Musings on Nix(OS) after migration
Dec 31 2023
I've recently switched large parts of my infrastructure towards NixOS, after first trying Nix on my then-Arch-based workstations.
At this point, I've got 3 servers (including the one that served you this page!) as well as both of my personal desktop systems migrated to NixOS, and I thought it was time to maybe write a retrospective for myself.
The original impulse to try Nix (for the second time, after a failed attempt last year) was meeting a very nice and fluffy person that is part of the Nix team, and has a lot of experience using it.
With their help (<3) I initially slowly converted my dotfiles repository from a simple git repo into Home Manager running under Arch, and was quickly convinced by the approach.
The obvious next step was to try NixOS; the small VPS that hosts this site was the perfect thing to try with and I was *very* quickly convinced by it.
After coming from other, imperative distros and having used Ansible to try and keep the messiness of configuration in check, NixOS and it's declarative approach is a massive breath of fresh air. I do not see myself returning to any other distro at this point.
With my personal story out of the way, here are what I consider to be the things that Nix(OS) excels at:
- Declarativeness. Just specifying what you want in your configuration and having the OS figure out the rest feels magical at times.
- Having a full, functional programming language. Nix makes writing complex configuration very easy, without duplication.
- Robustness. I have not had any other distro where I never had to fear about breaking a system with a config change; but with NixOS rollback is trivially easy.
- No configuration drift: Having all of your configuration derived from Nix is very powerful.
- Easy to deploy. Using various tools in the ecosystem (see below), I can manage to deploy a system booted into a NixOS LiveCD in 5 minutes, including all configuration.
Sadly, it's not perfect:
- Bad documentation. This is why my attempt last year died, and it's still an issue to this day. Without an experienced Nix user to help me, I probably would not have invested the time to really make the most of Nix and learn it's quirks.
- Very fast release cycle. Mainly an issue for servers, but new releases happen every 6 months and previous ones are usually deprecated after just one month.
- Slow-to-update packages. Nixpkgs is overall great and packages almost everything you could want, but sometimes important updates take a long time (my music player has not been installable for a month since the version nixpkgs is still on has an insecure depedency!)
- Heavy. The approach of the store means that Nix does take more storage space than other distros.
- Flakes. They're a great feature and I use them basically everywhere, but they've been experimental for a long time and I wish the ecosystem would finally fully move to them. The current split between "old" channels-based Nix and flakes can sometimes be a bit cumbersome.
Nix has a great ecosystem, some of the tools I like and use:
- Nixfmt. Not much to say here, it's a good formatter.
- Colmena. Works great for deploying to all my hosts, very happy with it.
- Home Manager. Of course.
- Agenix. Works great for securely storing secrets.
- Disko. Very useful especially for bulk deploying VMs.
Overall, NixOS and it's approach is great and shows lots of promise, even if Nix itself has a lot of jagged edges and could be improved. I'm excited to move the remaining systems I still have on Alpine to NixOS in the coming weeks, and I'm already really happy with what I've been able to write thanks to the expressiveness of Nix, and wonder how I ever managed to survive with Ansible.
My configuration for everything, packaged in a flake, can be found here.> cd ..