Hacker News new | comments | ask | show | jobs | submit login
Haskell developer experience in NixOS (kuznero.com)
105 points by allenleein 11 months ago | hide | past | web | favorite | 19 comments

I'm not a Haskell developer nor Nix user, but I find Docker is surprisingly convenient, if only for its immutable layers file & build system: as I test different packages, I only pay for what's changed or removed, not the full setup. For example, for a C library, you might start with

    RUN apt install -y build-essential
    RUN apt install -y libopenssl-dev
    RUN cd src && ./configure
but if libopenssl-dev is the wrong package, change that line, and rebuild, and the build-essential installation isn't redone, only what's change and subsequent lines.

Any sort of snapshotting at file system level (e.g. ZFS) would do the job as well, but Docker puts it together in a convenient way.

I guess Nix is better by using a DAG, but it's probably more complicated and harder the reason about (at least for those of us lacking in headspace).

Those docker commands will install whatever binaries happen to be in the repository at the time they were run. Nix offers deterministic reproducible builds. A non-deterministic build is much harder to reason about.

Docker is a nice runtime, but you cannot reproduce the build of a docker container. What if you want to make a small change to the image? You need to rebuild it, but if it's years later, the versions of packages in the ubuntu repository may have changed and a lot of other things (if you're not careful, tarballs downloaded during the building of the image may have disappeared/changed/...). While you can try to avoid these through careful scripting and pinning things, this is what Nix makes really easy: just pin your nixpkgs version, and you can almost guarrante that you'll get the exact same build years later and you can still change parts of it if you need to.

> Docker is a nice runtime, but you cannot reproduce the build of a docker container

This is a common misconception but there's plenty of info out there if you want to find out how to do it. https://duckduckgo.com/?q=reproducible+builds+in+docker&atb=...

In essence, you can make reproducible builds in docker by controlling the build environment and then specifying particlar versions when installing dependencies. It's a bit more work but it's eminently doable.

You control the build environment by building your reproducible docker containers within an environment (eg a reproducible docker container) that is itself reproducible (ie with specified versions of everything). This seems like a bootstrapping problem, but actually it works.

So: 1. Make a "Build container" with a specified base image version and specified versions of the transitive deps of everything it needs to build your thing 2. Use this container to build your actual container, specifiying a version of the base image and all dependencies.

Pretty sure you don't need more than these two layers of the onion to make bitwise-identical builds as long as your package build recipe is itself reproducible (eg the toolchain supports it and you don't do anything like embedding timestamps etc in the binaries).

Package managers provide mechanisms to get the version list in force so generally the way to do this is to start with your preferred base image, install all the packages you want/need, use the package manager to give you the version list, then change the Dockerfile to install specifically those versions.

> In essence, you can make reproducible builds in docker by controlling the build environment and then specifying particular versions when installing dependencies.

Nix would be an excellent way to achieve this.

Nixpkgs has a function for creating Docker images as derivations, in fact.

> Just pin your nixpkgs version, and you can almost guarrante that you'll get the exact same build years later and you can still change parts of it if you need to.

In theory. In practice, anything that doesn't hit the NixOS cache server will likely have been removed; it doesn't cache the build inputs, and links break all the time. On smaller timescales it's brilliant, though.

Could reproducible Docker builds be achieved through adding Nix, then? Maybe that really ought to be the best practice for people doing this on a large scale.

It already has all the needed infrastructure, in fact. See for example http://lethalman.blogspot.ie/2016/04/cheap-docker-images-wit...

Absolutely! From my point-of-view, Nix is complementary to Docker. Nix is a deterministic replacement for the apt-get commands used in the parent post.

> but it's probably more complicated and harder the reason about

Absolutely not. It's made far easier to reason about through the fact that all of its features are exposed through a pure-functional language, giving the reader the ability to reason about each expression inside each level of brackets individually. It's extremely freeing reasoning about code once you realize you can rule out side effects.

This is mostly about NixOS and not the Haskell experience (though some of this applies to that as well).

TL;DR: I install a lot of packages to try them out and want an easy way to roll them back with as few consequences as possible. Nix seems to fill that gap.

As a student this really appeals to me; I usually think in broad terms initially, maybe write a proof or two to make sure I'm doing what I think (read: hope) I'm doing. Implementation is an afterthought for me, and so when it finally comes time to implement something I'll usually start at the typical "what are my options" phase.

For domains that I'm strong in I have a good idea what's available and it's probably already installed. But sometimes you're just /new/ to something and need to try things out. Sure, an API seems good in theory, but how does it work out in practice? Too much boilerplate? Does it work well with everything else I want? Did/does the original author share similar use cases to me? Is it (well) maintained (still)?

Of course, by the end of this process any number of things could be installed; both things I asked for, and things I didn't, are available to me. The issue that I then run into, and that Nix seems to solve for me, is that I want to undo portions to the installation and all their unintended side-effects. Beyond that, an easy way to manage groups of packages and roll them back en masse (again, including unintended side-effects) would be so beautiful.

In the case of Haskell, I have created chroots just to keep Haskell penned away from the rest of my system. I don't need pacman yelling at me because I `cabal install`d something and now the owner is wrong, my hair is on fire, and the universe is imploding. Nix seems like a much better way to handle this.

Of course, I could just be naive and/or uninformed-- likely both. I'd welcome sage wisdom from Haskell programmers on how to properly, cleanly manage package installs without getting in trouble with the system package manager (short of creating packages myself). And I've no doubt this has been solved outside of Nix using methods beyond rigorous self-control.

The mess you describe is only a problem if the products you produce suffer; chroots, virtualenvs and Snaps are a nice way to handle the resulting problem. If Nix really does make you more productive then sure this is a great way to solve this, but for me I would still have to convert that Nix environment to something shipable.

You can ship Dockers built with Nix. It's actually a great and quite popular combination.

Maybe it's a personal thing. I really appreciate keeping my number of installed packages down, even when I have a lot of space available.


Marking it with the year is extremely relevant for me since I’ve been doing a lot of reading on NixOS and was hoping this was a new article.

As it is, it’s an interesting recap of someone discovering Nix.

What is the significance between then and now for nix?

I feel the need to plug my take on NixOS, but based on ArchLinux


NixOS is awesome, but it requires you to relearn all your sysadmin techniques; this is great in the long run but not so great in the short run. effuvv tries to be a solid middle-ground between traditional linux and functional system management

There is a follow-up post on haskell project structure in NixOS: http://www.kuznero.com/posts/nixos/haskell-project-structure...

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact