The Purely Functional Linux Distribution
NixOS
Nix is a powerful package manager for Linux and other Unix systems that makes package management reliable and reproducible.
It provides atomic upgrades and rollbacks, side-by-side installation of multiple versions of a package, multi-user package management and easy setup of build environments
The Purely Functional Package Manager
Nix
Getting started with Nix
curl https://nixos.org/nix/install | shInstalling nix
Too much trouble? Uninstalling nix:
rm -rf /nix
rm -rf ~/.nix-profile/nix-env -i nginxInstalling nginx with nix
Per-User, Unprivileged Package Installation with Nix
nix-env --install firefox-58.0.2nix-store -q --requisites `which firefox`Show the dependencies
Install a package
Transactional Upgrades & Rollback
$ nix-env --upgrade ’*’
upgrading ‘git-1.6.5’ to ‘git-1.7.1’
upgrading ‘gimp-2.6.8’ to ‘gimp-2.6.9’
upgrading ‘gnupg-2.0.12’ to ‘gnupg-2.0.15’
upgrading ‘gdb-7.0.1’ to ‘gdb-7.1’
upgrading ‘gnutls-2.8.5’ to ‘gnutls-2.10.0’
upgrading ‘openoffice.org-3.1.1’ to ‘openoffice.org-3.2.0’
upgrading ‘coccinelle-0.2.1’ to ‘coccinelle-0.2.2
...
Upgrade all the packages
$ git --version ; gimp --version
git version 1.7.1
GNU Image Manipulation Program version 2.6.9
Transactional Upgrades & Rollback
$ nix-env --upgrade ’*’
upgrading ‘git-1.6.5’ to ‘git-1.7.1’
upgrading ‘gimp-2.6.8’ to ‘gimp-2.6.9’
upgrading ‘gnupg-2.0.12’ to ‘gnupg-2.0.15’
upgrading ‘gdb-7.0.1’ to ‘gdb-7.1’
upgrading ‘gnutls-2.8.5’ to ‘gnutls-2.10.0’
upgrading ‘openoffice.org-3.1.1’ to ‘openoffice.org-3.2.0’
upgrading ‘coccinelle-0.2.1’ to ‘coccinelle-0.2.2
...
Upgrade all the packages ... and then UNPLUG
Transactional Upgrades & Rollback
$ nix-env --upgrade ’*’
upgrading ‘git-1.6.5’ to ‘git-1.7.1’
upgrading ‘gimp-2.6.8’ to ‘gimp-2.6.9’
upgrading ‘gnupg-2.0.12’ to ‘gnupg-2.0.15’
upgrading ‘gdb-7.0.1’ to ‘gdb-7.1’
upgrading ‘gnutls-2.8.5’ to ‘gnutls-2.10.0’
upgrading ‘openoffice.org-3.1.1’ to ‘openoffice.org-3.2.0’
upgrading ‘coccinelle-0.2.1’ to ‘coccinelle-0.2.2’
...
Upgrade all the packages and ...
$ git --version ; gimp --version
git version 1.6.5
GNU Image Manipulation Program version 2.6.8
interrupted right in the middle!
Build Environments
-I/path/to/headers
$CPATH
-L/path/to/lib $LIBRARY PATH
$LD LIBRARY PATH RPATH
RUNPATH $PYTHONPATH
$XML
CATALOG FILES $CLASSPATH
$PERL5LIB $GUILE LOAD PATH
- versions of the dependencies
- compiler
- compilation options, and those of dependencies
- miscellaneous (locale, timezone, etc.)
- paths
Ahem, reproducible builds?
Example of Nix package
{ stdenv, fetchurl, fetchgit, openssl, zlib, pcre, libxml2, libxslt, expat }:
stdenv.mkDerivation rec {
name = "nginx-${version}";
version = "1.4.4";
src = fetchurl {
url = "http://nginx.org/download/nginx-${version}.tar.gz";
sha256 = "1f82845mpgmhvm151fhn2cnqjggw9w7cvsqbva9rb320wmc9m63w";
};
buildInputs = [ openssl zlib pcre libxml2 libxslt ];
configureFlags = [ "--with-http_spdy_module" ];
postInstall = "mv $out/sbin $out/bin";
meta = with stdenv.lib; {
description = "A reverse proxy and lightweight webserver";
maintainers = [ maintainers.iElectric ];
platforms = platforms.all;
license = licenses.bsd2;
};
}Transparent binary packages (substitutes)
- binary packages are build by hydra build farm
- before Nix installs a package, it would ask for a substitute matching the hash of the package via channels
How nix controls the build environment?
- One directory per installed package
- Immutable installation directories
- Undeclared dependencies invisible to the build process (POLA)
NixOS
NixOS is a Linux distribution with a unique approach to package and configuration management.
Built on top of the Nix package manager, it is completely declarative, makes upgrading systems reliable, and has many other advantages.
The Purely Functional Linux Distribution
Fresh Install
-
Download ISO from http://nixos.org/nixos and boot it
-
fdisk /dev/sda
-
mkfs.ext4 /dev/sda1
-
mount /dev/sda1 /mnt
-
nixos-generate-config --root /mnt
-
nano /mnt/etc/nixos/configuration.nix
-
nixos-install
-
reboot
Purity (determinism)
- no global installation directories (/usr, /bin, )
- chroot (optional, used by hydra)
- immutable store (/nix/store is mounted as read-only)
- patching source code, /bin/bash to `/nix/store/1avzqekq18pzz8vg49g8my6r9vs7s31a-bash/bin/bash
- network availability (only in specific phases)
- patchelf to patch dynamic linker and RPATH for propertairy software (Java)
- "runtime dependencies are found by scanning binaries for the hash parts of Nix store paths (such as r8vvq9kq…). This sounds risky, but it works extremely well."
NixOS configuration
/etc/nixos/configuration.nix:
{
boot.loader.grub.device = "/dev/sda";
fileSystems."/".device = "/dev/sda1";
services = {
sshd.enable = true;
munin-node.enable = true;
munin-cron = {
enable = true;
hosts = ''
[${config.networking.hostName}]
address localhost
'';
extraGlobalConfig = ''
contact.email.command mail -s "${var:host}" someone@example.com
'';
};
};
}It takes as input a declarative specification of a set of “logical” machines and then performs any necessary steps or actions to realise that specification:
- instantiate cloud machines
- build and download dependencies
- stop and start services
- etc..
The tool for deploying NixOS machines in a network or cloud.
NixOps
Hydra
Nix-based continuous build system.
It continuously checks out sources of software projects from version management systems to build, test and release them.
The build tasks are described using Nix expressions.
This allows a Hydra build task to specify all the dependencies needed to build or test a project. It supports a number of operating systems, such as various GNU/Linux flavours, Mac OS X, and Windows.
NixOS
By Joel Rivera
