Nix is an amazing tool which makes it much easier to package and maintain software on a system.
What is amazing about it is that it uses very simple tools to provide a far more reliable, efficent, and secure system than many others out there. It provides a way to manage packges in every language at the same time and also not have issues using their tooling.
Nix is first a language which lets you describe functions, it is a functional langauge, that take some inputs and use those to provide some outputs. More plainly: the language makes it easy to specify files or packages somewhere (github, pypi, etc.) easily and convert that in a content addressable piece of data to be used elsewhere. Using those pieces of data you can write other data as outputs which are hashed using their contents as well as the hashes of the content used to make them so it’s impossible1 to remake the content until the same inputs are used.
A simple example being a C program with a single C file compiled using a specific C Compiler Binary should always evaluate to the same thing. The C source file will be hashed and stored and so will the C Compiler Binrary. The function using these two inputs can run the C Compiler on the C Source to provide a new C Binary.
The same idea as before but taken to the whole operating system. Given a configuration provide the set of boot loader, kernel, and File System Hiegherachy you desire and Nix can provide it. Thanks to it having lazy evaluation and smart caching from hashing all the contents of the derivations building a different operating system configuration could take seconds.
Nix is not magic and the functions written must be written to be reproducable. Nix, the ecosystem of tools/etc., provide ways to isolate your builds as well as test them for being flaky and non-deterministic. ↩︎