Ubuntu vs. NixOS

From NixOS Wiki

Task Ubuntu NixOS (system-wide and root) NixOS (user) and Nix in general
Basic concepts
This column will let you do everything you can with Ubuntu and more. This column just isn't possible in Ubuntu.
Who can install packages and who can run them? All packages are always system-wide and only root can install packages. Packages root installs are system-wide. It does so through /etc/nixos/configuration.nix. If root installs packages the same way users do, through ~/.nixpkgs/config.nix, they are also global. Root's default profile is the system-wide default profile. Users can install their own packages and have their own profiles (environments) through ~/.nixpkgs/config.nix
Package manager apt which is really running on top of dpkg, sometimes wrapped by UIs like aptitude. nix, but many system-wide operations are provided by nixos packages. Just nix without the involvement of nixos.
How do you select your official sources and major releases These are baked into the distribution (e.g. Ubuntu version X). Upgrades are hard and permanent. At any time you select from a collection of channels. They're system-wide when set by root. You can roll back changes or switch channels with ease. Channels are per-user if they're not set by root.
Where are packages installed? apt installs globally into /bin/, /usr/, etc. System-wide packages are in /run/current-system/sw/ (these are installed because of /etc/nixos/configuration.nix) and /nix/var/nix/profiles/default/bin/ (this is the profile managed by root). Note that the files are just symlinks to the real packages managed by nix in /nix/store/. User packages are in ~/.nix-profile/. Note that the files are just symlinks to the real packages managed by nix in /nix/store/.
When changes take effect As soon as the command runs. Commands are not atomic and can leave your machine in a bad state. Most of the time you modify the configuration file and apply changes with nixos-rebuild switch

TODO: How does one get nixos to do all the work for a switch and separate out the actual switching from fetching/building?

Most of the time you apply changes with nix-env -i all

TODO: How does one get nix to do all the work for a switch and separate out the actual switching from fetching/building?

Packages Uniformly referred to as packages Technically called "derivations" but everyone calls them packages. Technically called "derivations" but everyone calls them packages.
Package management
Install a package for all users
$ sudo apt-get install emacs

1. Add to /etc/nixos/configuration.nix:

environment.systemPackages = with pkgs; [
  wget # let's assume wget was already present

2. Run :

$ sudo nixos-rebuild switch
$ nix-env -iA nixos.emacs

Or with collections, add the package to your ~/.nixpkgs/config.nix and run

$ nix-env -iA nixos.all
Install a package for a specific user only Not possible

1. Add to /etc/nixos/configuration.nix:

users.users.alice.packages = with pkgs; [ emacs ];

2. Run:

$ sudo nixos-rebuild switch

1. Add to ~/.nixpkgs/config.nix:

users.users.alice.packages = with pkgs;[ emacs ];

2. Run:

$ nix-env -iA nixos.all
Install a service
$ sudo apt install openssh-server

1. Add to /etc/nixos/configuration.nix:

services.openssh.enable = true;
2. Run:
$ sudo nixos-rebuild switch
Not possible
Uninstall a package
sudo apt-get remove emacs
remove from /etc/nixos/configuration.nix
$ sudo nixos-rebuild switch
$ nix-env --uninstall emacs
Uninstall a package removing its configuration
$ sudo apt-get purge emacs
All configuration is in configuration.nix
Update the list of packages
$ sudo apt-get update
$ sudo nix-channel --update
$nix-channel --update
Upgrade packages
$ sudo apt-get upgrade
$ sudo nixos-rebuild switch
$ nix-env -u
Check for broken dependencies
$ sudo apt-get check
$ nix-store --verify --check-contents
List package dependencies
$ apt-cache depends emacs
Show the direct dependencies:
$ nix-store --query --requisites /run/current-system

or show a nested ASCII tree of dependencies:

$ nix-store -q --tree /nix/var/nix/profiles/system

(/run/current-system and /nix/var/nix/profiles/system are symbolic links that eventually end up at the same place.)

$ nix-store --query --references\
  $(nix-instantiate '<nixpkgs>' -A emacs)

For installed packages:

$ nix-store --query --references $(which emacs)
List which packages depend on this one (reverse dependencies)
$ apt-cache rdepends emacs
For installed packages (only print reverse dependencies *which are already installed*):
$ nix-store --query --referrers $(which emacs)
Verify all installed packages
$ debsums
$ sudo nix-store --verify --check-contents
$ nix-store --verify --check-contents
Fix packages with failed checksums Reinstall broken packages
$ sudo nix-store --verify --check-contents --repair
$ nix-store --verify --check-contents --repair
Select major version and stable/unstable Change sources.list and apt-get dist-upgrade. A an extremely infrequent and destructive operation. The nix variants are safe and easy to use.
$ nix-channel --add\
   https://nixos.org/channels/nixpkgs-unstable <name>

Add the unstable channel. At that address you will find names for other versions and variants. Name can be any string.

$ nix-channel --remove <name>

To eliminate a channel.

$ nix-channel --list

To show all installed channel.

When run by a user channels work locally, when run by root they're used as the system-wide channels.
Private package repository PPA Define your package tree as in the general column, and include it in configuration.nix, then list your packages in systemPackages to make them available system wide See [1]
Install a particular version of a package
$ apt-get install package=version
Although Nix on its own doesn't understand the concept of package versioning, you can install and play with older (or newer!) software via FAQ/Pinning Nixpkgs with https://lazamar.co.uk/nix-versions.

For instance, to launch an older version of Vim you could use:

$ nix-shell \
    -p vim \
    -I nixpkgs=\https://github.com/NixOS/nixpkgs/archive/4bba6650a6a5a2009e25bdeed8c1e871601a9bfb.tar.gz
Package configuration
Configure a package
$ sudo dpkg-reconfigure <package>
Edit /etc/nixos/configuration.nix Edit ~/.nixpkgs/config.nix; TODO: More details about how to edit
Global package configuration Modify configuration file in /etc/ Edit /etc/nixos/configuration.nix
Find packages
$ apt-cache search emacs
$ nix-env -qaP '.*emacs.*'
$ nix search nixpkgs emacs
$ nix-env -qaP '.*emacs.*'
$ nix search nixpkgs emacs
Show package description
$ apt-cache show emacs
$ nix-env -qa --description '.*emacs.*'
$ nix-env -qa --description '.*emacs.*'
Show files installed by package
$ dpkg -L emacs
$ readlink -f $(which emacs)


$du -a /nix/store/ji06y4haijly0i0knmr986l2dajffv1p-emacs-24.4
Show package for file
$ dpkg -S /usr/bin/emacs
follow the symlink or
nix-locate /bin/emacs
Start a service
$ sudo systemctl start apache
$ sudo systemctl start apache
Stop a service
$ sudo systemctl stop apache
$ sudo systemctl stop apache
Enable a service
$ sudo systemctl enable apache
In /etc/nixos/configuration.nix, add
services.tor.enable = true;
, then run
$ sudo nixos-rebuild switch
Disable a service
$ sudo systemctl disable apache
In /etc/nixos/configuration.nix, add
services.tor.enable = false;
, then run
$ sudo nixos-rebuild switch
Where your log files live /var/log/ System-wide packages /var/log/ User packages ~/.nix-profile/var/log/
Adding a user
$ sudo adduser alice
users.users.alice =
 { isNormalUser = true;
   home = "/home/alice";
   description = "Alice Foobar";
   extraGroups = [ "wheel" "networkmanager" ];
   openssh.authorizedKeys.keys =
      [ "ssh-dss AAAAB3Nza... alice@foobar" ];
to /etc/nixos/configuration.nix and then call
nixos-rebuild switch
Misc tasks
List binaries
$ ls /usr/bin/
$ ls /run/current-system/sw/bin &&\
ls /nix/var/nix/profiles/default/bin/
$ ls ~/.nix-profile/bin
Get the current version number
$ cat /etc/debian_version
$ nixos-version
Get sources for a package
$ sudo apt-get source emacs
In Debian, apt-get source gets both the patched upstream source and the recipe for the package. Those need two steps in Nix. To find the package's attribute path:
$ nix-env -qaP emacs
$ nox emacs
To download the source as specified by the package recipe:
nix-build '<nixpkgs>' -A emacs.src
The patched source is usually not a derivation itself, but can be produced for most packages with the following command:
nix-shell '<nixpkgs>' -A emacs\
 --command 'unpackPhase; cd $sourceRoot; patchPhase'
Compile & install a package from source
git clone foobar
cat >default.nix <<EOF
with import <nixpkgs> { };
lib.overrideDerivation foobar (oldAttrs : {
src = ./foobar;
Install a binary package e.g. via nix-ld
Install a .deb
$ sudo dpkg -i package.deb
Install dpkg with Nix, then
dpkg -i package.deb
While this is technically possible it will in all likelihood not work.