The Beginners' Guide to Hacker-Powered Security » Free Download from HackerOne!
Welcome Guest | Sign In
LinuxInsider.com

Nix This Innovative OS for Its Uninviting Complexity

By Jack M. Germain
Apr 19, 2018 11:19 AM PT

Nix This Innovative OS for Its Uninviting Complexity

NixOS is a modern and flexible GNU/Linux-based distribution that is both archaic to install and maddening to set up.

That combination makes NixOS a reach too far for new users. That result may be an unintended consequence for a Linux operating system that is built around a very novel design approach.

It is far more complex than other innovating options such as Qubes Linux, which is designed for heightened security, and rigid Arch Linux distros that lack a graphical user interface for managing installations.

NixOS has been on my shortlist of Linux distros to try for a while, thanks to numerous requests from readers and colleagues. I was not expecting such a challenge after I survived several reviews of Arch Linux, which is notorious for its high difficulty level for manual installation routines based on a command line interface.

If you are not comfortable typing commands into a terminal window, NixOS is not distro you want to try any time soon. NixOS does nothing to dispell the notion that the Linux OS is for advanced computer geeks only. That assessment clearly fits NixOS.

A well-documented set of installation instructions does little to help resolve error messages when typed commands fail to execute. NixOS is not your typical modern Linux distro that installs from a fully functional live session.

Several hours into this trial-and-error manual installation process, I had a basic desktop up and running. I quit there. I had no use for a Linux distro that a was a dog to install, that was minimalistic with its software, and that required lots of hands-on management.

However, your needs might be different. NixOS does offer some high-level advantages not found in more standardized Linux distros.

NixOS Unwrapped

NixOS started as a research project a few years ago and has grown into a functional operating system with a stiff learning curve for managing system services.

NixOS is an independent Linux distribution developed by the NixOS Foundation based in The Netherlands. It runs on the KDE desktop environment but is powered by its own Nix Package Manager. The latest edition is version 18.03, released April 6.

NixOS has an unusual focus: It is aimed at modernizing system configuration management. The entire operating system, including the kernel, applications, system packages and configuration files, is built by the Nix Package Manager.

Nix isolates all its packages from each other. It uses its own file structure process as well. For instance, this distro does not have /bin, /sbin, /lib or /usr directories in its file structure. All packages are kept in /nix/store instead.

Other featured innovations include reliable upgrades, rollbacks, reproducible system configurations, a source-based model with binaries, and multi-user package management.

Declarative Differences

The package manager fully assembles the OS components from the kernel to software applications and system packages. It also creates highly editable configuration files to meet your specifications.

This means you create your own detailed list of what you want installed and enabled.

NixOS does this via a declarative system configuration model. You describe system configuration items in a configuration file. Nix does everything else to build that specified configuration for you.

The declarative model makes upgrading systems more reliable and mishap-proof. The declarative approach makes duplicating configurations for deployment on multiple machines in different locations a snap.

This process makes upgrades and rollbacks non-destructive. The package management operation cannot overwrite packages in the Nix store. Instead, it adds new versions in different paths.

No time window exists in which some files from the old version are active along with some files from the new version causing a system crash. Even better, since Nix does not overwrite packages, the old versions remain after an upgrade. So you can roll back to the old version any time.

Security and Efficiency

NixOS' unique structure pays off where security is concerned because it does not install packages in universal locations found in other Linux OSes. Instead, Nix puts applications in package-specific directories.

This approach greatly reduces the risk of incomplete dependencies. Compilers do not search in per-package directories. Each package has a unique identifier that captures all its dependencies stored in a cryptographic hash. So with NixOS, packages build correctly on your system because you specified the dependency exactly.

Another advantage is NixOS' ability to run multiple versions of an application. You can install multiple versions or variants of a package and run them simultaneously. This eliminates DLL conflicts that occur when different applications have dependencies on different versions of the same package. Because of the hashing scheme, different versions of a package end up in different paths in the Nix store.

Since applications do not interfere with each other, you can upgrade or uninstall an application without fear of breaking other applications. In NixOS these operations never destructively update or delete files that are used by other packages.

Multi-User Safety

NixOS might be your ideal solution in an SMB workplace where you have different users working on the same computer. Non-privileged users can install software securely because you assign each user a different profile with a set of packages in the Nix store.

This profile is integrated into the user's PATH statement. You get two advantages over other Linux distros: One, when a user unknowingly tries to re-install an existing package, the Nix Package Manager does not build or download the attempted installation again. Two, the package manager makes it impossible for a user to inject a Trojan horse into a package other users might access.

Installing NixOS

You cannot just burn the ISO files onto a DVD and boot into a fully functional live session. Nor can you create a VirtualBox session to try out NixOS. Either way, you must partition and run various commands manually for a full installation.

When the NixOS DVD loads, you have a command line prompt on a blank screen. To start the OS' display system, enter this command:

# system ctl start display-manager
That loads NixOS' desktop shell to give you the limited functionality either to install to a hard drive or a virtual machine. Check the instructions carefully, however. Getting the VirtualBox to load NixOS requires a few additional steps.

After a slight delay, the screen will show a multicolored background with three icons. Each one is a step in the installation process.


NixOS installation essentials
The essentials for installing NixOS are the Web-based user manual, the disk partitioning software, and the Konsole's Command Line Interface.

Shell of an Install

You will see a basic K Plasma desktop layout with access to menus. The menus let you add widgets to the desktop and the panel, even before you do a full installation.

The Plasma desktop is fully engaged. Otherwise, except for the Firefox Web browser, system tools and the settings controls, NixOS is very minimalistic. You are starting from scratch.


NixOS K Plasma Desktop
The K Plasma Desktop is uncluttered, but its beauty masks the lack of any applications beyond system tools when the installation completes.

Nothing is installed, so no real functionality exists beyond the plasma environment.

Making It Work

First, click on the NixOS Manual icon on the desktop. This is your guide to follow strictly. Nix will open the Firefox Web browser to connect you to the Nix website to load the manual.

The next step is to click on the GParted desktop icon to launch the partition manager. Yes, you must create the partition yourself, even if you are installing to a VM. There is no live session environment for NixOS.

The process involves several typed commands that you can copy from the instruction file and paste into GParted. After you create the partition, you must mount it. Then close the GParted window.

Getting It Ready

Click the Konsole icon on the desktop to open a terminal window so you can create a configuration file. You must do this before you can run the installer.

Copy and paste the basic config commands from the manual instructions into the Konsole's command line window. Then use the resident text editor, Joe's Own Editor, from the bottom panel's Applications / Development menu to open the config file that the Nix Package Manager created. The text editor also appears in the Applications / Utilities menu.

Read through all the lines. Each service or component starts with a pound sign (#) to ignore that command. Delete the # marker for each element you want activated for your installation.

Follow the manual directions closely. You may need to edit the actual contents of the line or add additional directions to hone your configuration requests.

One shortcut is to uncomment (delete the # marker) everything to give you a fully loaded Linux system. You also will have to modify the lines specifying usernames and passwords.

Finishing Up

Now you are ready to run the installer. Use this command:

# nixos-install
If all works well, Nix will take its time running through all of the installation building steps. If there are any glitches along the way, Nix will stop and issue an error message.

If this happens, go back to an earlier step to resolve the problem. Then run the Nix installer again.

Adding Software

Reboot the computer. Hopefully, grub works and you will see the log-in screen followed by the K Plasma desktop. Other than the desktop, the Konsole, the settings panel, a Web browser and the Dolphin file manager, no applications are installed.


NixOS installation
Until you take painstaking steps to install each application individually, all the NixOS installation gives you are a settings panel, a menu of sysadmin tools, and attractive background images.

You'll need to check the instructions manual document to learn how to enter Konsole commands to tell the Nix Package manager what software to install.

Hint: It is not a GUI environment. Be prepared for more CLI exposure.

Bottom Line

I had to keep reminding myself that I was not dealing with an extreme case of Arch Linux instead of GNU/Linux. NixOS is more demanding and definitely not a distro for users with anything less than advanced skills.

To say NixOS comes with a steep learning curve and lots of hands-on overhead is putting it mildly. If you are a typical Linux user who lacks sysadmin training, avoid NixOS like a malware attack hiding in plain sight.

Want to Suggest a Review?

Is there a Linux software application or distro you'd like to suggest for review? Something you love or would like to get to know?

Please email your ideas to me, and I'll consider them for a future Linux Picks and Pans column.

And use the Reader Comments feature below to provide your input!


Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open source technologies. He has written numerous reviews of Linux distros and other open source software. Email Jack.


Facebook Twitter LinkedIn Google+ RSS
salesforce commerce cloud
Does it matter to you if products you purchase are manufactured in another country?
Yes, and I will pay more for a domestically produced product.
Yes, but my shopping decisions won't change anything, so I do what's best for me.
I care, but it's impossible to keep track of where everything is made.
I want the best quality and price, regardless of country of origin.
It depends on the country. Some are OK, some aren't.
It depends on the company. I'll buy from a reputable non-domestic brand.