NixOS

NixOS

Developer	NixOS contributors (NixOS Foundation[1][2])
Written in	Nix expression language
OS family	Linux (Unix-like)
Working state	Current
Source model	Open source
Initial release	0.1 / June 3, 2003; 20 years ago (2003-06-03)
Latest release	23.05[3] / May 31, 2023; 49 days ago (2023-05-31)
Repository	github.com/NixOS/nixpkgs
Marketing target	General purpose
Package manager	Nix
Platforms	i686, x86-64, ARMv7, AArch64
Kernel type	Monolithic (Linux kernel)
License	MIT[4]
Official website	nixos.org

NixOS is a Linux distribution built on top of the Nix package manager. Its declarative configuration allows reliable system upgrades^[5] via several official channels of significant size and stability.^[6][7] NixOS has tools dedicated to DevOps and deployment tasks.^[8][9]

In short, some of the benefits of NixOS over other Linux distributions are:

• Abstraction: The different software packages making up a system can all be configured using the single Nix language syntax.
• Reproducible builds: A replica of a current system can be created on any machine with one config file.
• Atomic upgrades: System upgrades involve less risk of breakage, and if something does go wrong, it is simple to roll back to the previous state.
• Immutability: The software making up a given system configuration cannot be changed once it has been built, preventing accidental or malicious modifications.
• Nix package manager: Packages can be installed without affecting the rest of the system, and can be tested without installing.

History

In 2003, Eelco Dolstra started NixOS as a research project.^[10][11] In 2015, the Stichting NixOS (limited-liability organization) was founded, aiming to support projects like NixOS that implement the purely functional deployment model.^[12]

Versions

NixOS publishes releases biannually around May and November.^[13][14] Version numbers follow the format "YY.MM" – for instance, "20.03" was released in March 2020. Each version of NixOS also has a name, such as "Markhor" for the 20.03 release.

Features

Declarative configuration model

In NixOS, the entire operating system – including the kernel, applications, system packages, configuration files, and so on – is built by the Nix package manager from a description in a functional build language. This means that building a new configuration cannot overwrite previous configurations.^[15]

A NixOS system is configured by writing a specification of the functionality that the user wants on their machine in a global configuration file. For instance, here is a minimal configuration of a machine running an SSH daemon:^[16]

{
  boot.loader.grub.device = "/dev/sda";
  fileSystems."/".device = "/dev/sda1";
  services.sshd.enable = true;
}

After changing the configuration file, the system can be updated using the nixos-rebuild switch command. This command does everything necessary to apply the new configuration, including downloading and compiling packages, and generating configuration files.

Reliable upgrades

Since Nix files are pure and declarative, evaluating them will always produce the same result, regardless of what packages or configuration files are on the system. Thus, upgrading a system is as reliable as reinstalling from scratch.

Atomic upgrades

NixOS has a transactional approach to configuration management, making configuration changes such as upgrades atomic. This means that if the upgrade to a new configuration is interrupted – say, the power fails half-way through – the system will still be in a consistent state: it will either boot in the old or the new configuration. In other systems, a machine might end up in an inconsistent state, and possibly be unable to boot.^[17]

Rollbacks

If, after a system update, the new configuration is undesirable, it can be rolled back using a special command (nixos-rebuild switch --rollback). Every system configuration version automatically shows up in the system boot menu. If the new configuration crashes or does not boot properly, an older version can be selected. Rollbacks are lightweight operations that do not involve files being restored from copies.

Reproducible system configurations

NixOS's declarative configuration model makes it easy to reproduce a system configuration on another machine. Copying the configuration file to the target machine and running the system update command generates the same system configuration (kernel, applications, system services, and so on) except for parts of the system not managed by the package manager, such as user data.

Source-based model with binary cache

The Nix build language used by NixOS specifies how to build packages from source. This makes it easy to adapt the system to user needs. However, building from source being a slow process, the package manager automatically downloads pre-built binaries from a cache server when they are available. This gives the flexibility of a source-based package management model, with the efficiency of a binary model.^[18]

Consistency

The Nix package manager ensures that the running system is consistent with the logical specification of the system, meaning that it will rebuild all packages that need to be rebuilt. For instance, if the kernel is changed, then the package manager will ensure that external kernel modules will be rebuilt. Similarly, when a library is updated, it ensures that all the system packages use the new version, even packages statically linked to it.

Multi-user package management

There is no need for special privileges to install software in NixOS. In addition to the system-wide profile, every user has a dedicated profile in which they can install packages. Nix also allows multiple versions of a package to coexist, so different users can have different versions of the same package installed in their respective profiles. If two users install the same version of a package, only one copy will be built or downloaded. Nix's security model ensures that this is secure, because only the users explicitly trusted by the system configuration are allowed to use build parameters that would allow them to control the content of a derivation's output (such as adding impurities to the sandbox, or using an untrusted substituter).^{[clarification needed]} Without those parameters, paths can only be substituted from a substituter trusted by the system, or a local sandboxed build which is implicitly trusted.

Implementation

NixOS is based on the Nix package manager, which stores all packages in isolation from each other in the package store.

Installed packages are identified by a cryptographic hash of all input used for their build. Changing the build instructions of a package modifies its hash, and that will result in a different package being installed in the package store. This system is also used to manage configuration files, ensuring that newer configurations are not overwriting older ones.

An implication of this is that NixOS doesn't follow the Filesystem Hierarchy Standard. The only exceptions are that a /bin/sh symlink is created to the version of bash in the Nix store (e.g. /nix/store/s/5rnfzla9kcx4mj5zdc7nlnv8na1najvg-bash-4.3.43/), and while NixOS does have an /etc directory to keep system-wide configuration files, most files in that directory are symlinks to generated files in /nix/store, such as /nix/store/s2sjbl85xnrc18rl4fhn56irkxqxyk4p-sshd_config. Not using global directories such as /bin is part of what allows multiple versions of a package to coexist.

Reception

Jesse Smith, reviewing NixOS 15.09 for DistroWatch Weekly,^[19] wrote:

I very much like the way NixOS takes the worry out of upgrading packages by placing each change in its own "generation" and I found, from the end user's point of view, NixOS worked just the same as any other Linux distribution. Setting up NixOS is not for beginners, and I do not think NixOS is intended to be used as a general purpose desktop operating system. But what NixOS does do is give us a useful playground in which to examine the Nix package manager and I think this is very interesting technology which deserves further exploration and adoption by additional distributions.

DistroWatch Weekly also has a review^[specify] of NixOS 17.03, written by Ivan Sanders.^[20]

A 2022 review of NixOS 21.11 "Porcupine" in Full Circle magazine concluded:

Overall NixOS Gnome 21.11 impresses as serious, neat and elegant. If you are a fan of the unmodified Gnome desktop, then you will find a lot to like here. The downside of this distribution is the steep learning curve for package management, including updates and the like. No matter which distribution you come from, you will have much to learn to be able to make Nix work well for you on the command-line."^[21]

See also

• GNU Guix System – An operating system built on GNU Guix that is inspired by Nix^[22]

References

1. "Community - nixos.org". Archived from the original on 2022-09-23. Retrieved 2022-09-23.
2. "NixOS/nixos-foundation - Github". GitHub. Archived from the original on 2022-09-23. Retrieved 2022-09-23.
3. ""NixOS 23.05 released"".
4. "nixpkgs/COPYING at master · NixOS/nixpkgs · GitHub". Github.com. Retrieved 2015-09-19.
5. "DistroWatch.com: NixOS". Distrowatch.com. Retrieved 2015-09-19.
6. "Nix channels - NixOS Wiki". nixos.wiki. Retrieved 2022-02-10.
7. "NixOS Infra Status". status.nixos.org. Retrieved 2022-02-10.
8. "NixOps - The NixOS Cloud Deployment Tool". Nixos.org. Retrieved 2015-09-19.
9. "svanderburg/disnix". Nixos.org. Retrieved 2015-09-19.
10. Dolstra, Eelco (2003). "Integrating Software Construction and Software Deployment" (PDF). Lecture Notes in Computer Science. 2649: 102–117. doi:10.1007/3-540-39195-9_8. ISBN 978-3-540-14036-8. Archived from the original (PDF) on 2019-04-21.
11. Dolstra, Eelco (2006). The Purely Functional Software Deployment Model (PDF) (Ph.D.). Archived from the original (PDF) on 2019-06-09.
12. "Stichting NixOS Foundation". Nixos.org. Retrieved 2015-09-19.
13. "Governance". Nixos.org. Archived from the original on 2020-08-16. Retrieved 2020-08-28.
14. "Nix RFCS (Request for Comments)". GitHub. 17 December 2021.
15. Dolstra, Eelco; Hemel, Armijn (2007-05-07). Purely Functional System Configuration Management (PDF). 11th USENIX workshop on Hot topics in operating systems. San Diego, California, USA: USENIX Association. Archived (PDF) from the original on 2020-07-10. Retrieved 2023-07-19.
16. "About NixOS". Nixos.org. Retrieved 2015-09-19.
17. van der Burg, Sander; Dolstra, Eelco; de Jonge, Merijn (2008-10-20). Atomic Upgrading of Distributed Systems (PDF). 1st International Workshop on Hot Topics in Software Upgrades. Nashville, Tennessee, USA: Association for Computing Machinery. doi:10.1145/1490283.1490294. ISBN 978-1-60558-304-4. Archived (PDF) from the original on 2021-11-13. Retrieved 2023-07-19.
18. Dolstra, Eelco (2005-11-07). Secure Sharing Between Untrusted Users in a Transparent Source/Binary Deployment Model (PDF). 20th IEEE/ACM International Conference on Automated Software Engineering. Long Beach, California, USA: Association for Computing Machinery. doi:10.1145/1101908.1101933. ISBN 978-1-58113-993-8. Archived (PDF) from the original on 2021-11-13. Retrieved 2023-07-19.
19. DistroWatch Weekly, Issue 637, 23 November 2015
20. DistroWatch Weekly, Issue 712, 15 May 2017
21. Hunt, Adam (28 October 2022). "Review - NixOS" (PDF). Full Circle magazine. Archived (PDF) from the original on 28 October 2022. Retrieved 28 October 2022.
22. "About — GuixSD". www.gnu.org. Retrieved 2018-05-03.

External links

• Official website
• NixOS at DistroWatch
• Nix packages repository
• Unofficial NixOS Wiki