Reproducible Nix environments without installing Nix
Warning
Unnix is alpha software. I recommend against running it on long-running production servers in its current state.
To use unnix, start by creating unnix.kdl, unnix's manifest file
unnix init -p jq ripgrep
Now you can enter the environment with
unnix envThis will generate unnix.lock.json and put you in a shell with jq and rg.
Make sure to commit the lockfile to your VCS to keep your environment reproducible.
This is a very simplified view of what happens when you run nix develop.
flowchart TB
nix(nix) --> | download | expr --> | evaluate | drv
drv --> | outputs | path --> | query | cache
cache -->| hit | download(download to the Nix store)
cache -->| miss | build(build the derivation)
drv -.- build
cache(
binary cache
e.g. cache.nixos.org
)
drv(derivations)
expr(
Nix expressions
e.g. Nixpkgs
)
path(store paths)
Downloading and evaluating Nixpkgs can take a long time, especially in ephemeral environments like CI pipelines. Unnix avoids that by removing derivations from the picture altogether, and getting the store paths directly from services like Hydra and Devbox.
flowchart TB
unnix --> | lockfile absent or outdated | update --> | Hydra | paths
unnix --> | up-to-date lockfile | paths
paths --> | query | cache
cache --> | hit | download(download to the unnix store)
cache --> | miss | miss
cache(
binary cache
e.g. cache.nixos.org
)
miss(
fail
)
paths(store paths)
unnix(unnix)
update(update lockfile)
| aarch64-darwin | aarch64-linux | x86_64-darwin | x86_64-linux | |
|---|---|---|---|---|
| CLI | partial1 | yes | partial1 | yes |
| GitHub action | yes | yes | no | yes |
| prebuilt binaries | yes | yes | no | yes |
| cached by the default cache | yes | yes | yes2 | yes |
-
No setup hooks
Unnix does not have access to stdenv, and therefore cannot run the setup hooks or any user-specified
shellHooks. Instead, it tries its best to emulate the behavior of setup hooks likepkg-config, so that dependencies can be picked up without executing any hooks. -
No evaluation
Unnix does not evaluate Nix expressions. You cannot use
.overrideor.overrideAttrson packages, and are limited to the attributes the resolver exposes, e.g. Hydra jobs. -
No builds
Unnix cannot build anything, and strictly relies on binary caches. This means no unfree packages if you are using the default set of caches.
See CHANGELOG.md
Footnotes
-
unnix envrelies on bubblewrap, which only works on Linux. An alternative darwin backend is work in progress. ↩ ↩2
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}
