Samuel W. Flint

A tech and academic blog

Using NixOS

Like most GNU/Linux users, I'm a partisan in the Grand Distribution War. I have my preferences, and I've talked about them before here and here. I started with Ubuntu, moved to Fedora/CentOS and finally it seems, have settled on NixOS for most of my systems.

Why NixOS?

NixOS is very different from other distros. For one, packages are managed very differently, primarily declaratively rather than interactively or imperatively. But there are a number of other reasons:

  • A NixOS Configuration is reproducible – more or less. Currently, there's a bit of flexibility in actual reproducibility (if one is tracking unstable, there are fairly rapid changes which means that it's not necessarily as easily reproducible), but there's a feature (flakes) in the pipeline to make it more truly reproducible.

  • NixOS Configuration handles (almost) everything, system-wide. I'm able to configure all of my system services in one place, to the point of even (for one server) needing only a single file to configure an entire Gogs instance.

  • NixOS makes overriding packages easy. Say, for instance, I want a more recent version of a python package. Much of what's required to do that is just overriding a source declaration, specifying the new revision and SHA256 sum. More complex overrides are also possible, and often still quite simple to do.

  • Any user can install software. Not only can any user install software (assuming it's either built locally or available from an approved binary cache), he can create a new temporary environment with packages available that disappears (kinda) when it's exited.

  • Software can be transparently built in a distributed fashion. Configuration of another machine as a remote build host and additional binary cache takes about a dozen lines, and then it just works.

  • There's only one format needed to describe how to build packages across many languages, which can then be built on multiple platforms. Each language has some special tooling, but it's all built using the same language, and for the most part, the same patterns.

How I Use NixOS

Daily Use

On my laptop and desktop, I use a single git repo which contains a number of files for specific settings or groups of functionality. These are imported as necessary on my laptop and desktop, with the biggest difference between them being host name.

Servers & Services

I've got a few of my servers running NixOS, sadly, not yet all. In particular, I use NixOS to manage the following:

  • WireGuard VPN – Using NixOS makes managing WireGuard even easier than normal, since all of the relevant information can be stored in a JSON file and loaded on build-time.

  • Git Hosting – I had previously used GitLab on a CentOS system, but it was slow, hard to update, and only worked half the time it seemed. Now, using NixOS and Gogs, I have a snappy git server with an easy-to-use, familiar interface.

  • Hydra – I use the Nix-powered build system, which makes checking personal projects or automatically building them a breeze. Configuration is relatively quick, and I can import a build artifact easily.

  • Personal Server – Overall convenience system. Acts as personal large-files data repository, host for a couple of minor containerized applications (notifications), hypervisor and build machine for my laptop & desktop.

Things not (yet) NixOS'd

  • Web Hosting – Currently running on CentOS. Switching Web Hosting to NixOS won't take much, but I just have to take the time to do the work. It'll make actual configuration a lot easier, especially since there's only one language needed, and it will auto-configure things like Let's Encrypt.

  • DNS Hosting – Currently running on CentOS using BIND. NixOS will make updating and maintaining the zones easy, and I'll even likely be able to automate synchronization with a Git repo containing the zone files with only a handful of lines, as well as handling DNSSec re-signing.

  • IRC Bouncer – ZNC on CentOS. Also a personal server used primarily for storage. Switching to NixOS will be pretty easy, once some fixes to ZNC configuration for NixOS are made, and will make management a lot easier when I have to move hosts.

  • Mail Hosting – Dovecot/Postfix on Debian. This may never get moved. Mail is finicky enough as is, switching to the way I'm hosting now was enough of a pain, I'm not sure I want to switch for a while yet.

Summing up

Switching to NixOS has been great, and that's without becoming incredibly advanced using it. It's community is super responsive, and contributing packages is incredibly easy (it's just a PR away after all), and with all the features of the OS, I'm satisfied. Only thing that would be better is, maybe, slightly different hardware.