Going immutable on macOS
19 points by alurm
19 points by alurm
nix-darwin now recommends the Lix installer rather than the Determinate Nix installer. The Lix installer is a fork so it also handles multi-user setups correctly.
On my work macos machine I'm using a Brewfile, which was introduced to me in this blogpost. The Brewfile lists all packages which should be installed, and on update (with the bbic alias from the blog) every package which isn't part of the Brewfile is removed. This lets me play around a bit with imperative ad-hoc installs of packages, but on the next update all of them will be cleaned up again.
It's pretty great. I wish we had something like this in the standard linux package managers, like dnf or apt.
That's pretty much what NixOS does (or did when I tried it several years ago). I'm willing to bet that Homebrew borrowed the idea from Nix.
AFAIK they borrowed it from Ruby. It’s called a Gemfile there, Homebrew is written in Ruby, and both Brew- and Gemfile predate the recent popularity of Nix.
Is there a way to try Nix on macOS without using /nix? When I looked into it, one of the installers wanted to create a separate APFS volume and modify fstab. Felt a little too involved for my taste.
Use a container I guess. The multi-user tenancy model of Nix basically makes this essential because you have to restrict nix store writes to the nix daemon, otherwise somebody could infect your derivations with malware. Nix used to have a single user install mode but it's no longer officially supported afaik.
Have a look at OrbStack. Besides being the (imo) best solution for Docker/OCI on Mac, it has seamless (and headless) VMs built in too. You could have whole NixOS inside OrbStack, with it just being an orb <cmd> away and integration in both directions. That would be without the configuration possibilities of nix-darwin, of course.
imperative rot
I mean this is all pretty easy to write but when you try it you see how much of it just breaks down or is very difficult to use. I went back to Homebrew/mise and couldn't be happier.
With all the great tooling around dev automation these days, and how easy it is to tie things together with some shell and claude and chezmoi (or whatever), I just don't see the point of using nix for personal workstations. Sure, if you want to learn it for 'real work' for prod systems, that makes sense. Or if you just want to do it because you appreciate the tech and the ideal of immutable systems, that is cool.
But in practical terms, I open up the nix docs and read [first steps(https://nix.dev/tutorials/first-steps/ad-hoc-shell-environments) and my eyes glaze over and I don't understand. I do not understand why you'd use it for your dotfiles or dev packages or terminal settings. I don't want to become a nixops expert to be able to install specific versions of node and python in specific directories or shells.
I have dotfiles, I tweak them all the time, and I run chezmoi apply and git push, and I'm done. Things sync via chezmoi or mise.toml or git, and its all just ...boring and fine? If my mac ever gets crufty due to some horrible misadventures with manual installs, I'll reinstall the OS and be up and running again in a couple hours, with everything restored. I can't remember the last time that has actually happened though....maybe Mac OS Tiger days, when half the world built from source and mise did not exist and brew was relatively immature.
To each their own of course! I may just have a very boring setup, and I don't mind if things drift or are a bit messy. Such is life.
Is there a way to use nix-darwin without flakes? One can use home-manager that way, for example.
Yes, absolutely. You can import its default.nix, and darwin-rebuild supports (iirc) darwin-config' as a NIX_PATHitem analogous tonixos-config=/etc/configuration.nix'
You can use the nixpkgs flake along with nix3-run, I think. Something like: nix run nixpkgs#home-manager -- switch (it shouldn’t pick a flake if you don’t give it the --flake option).