sign in sign up
<<
Home , Alpine Linux, Antergos, Composer (software), Crux, Deb (file format), Dependency hell

Nix(OS) - Revolutionizing packaging and configuration management!

The Purely Functional Distribution

1 Before we begin (FYI) Ask questions at any time Please ask lots of questions :) The slides contain some redundancy There are a few optional slides at the end Please give me feedback Louder Faster/slower More/less details Etc.

2 About me Michael Weiss aka. primeos Computer science student at the University of Tübingen I love free soware, etc. First nixpkgs commit: 2016-10-05 I maintain ~41 packages and ~3 modules (2018-06-08) I also love (i.e. no more details :P) Email: [email protected] (#privacy)

3 Main components Nix ( manager) Nixpkgs (Nix packages collection) NixOS () NixOps (DevOps / cloud deployment tool)

4 Nix* ISO/OSI model NixOps NixOS Nixpkgs Nix

5 Other tools (Nix based continuous build system) Disnix (distributed services deployment) PatchELF (change dynamic linker and RPATH) {,go,node,,python,pypi,,hex,bower,vim,...}2

6 History Started as a research project (with funding) First paper in 2004 (many will follow) Nix developed by Eelco Dolstra as part of his PhD research (~2003) First NixOS prototype developed by Armijn Hemel as his master's thesis project Hydra developed as part of the LaQuSo Buildfarm project

7 Timeline 2003: (research begins) 2007: NixOS becomes usable + x86_64 support 2008: Website moved to .org 2009: Nix logo + Nix(OS) build on Hydra 2011: Migration from Subversion to (Hub) 2013: Switch from to + NixOps 1.0 release 2015: NixOS Foundation + First NixCon (Berlin) 2017: Second NixCon (Munich) 2018: Third NixCon (London)

8 Repology (2018-06-08)

30000 nixpkgs unstable

nixpkgs stable y o t i s o p e r

n i

s e

g FreeBSD Ports a k

DPorts Raspbian Testing a Debvuiaann UUnnssttaabblele p

h Rolling PuDrebOiSaPn ala rTrneodstitningg s Fedora Rawhide e

r PureOS green

f CRAN

Hackage

f Fedora 28 18.04 o

r e

b Fedora 27 AUR m

u UbunDteue 1p7in.10

N Fedora 26 Gentoo Raspbian Stable ALT Sisyphus CPAN DPeabrvdiuauansn S Tteasbtlieng Cauldron Funtoo Rosa 2016.1 current TrisUqbuuenlt 8u. 016.04 ArchManjaro Unstable Rosa 2014.1 MParnajbarooloa TSpeteasntbiSonleUpgeSnES TUuSmEbp Llkegwasperc e1-d250.018Q1 pkgsrc-2017Q4 Raspbian Oldstable pkgsrc-2017Q3 Debvuiaann OSltdasbtlaeble pMkaggsrecia-2 6017Q2 TrUisbquunetlu 7 1.04.04 OpenBSD PorMtsacPortspkgsrc-2017Q1 OpenMandriva Cooker SlackBuilds LHionmuxebbrreewwGNU Guix PCLinuxOS TriUsqbuuenlt u6 .102.04 Edge openSUSE Leap 42.3 RubyGems HyperobpoelanSUSE Leap 42.2 SStatacckkaaggee NA LiOTgSh CtHlyaskEePllEL 7 Ravenports EPEL 6 KYaAOCSP Orel CRHUaXi kB3Cul.aeRP3ocnGkrtstoOAasbr S Scmo he7Larinvsuteexrr 7.3 ScWoOCiokpRhpideoUacnXotI Rnal3aod.t2sieaayn Sae prvaeckr a6g.9es DDRcKKDiVGroPLEaesfDaecprDEtMOnbterEpbeDnt eoS s Mwk iFnOtsnbEWa hoguB.Suaei pnicaostDouUrloCe rtin etEieouSindeclm xdbnvES heMn Upi ek t.taFGacesO rdenAxMonlebrauiaSd 8imaRArdlrImOby ePo6 rM6LU l Srice_TPdBva hn6 sSeXCsa2 6s 4tnRS oTc4at34tuakrcKlbo. tmwapbxgceolelolehxeb rni BltdAeesae9wrci ecVkepFdoPrvt3s 0 PGTFAURCMTGSaLAPUGaSMLr-lRrnlLruePbilanLiDerlMXnipKOeiarHnsMitPlcSLOdbXsuiMlytbnasitrea iunDtqycXphitEMaqDtSirLeni oXDpa bu xer DXuLsdxeE iDFuitMrigteky -oxTLn edl it-axg ieuFnL b1eaMyEnboa1u ilnaubR malivnosulMb W6ltusM nb7P W1e ZYix ei8Pms1X 6iuYZtn7 XxoaOiulTZY 8romiXSe Ma.nil7ex.rftM.noe 0knOex.o0eStsM kt .nt0stogn 1ksa w0M Xtrs SankE tbMit1 DX4 -eybaki 781g5ar t-Feyia igLFXar7neuy1- tlkab-X7eil. rtec TPl1yn -c0231x.teginT6l cry-vT.e7d1hlrdTy7 nkeg23185ekmo Tse5opTtUSsw 56e.pas trsoTe0mrxatoti sn_oaemtoniaTs1i8rnr6tiernsr i es7gt nibst 26tag24tnitgsaxe1lsgntla8i4567se8gt nrdxgbti76gnexle1egrtx abxeta 0 Number of packages in repository 44000

9 Problems of classical package managers Upgrades/configuration changes destructively update the system state (overwriting files in sequence -> temporary inconsistency) State -> nondeterministic builds -> not reproducible Different versions of a binary Package conflicts No rollbacks No configuration management

10 Nix(OS) Atomic upgrades/rollbacks (soware & configuration) Multiple versions of a package (side-by-side, e.g. testing a new Apache version) Deterministic & Reproducible builds Reliable upgrades (and rollbacks - configuration bound to correct soware version + service reloads/restarts) Reliable channel upgrades/rollbacks (e.g. 17.03 -> 17.09) Unprivileged users can securely install soware

11 Being functional Classically: Imperative configuration Stateful changes (-> , inconsistent states, etc.) NixOS: Declarative configuration Packages/Configuration = immutable values (Complete) rebuilds instead of destructive updates Referential transparency (~an expression always evaluates to the same result)

12 Problems Lacking manpower/workforce (e.g. for better testing/security/documentation) Not all packages are reproducible (2016: 12.8%) Running pre-compiled binaries Scripts with hard-coded paths don't work No GUI for package/configuration management No LTS releases or super stable (i.e. old :P) branches Not all use-cases or configuration options supported Some tricks available + PRs welcome ;)

13 Nix A purely functional package manager (transparent source/binary deployment) Secure multi-user support Stores packages in the Nix store (/nix/store by default) Each package has it's own unique identifier/ E.g. qn96dbgqdryaw38zw6v08da34q5v4qz3-git-repo-1.12.37 (cryptographic hash, name, version) Enables multiple versions & binary substitutes "Forces" complete dependencies

14 Nix expressions / Nix expression language A DSL (not a GPL!) Describes graphs of build actions ("derivations") Packages, compositions of packages, configurations, ... Dynamically typed ("Nix won't be complete until it has static typing." @edolstra) - https://typing-nix.regnat.ovh/ Lazy (a very important feature!) Purely functional (no side-effects, immutable store) Turing complete (e.g. Dhall is not -> dhall-nix)

15 nix-repl Demo

16 Nixpkgs (the Nix packages collection) Main GitHub repository (permissive MIT/X11 license) Contains definitions of packages (Nix) and modules (NixOS) Also contains tests, functions, etc. Different branches (rolling: master, stable: release-YY.MM) Build and tested by Hydra (+ uploaded to binary cache) Distributed through (nixpkgs-)channels (nixpkgs-unstable, nixos-unstable(-small), nixos-YY.MM(-small))

17 An example Nix package (pgpdump)

pgpdump = callPackage ../tools/security/pgpdump { };

{ stdenv, fetchFromGitHub , supportCompressedPackets ? true, zlib, }:

stdenv.mkDerivation rec { name = "pgpdump-${version}"; version = "0.32";

src = fetchFromGitHub { owner = "kazu-yamamoto"; repo = "pgpdump"; rev = "v${version}"; sha256 = "1ip7q5sgh3nwdqbrzpp6sllkls5kma98kns53yspw1830xi1n8xc"; };

18 Dependency graphs pgpdump's runtime dependencies: nix-store -q --graph $(nix-store --realise $(nix-instantiate -A pgpdum

glibc-2.25-49

bzip2-1.0.6.0.1 zlib-1.2.11

pgpdump-0.32

19 nix-env (manipulate or query Nix user environments)

https://nixos.org/nix/manual/figures/user-environments.png

20 nix-shell Demo

21 NixOS Implements a declarative and purely functional system configuration model Based on Nix (package + configuration management) NixOS modules (separation of concerns) Form the full "system configuration" { config, pkgs, ... }: { options = { nested attribute set of option declarations using mkOp config = { nested attribute set of option definitions }; }

22 An example NixOS module

{ config, lib, pkgs, ... }: with lib; let cfg = config.programs.vim; in { options.programs.vim = { defaultEditor = mkOption { type = types.bool; default = false; description = '' When enabled, installs vim and configures vim to be the defaul using the EDITOR . '';

23 Another example NixOS module

{ config, lib, pkgs, ... }: with lib; let cfg = config.services.monetdb; in { meta.maintainers = with maintainers; [ StillerHarpo primeos ];

###### interface options = { services.monetdb = {

enable = mkEnableOption "the MonetDB server";

24 An example NixOS configuration

{ config, pkgs, ... }:

{ system.nixos.stateVersion = "18.03";

nix.useSandbox = true;

boot.kernelPackages = pkgs.linuxPackages_latest;

i18n = { consoleFont = "Lat2-Terminus16"; consoleKeyMap = "de"; defaultLocale = "en_US.UTF-8"; };

25 Nixpkgs overlays self: super: # self: Final package set / fixed-point result (use as dependencies) # super: Previous evaluation result { nix = super.nix.override { storeDir = "${}/store"; stateDir = "${}/var"; }; boost = super.boost.override { python = self.python3; }; rr = super.callPackage ./pkgs/rr { stdenv = self.stdenv_32bit; }; }

26 NixUP & co. Nix User Profile Manage $HOME

27 Community A great & kind community (overview) nix-devel mailing list Discourse (Forum): discourse.nixos.org Bugs and PRs via GitHub (Nixpkgs) #nixos on irc..net Blogs (NixOS planet) Local meetups (e.g. in Stuttgart) NixCon Commercial support via consulting companies

28 Learning Learn X in Y minutes, where X=nix A tour of Nix By Joachim Schiele & Paul Seitz from Tübingen ;) Unofficial user's wiki Manuals (Nix, Nixpkgs, NixOS, and NixOps)

29 Nix Pills A ported version of the Nix Pills (a series of blog posts) A tutorial introduction into the and Nixpkgs package collection In the form of short chapters called 'pills' https://nixos.org/nixos/nix-pills/

30 Trying out Nix* Use Nix side-by-side with your regular package manager: curl https://nixos.org/nix/install | sh Experiment with nix-env, nix-shell, nix-repl, etc. Try out NixOS (e.g. VirtualBox demo appliance) Install NixOS

31 Thank you :)

Questions? Feedback Discussion

32 License For the content of these slides Public domain CC0 1.0 Universal (CC0-1.0) Doesn't apply to external sources like images Some quotes, notes, etc. are from other sources (this can hopefully be considered fair use) Framework: reveal.js MIT (see https://github.com/hakimel/reveal.js)

33