NixOS 15.09 and the Nix package manager



The NixOS Linux distribution is not a project which gets talked about a lot, perhaps because the project's primary focus appears to be to act as a demonstration platform for the Nix package manager rather than a practical day-to-day operating system. Personally, I think Nix, and therefore NixOS, are interesting projects and I'd like to explore them this week. To begin, I will let the NixOS website explain just what the distribution, and its unusual package manager, are all about:



" NixOS is a Linux distribution with a unique approach to package and configuration management. Built on top of the Nix package manager, it is completely declarative, makes upgrading systems reliable... NixOS has a completely declarative approach to configuration management: you write a specification of the desired configuration of your system in NixOS's modular language, and NixOS takes care of making it happen. NixOS has atomic upgrades and roll backs. It's always safe to try an upgrade or configuration change: if things go wrong, you can always roll back to the previous configuration. "



The NixOS distribution is available in two editions, a text-only minimal image and a graphical edition. Both editions are available in 32-bit and 64-bit builds for the x86 architecture. I opted to try the 64-bit graphical version of NixOS which is a 965MB download. Booting from the NixOS media brings us to a text screen where we are automatically signed into the command line interface as the root user. A brief information message appears above the prompt, letting us know we can run the command "start display-manager" to launch a desktop environment.



The distribution's graphical environment turned out to be KDE 4.14. The desktop's application menu and task switching panel are placed at the bottom of the display. On the desktop we find three icons. The first icon launches the GParted partition manager, the second icon opens a virtual terminal and the third opens a copy of the NixOS manual. I highly recommend reading the manual as NixOS does not have a system installer. The manual explains how to partition the hard drive and that we must select and format a partition for the root file system. The user is instructed to confirm NixOS has an active network connection and to mount a disk partition which may be used for the root file system. We are then instructed to edit a configuration file NixOS will use to set up our new operating system. Editing this file allows us to select where the GRUB boot loader will be installed, to enable system services such as OpenSSH and CUPS and to install the KDE desktop. There is also a section where we can tweak the default user account. There is a second configuration file containing hardware information we can edit if we want to have a specific disk layout or a have particular kernel module loaded. I noted, while browsing through the hardware configuration file, that NixOS will detect whether we are running in VirtualBox and automatically enable the appropriate modules to offer VirtualBox users guest integration with the host operating system. Once we have confirmed the configuration files are correct, we run a script called "nixos-install" and wait while the system copies its files onto our hard drive. When it is finished, we are asked to set a root password for our new installation of NixOS. Then we can resume our exploration of the live desktop or reboot the computer.





NixOS 15.09 -- Accessing the on-line manual

(full image size: 235kB, resolution: 1280x1024 pixels)



I would like to mention that NixOS should probably only be installed by experienced Linux users who are comfortable navigating the command line. The distribution's user manual is a handy quick reference guide, but it does not walk the user through the installation process step-by-step. The user should be familiar with formatting disk partitions from the command line, storage device names and the nano text editor, for example, before attempting to install NixOS.



When we boot into our locally installed copy of NixOS we are brought to a graphical login screen. It was at this point I ran into my one serious problem with NixOS, though I will admit to the issue being mostly my fault due to a misunderstanding of the project's manual. At the login screen we cannot sign into the root account (it is blocked from signing into a desktop environment) and the user account we created at install time does not have a password, making the user account effectively locked. I switched over to a text-based terminal where I was able to sign in as the root user. I set a password on the user account I had created, but was still unable to sign into the account. A little investigation revealed the user account's home directory was in a strange place and the login shell was "nologin" which effectively blocks all login attempts. I fixed these, but while I could sign into the account on the command line, I was still blocked from logging into a KDE session. At first this seemed to be a permissions issue, but after applying some suggested fixes and rebooting, I made an important discovery: The account, after reboot, was reset back to using "nologin" as its shell and its home directory had been changed. It was then that I realized the Nix configuration I had used during the installation was faulty and Nix was undoing my changes at each boot.



I decided to restart my trial and performed a new installation. While going through the configuration file the second time I realized my earlier mistake had been to assume optional lines in the configuration file which were commented out were the defaults, the lines needed to be uncommented to enable the desired feature. In particularly, I had to uncomment to enable a line which would cause my user account to be treated like a normal, unprivileged user. (The specific variable is "isNormalUser" and it needs to be enabled.)



This time, when I finished my second installation and rebooted, I was again brought to a login screen where I still could not login since no password was set on my user account. Once again I dropped to a command line, signed in as root and set a password on my account. At this point I was then able to log into the KDE desktop using my normal account.



While the issue concerning my user account I ran into was largely my fault, it does highlight a few interesting points about Nix and NixOS. Specifically that Nix doesn't just manage packages, it also handles services and user accounts. I also found that when we make changes that do not match Nix's configuration, the package manager will "correct" our changes. This means we need to adjust our thinking when it comes to how the system is managed and it also means Nix may fix problems automatically for us if the system becomes corrupted.



I tried running NixOS in two test environments, a physical desktop computer and a VirtualBox virtual machine. NixOS performed well in both environments. The distribution properly detected and used my desktop's hardware and integrated automatically into VirtualBox. The distribution was quick to boot and shut down. By default the KDE desktop runs with visual effects enabled and I found some desktop elements were slow to respond. Disabling visual effects helped gain better responsiveness. NixOS is very light on memory, using just 190MB of RAM when signed into KDE. This gives NixOS perhaps the smallest memory footprint when running KDE of any distribution I have used.





NixOS 15.09 -- Running LibreOffice after installing the suite using Nix

(full image size: 216kB, resolution: 1280x1024 pixels)



The NixOS distribution ships with a minimal amount of software in the default installation. Looking through the application menu we find the Konqueror web browser, the Feb image viewer and the Dolphin file manager. The distribution ships with the KDE System Settings panel, giving us a great deal of flexibility with regards to customizing our desktop environment. The KInfoCentre application is available to show us information on our system's hardware. There is a system monitor, two text editors and the KDE Help documentation which explains how to use the desktop environment. At install time we have the option of enabling the CUPS printing software and the OpenSSH secure shell service. NixOS ships with systemd 217 and version 3.18 of the Linux kernel. It's a small collection of applications, but more software is available in the distribution's repositories and that gives us an excuse to examine the Nix package manager.



Prior to using the Nix package manager, I recommend reading the project's manual. It has some good background information and examples of how Nix works. From the point of view of the user, the Nix package manager is mostly invoked using the nix-env command line utility. The nix-env program uses a syntax similar to the rpm command on Fedora and Red Hat systems. For example, nix-env -i will install a package, nix-env -u will upgrade a package and nix-env -qa will provide a list of available packages. Additional commands can be found in the manual. I found Nix processed requests quickly and worked smoothly; I did not encounter any problems while installing, upgrading or removing software.



One quirk I did notice though was that new desktop applications, once installed, would not immediately appear in KDE's application menu. A user first had to logout and then sign back into their account for the new desktop application to appear in the menu. A nicer feature of Nix was that if I typed a command in a virtual terminal that was available in the distribution's repositories, but not yet installed on the system, a helpful message would be displayed telling me how to install the missing program.



What sets Nix apart from other package managers, such as DNF or APT, is the way it handles multiple versions of packages. When we add or change a package on NixOS, the package manager creates a new "generation" or snapshot of the installed packages. The new generation, or snapshot, is kept separate from other generations. This means each time we add or upgrade a package, Nix basically creates a new snapshot of the system. If we decide we no longer want an application we just installed, or if an upgrade broke a package on our system, we can use Nix to instantly roll back to the previous generation of packages. This functionality is similar to what openSUSE has been doing recently with Btrfs and the project's Snapper utility. Each time the administrator makes a change on the system, it creates a new snapshot and we can revert the changes by switching to the previous snapshot.





NixOS 15.09 -- Rolling back a package generation

(full image size: 356kB, resolution: 1280x1024 pixels)



Nix is interesting in that we can roll forward in time as well as roll back. This is quite useful if we want to test different versions of a package to check its performance over time or if we want to see which version of a package broke. Nix will allow us to jump forward or backward in time to any point and the switch happens instantly.



Over time the many snapshots Nix maintains will eventually use up more and more disk space. This is why Nix includes a number of "garbage collection" commands which can seek out older snapshots and remove them from the operating system, freeing up space. Nix is able to remove all old snapshots, specific snapshots or any snapshot older than a certain amount of time. This means if we perform software upgrades every week, we can run a scheduled job to remove any snapshots older than a month, insuring we have both a fall back option and a clean hard drive.



Nearly two years ago I wrote about an earlier version of NixOS and the Nix package manager. At the time I was quite taken with Nix (as I still am) and asked around as to why more distributions would not adopt the package manager. One of the big concerns was that the hard drive would be filled up, or that juggling snapshots (generations) of packages would prove too complex. But in the past two years we have watched PC-BSD and openSUSE introduce file system snapshots which perform essentially the same functions and Ubuntu is rolling out Snappy which implements less mature versions of the same features Nix has been showcasing for years. It seems as though developers throughout the open source community are catching on to the idea of snapshots, generations and atomic updates, but everyone is creating their own implementation. This seems like a lot of duplication of effort when Nix is already available, has had most of the bugs worked out and can be installed on top of most existing distributions.





NixOS 15.09 -- Switching, listing and removing Nix generations

(full image size: 444kB, resolution: 1280x1024 pixels)



Conclusions



The highlights of NixOS are that the distribution is very light on memory, showcases a very interesting and powerful package manager and the distribution does everything quickly. The package manager performs most tasks instantly and NixOS offers us a minimal platform on which to build.



There were some quirks of this distribution which took some getting used to. In my case, adjusting to the idea that Nix would manage user accounts as well as packages and that the package manager would reset "damage" to the system took an adjustment in my thinking.



I very much like the way NixOS takes the worry out of upgrading packages by placing each change in its own "generation" and I found, from the end user's point of view, NixOS worked just the same as any other Linux distribution. Setting up NixOS is not for beginners, and I do not think NixOS is intended to be used as a general purpose desktop operating system. But what NixOS does do is give us a useful playground in which to examine the Nix package manager and I think this is very interesting technology which deserves further exploration and adoption by additional distributions. * * * * * Hardware used in this review



My physical test equipment for this review was a desktop HP Pavilon p6 Series with the following specifications: Processor: Dual-core 2.8GHz AMD A4-3420 APU

Storage: 500GB Hitachi hard drive

Memory: 6GB of RAM

Networking: Realtek RTL8111 wired network card

Display: AMD Radeon HD 6410D video card