Why to love NIXOS?

by Manav

2 min read

NixOS Containerisation

NixOS isn’t just a Linux distro; it’s better distro and CI tool, it makes use of a functional language to make declarative environment against the chaos of traditional package management and container kludges.

NixOS is built on the Nix package manager, a system that treats your entire OS like a mathematically pure function. Your system’s state is defined in a single declarative config file, usually /etc/nixos/configuration.nix.

It uses a declarative mechanism, for example this is the spin up a server with Nginx, PostgreSQL, and a custom Python app.

# configuration.nix
{
  environment.systemPackages = with pkgs; [ nginx postgresql python3 ];
  services.nginx.enable = true;
  services.postgresql.enable = true;
  
  # Custom Python app as a systemd service
  systemd.services.myapp = {
    description = "My Python App";
    wantedBy = [ "multi-user.target" ];
    serviceConfig = {
      ExecStart = "${pkgs.python3}/bin/python3 /path/to/myapp.py";
      Restart = "always";
    };
  };
}

This builds exactly the same every time, everywhere. Roll back with nixos-rebuild switch --rollback. The official NixOS repo on GitHub https://github.com/NixOS/nixpkgs - is one of the largest package manager repo, all defined declaratively. Compare that to Docker. You write a Dockerfile, pray your base image hasn’t updated upstream, and hope your apt-get install doesn’t pull up with a glibc mismatch. Here’s a typical Docker mess:

FROM ubuntu:20.04
RUN apt-get update && apt-get install -y nginx python3
COPY myapp.py /app/
CMD ["python3", "/app/myapp.py"]

Upstream repos drift, network flakiness screws your apt-get, and you’re left debugging a container that’s a snowflake, not a blueprint. Docker’s “reproducibility” is a lie unless you pin every tag and hash, which is a full-time job.

Atomic Upgrades and Rollbacks: NixOS Wins

NixOS upgrades your system atomically. Every change is a new generation, stored in /nix/store with a unique hash. Messed up your config? Revert instantly. Here’s a real-world example from https://github.com/NixOS/nixpkgs - Nginx as a service:

services.nginx = {
  enable = true;
  virtualHosts."example.com" = {
    root = "/var/www/example";
    locations."/".proxyPass = "http://localhost:3000";
  };
};

you can also view the source and manipulate the store file in front of your eyes.

Docker? You’d rebuild your image, redeploy, and pray your data didn’t get hosed. No generations, no safety net - just a fragile stack of layers that collapse if you sneeze wrong.

NIXOS IS JUST BETTER