F44 Change Proposal: Nix package tool [SelfContained]

F44 Change Proposal: Nix package tool [SelfContained]

Wiki

Announced

This is a proposed Change for Fedora Linux.
This document represents a proposed Change. As part of the Changes process, proposals are publicly announced in order to receive community feedback. This proposal will only be implemented if approved by the Fedora Engineering Steering Committee.

Summary

Add the [GitHub - NixOS/nix: Nix, the purely functional package manager nix] functional package manager developer tool to Fedora.

Owner

• Name: [[User:Petersen| Jens Petersen]]
• Email: petersen@redhat.com
• Name: [[User:zbyszek| Zbigniew Jędrzejewski-Szmek]]
• Email: zbyszek@in.waw.pl

Detailed Description

Nix is a cross-platform package manager for Unix-like systems with its own package ecosystem.
It is also the package manager for the NixOS Linux operating system.
The nix package tool provides access to the [GitHub - NixOS/nixpkgs: Nix Packages collection & NixOS nixpkgs] ecosystem with over 100,000 [NixOS Search packages].
Packages and environments can be specified in nix’s declarative functional programming language using so-called derivations. Nix [Flakes - Official NixOS Wiki flakes] provide a newer way to specify these project development environments.

Nix has two main modes of installation/setup: multi-user mode (with nix-daemon) and single-user mode
(below these are abbreviated as “multiuser” and “singleuser” respectively). The Fedora package tries to support both of them, though multiuser mode setup where available is more seamless. It does this by providing nix-daemon and nix-system subpackages which both require nix-filesystem. The /nix toplevel directory is defined with tmpfiles.d and can be a Btrfs subvolume if setup.

Feedback

Benefit to Fedora

Some developers and upstream projects now prefer or use nix for development and reproducible build environments.
Just as we have apt packaged in Fedora, this change adds a nix package allowing access to its ecosystem from Fedora.

With the implementation of this Change, Fedora users will be able to install nix easily on their system and leverage it in development projects that may require nix. They will also be able to easily try out some of the many packages in nixpkgs for testing or experimenting, etc.

For some time I have maintained a nix [Making sure you're not a bot! copr repo] which is quite popular (see the download numbers and note a number of other nix copr repos also exist), but it will be easier for Fedora users to have the nix package directly available from Fedora repos.

Scope

• Proposal owners:
  ** prepare the [Making sure you're not a bot! package] of nix version 2.31 or later [[https://bugzilla.redhat.com/show_bug.cgi?id=2388768 pkgreview]]

• Policies and guidelines:
  ** We have received an [Making sure you're not a bot! exception approval] from FESCO to allow the nix package to use /nix toplevel directory at runtime, as it is needed to make full use of nixpkgs and cachix binaries, etc.
  ** The approved exception still needs to be documented
  ** To be clear: nix and its subpackages will remain optional development packages that Fedora users can install manually if they wish, and in particular /nix is not to be used for Fedora Linux development.

• Trademark approval: N/A (not needed for this Change)

• Alignment with the Fedora Strategy:

Upgrade/compatibility impact

Early Testing (Optional)

N/A

How To Test

Copr builds are available from Making sure you're not a bot!.

Installation/setup:

Either:

• Multiuser daemon mode:
  ** sudo dnf install nix
  ** sudo systemctl enable --now nix-daemon

or

• Singleuser mode
  ** sudo dnf install nix --exclude nix-daemon
  ** sudo usermod -G nixbld -a $USER

See also /usr/share/doc/nix/README.fedora.md or Making sure you're not a bot!.

Then try out the tool:

• nix-shell -p hello
• try the *.nix examples in Making sure you're not a bot!
• nix search nixpkgs <package-regexp>
• try online documentation examples or projects

Notes:

• Upstream recommends using the nix-daemon and multiuser mode.
• However /nix is incompatible with ostree (it can probably be used in bootc Image Mode): so on ostree systems one should use it within a toolbox instead.
• Since containers and toolbox normally do not have functioning systemd: it is not possible to use nix-daemon inside containers by default
  ** instead install the nix-singleuser subpackage
• Be warned that nix can easily use up ‘‘large amounts of diskspace’’. You can use nix-collect-garbage to clean up or clear /nix/store/. In the worst case it should be safe to remove rm -r /nix/store/* completely. The /nix tree can also safely be removed after uninstalling nix.
• Please use nix and nixpkgs etc at your own risk, as you would other upstream package ecosystems.

User Experience

Fedora users can now seamlessly install and use the Nix package manager for development or running its packages locally on their system.

Dependencies

There are no blocking dependencies. However:

• newer boost library would allow shipping latest nix 2.32 [in progress]
• mdbook (rust-based documentation tool) would probably allow building the documentation (and manpages) [under review]

Contingency Plan

Documentation

See Nix reference manual — nix.dev documentation.

Release Notes

• The Nix package manager developer tool has been packaged in Fedora for users.

Last edited by @alking 2025-10-28T12:33:45Z

Last edited by @alking 2025-10-28T12:33:45Z

How do you feel about the proposal as written?

If you are in favor but have reservations, or are opposed but something could change your mind, please explain in a reply.

We want everyone to be heard, but many posts repeating the same thing actually makes that harder. If you have something new to say, please say it. If, instead, you find someone has already covered what you’d like to express, please simply give that post a instead of reiterating. You can even do this by email, by replying with the heart emoji or just “+1”. This will make long topics easier to follow.

Please note that this is an advisory “straw poll” meant to gauge sentiment. It isn’t a vote or a scientific survey. See About the Change Proposals category for more about the Change Process and moderation policy.

This sounds like a great change - I’ll all for it.

More packages?
Who could say no.

What level of testing will go in to Nix?

Are there any security implications?

The testing will be in upstream in the Nix project. I would consider this addition to be similar to flatpak, npm, or similar external site which has packages which are available but not looked at by Fedora.

Security and testing implications are the same as using those also. [Yes the code can be repeatably compiled.. if it is a rootkit, it will remain a rootkit whether it is a flatpak with no sandbox, an npm, a pip or a nix. If that is a concern, please engage with the upstream to make sure any problems are found and removed.]

@smooge’s answer is correct.

But to add a little: there are some advantages of course of moving the nix package from Copr into Fedora proper in that we have more formal processes and review around our packages: there is CI, testing repos, and bugzilla for reporting, etc. Not to mention PRs, so it will be easier for fedora nix users to file bugs or suggestions about the Fedora packaging. But yeah upstream issues (in nix) will be left to be addressed upstream (and nixpkgs bugs are basically out of our scope). In some cases we could backport some needed nix patch, specially if we can’t rebase the version for some time (this has already happened). But yeah this package will only be best effort like most fedora packages. Nix is not terribly easy to setup by hand oneself, so having a native package is good, specially if one doesn’t like running installer shell scripts from the internet which use sudo…

How is Nix deployed - do the packages come from Fedora infra - or by way of Nix’s infra, if so do they use a CDN?

The Fedora nix package will use the standard upstream nixpkgs: no special fedora configuration or repos. Apparently Fastly provides nix’s CDN (for nixpkgs and channels I believe).

Please give it a try.

They come from Nix.. and have nothing to do with Fedora Project infrastructure. You treat it like homebrew or grabbing debian packages with apt. It may work great.. it may not.

Caveat Emptor

I added a note to the change page to clarify this (Changes/Nix package tool: Difference between revisions - Fedora Project Wiki).

Where will the nix packages be installed to? I guess not in the regular `/usr` space managed by rpm? Is this the `/nix` folder? If yes, does it get added to PATH?

Will the packages be installed system wide, or per user, or is both possible?

Will there be integration for nix packages in GNOME software or the KDE equivalent?

Or is there a mechanism in place that can take care of automatically updating nix packages?

@genodeftest Please think of this as more something like cargo, npm or pip (or modern equivalents), etc: no special predefined nix integrations are provided - users are of course free to use nix how they wish (as is true today if they install it themselves). Nix “installs” packages for the user not system by default anyway. By default the packages are stored under /nix/store/ as usual. For nix, actual “installation” really means symlinks in a nix profile. Also no nix channel is predefined currently.

Good question about PATH. It is actually a little complicated, since there are different ways of using nix. But right now ~/.nix-profile/bin and /nix/var/nix/profiles/default/bin are getting added by /etc/profiles.d/nix.sh it seems. We can certainly think about that. (My own nix profiles are empty…)

I am thinking of this nix package as primarily a development tool: running nix flakes and shells, etc. But just as you can build or download and run software yourself, you can also run programs from nix packages of course.

I generally strongly support this proposal, but I was a little disappointed by the following statement:

However /nix is incompatible with ostree (it can probably be used in bootc Image Mode): so on ostree systems one should use it within a toolbox instead.

If it could be installed to /nix on the Atomic OS host filesystem, it would be convenient to use Nix applications from the host OS, distrobox, and toolbox all at once.

The big part of being “atomic” is the separation of the base operating
system and the applications that are layered on top. We can’t have
this separation and at the same time seamlessly allow extending of the
base system… That said, if nix use turns out to be popular on Fedora,
maybe we can figure out ways to make it easier on ostree atomic
systems too in the future.

This change proposal has now been submitted to FESCo with ticket #3503 for voting.

To find out more, please visit our Changes Policy documentation.

This change has been approved by FESCo and will be included in Fedora Linux 44.
To find out more about how our changes policy works, please visit our docs site.

FESCo Issue: Making sure you're not a bot!

This assumes that the entire rootfs is part of the “base system”. There are other conventions for separating the OS from applications. For example, GnomeOS/ParticleOS/KDE Linux treat /usr as the OS’s domain and leave the rest of / writable by the user. Of course, Fedora has already invested a lot in OSTree/bootc technology which claims everything in / except for /var for the OS.

I was going to reply to @isiin too.

I need to try with bootc, I think it may work if nix is added to the image perhaps.

But rootless nix works fine with rpm-ostree: though of course it depends on your use-case, it has its limitations. I guess we will need to experiment and get experience with it.
Though I think sharing of /nix may also be tricky anyway.

Personally I have been using nix inside toolbox in Silverblue and so far that’s working well for me.

I happy this Change has been approved now - actually it took a lot of work to get to this point and I also want to acknowledge all the forerunners who also made nix copr packages:@frostyx @poscat @man2dev @zbyszek @atim and others too. Thank you, I don’t think we would have gotten here without your contributions: I am particularly indebted to @frostyx and also @poscat whose packages helped to inform my copr repo. Also thanks to @vorburger and others for earlier feedback and help. (I only mentioned those with discourse accounts here.)

If you have been using any of the coprs I would appreciate your testing and feedback on the current fedora packaging. Fedora builds should be going into updates-testing soon.