[HN Gopher] macOS Nix Setup (an alternative to Homebrew) (2020)
___________________________________________________________________
macOS Nix Setup (an alternative to Homebrew) (2020)
Author : notamy
Score : 193 points
Date : 2021-07-13 19:34 UTC (3 hours ago)
(HTM) web link (wickedchicken.github.io)
(TXT) w3m dump (wickedchicken.github.io)
| nuker wrote:
| So how do i do 'pip3 install requests' for example?
| myWindoonn wrote:
| $ nix-shell -p python3Packages.requests
|
| Nix generally only manifests temporary environments, rather
| than mutating global state. For a more Pythonic environment,
| try the direnv integration, which will let you both `use nix`
| and also `use python3` together, as long as it's in that order.
| _query wrote:
| I've been using nix on macOS as my primary package manager for
| years. Really love it! Specifically nix-shell is a blessing a you
| can quickly try out things without worrying about breaking some
| other packages on the system.
|
| Initially we've only used nix for development at my company, but
| now we're also running most of our servers with NixOS. This
| allows us to use our dev package definitions in production, so
| our dependencies are always in sync between dev and prod. I've
| written a blog post about all the advantages we get with nix in
| our framework IHP a while ago, if you're curious, check it out:
| https://ihp.digitallyinduced.com/blog/2020-07-22-why-ihp-is-...
|
| If you're using an older mac and have troubles with installing
| nix, try out the new installer in this GH issue:
| https://github.com/NixOS/nix/pull/4289 (the command is in the
| "Try it out" section). It's already merged, but not released yet.
| So far this has solved all the issues on older macs for me.
|
| Also check out https://nix.dev/ which has many great resources to
| get started :)
| mitchellh wrote:
| I switched my primary dev environment to NixOS in a graphical VM
| on macOS towards the end of 2020 and I love it:
| https://twitter.com/mitchellh/status/1346136404682625024?s=2...
|
| Previously, I used Nix on Mac (as this blog post suggests) but I
| had enough "gotchas" with Nix on Mac that I decided to go full
| NixOS.
|
| For those who ask why a VM or why I keep Mac around at all: I
| like macOS for everything else besides dev work. I use iMessages
| heavily, I like the Mac App ecosystem such as calendars, mail
| clients, etc. This gives me the best of both worlds.
|
| I usually run this on an iMac Pro but also have a MacBook Pro. It
| runs great on either. It's also really nice with Nix to update
| one machine and the other is just one command away from being
| equivalent.
|
| I recognize this is a "weird" setup but wanted to point it out
| since it seems relevant to this post.
| rphln wrote:
| Out of curiosity, have you experimented with accessing the VM
| through SSH? If so, what was it like?
|
| I could see myself using a similar setup down the line, but
| having two graphical environments seems like it'd be somewhat
| distracting or fussy.
| mikepurvis wrote:
| I do a similar setup to this on Windows (WSL) and previously
| on a Mac (Parallels + Ubuntu). In both cases it's exclusively
| SSH access using an outer-system terminal, and as far as
| editors, a mix of screen/vim/whatever in the terminal, and
| VSCode with remote editing.
| res0nat0r wrote:
| Another cool thing is you can copy an entire nix closure to
| another host if you want to replicate it exactly somewhere
| else.
|
| https://nixos.org/manual/nix/unstable/command-ref/nix-copy-c...
| heavyset_go wrote:
| I run the opposite of this, and run Linux with Nix on a Mac,
| and run macOS in VM with VFIO passthrough for macOS
| development.
|
| I've found that native Linux makes for an excellent dev
| environment.
| philsnow wrote:
| You're running linux (with nix installed) on the bare metal
| of a mac, and then a VM on top of that running macos (with
| VFIO passthrough so it's not dog-slow?), is that right?
|
| Performance is pretty reasonable? APFS works fine in this
| setup? No gotchas with drive encryption? ... actually, if
| your machine does use drive encryption, which is doing it,
| linux or mac? I don't know enough about mac hardware to know
| if there is some mac boot environment that handles encryption
| and then hands off to the OS (be it macos or linux).
| sureglymop wrote:
| I've had a vfio setup for a year now, passing various
| hardware to Windows and Linux VMs but finally I just
| converted it to a regular dual boot setup.
|
| I figured since I am passing through all this hardware anyway
| it might as well all directly access it.
|
| Now with SR-IOV that would be an entirely different story.
| fnord123 wrote:
| > I like the Mac App ecosystem such as calendars
|
| Does Calendar actually work for you?
| borski wrote:
| Yes, it's fine. I've since moved to fantastical but the stock
| calendar app was fine.
| Tempest1981 wrote:
| Do you run git in the VM too? Or on macOS?
| rubiquity wrote:
| I went down this route as well and am the happiest I've been
| when it comes to managing dependencies and creating builds. I
| ended up taking it one step further because Apple kept breaking
| my hypervisor (xhyve) with every new macOS release. I built a
| new workstation that runs NixOS and wayland/sway. I still have
| my MacBook Pro for when I need macOS comforts or if I don't
| feel like being at my desk I can just SSH into the workstation.
| numbsafari wrote:
| It's really not weird at all, IMHO.
|
| If you look at ChromeOS, it's actually relatively mainstream.
|
| Most of us need a locked down desktop environment more than we
| realize. The UNIX/POSIX shell environment works really well for
| our specific kind of work (writing software), but it's full of
| security holes and gotchas. A lot of people talk about Apple as
| wanting to "own" everything, but the trend in securing consumer
| OS environments is clearly trending in this direction. Starting
| with research examples like Qubes, and all the mainstream
| security efforts in Windows, and ChromeOS.
|
| Working with a VM that you can torch and rebuild is ultimately
| the best of both worlds.
|
| What would be really cool is a Mac OS app for managing
| Vagrant... Basically a competitor for Docker Desktop for Mac
| that used VMs instead of Docker.
| unicornfinder wrote:
| What you've described is precisely why I love WSL - you can
| nuke and rebuild your Linux setup easily. It's fantastic
| honestly.
| leucineleprec0n wrote:
| Yes, this is what's so alluring about WSL, whereas with
| homebrew on my M1 setup I have an utter clusterf&$& of a
| paper trail across my desktop that is a real PITA to
| plausibly reverse course, modulo Time Machine backups.
| robenkleene wrote:
| I use a `brew bundle` to help manage this. Make a
| `Brewfile` listing homebrew installs, then `brew bundle
| cleanup` to delete everything that's not in that file.
| This way I can try something out and easily delete it
| (and the dependencies it installed). It also obviously
| makes it easy to setup a new machine.
| numbsafari wrote:
| Yep. Crostini under ChromeOS operates more or less the same
| way. It's also why I personally am done with the homebrew
| approach.
|
| I was using VMs to address the disaster that is the Windows
| Registry as a developer back in the early 2000s. Homebrew
| is such an amazing step backwards in that regard.
|
| I have a feeling that Terminal.app is headed this direction
| on Mac OS, but Apple is taking their sweet time navigating
| the migration since everyone gets pissed off whenever they
| fix a security/reliability problem. Could you imagine the
| uproar if the next version of Mac OS worked the way
| ChromeOS does? (ps., there's nothing stopping you from
| running Firefox on ChromeOS, I've done it).
| viraptor wrote:
| > I was using VMs to address the disaster that is the
| Windows Registry
|
| What do you mean?
| numbsafari wrote:
| The general issue one runs into on Windows where you,
| say, install a bunch of dev tools and then, at some
| point, your registry gets corrupted and you find yourself
| needing to reinstall everything.
|
| If you run your tools, and do your testing, inside of
| VMs, you can quickly "restart" from a known good state.
|
| The Windows Registry is a lot like /etc in Unix-like
| environments. In either case, all that configuration can
| get co-mingled and corrupted and you have to start over.
|
| VMs are a great way to solve that problem for developers.
| viraptor wrote:
| Registry corruption since w2k is pretty much solved. It's
| a database with a WAL-style transaction log. If registry
| corruption is something that happens to you more than
| once, I'd check the storage since there's probably a lot
| more that's getting corrupted... Otherwise - keep full
| disk backups.
| heavyset_go wrote:
| > _A lot of people talk about Apple as wanting to "own"
| everything, but the trend in securing consumer OS
| environments is clearly trending in this direction. Starting
| with research examples like Qubes, and all the mainstream
| security efforts in Windows, and ChromeOS._
|
| This is because Google and Microsoft want to own everything,
| as well. It's not a coincidence that Apple, Google and
| Microsoft's security implementations enshrine each of them as
| ultimate gatekeeper and single source of truth for security
| on their respective operating systems.
|
| It is interesting that you bring up Qubes OS, because its
| security model doesn't depend on Invisible Things Lab, the
| Qubes developer[1], deciding what can or can't run on Qubes
| OS.
|
| In fact, if a security model that depended on a company like
| Red Hat authorizing what can or can't run on Linux, it would
| be rightly criticized as Red Hat trying to "own" everything
| instead of developing a secure system at the OS level. Yet
| Apple, Google and Microsoft are doing just that.
|
| [1] https://invisiblethingslab.com/
| numbsafari wrote:
| I think we are really conflating "app store distribution"
| and "the POSIX userland isn't workable in a modern security
| environment for end-users". POSIX apps run as the user,
| when they really need to be run with their own identity.
| Most often we should use the identity of the "developer".
|
| Do I want Firefox to have access to my Contacts? My Photos?
| Do I want Facebook to have that access? To all of them, or
| just ones that I select? Should my disk utility have the
| ability to send data over the network? My IDE? My IDE
| plugins?
|
| This has nothing to do with "stores", and everything to do
| with the security model and the UI needed to make it work.
| e.g., when I run `grep -e "Something" -r ~/src`, I assume
| grep is going to read all of the files in ~/src. But in the
| basic POSIX environment it can access anything I can
| (including, say, ~/.ssh) and open up any old socket it
| wants and send data wherever it chooses. Have you read
| every line of code of every package you've installed?
| Rather than relying on 'trust', 2021 requires that we
| actually have some security model that doesn't rely on
| trust, but explicit permissions and grants, and workable UI
| for defining that. Wouldn't it be nice if bash arranged a
| read-only capability granted to the grep process for all
| files under ~/src based on the above command, and if the
| grep executable itself had no inherent permissions at all?
| viraptor wrote:
| That's pretty much selinux. We don't have a nice ui for
| it, because what you described is actually pretty
| complicated to achieve. But it actually works. Today.
| mikepurvis wrote:
| Socket/port activation in the init system tries to be a
| piece of this puzzle too, though obviously it's far from
| the whole story.
| chrisfinazzo wrote:
| > This is because Google and Microsoft want to own
| everything, as well. It's not a coincidence that Apple,
| Google and Microsoft's security implementations enshrine
| each of them as ultimate gatekeeper and single source of
| truth for security on their respective operating systems.
|
| To a close approximation, 99% of regular users (let's just
| say people who are not developers by profession) _do_
| implicitly trust their respective OS vendors. To suggest
| otherwise suggests a level of paranoia which would make it
| impossible to ever have a stable system and get anything
| done.
| numbsafari wrote:
| It's funny, because I actually agree with both of you.
|
| We should generally trust our primary OS vendor, because
| otherwise we're all going to need therapy.
|
| But we shouldn't _have_ to trust them. That is, the
| system should be designed such that we have some amount
| of "defense in depth" where a mistake by Apple during
| the review of one of the 3.5 million apps doesn't result
| in an exploit.
|
| I think this is why Apple and the others are trending
| towards the design that they are, because a deep
| capability approach that's integrated into the UI helps
| offload some of the complexity and overhead of managing
| that liability at scale.
| babypuncher wrote:
| > Apple, Google and Microsoft's security implementations
| enshrine each of them as ultimate gatekeeper and single
| source of truth for security on their respective operating
| systems.
|
| Who do you propose should shoulder this responsibility? The
| vast majority of users lack the expertise to take it on
| themselves.
| jbenner-radham wrote:
| You might be interested in: https://www.vagrantmanager.com/
| numbsafari wrote:
| I'm aware of it. Hasn't been updated in a long time, and
| you need to otherwise install vagrant and a VM manager
| separately (fortunately, it doesn't ironically tell you how
| to do so via homebrew...)
|
| I think a first-class vagrant app for Mac OS would (a) be
| available in the App Store for simplified VPP deployments
| (b) install vagrant and (c) either come with a lightweight
| VMM over Hypervisor.framework and/or work with other active
| VMMs like Fusion, Parallels or even Docker Desktop.
|
| Vagrant was born of the CLI, but I think in 2021 it needs
| to embrace its role as a bridge between the GUI and CLI.
| Just my opinion, though...
| circularfoyers wrote:
| Fedora Silverblue is potentially where the future of the
| Linux desktop might end up. It improves on security
| significantly, where the system is read only, similar to
| macOS, and all user programs are sandboxed within flatpaks
| (migrated from the preexisting RPMs of these programs).
| jcastro wrote:
| Have you been able to get nix working in silverblue? The
| read-only fs makes making a `/nix` not very
| straightforward.
| cyberpunk wrote:
| What hypervisor/vm software are you using?
|
| I'm running some Linux vms under parallels on a m1 and the
| graphics performance could be better..
| Gaelan wrote:
| Looks like VMWare from the tweet they linked.
| mitchellh wrote:
| VMware Fusion. I don't use an M1 Mac right now (I have one
| for testing but not primary dev work).
| reddit_clone wrote:
| > VMware Fusion
|
| Does it work? When I upgraded to BigSur and Fusion 12 the
| networking just stopped working.
|
| VMs dont work with NAT at all. In Bridged mode, it
| partially works. Completely stops if I get the Mac host in
| to company VPN.
|
| All of this used to work prior version of Mac OSX and
| Fusion 11.
| Scarbutt wrote:
| Your setup is normal, the weird part is running a GUI in the
| linux VM. Simpler, why not just use ssh? (since you are vim
| user and all)
| sigjuice wrote:
| Does copy/paste work between the host and the VM?
| mitchellh wrote:
| Yes (via VMware Tools)
| exdsq wrote:
| I think it's becoming more common. I do the same with a
| Pixelbook as my main computer nowadays!
| gigatexal wrote:
| I tried a graphical VM on my Mac but it was too slow. How are
| you getting around that?
| smoldesu wrote:
| I envy your patience. I had to drop MacOS altogether out of
| frustration that there were no good package managers, and VMs
| simply don't cut it for me. Nowadays, I run an inverse setup: I
| do pretty much everything in Arch, with a few Wine prefixes to
| solve Windows compatibility, and a healthy combination of
| Darling and QEMU to spin up MacOS instances.
| Svetlitski wrote:
| Genuinely curious, what didn't you like Homebrew (assuming
| you tried it)?
| heavyset_go wrote:
| Another HN user did a write up on Homebrew[1] that I agree
| with.
|
| My main gripe is that Homebrew would regularly break my
| Python virtualenvs with linking errors. Meanwhile on Linux,
| I have virtualenvs that I created 9 years ago that still
| just work.
|
| These days you might be able to sidestep that issue by not
| using Python from Homebrew at all, but installing and
| managing it with Pyenv instead.
|
| [1] https://saagarjha.com/blog/2019/04/26/thoughts-on-
| macos-pack...
| Groxx wrote:
| `brew pin python` and it'll stop that from happening.
|
| but yeah, this is a constant source of pain, and I end up
| helping people at work fix it probably on a weekly basis
| (or more often). python bin-envs are such a hassle.
| handrous wrote:
| Meanwhile, I find macOS sticky in part _because of_ the
| package manager (homebrew).
|
| In particular, I've not seen a package selection so good and
| so consistently up-to-date, with so very little fiddling or
| upkeep to add or maintain 3rd-party repos, since I was on
| Gentoo--and portage broke (in whole, or just had broken
| individual packages) a lot more than homebrew does (which is
| almost never). I can't think of a single thing I use that
| isn't available and well-maintained on it, open or closed
| source. Even obscure things often just install on my first
| guess at the package name, no muss, no fuss.
|
| Now, what I _don 't_ use it to do is to manage project
| dependencies, but then I don't like using, say, the "system"
| PostgreSQL or Nodejs or whatever even on Debian, either,
| unless I'm _using them_ directly and not _making them part of
| a project_ that will need to be distributed or deployed
| elsewhere and worked on by others. I 'm entirely fine keeping
| core OS parts, my personal software I use, and management of
| individual project dependencies, strictly separate--in fact,
| having worked this way, I prefer it.
|
| I could be tempted away by a similarly-great and high-quality
| package selection, maybe, but that would be table-stakes
| before we even get into the rest of how the package manager
| operates.
| smw wrote:
| Just fyi, you can use homebrew on linux.
| viraptor wrote:
| Does Darling work for anything serious these days? What apps
| are you running on it?
| sirodoht wrote:
| I'm slowly venturing a full switch from brew to nix (mainly due
| to its slowness) using nix-env and this guide:
| https://www.youtube.com/watch?v=NYyImy-lqaA
|
| It's been a few weeks. Concerns until now:
|
| * Things like fzf have bash completion accompanying files. I have
| not figured out where these reside using nix.
|
| * Things like mysql make heave use of directories such as
| /usr/local/var/mysql or similar. I was unsuccessful in surpassing
| permission problems with these.
| pxc wrote:
| > Things like fzf have bash completion accompanying files. I
| have not figured out where these reside using nix.
|
| Bash completions get installed under Nix profiles (yours,
| root's (a.k.a., the 'default profile'), or the 'system'
| profile, if you're using nix-darwin or NixOS), just like
| binaries.
|
| On my system, I have some bash completions under my user
| profile, in /nix/var/nix/profiles/per-
| user/$USER/profile/share/bash-completion/completions/
|
| and some in the system profile, in
| /nix/var/nix/profiles/system/sw/share/bash-
| completion/completions
|
| If you use a shell installed from Nixpkgs, it'll automatically
| pick up on all such completions installed to your profiles
| (which come bundled with the packages they're for). (To try
| this with bash, make sure to install `bashInteractive` rather
| than just `bash`.)
|
| If you use a shell configured by a Nix module system, like
| NixOS or Nix-Darwin, it will provide an option to enable the
| installation of such completions to your system profile, which
| you can enable like this: https://github.com/LnL7/nix-
| darwin/blob/a7492a8c76dcc702d0a6...
|
| > Things like mysql make heave use of directories such as
| /usr/local/var/mysql or similar. I was unsuccessful in
| surpassing permission problems with these.
|
| It's clear that you're pointing to a real issue, but there's
| either a typo or a misunderstanding above. If your `mysql`
| binary really does spit out messages about /usr/local/, it
| didn't come from Nixpkgs. But if it comes from Nixpkgs, it
| might be emitting similar complaints about directories under
| /nix/store.
|
| The explanation: Nix packages don't know or care anything about
| /usr/local, but they are compiled so that they think all of
| their 'prefixes' (e.g., what by default on a system are just
| /usr, /lib, /etc, etc.) live in package-specific directories
| under /nix/store. It's an important part of Nix's design that
| everything in the store be immutable, and so everything there
| is marked read-only.
|
| The solution: to use stateful services like databases that you
| install from Nixpkgs, point them to writeable directories
| outside of the Nix store to use for their data storage. You can
| do this manually for mysql with options like
| `--datadir=/some/writeable/path/you/own` and similar. These
| same options are used inside Nix module systems when they
| enable configuration of services like MySQL, e.g., here:
| https://github.com/NixOS/nixpkgs/blob/nixos-21.05/nixos/modu...
|
| Hope that helps!
| Nullabillity wrote:
| > * Things like fzf have bash completion accompanying files. I
| have not figured out where these reside using nix.
|
| In general, ~/.nix-profile/share/bash-completion/completions/,
| although fzf in particular seems to have its in ~/.nix-
| profile/share/fzf/completion.bash. To be honest, I'm not really
| sure about why.
|
| In general, ~/.nix-profile is more or less the Nix equivalent
| to /usr.
|
| > * Things like mysql make heave use of directories such as
| /usr/local/var/mysql or similar. I was unsuccessful in
| surpassing permission problems with these.
|
| If you're not running the services as system-level services,
| override their state directories. In the case of MariaDB that'd
| mean something like `mysqld --datadir=~/var/mysql`.
| azalemeth wrote:
| One thing I'd love to know is what the advantages of the
| different systems are, objectively. I've always used macports,
| from the very early days, and I just use it because it works, and
| I know its quirks. I remember brew starting, and thinking "oh,
| that looks interesting". Yet I never really felt a compelling
| reason to change.
|
| This article is refreshingly honest about why the author decided
| to give nix a try, and I very much appreciated that. A large
| chunk is "it's new and I wanted to try it out", combined with
| deterministic update times, which I respect. Is there a detailed
| technical comparison of macports, homebrew and nix anywhere?
| mikepurvis wrote:
| > Unpredictable command times.
|
| As a novice Nix user, I would say that I've hit a certain amount
| of this too. Basically every time you update your channel, it's a
| dice roll how much you're going to have to rebuild or re-
| download.
|
| Now, it's easy to let it run in the background or
| interrupt/resume it at any time, so that at least is a plus-- and
| it does provide a clear indication of how much it's downloading,
| and how many packages are being built.
| X6S1x6Okd1st wrote:
| I'm a big fan of Nix!
|
| nix on OSX was my gateway drug to nixos. Nixos is much more
| intimidating & when you stray outside of what is supported by
| nixpkgs the learning curve really ramps up.
|
| I wouldn't be surprised if we start seeing shell.nix and
| build.nix showing up in more and more OSS projects & it spreads
| mostly that way.
| varenc wrote:
| Brew's slowness is a huge pain point. A basic `brew info` command
| takes 1.8 seconds and requires executing 6 ruby processes. (with
| online analytics disabled)
|
| And `brew search` is so slow that I've just made a function[0] to
| search taps locally for formula/cask filenames matching my query.
| Takes 0.08 seconds instead of 10-20 seconds.
|
| Makes me want to try `nix`. Anyone have experience using them
| both together? [0] brewSearchFast() { fd
| "$1" -e rb /usr/local/Homebrew/Library/Taps }
| abathur wrote:
| If you want to try this but balk at the ~rough install experience
| around the Nix volume/encryption: a bunch of work I did to sand
| this down last Fall was merged into master this Spring.
|
| There are some headwinds wrt backporting those improvements to
| include them in the 2.3.x release series, but you should be able
| to take advantage of them in the meantime via the installer
| numtide publishes from master: https://github.com/numtide/nix-
| unstable-installer (no special flags needed).
| NelsonMinar wrote:
| How is Fink doing these days? It looks still actively maintained.
| The advantage with Fink is it uses dpkg; I winced as I watched
| years of Homebrew reinventing a Unix package system, badly.
| gigatexal wrote:
| Pin your home brew versions and upgrade at non-critical times and
| you'll be fine? I've been doing this for years and not had any
| issues. :shrug:
| jeofken wrote:
| A feature declarative programming gives Nix is being able to
| commit a list of dependencies in the file default.nix, and when
| entering just run $nix-shell, and have the right version, and
| it works for my Linux colleagues as well.
|
| Typing on the go so may have missed a param
| adkadskhj wrote:
| How does default.nix handle dependencies? From what i've (i'm
| on NixOS) seen you just see something like `gcc` or
| `openssl`, with no clue what version.
|
| Tbh i've found Nix very very lacking in the dependency
| department. What i _want_ is something like Cargo.toml from
| Rust (or maybe packages.json/yarn.lock if you're familiar
| with NodeJS), which compiles to a Cargo.lock. Instead what i
| have is a name for a dependency with no clue what version the
| writer expected, or what version my computer will install.
|
| Pulling a new commit from nixpkgs repo can lead to chaos and
| random things update with no rhyme or reason.
|
| Flakes, in alpha i believe, is the first thing from Nix that
| actually felt repeatable. But even with Flakes i still don't
| know what version anything is, but at least i know what
| concrete commit sha worked for me and can always revert as
| needed.
|
| My next NixOS install will use Flakes with a very granular
| approach. The OS on one package ref, and other packages all
| have their own isolated refs. This will be verbose and
| bloaty, but being able to update Vim without my OS going
| crazy will be really nice.
|
| I'd still like Flakes to behave more like Cargo.lock, but
| it's at least progress.
| stockholm_sloth wrote:
| Interesting read as I am a huge OSX and CLI fan. Thanks for that!
| I too am worried by the root file system "security enhancements"
| in recent versions of OSX that make it harder and harder for me
| to do my job (develop website backends).
|
| However I may wait to try Nix until it has better support for my
| primary tools (mainly php and ruby based websites) ... because I
| LOVE the simplicity of homebrew. And if there are any homebrew
| developers reading this, I frickin' love you guys. You make
| everything I need to do extremely easy.
| SavantIdiot wrote:
| If php and ruby are your primary packages, why would you need
| something other than macports? Both are up to date with the
| latest versions.
| FullyFunctional wrote:
| Indeed, as a newcomer to Nix I was immediately put off by the
| arcaness of everything. I don't want my first experience to be
| memorized obscure paths and funky command line arguments (such
| may justified _later_ when more advanced options are wanted).
| I'm glad it works for people and I gather nix-env is a step in
| the right direction, but it's IMO not quite there yet.
|
| EDIT: example, why is it nix-env -qaP git
|
| instead of nix search git
| ianthehenry wrote:
| It actually is! There are lots of examples of arcane Nix
| commands, but as of Nix 2.0, you actually can type `nix
| search git`. And it works much better than `nix-env -qa` ever
| did.
|
| Your point stands, though. For example, why is it:
| nix-env -iA nixpkgs.git
|
| Instead of: nix install git
|
| (I know what the answer is, but still, it's a question that I
| think a lot of newcomers are going to ask.)
| defulmere wrote:
| The author had me until he mentioned installing ripgrep
| *temporarily*.
|
| Stopped there because I don't do heresy.
| luckyorlame wrote:
| " I don't do heresy." please explain.
| jahnu wrote:
| It's a joke that they they love and depend on ripgrep so much
| that to uninstall it would be an act tantamount to heresy
| pxc wrote:
| Seconded! I think ripgrep is my favorite of all of these next-
| gen fundamental CLI tools.
|
| For me, it replaces both grep and sed (except for in-place use
| of the latter), because I never write complicated sed programs.
| jeofken wrote:
| It's with you for eternity, just hidden from programs unworthy
| of its excellence. Immutable is forever :)
| est31 wrote:
| I really love the temporary installs feature of nix OS. Often I
| just want to try some software once and don't want to use it
| afterwards. The temporary install feature is perfect for that,
| to help avoiding building up bloat from forgotten uninstalls.
|
| But yes, you absolutely must have ripgrep.
| ihumanable wrote:
| I think one thing that's interesting about "temporary"
| installation is that nix has this notion of "present" vs
| "installed."
|
| When you run a nix-shell the program is downloaded and if
| necessary built and put into the nix store, after leaving the
| shell it's all right there on your disk ("present") just not
| "installed" into the environment.
|
| This is why the first time you run nix-shell with something new
| it downloads stuff while subsequent invocations are immediate.
| It also means that if you liked ripgrep in a shell, installing
| it is just has nix write out some new symlinks.
| stevefolta wrote:
| "nix-shell" is exactly how I first tried ripgrep. Of course, I
| installed it permanently moments later.
| haskal wrote:
| Just replace "ripgrep" with "cowsay" or "neofetch" and read
| again.
| seanparsons wrote:
| > there is no CLI equivalent to brew install that I am aware of
|
| There is! You use `nix-env` for that by running something like:
| `nix-env -iA ripgrep`.
| ianthehenry wrote:
| To others who might be interested in trying Nix instead of
| Homebrew:
|
| There _is_ a `brew install` equivalent in vanilla Nix -- `nix-
| env` provides an imperative interface pretty similiar to `brew`.
|
| `nix-darwin` is a third-party thing that tries to give you a
| NixOS-like experience on macOS. It's not necessary if you're only
| interested in replacing Homebrew. You can have `shell.nix` files
| and ad-hoc environments without replacing your entire system
| configuration.
|
| Vanilla Nix is very well isolated, and you can try it side by
| side with Homebrew to see how you like it -- one of the nice side
| effects of Nix-installed software being independent from the rest
| of your system is that, well, you can install whatever you want
| without breaking the Homebrew equivalents. For example instead of
| putting binaries in `/usr/local/bin`, Nix creates a directory of
| symlinks to files in `/nix/store`, and you can add that directory
| to your `PATH` if you wish.
|
| I switched to Nix a few months ago and have found it... fun. It's
| not something I would recommend if you want things to just work,
| but if you're curious about Nix, you can learn quite a lot about
| it from the comfort of your MacBook.
|
| I wrote a little about this experience here, including how to map
| common `brew` commands into their `nix-env` equivalents:
| https://ianthehenry.com/posts/how-to-learn-nix/switching-fro...
|
| (Warning: it's more of a rambling diary entry than a blog post.)
| parkerduckworth wrote:
| Thanks for posting this, it's very helpful.
| rahen wrote:
| Very helpful. Unfortunately Nix doesn't support aarch64 yet,
| only x86_64...
|
| It seems to be coming though:
| https://github.com/NixOS/nixpkgs/issues/95903
| tikhonj wrote:
| I recently helped somebody get Nix set up on an M1 Macbook
| and it seemed to work fine overall. We just used the standard
| installer, then mostly reused a home-manager-based config
| that I use on my x86-64 Macbook. Core stuff like Git and
| Emacs worked with no fiddling, and the few problems we did
| encounter seemed to be from issues in my personal config, not
| Nix on aarch64 in general.
|
| That said, we didn't try to build or use anything
| particularly tricky--just Git, Emacs, Python and a simple
| Haskell project so far.
| ianthehenry wrote:
| Yeah, it, like, _mostly_ works? But maybe only in multi-user
| mode? I don 't know; I didn't read the whole thread. I don't
| have an M1 machine, but it seems like there are binaries
| cached for the arch in the official cache:
| $ nix-env -qasA nixpkgs.git --argstr system 'aarch64-darwin'
| --S git-2.31.1
|
| Which implies that it's supported in some capacity.
|
| (The "S" means "there's a substitute available;" i.e. git at
| least is cached for aarch64. Yeah, Nix's CLI... needs work.)
|
| I don't know exactly what the state of it is -- i.e how many
| packages can build natively on M1 -- but I know that the
| Nixpkgs community has done a lot of work in the last year to
| support M1 nicely, and I _thought_ that it was fully usable
| at this point. But there 's a big difference between "Nix
| works on M1" and "every package in Nixpkgs works on M1."
| callahad wrote:
| A better future is on the horizon (or here, today, if
| you're willing to install a 2.4 pre-release): Flakes make
| it trivial to fall back to x86_64 when aarch64 fails, and
| the CLI experience is dramatically improved.
|
| Alas, that path is probably not yet suitable for folks
| without prior Nix experience, given how new everything is.
| ianthehenry wrote:
| Are flakes necessary for that? I would think you could
| install x86_64 binaries manually by setting `system`,
| even on the 2.3 branch. It seems I can do the reverse
| thing: $ nix-env -iA nixpkgs.hello
| --argstr system aarch64-darwin $ file $(which
| hello) /Users/ian/.nix-profile/bin/hello: Mach-O
| 64-bit executable arm64
|
| But maybe you just mean that it does this automatically?
| That's neat, if so. And I would expect this to be a lot
| more annoying within a default.nix file, having to keep
| track of two different nixpkgs imports.
| callahad wrote:
| Not automatic, but as a replacement for nix-env and nix-
| shell, it's great. When I need an x86_64 package, I find
| `nix shell nixpkgs#legacyPackages.x86_64-darwin.neovim`
| easier to recall and reason about.
|
| (Or `nix profile install nixpkgs#...` for a persistent
| version of the same)
| fabianhjr wrote:
| Nix / NixOS support AArch64 (
| https://nixos.wiki/wiki/NixOS_on_ARM ) however Apple/Mac-
| devices don't have many drivers available nor have people
| contributed enough time and resources to have a darwin-
| aarch64 build farm and binary cache.
| Isthatablackgsd wrote:
| That would explain why nix-env --install kept failing because
| I am using M1.
| pxc wrote:
| I find that the isolation of Nix/Nixpkgs makes it pretty natural
| to use it in tandem with Homebrew.
|
| I don't need any CLI tools that aren't in Nixpkgs anymore, so I
| use Homebrew exclusively as an installer-fetcher-and-runner
| rather than a source-based package manager (i.e., only for
| 'casks' rather than for 'formulae'), and the combination is very
| nice.
|
| Nix similarly plays nice with Pkgsrc and MacPorts, so if you're
| interested in switching away from Homebrew but unsure about Nix,
| there's no special work you have to do to install one of those
| alongside Nix for use as an escape hatch that doesn't involve
| Homebrew.
| domenkozar wrote:
| We've just made Nix support Apple Silicon natively!
|
| I've also been working on tutorials for beginners at
| https://nix.dev, for example how to set up declarative developer
| environments.
| mark_l_watson wrote:
| Thanks, that was a question in my mind. Brew does a fairly good
| job on M1 Macs by maintaining two environments, one M1 native,
| and one using Rosetta.
___________________________________________________________________
(page generated 2021-07-13 23:00 UTC)