NixOS 25.11 released

I guess you have to control packages included manually or there is a list of ready to use images somewhere which I can compare to popular alpine/debian setups

It sounds like there's some mixup/confusion happening in this thread. It sounds like you're asking about "(docker) images of NixOS", i.e. images which contain a full Linux operating system. But most of the replies are talking about "(docker) images built using Nix". Those are not the same thing!

"Nix" is a build tool: it essentially just executes commands, with arguments and environment variables which are made immutable by putting hashes in filenames. Nix can be used for many things. It officially supports running on Linux (any distribution) and macOS, though I think there are experimental versions for other OSes too.

One thing that Nix is used for is Nixpkgs, which is a huge collection of Nix build recipes, for all sorts of software. For example, Nixpkgs contains a recipe for the jq program, so we can get jq by giving that recipe to Nix, e.g. like this (on any Linux distro or macOS which has Nix installed):

$ nix-build -E '(import (fetchTarball { url = "https://github.com/NixOS/nixpkgs/archive/871b9fd269ff6246794583ce4ee1031e1da71895.tar.gz"; sha256 = "sha256:1zn1lsafn62sz6azx6j735fh4vwwghj8cc9x91g5sx2nrg23ap9k"; }) {}).jq'
/nix/store/qvbwz06cqra3cmlra40v0adw75j6j7wm-jq-1.8.1-bin
$ /nix/store/qvbwz06cqra3cmlra40v0adw75j6j7wm-jq-1.8.1-bin/bin/jq -n '{"hello":"world"}'
{
  "hello": "world"
}

Nixpkgs also contains recipes for creating Docker images; e.g. we can create a Docker image containing jq (and its dependencies):

$ nix-build -E 'with import (fetchTarball { url = "https://github.com/NixOS/nixpkgs/archive/871b9fd269ff6246794583ce4ee1031e1da71895.tar.gz"; sha256 = "sha256:1zn1lsafn62sz6azx6j735fh4vwwghj8cc9x91g5sx2nrg23ap9k"; }) {}; dockerTools.buildLayeredImage { name = "demo"; contents = [ jq ]; config.Cmd = "${jq}/bin/jq"; }'
/nix/store/2n1wg0i2xdfb7kxy85myfil2kjwahiy0-demo.tar.gz

Note that:

• We didn't use a Dockerfile, since we can use buildLayeredImage from Nixpkgs instead.
• The image is self-contained and "from scratch"; it's not based on any existing image.
• The image only contains what we asked for (the jq command and its dependencies). In particular, it does not contain a full operating system (like Alpine, Debian, NixOS, or whatever).

A different thing that Nix is used for is "NixOS", which is a Linux operating system. NixOS provides Nix build recipes which will create all the things required by a Linux system, like /etc, /var, /home, etc. NixOS works by defining the whole system inside a folder, then using symlinks and scripts to make sure everything's pointing at the right place. The applications and services that NixOS uses are taken from Nixpkgs.

It's possible to create a Docker image of NixOS, if you like. However, most people using Nix do not use such NixOS Docker images. Instead:

• Many people use Nix without using NixOS at all. For example, my current job uses Nix on Ubuntu (in WSL!); my previous job used Nix on macOS.
• Those who do want to run NixOS will usually install it system-wide, rather than in a container (either directly on a machine, or in a VM/EC2/etc.).
• Those who use containers (Docker or otherwise) tend to use the buildLayeredImage approach, or something like it, to make images which only contain specific programs; without any accompanying OS.

nixpkgs dockerTools is how you can have full control over an image in a Nix environment.

Alternatively, there are some ready-to-use images for you to check out:

• https://github.com/nix-community/docker-nixpkgs which are regularly built from nixpkgs and published to Docker Hub: https://hub.docker.com/u/nixpkgs
• https://nixery.dev/ which creates images on-the-fly: docker pull nixery.dev/shell/git/htop.

madness, glad it works out for you guys :)

do you manage non-developers machines manually or you have some kind of a tool to do that remotely/in bulk?

Hi, I'm glad you asked.

• Yes, all of them, even talked my employer into letting me maintain my NixOS setup for me and my colleagues at work
• No (only for Gitlab CI runners to get a little sandboxing)

Our average project comes just with a Nix devshell that offers everything for interactive development, and with a bunch of derivations to build the stuff reliably with a single command. We often pair this up with devenv to get semi automatically into the devshell.

A good example: https://github.com/dlr-ft/wasm-interpreter

I constantly hear I am using Nix but fail to talk a living nixos user.

Maybe look up if there's a Nix meetup in your area! I've been to one recently and got to help some people who were just starting out.

Do you use Nix for the main development machine?

Yes, and I try to use Nix shells for every project that I work on. Sometimes I still need to use Docker because getting some things to work in Nix requires a bit more work than I want to put in :P (recently I've had trouble with cross-compilation, though I know it can be done with some effort).

If you want to package software to build and run on NixOS you're gonna need some level of knowledge of Nix (the language) and nixpkgs (the package repository, which also contains tools to build packages). The documentation is a bit sparse so you'll probably need to dig into nixpkgs to see how similar things are packaged.

Do you still wrap nixos in docker? And if yes, what about size, does it bother you comparing to alpine linux

I personally don't but I've spoken with people who build OCI images with Nix and they had good experiences with it. There's some functions in nixpkgs that can build OCI images. I just tried building a simple image that only contains a hello world in C and it turned out to be 32.9MB unpacked. Most of the space is taken up by glibc, but if you want you could build one that uses musl. Generally images built with Nix are quite small because they only contain the binary/program in the entrypoint and its dependencies, in this case you don't even get /bin/sh! This is the script that I used, you can build it with nix-build script.nix:

{ pkgs ? import <nixpkgs> {} }:
pkgs.dockerTools.buildLayeredImage {
  name = "hello";
  tag = "latest";
  contents = [
    pkgs.hello
  ];
  config.Cmd = "${pkgs.hello}/bin/hello";
}

Yes, I use Nix on my development machine. I originally started Nix as a configuration/deployment manager (basically seeking a better Puppet/Chef/Ansible) (https://kevincox.ca/2015/12/13/nixos-managed-system/). Then after a handful of years loving it on the server I started using it on my desktops as well (https://kevincox.ca/2020/09/06/switching-to-desktop-nixos/).

The tradeoffs are much more apparent in desktop usage IMHO. It can be difficult to "just do something" as many parts of the system are immutable (and even when there are easy workarounds many users are inclined to waste more time doing it "properly" than it is always worth, myself included) and more software will be confused by the differences. But I'm still very happy about it. For example having different dependency sets for each project rather than installing globally is very nice, especially if you need different versions of the same tool in different projects. Additionally as I have a desktop, laptop and now my wife's desktop to manage it is nice that they all have the same settings and software (unless I explicitly customize them differently of course). It also makes installing a new machine a wonderful process as the vast majority of my software and settings is just ready to go after installation. (Although admittedly this is something that happens every few years at most so is minor in the grand scheme of things.)

I am using NixOS on my home/personal Linux laptop, and at work I have a company-issued Macbook and a company-issued Dell running Ubuntu. On the company devices, I use Nix with home-manager to get a reproducible setup of my core configuration and essential tools. I have been introducing Nix flakes into the repositories I work with at work, so most of the development tooling I need per project is defined in this manner, so I get a somewhat reproducible setup. The rest of the developers are not all-in on Nix yet, so most of the software packaging is still in per-language package definitions (poetry, uv, Maven) rather than having everything defined in the flake, as I would prefer it.

Our main deployment target is Docker images; at the moment, none of them are produced using Nix, they're all traditional Dockerfile setups that do not reference Nix. I have done some exploratory work here and found that Nix-generated images are produced much faster and much smaller (half the size, in my test case). But to really make this work, the entire package needs to be defined by Nix rather than a mixture of Nix and per-language packaging, and we're not quite ready for that.

In my experience, the Alpine base image is very tiny, which is great, but if I'm doing a Python-based application that has any dependencies on an extension written in C or Rust, the development infrastructure needed to get the dependencies installed will bloat the image to where it's about the same size as starting from an Ubuntu image or whatever. With a Nix-created image (not NixOS-based image), the development tools don't wind up in the image unless they are actually needed at runtime, so the resulting images are smaller. You can get the same benefit with vanilla Docker by using build stages, but it's manual labor, you better know which things you actually need since the system doesn't suss it out for you as Nix does, and of course it makes the build take even longer.

I use NixOS on my router and my NAS. I have tried other Linux distros and FreeBSD, but I prefer NixOS on the router because of being able to manage my config declaratively and because systemd-networkd is very nice.

I use it on my Mac to manage my configs. I have a FFXIV derivation I maintain that I use to play, which is what motivates a lot of my contributions to nixpkgs. I also use it for dev shells. I don’t use the Homebrew integration.