at a high level so I could ask what made nixpkgs different from something I felt and still kinda feel is a more accurate comparison which are traditional package managers like apt etc.
The big selling point to me now is that nixpkgs seem to work similarly to virtualenvs from Python which is cool.
For nixpkgs, whike I’m sure I can get a package from the sounds of the sizes the package covers only the application or the library, meaning I still need the dependencies.
When you download/build a nix package, nix will absolutely also download all necessary dependencies.
So what exactly would make me the user trade my built in tools (apt/pacman/dnf) for nix?
Getting a shell with a specific package as a one off. Want ffmpeg?
nix-shell -p ffmpegopens a shell with ffmpeg in its path, and only that shell has it.Along with that, that means users can install packages for themselves. Limited use for single-user systems, but nonetheless it’s possible.
Per-project dependencies. Pretty much the same as above, but the dependencies are declared in a file which is part of the project. In many cases that same file can also be used as a nix package itself, like any other in nixpkgs. Very useful if you write software yourself. Here’s an example.
Being a source-based package manager with a cache means that you get all the benefits of prebuilt packages but can easily patch or use other versions of a package, with no difference in use (other than that it will build it locally instead of downloading from the cache).
On a distro with a different main package manager I would probably mainly use it for per-project dependencies though.
I often stumble on this example of nix usage - a one-off shell with a a specific package. This is such a niche and seemingly unimportant use case, that it’s really strange to have it mentioned so often.
Like literally what’s the point of having a shell with ffmpeg? Why not simply install it? Even if you need something just once, just install it and then uninstall it, takes like 10 seconds.
The other use case that is often brought up is for managing dev environments, but for a lot of popular languages (Python, Node, Java, Rust, etc. ) there are proven environment management options already (pyenv and poetry, nvm, jenv, rustup). Not to mention Docker. In the corporate setting I haven’t seen nix replacing any of these.
From my limited experience using home manager under Linux and macOS:
- GUI app shortcuts work in neither of the OSs
- error messages are about as readable as the ones you get for C++ templates
- a lot of troubleshooting searches to unsolved GitHub issues
All in all nix seems like a pretty concept but not too practical at the moment.
Even if you need something just once, just install it and then uninstall it, takes like 10 seconds.
apt install foo && apt remove fooThat’s essentially what
nix-shell -pdoes. Not a special feature of nix, just nix’s way of doing the above.Actually using it though is pretty convenient; it disappears on its own when I exit the shell. I used it just the other day with
nix-shell -p ventoyto install ventoy onto an ssd, I may not need that program again for years. Just used it with audible-cli to download my library and strip the DRM with ffmpeg. Probably won’t be needing that for a while either.The other thing to keep in mind is that since Nix is meant to be declarative, everything goes in a config file, which screams semi-permenant. Having to do that with ventoy and audible-cli would just be pretty inconvenient. That’s why it exists; due to how Nix is, you need a subcommand for temporary one-off operations.
I often stumble on this example of nix usage - a one-off shell with a a specific package. This is such a niche and seemingly unimportant use case, that it’s really strange to have it mentioned so often.
It’s probably one of the simplest things you can do with it that isn’t really possible with other package managers and also doesn’t require explaining any internals, I guess that’s why.
I could also tell you about easily being able to build statically linked binaries or cross-compile (or both) with the same package definition without having to do any extra work, that might be more impressive.
The other use case that is often brought up is for managing dev environments, but for a lot of popular languages (Python, Node, Java, Rust, etc. ) there are proven environment management options already (pyenv and poetry, nvm, jenv, rustup).
Yeah, and neither of them considered that it might be important to deal with software written in other languages. Want to link against a C library in a Rust project? Run some tool as part of NPM build step? Screw you, install it manually from elsewhere or your build fails. The only one that I know does do this is OCaml’s OPAM, which does have a lot of non-OCaml software packaged. (Also at least the latter three seem to be only for setting up the language itself. What is this, a package manager for a single package?)
Not to mention Docker.
Meh, Docker is kind of a joke. Sure, it solves the problem of dependencies, but in possibly the stupidest way possible bar shipping a VirtualBox image. A lot of prebuilt images are x86_64 only. It needs to run a Linux VM on Mac and Windows (tbf Nix doesn’t have a native Windows version at the moment either, you need to run it in WSL, but people are working on that). So that means running at native performance on an ARM Mac, which are quite common for development I think, is out from the start. It also adds a lot of complexity to your environment due to wrapping everything in a container if you just want to have a couple tools. You don’t get your nicely configured shell, other system tools, anything else inside the container. I haven’t ever tried it but you probably also need special support from any IDE you want to use.
(And not to mention most Dockerfiles being absolutely not reproducible, but you can solve that… with Nix :^) )
- GUI app shortcuts work in neither of the OSs
On Linux I think you need to link ~/.local/share/applications to home-manager’s share/applications. Not sure about Mac, its GUI kind of hates symlinks and Nix uses a lot of symlinks. Spotlight doesn’t read anything behind symlinks at all, for example, and Launchpad resolves them so after a package update it will not pick up the new versions because it’s still looking at the old path.
- error messages are about as readable as the ones you get for C++ templates
Unfortunately true, yeah. I also think this isn’t really a problem that can be solved due to Nix being a dynamically typed language that has everything be an expression (so there’s no fixed structure whatsoever) and also using lazy evaluation everywhere. Three components that all decrease the capability for useful error messages and debugging, and together… yeah it can get pretty bad.
- a lot of troubleshooting searches to unsolved GitHub issues
Really? This hasn’t been my experience at all. There’s a couple like that, sure, like the build sandbox on Mac, but they’re rare. And usually people in the community channel know a workaround :^)
Like literally what’s the point of having a shell with ffmpeg? Why not simply install it? Even if you need something just once, just install it and then uninstall it, takes like 10 seconds.
The last time I used it, I needed arandr just to create a layout with a new monitor. Why would I install it, use it, remove it, and then auto remove the leftovers when I can just run a single line to use it once and forget about it? My old installs were littered with random crap like that that I’ve used once and forgot to remove.
The other use case that is often brought up is for managing dev environments, but for a lot of popular languages (Python, Node, Java, Rust, etc. ) there are proven environment management options already (pyenv and poetry, nvm, jenv, rustup).
Here’s the last time I used it: I needed to compile some rust binary but I don’t have rust or cargo installed. Since the repo has a nix flake, I was able to clone it, cd into the directory, run “nix develop”, and start compiling. Much easier than having to find and install all of the compile time dependencies, and then remove them a minute later.
Besides that, there’s a reason why python has different 20 venv packages: they’re all crap. Nix is a better alternative and leaves you with a single dependency for every OS.
Not to mention Docker. In the corporate setting I haven’t seen nix replacing any of these.
Declarative package management definitely has it’s benefits, and nix has been growing in that space ever since they’ve added the option to generate docker images from nixos configs. It’s not meant to replace docker, just to give you an option to create finely tuned base images.
GUI app shortcuts work in neither of the OSs
Home-manager on Debian: no manual set up was required.
error messages are about as readable as the ones you get for C++ templates
They can get overly long, but perfectly raadable if you start from the bottom.
All in all nix seems like a pretty concept but not too practical at the moment.
Nixos sure, but with nix I get the same bleeding edge userland packages on Debian and whatever else I’m running at the time. It’s just a list of packages, but it makes life so much easier.
So it sounds like nixpkgs is more akin to virtualenvs in Python rather than a traditional package manager. Is that an accurate statement?
If so, I’d recommend that be your selling point because that’s some powerful security.
Virtualenvs for everything that don’t duplicate resources and are reproducible.
Nixpkgs: the official nix repository
Nix shell: only creates a venv with extra packages
Nix develop: full environment configuration on top of nix shell, so you can for example set up project specific envars
Besides that, nix can also work for regular userland packages as an:
-
imperative package manager (same style as apt install)
-
declarative package manager (you make a list of packages, nix/home-manager ensures they’re installed)
The selling point for me is that I can just write a list of packages, and have the bleeding edge versions installed on top of Debian. I can git that list and have all of my packages available on every device, no matter the os or distro.
Won’t lie I’m getting sold on this via this discussion
Here’s a part of my other comment because the docs are horrible:
It’s just a list of packages, and an optional flake to control the repositories (stable/unstable) and add packages from outside of the official ones.
To update everything nix related I just run:
cd ~/dotfiles/nix/ && nix flake update && home-manager switchIt took me days to get to that point simply because you need to trawl through outdated and nixos resources. Those examples + home-manager manual will get you going in 10 minutes.
-
For development, yeah you’re supposed to use it like that, as opposed to installing dependencies systemwide. I don’t think you can even really do that on NixOS.
However, it has nothing to do with security though, but rather dependency isolation, so you can use one version of library X for one project and another for the other without them conflicting.
I mean, security is an unintended outcome of it. Any kind of isolation of packages provides a level of security.
Ehhhh, security by obscurity if anything. Every downloaded or built nix package is in /nix/store and readable for every user.
docker run --rm -ti -v "${PWD}:${PWD}" -w "${PWD}" ffmpeggets me most of the way there. I alias commands like this all the time.
Pacman (and paru and the AUR) and chezmoi works fine, I don’t see any reason to switch.
