After 20 years are developers now ready for Nix?

The revolutionary declarative software ecosystem was ahead of its time, say advocates

Nix and NixOS promise application portability, reliability and reproducibility, but can developers be persuaded to make the switch?

Nix is a longstanding open source project, with all that typically implies. On the plus side, it has a passionate and dedicated community of engineers heads down in code and working to tackle a hard problem commercial software firms have historically ignored. On the other hand, from a user perspective, it can be quirky, there are dozens of different ways to perform a particular task, and the documentation and UI/UX have until recently been an afterthought. In other words, it may be the solution your DevOps team has been looking for, but the steep learning curve tends to limit its appeal to those already in the know.

But after 20 years Nix is starting to attract attention outside its core community: witness the recent funding $16.5 million Series A funding of Flox, a startup that aims to reduce the barriers to entry to Nix for enterprise developers, and an (albeit modest) uptick in media interest.

What is Nix?

The confusion begins with the fact that Nix is not one but three things. It's a package manager, an operating system and a programming language. The heart of the ecosystem, the Nix package manager, is a purely functional system, meaning that packages (programs) and all of their dependencies are treated as self-contained, immutable units. Packages are fully isolated from and independent of each other and as a result, multiple versions of a particular program can be run on the same operating system. And should a package fail for any reason the rest of the system is not affected.

The Nix package manager can run on any 64-bit Linux or macOS platform, and users can also download NixOS, a Linux distribution that includes the package manager by default.

The Nix language, meanwhile, is a functional, declarative programming language that's used to describe packages and configurations for the package manager. You write the configurations in a file, and the package manager effectively looks after the rest.

So what's the big deal?

Started in 2003 as a research project to manage the complexity of packaging software, Nix predates Docker, a far better known technology also designed to isolate programs and their dependencies. So why are we starting to hear about it now, and how is it different?

The Nix approach was ahead of its time, insists Flox CEO Ron Efroni, who also sits on the board of the Nix Foundation.

"Nix introduced and still introduces a few key principles into the software realm that are just very groundbreaking in how they impact software development and software deployment."

Efroni reels off a list of features that he says sets Nix apart from other approaches to package management, including fully reproducible builds and deployments with no hidden dependencies; a repository of 80,000 packages; universal language support; and full package isolation via file path checksum. Nix is declarative, with specifications managed from a single configuration file, which can be easily shared between collaborators via Git. And because all changes to the system are "pure" they can always be rolled back with no nasty surprises or knock-on effects.

"Nix brought that to the world 20 years ago, but I don't think we were there yet in terms of the standpoint of technology," Efroni says. "The pain wasn't big enough to adopt these principles."

In the intervening years, software has become much more complex, particularly in large organisations like banks. Where once everything was proprietary and internal, now it's open source and distributed, made up of hundreds or thousands of open source components and hosted all over the world. Containers and microservices have helped to make software more scalable and maintainable, but containerising applications "just kicks the can down the road," says Efroni, hiding the dependency-induced complexity rather than automating it away as Nix does.

"Software is an order-n problem and up to now we've been solving complexity with an order-1 solution, right, throwing more developers at it or more manual work. But Nix really provides that order-n potential, so I think this is the inflection point."

Containers certainly have their uses, interjects Flox co-founder and CTO Michael Brantley, and Nix works hand in hand with Docker and Kubernetes. But they are also restrictive. You have to choose what will go into the container, for one, and they impose artificial boundaries. "What we found is that people prefer developing without the borders using the integral isolation provided by Nix rather than having to muck around with Docker Compose and all the things that you have to do there."

Another practical issue Nix tackles is lock-in, Brantley adds. While working at New York hedge fund DE Shaw, his team found themselves "vendor-locked to Red-Hat" because a vital application would only run on that platform. "There was no way of changing operating system," he says. The Nix package manager allows suitably packaged applications to run on any Linux distribution, and Brantley started Flox as a way of easing adoption, providing frameworks and opinionated "golden paths."

There's also the security issue. Supply chain security is very much front of mind after the Kasaya and Solar Winds attacks, with measures such as SBOMs being brought in to track the provenance of software components. This, says Efroni, is another bi-product of complexity, and something Nix handles by giving complete visibility into all dependencies and verifying source code from the ground up.

Reducing complexity is complicated

Nix evolved to reduce software complexity, but that is not how it feels to the new user, as a quick perusal of Reddit or DistroWatch will confirm. There are many new terms and concepts to get to grips with, multiple paths to get lost down, and mistakes tend to produce baffling and unhelpful error messages. Developers also need to get to familiarise themselves with the Nix language when they want to package their software. It all feels, in a word, complex. And apparently it's much easier and better documented than it used to be.

But Efroni believes that after two decades its time has come. Banks and tech companies are looking seriously at Nix, he insists, and it's reaching the end of the curve that starts with a radical concept and ends with an adoptable version, which is the purpose of Flox.

"People are starting to look outside of containers, starting to worry about software supply chain security and [software bills of materials] SBOMs, all of these things that are just because of the complexity that software has reached. And I think that's where Nix plays very strongly."

Is he right? Well, Nix is not the only purely functional declarative package manager with optional OS attached, others with a similar approach include Guix and Globo Linux, although Nix is the best known. More importantly, does Nix offer enough to persuade development teams to change tack?

"I do think that it has been largely overtaken by other approach as the declarative concept is now widely used in the cloud-native ecosystem," says Omdia chief analyst Roy Illsley.

"While you can never say never, it would need to demonstrate a significant advantage over what is available in the market. I understand its value proposition in it works across multiple different languages, but to change the development build process in an organisation is not something that happens every day. I have no doubt that with sufficient finance and exposure it will gain traction, but is it going to change the world? No."

Don't miss Computing's DevOps Live 2023 event in April