wiki/structured/tools.nix.org

:PROPERTIES:
:ID:       892676b3-76cb-4cd4-9689-910c1fe6587a
:END:
#+title: The basics of Nix package manager
#+date: "2021-06-05 12:34:49 +08:00"
#+date_modified: "2021-06-05 13:32:22 +08:00"
#+language: en


[[id:3b3fdcbf-eb40-4c89-81f3-9d937a0be53c][Nix package manager]] is a great tool for reproducibility as you can easily set up your environment.
Taking it up to the next level with NixOS, your whole installation.


* Ecosystem

- Nix has tools to make setting up environments easier with direnv, lorri, and [[id:c05e1aa9-0619-4617-abb6-870fceca3430][Niv]]

You can create a [[https://nix.dev/tutorials/ad-hoc-developer-environments#reproducible-executables][reproducible executable]] that only requires Nix.

#+begin_src bash
#!/usr/bin/env nix-shell
#! nix-shell --pure -i bash -p curl jq fzf findutils

# A quick command line interface for creating a gitignore with the API from https://gitignore.io.
# This script comes with a simple caching to avoid creating too much requests.

set -eo pipefail

CACHE_FILE="${XDG_CACHE_DIR:-$HOME/.cache}/gitignore-io.langs.json"

# Check if the language list is downloaded for the last hour (3600 seconds).
if [ ! -e $CACHE_FILE ] || test $(expr $(date "+%s") - $(date -r $CACHE_FILE "+%s")) -gt 3600
then
    ping "gitignore.io" --count 4 && curl --silent --location --output $CACHE_FILE "https://gitignore.io/api/list?format=json"
fi

KEYS=$(jq 'keys | .[] | @text' --raw-output $CACHE_FILE | fzf --multi | while read lang; do echo " .[\"$lang\"].contents"; done | paste -s -d ',')

jq "$KEYS" --raw-output $CACHE_FILE
#+end_src


* Components of the package manager

Holistically, Nix is made up of at least four components: the store, the language, the derivations, and the sandbox.

- The store is a immutable centralized location where all of the outputs are placed.
- The derivations are essentially build instructions.
- The language (also called as Nix but we'll refer to it as Nixlang) is a domain-specific language for creating derivations.
- The build process can be locked in a sandbox, improving the reproducibility of a setup and lowering the attack surface for a malicious package.
Update my notebook as of 2021-06-06 2021-06-06 06:09:23 +00:00			`:PROPERTIES:`
			`:ID: 892676b3-76cb-4cd4-9689-910c1fe6587a`
			`:END:`
			`#+title: The basics of Nix package manager`
			`#+date: "2021-06-05 12:34:49 +08:00"`
			`#+date_modified: "2021-06-05 13:32:22 +08:00"`
			`#+language: en`



			`[[id:3b3fdcbf-eb40-4c89-81f3-9d937a0be53c][Nix package manager]] is a great tool for reproducibility as you can easily set up your environment.`
			`Taking it up to the next level with NixOS, your whole installation.`




			`* Ecosystem`

			`- Nix has tools to make setting up environments easier with direnv, lorri, and [[id:c05e1aa9-0619-4617-abb6-870fceca3430][Niv]]`

			`You can create a [[https://nix.dev/tutorials/ad-hoc-developer-environments#reproducible-executables][reproducible executable]] that only requires Nix.`

			`#+begin_src bash`
			`#!/usr/bin/env nix-shell`
			`#! nix-shell --pure -i bash -p curl jq fzf findutils`

			`# A quick command line interface for creating a gitignore with the API from https://gitignore.io.`
			`# This script comes with a simple caching to avoid creating too much requests.`

			`set -eo pipefail`

			`CACHE_FILE="${XDG_CACHE_DIR:-$HOME/.cache}/gitignore-io.langs.json"`

			`# Check if the language list is downloaded for the last hour (3600 seconds).`
			`if [ ! -e $CACHE_FILE ] \|\| test $(expr $(date "+%s") - $(date -r $CACHE_FILE "+%s")) -gt 3600`
			`then`
			`ping "gitignore.io" --count 4 && curl --silent --location --output $CACHE_FILE "https://gitignore.io/api/list?format=json"`
			`fi`

			`KEYS=$(jq 'keys \| .[] \| @text' --raw-output $CACHE_FILE \| fzf --multi \| while read lang; do echo " .[\"$lang\"].contents"; done \| paste -s -d ',')`

			`jq "$KEYS" --raw-output $CACHE_FILE`
			`#+end_src`




			`* Components of the package manager`

			`Holistically, Nix is made up of at least four components: the store, the language, the derivations, and the sandbox.`

			`- The store is a immutable centralized location where all of the outputs are placed.`
			`- The derivations are essentially build instructions.`
			`- The language (also called as Nix but we'll refer to it as Nixlang) is a domain-specific language for creating derivations.`
			`- The build process can be locked in a sandbox, improving the reproducibility of a setup and lowering the attack surface for a malicious package.`