Nix State of the Union
Beneath NixOS, Nixpkgs, and the Nix expression language is the “Nix store” interface — a deceptively powerful interface that includes includes both storage itself and also building. Although we rarely use it directly, it’s at the heart of what makes Nix great. By understanding the semantics of the Nix store interface in isolation, intermediate and advanced Nix users can expand their intuition and problem solving skills while working with Nix. The ways we both use and implement the interface will keep evolving in myriad ways, but the interface itself, or at least the core ideas behind it, have remained remarkably stable, anchoring everything else we do.
A presentation of the cross-compilation infrastructure, and the troubles and successes using it for an embedded system.
Day 1 Morning Coffee Break
A few guidelines to not make people run away when talking about Nix.
Based on simple examples, this will showcase error reporting improvements implemented in the open https://github.com/NixOS/nix/pull/6204 PR.
In this lightning talk, I will present my port of Wayland 1.21.0 to macOS, as well as my epoll-shim setup hooks that make it easier to package cross-platform Wayland applications.
jupyterWith has made significant improvements this year towards maintainability and ease of use. This talk will discuss those improvements and how you can quickly start creating reproducible Jupyter notebooks.
Big closure sizes bog down deploys by wasting time and space shipping around unnecessary bits, particularly with Docker containers. Nix provides tools to analyze closures, but both the graphical and textual methods leave something to be desired, especially when dealing with NixOS system closures with hundreds of derivations.
I'll demonstrate debugging excessive closure size of a Docker image of an open source NodeJS application, bringing the image size down from 300MB to around 100MB.
In this session, I'll introduce a new tool I've built that can show system closures graphically as network-graphs, making debugging the causes of excessive closure size easy, irrespective of the number of derivations involved.
Day 1 Lunch Break
Fireside chat with the Nix Board
High performance compute clusters in a scientific environment are rather specialized environments,
that provide highly specialized software packages for scientists.
Performance optimizations, specific to the given cluster, are an important part of the setup.
In many places, these packages are still hand compiled, hand tested and
made available via the "modules" system, which makes upgrading a package a difficult process.
To the experienced Nix user, it may be obvious that Nix can solve problems with providing software
to users while, at the same time, also providing a path to reproducibility of scientific results.
We thus have developed the NixOS-QChem overlay to provide computational chemistry software packages
in a reproducible, transferable, and customizable way. The overlay provides more than 30
chemistry related software packages, as well as optimized versions of upstream nixpkgs packages.
In this talk, I will give an overview over the overlay and how we have adapted it for a scientific
compute environment, as well as the challenges that we have faced while packaging some more exotic packages.
The focus here will be mainly on the Nix related aspects and lessons learned that apply also to other scientific packages.
Nix has introduced the world to store-based systems and ushered a new wave of reproducibility. These new systems however are built atop long established patterns and occasionally leverage them to band-aid over the problems Nix aims to solve.
How much further can we leverage the store abstraction to rethink long valued established patterns in Unix based operating systems? This talk will introduce some of the simple improvements one can uncover starting at the linking phase of object building and process startup.
The authors introduce Shrinkwrap which can greatly improve startup performance and further improve reproducibility for applications ported to Nix by making simple improvement to how libraries are discovered and leveraging the store further. Additional explorations for improvements during the linking phase will be discussed and explored. It's time we rethink everything.
Day 2 Afternoon Coffee Break
Deep dive into Cachix deploy design decisions and demonstration of common developer workflows
Flakes are becoming the de facto standard way of packaging Nix-based
projects. However, flakes have some major problems due to the way Nix
enforces hermetic evaluation: flake inputs (such as Git repositories)
are copied to the Nix store, which is slow for large repositories,
massively wastes disk space, and leads to confusing error messages. I
will discuss recent flake changes that not only solve these problems
but provide a bunch of other benefits, such as the ability to apply
patches to inputs. I will also talk about future directions for
closing notes for first day
A jazz concert involving Swing and Bossa Nova:
- Every wants to be a cat
- Chega de Saudade
- Take Five
A special Nix-theme music was composed for this concert by the band, ask organizers about details, history and genesis. :)
Welcome to Day 2!
NixOS is extremely versatile in terms of ways to get it onto machines! Let's explore:
- How a Linux system boots
- What a NixOS system consists of
- How this enables deploying it to a wide variety of environments
- Various examples environments into which a NixOS system can be deployed
Nix2container is an alternative implementation to our
nixpkgs.dockerTools. Its main difference is to rely on Skopeo to
actually build the image: this allows us to use the container image
building logic of Skopeo and also provide opportunities to implement
more aggressive layer caching and skipping.
This talk will discuss one possible strategy for building and deploying small and efficient Nix containers. We will go through what has been tried before and then present a personal deployment of the proposed system which has been actively used and proven to work. We will also explore and explain why the current solutions available aren't suitable as shown by the lacking prevelance of Nix containers in the Nix community.
Day 2 Morning Coffee Break
How we pull together to set the community and Nix up for decades of Success
Making Nix follow the principle of least privilege by removing as much as possible the need to it to run as root
Signatures are annoying when you are trying build software reproducibly, especially when deeply embedded in the output artifact. Let's look at how we can tackle this problem elegantly with Nix.
Systemd 250 introduced a way to manage encrypted "credentials" (secrets, reallly) in a way that I think NixOS could benefit from. We're not using it anywhere yet, but we should. This describes briefly how systemd wants to manage credentials and how to integrate that in a NixOS setup.
This talk is supposed to demonstrate a nice side-effect of being able to build old Nix expressions and even having a binary cache with the build artifacts available: for the data migration from a legacy project we had to debug a flash-based component. Even in 2021 where the Flash player is dead and unavailable it was trivial to revive this piece of old software with Nix (and web.archive.org).
My laptop environment is the staging ground for my life as a developer. In this talk, I’ll tell the story of how a Nix flake I call Nome, my “Nix home,” provides not just a fully declarative and easily reproducible global environment on my laptop but also a variety of templates and other helpers that have supercharged my per-project environments as well.
Jitsi Meet is one of the most widely used options for open source video conferencing. In addition to basic video conferences, it also supports a substantial ecosystem of additional components and features, and while these add important functionality they also increase substantially the complexity of a deployment. As part of Summer of Nix 2021 and 2022 we have been working on dramatically simplifying the process of doing more complex, featureful deployments of Jitsi Meet by using the powerful packaging and configuration tools of NixOS. This talk will cover what we have done so far on this project, the work that still remains, and what this means more broadly for packaging and deploying large server-side open source projects on NixOS.
Day 2 Lunch Break
flox, a quick run through of bringing Nix to work, making it simple and scalable
In this talk, we will address the different existing strategies to package an arbitrary Rust crate. Our goals are to try to minimize the amount of Nix code required to quick start, discussing how to deal with overlays, and finally demonstrating why Nix offers a greater cross-compilation developer experience than Cargo.
Nix and Nix users tend to see a little nugget of Nix and crystalize everything around it.
Nix is very "viral" in that way.
Sometimes you find imperfections in the system and it breaks everything: it is very difficult or impossible to finish the "Nixifying" or Ice-Nineing of your project. How frustrating!
We also tend to be "Nix Maximalists", pushing Nix to the very edge of our domain. Building as much as possible as close to the final deliverable as we can.
This has extraordinary benefits and can present a really fun puzzle. But in some cases it has real costs around performance, usability, and adoption.
Let's talk about software which disrupts the crystal: software which is hard to "nixify." Let's also talk about amazing user experiences that become possible by taking one step back from the edge.
An overview on how we make use of NixOS in our satellite payloads as the backbone of our wildfire detection services.
Day 2 Afternoon Coffee Break
Documentation has always been a sore point for Nix, and the 2022 community survey results have clearly shown demand for improvement. This talk reports on this year's proceedings in better documenting the Nix ecosystem.
NixCon Opening Ceremony
Day 2 Hiring Happy Hour