Nix Package Manager in an Ubuntu 22.04 LXC Container for Testing
Please Select a Licence from the LICENCE_HEADERS page |
And place at top of your page |
If no Licence is Selected/Appended, Default will be CC0 Default Licence IF there is no Licence placed below this notice!
When you edit this page, you agree to release your contribution under the CC0 Licence LICENCE:
More information about the cc0 licence can be found here: You can copy, modify, distribute and perform the work, even for commercial purposes, all without asking permission. Licence: Statement of Purpose The laws of most jurisdictions throughout the world automatically confer exclusive Copyright and Related Rights (defined below) upon the creator and subsequent owner(s) (each and all, an "owner") of an original work of authorship and/or a database (each, a "Work"). Certain owners wish to permanently relinquish those rights to a Work for the purpose of contributing to a commons of creative, cultural and scientific works ("Commons") that the public can reliably and without fear of later claims of infringement build upon, modify, incorporate in other works, reuse and redistribute as freely as possible in any form whatsoever and for any purposes, including without limitation commercial purposes. These owners may contribute to the Commons to promote the ideal of a free culture and the further production of creative, cultural and scientific works, or to gain reputation or greater distribution for their Work in part through the use and efforts of others. For these and/or other purposes and motivations, and without any expectation of additional consideration or compensation, the person associating CC0 with a Work (the "Affirmer"), to the extent that he or she is an owner of Copyright and Related Rights in the Work, voluntarily elects to apply CC0 to the Work and publicly distribute the Work under its terms, with knowledge of his or her Copyright and Related Rights in the Work and the meaning and intended legal effect of CC0 on those rights. 1. Copyright and Related Rights. A Work made available under CC0 may be protected by copyright and related or neighboring rights ("Copyright and Related Rights"). Copyright and Related Rights include, but are not limited to, the following: the right to reproduce, adapt, distribute, perform, display, communicate, and translate a Work; moral rights retained by the original author(s) and/or performer(s); publicity and privacy rights pertaining to a person's image or likeness depicted in a Work; rights protecting against unfair competition in regards to a Work, subject to the limitations in paragraph 4(a), below; rights protecting the extraction, dissemination, use and reuse of data in a Work; database rights (such as those arising under Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases, and under any national implementation thereof, including any amended or successor version of such directive); and other similar, equivalent or corresponding rights throughout the world based on applicable law or treaty, and any national implementations thereof. 2. Waiver. To the greatest extent permitted by, but not in contravention of, applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and unconditionally waives, abandons, and surrenders all of Affirmer's Copyright and Related Rights and associated claims and causes of action, whether now known or unknown (including existing as well as future claims and causes of action), in the Work (i) in all territories worldwide, (ii) for the maximum duration provided by applicable law or treaty (including future time extensions), (iii) in any current or future medium and for any number of copies, and (iv) for any purpose whatsoever, including without limitation commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each member of the public at large and to the detriment of Affirmer's heirs and successors, fully intending that such Waiver shall not be subject to revocation, rescission, cancellation, termination, or any other legal or equitable action to disrupt the quiet enjoyment of the Work by the public as contemplated by Affirmer's express Statement of Purpose. 3. Public License Fallback. Should any part of the Waiver for any reason be judged legally invalid or ineffective under applicable law, then the Waiver shall be preserved to the maximum extent permitted taking into account Affirmer's express Statement of Purpose. In addition, to the extent the Waiver is so judged Affirmer hereby grants to each affected person a royalty-free, non transferable, non sublicensable, non exclusive, irrevocable and unconditional license to exercise Affirmer's Copyright and Related Rights in the Work (i) in all territories worldwide, (ii) for the maximum duration provided by applicable law or treaty (including future time extensions), (iii) in any current or future medium and for any number of copies, and (iv) for any purpose whatsoever, including without limitation commercial, advertising or promotional purposes (the "License"). The License shall be deemed effective as of the date CC0 was applied by Affirmer to the Work. Should any part of the License for any reason be judged legally invalid or ineffective under applicable law, such partial invalidity or ineffectiveness shall not invalidate the remainder of the License, and in such case Affirmer hereby affirms that he or she will not (i) exercise any of his or her remaining Copyright and Related Rights in the Work or (ii) assert any associated claims and causes of action with respect to the Work, in either case contrary to Affirmer's express Statement of Purpose. 4. Limitations and Disclaimers. No trademark or patent rights held by Affirmer are waived, abandoned, surrendered, licensed or otherwise affected by this document. Affirmer offers the Work as-is and makes no representations or warranties of any kind concerning the Work, express, implied, statutory or otherwise, including without limitation warranties of title, merchantability, fitness for a particular purpose, non infringement, or the absence of latent or other defects, accuracy, or the present or absence of errors, whether or not discoverable, all to the greatest extent permissible under applicable law. Affirmer disclaims responsibility for clearing rights of other persons that may apply to the Work or any use thereof, including without limitation any person's Copyright and Related Rights in the Work. Further, Affirmer disclaims responsibility for obtaining any necessary consents, permissions or other rights required for any use of the Work. Affirmer understands and acknowledges that Creative Commons is not a party to this document and has no duty or obligation with respect to this CC0 or use of the Work. |
prerequisite
- LXD - Basic knowledge , install LXD and launch a container
- Terminal: will be using the terminal.
Create a container
lxc launch ubuntu:2204 nix
lxc exec nix bash
apt update && apt upgrade -y
Optional steps for the paranoid
The default Ubuntu containers come with a user named ubuntu. In a new container, this user does not have a password set and can run sudo without being prompted for a password. This configuration is not ideal from a security perspective.
Create a new user
Next, we will create a new user named nix and set a password for this user. This user will be used for the rest of the setup and general use of the container.
Create the new user:
adduser nix
Follow the prompts to set a password and provide any other requested information.
Adding new user to sudoers file
WARNING: Be cautious while editing the sudoers file as errors could lead to some serious issues with the system. A syntax error in the sudoers file could potentially lock out all users from gaining superuser privileges.
- Note: by default in Ubuntu when you use visudo the default terminal editor is nano
visudo
Once you're in the editor, you can navigate using the arrow keys. Go down to the section that looks like this:
# User privilege specification root ALL=(ALL:ALL) ALL
Below the root user line, add a similar line for the 'nix' user:
nix ALL=(ALL:ALL) ALL
press CTRL O
to write to file and CTRL X
to exit.
Delete the 'ubuntu' user
Now that we have a new, secure user set up, we can delete the default ubuntu user for added security.
Delete the ubuntu user:
deluser --remove-home ubuntu
Now, switch to the new nix user:
su - nix
You now have a container set up with the nix user. This user is more secure than the default ubuntu user because it requires a password for sudo operations. You can now proceed with the rest of your setup process.
Download and install
If you did not follow the Optional steps for the paranoid change user to ubuntu
su - ubuntu
wget https://nixos.org/nix/install
- install using Single-user installation
sh install --no-daemon
Return Output:
ubuntu@nix:~$ sh install --no-daemon downloading Nix 2.16.1 binary tarball for x86_64-linux from 'https://releases.nixos.org/nix/nix-2.16.1/nix-2.16.1-x86_64-linux.tar.xz' to '/tmp/nix-binary-tarball-unpack.g0HlgbTnoO'... % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 21.0M 100 21.0M 0 0 5176k 0 0:00:04 0:00:04 --:--:-- 5178k Note: a multi-user installation is possible. See https://nixos.org/manual/nix/stable/installation/installing-binary.html#multi-user-installation performing a single-user installation of Nix... directory /nix does not exist; creating it by running 'mkdir -m 0755 /nix && chown ubuntu /nix' using sudo copying Nix to /nix/store................................................. installing 'nix-2.16.1' building '/nix/store/2bdqkggqrhiwrklp7y9sfrqdkrw9xihd-user-environment.drv'... unpacking channels... modifying /home/ubuntu/.profile... Installation finished! To ensure that the necessary environment variables are set, either log in again, or type . /home/ubuntu/.nix-profile/etc/profile.d/nix.sh in your shell.
- set necessary environment variables
. /home/ubuntu/.nix-profile/etc/profile.d/nix.sh
Explanation: . /home/ubuntu/.nix-profile/etc/profile.d/nix.sh
Let's break down the command . /home/ubuntu/.nix-profile/etc/profile.d/nix.sh
:
- . (also known as source in bash): This is a shell built-in command which reads and executes commands from the file specified as its argument, in the current shell environment. So it is as if they were typed at the keyboard.
/home/ubuntu/.nix-profile/etc/profile.d/nix.sh
This is the full path of the script that is sourced.
When you execute the command . /home/ubuntu/.nix-profile/etc/profile.d/nix.sh
, you are essentially telling your shell to execute the commands in the nix.sh file within the same shell you're currently running. This is done instead of starting a new shell process, which would be the case if you ran the script like a typical shell script with bash /path/to/script.sh or ./script.sh.
The nix.sh script contains environment variable settings and possibly other setup needed for using Nix packages. By running this script with ., these environment settings are preserved in your current shell.
The . command is often used in configuration and startup scripts where you want settings within a script to affect your current shell's environment.
Channels
A channel in Nix is a collection of Nix expressions (the packages available for installation) that are versioned and updated together. In other words, a channel in Nix is similar to a repository in other types of package management systems.
List channels
nix-channel --list
- Output:
nixpkgs https://nixos.org/channels/nixpkgs-unstable
Update channels
When you update your channels (with the nix-channel --update command), you're downloading the latest set of package expressions from the channels you are subscribed to.
nix-channel --update
Search a package
Syntax: nix search nixpkgs <PACKAGE_NAME>
nix search nixpkgs bluefish
- Return Output:
ubuntu@nix:~$ nix search nixpkgs bluefish error: experimental Nix feature 'nix-command' is disabled; use '--extra-experimental-features nix-command' to override
FIX:
nix search nixpkgs bluefish --extra-experimental-features nix-command
- Return Ouput:
error: experimental Nix feature 'flakes' is disabled; use '--extra-experimental-features flakes' to override
FIX:
nix search nixpkgs bluefish --extra-experimental-features nix-command --extra-experimental-features flakes
- Ruturn output:
* legacyPackages.x86_64-linux.bluefish (2.2.12) A powerful editor targeted towards programmers and webdevelopers trace: warning: qt5 now uses makeScopeWithSplicing which does not have "overrideScope'", use "overrideScope".
This warning is a developer-oriented message and doesn't directly impact you as an end-user:
The trace: warning message is intended for the maintainers of the package you're trying to install (in this case, the bluefish package from nixpkgs).
Nix is telling us that the qt5 package (which bluefish may depend on) has switched to a different method for managing its internal dependencies. More specifically, it's switched to a method called makeScopeWithSplicing.
This is just a way that Nix organizes and overrides dependencies within packages. It seems like qt5 previously used something called overrideScope', but it now uses makeScopeWithSplicing.
The overrideScope' method is no longer available in this context, so the warning is instructing developers to use makeScopeWithSplicing instead when they're working on the qt5 package or packages that depend on it.
For you as an end-user, there is no action required unless the warning turns into an error or if the package does not work as expected. The package should still install and function normally. This warning is more of an FYI for people maintaining or developing with these packages.
Bluefish is a GUI program and we have not setup container for X forwarding so lets try cowsay.
nix search nixpkgs cowsay --extra-experimental-features nix-command --extra-experimental-features flakes
- Return output:
- Note: the package name is after
legacyPackages.x86_64-linux.
legacyPackages.x86_64-linux.<PACKAGE_NAME>
- Note: the package name is after
* legacyPackages.x86_64-linux.charasay (3.0.0) The future of cowsay - Colorful characters saying something * legacyPackages.x86_64-linux.cowsay (3.7.0) A program which generates ASCII pictures of a cow with a message * legacyPackages.x86_64-linux.emacsPackages.cowsay (20210510.1540) * legacyPackages.x86_64-linux.neo-cowsay (2.0.1) Cowsay reborn, written in Go * legacyPackages.x86_64-linux.pokemonsay (1.0.0) Print pokemon in the CLI! An adaptation of the classic cowsay * legacyPackages.x86_64-linux.ponysay (2021-03-27) Cowsay reimplemention for ponies * legacyPackages.x86_64-linux.tewisay (2022-11-04) Cowsay replacement with unicode and partial ansi escape support * legacyPackages.x86_64-linux.xcowsay (1.6) Tool to display a cute cow and messages
Install a package
nix-env -iA nixpkgs.pokemonsay
Explanation: nix-env -iA nixpkgs.pokemonsay
The command nix-env -iA nixpkgs.pokemonsay is used to install the pokemonsay package from the nixpkgs channel in Nix.
Here's a breakdown of the command:
- nix-env: This is the main command used for user environment management in Nix. It can install, upgrade, and remove software, among other tasks.
- -iA: This is a combination of two options. -i stands for install and -A stands for attribute. The -A option allows you to install a package using its attribute path (nixpkgs.pokemonsay in this case), which is often more reliable than using the package name.
- nixpkgs.pokemonsay: This is the attribute path of the package you want to install. nixpkgs is the name of the channel, and pokemonsay is the name of the package in that channel.
So, when you run nix-env -iA nixpkgs.pokemonsay, Nix will look for the pokemonsay package in the nixpkgs channel and install it into your user environment.
Understanding -A flag in Nix commands:
The command nix-env -i <package> installs a package by its name rather than its attribute path. For example, nix-env -i firefox will install the Firefox browser.
This command can sometimes lead to ambiguity because multiple versions of the same package may be available in the channel, or there may be similarly-named packages. This is why it is often recommended to install packages using the -A flag and the package's attribute path, like nix-env -iA nixpkgs.firefox.
It's important to note that while the attribute path usually includes the package name, it might also include other information. For instance, a channel might have separate attributes for different versions of a package, or for the same package built with different options.
Here's a little more information on the difference between these two commands:
- nix-env -i <package>: This command installs a package by its name. The name is a human-readable identifier for the package, like "firefox".
- nix-env -iA <attribute path>: This command installs a package by its attribute path. The attribute path is a precise identifier for the package within a channel, like "nixpkgs.firefox". This command is more reliable because it is more specific.
If you're uncertain about the attribute path for a package, you can find it by searching the package in the Nix Packages Search page.
Where does Nix Package Manager install packages?
When you install a package using Nix, the package's files are installed into a directory in the Nix store, which is typically located at /nix/store. Each package gets its own unique directory in the Nix store, which includes a hash of the package's dependencies to ensure isolation and reproducibility.
For example, if you install the pokemonsay package, you might end up with a directory like /nix/store/abcd1234-pokemonsay-0.0.1 (the actual hash will be different).
The binary executables of a package are typically located in the bin subdirectory of the package's directory in the Nix store. For example, the pokemonsay executable might be located at /nix/store/abcd1234-pokemonsay-0.0.1/bin/pokemonsay.
When you install a package with nix-env -i, Nix creates symlinks in your user profile (usually in /nix/var/nix/profiles) to the package's files in the Nix store. When you run a command like pokemonsay, your shell finds the pokemonsay executable through these symlinks.
The result is that each user can have their own set of installed packages, and packages can be installed, upgraded, and removed atomically and without interfering with each other.
using pokemonsay
pokemonsay is a fun little command line utility that generates an ASCII picture of a random Pokemon saying a message you provide. Here's how to use it:
pokemonsay -p Pikachu "Greetings fellow Noob"
Explain Syntax: pokemonsay -p Pikachu "Greetings fellow Noob"
- pokemonsay is the main command. It's the name of the program you're running. It generates an ASCII art image of a Pokémon saying a message.
- -p Pikachu is an option given to the pokemonsay command. The -p flag specifies that the next argument will be the name of the Pokémon you want to use. In this case, you're asking for Pikachu.
- See list of Pokemon Use:
pokemonsay -l
- See list of Pokemon Use:
- "Greetings fellow Noob" is the message you're asking Pikachu to say. The quotes are used to group the words together into a single argument to the command. Without the quotes, each word would be treated as a separate argument, which is not what you want in this case.
pokemonsay --help
for more info.
Upgrade a package
To upgrade a package installed with Nix, you can use the following command:
nix-env -uA nixpkgs.pokemonsay
Explanation: nix-env -uA nixpkgs.pokemonsay
The command nix-env -uA nixpkgs.pokemonsay is used to upgrade the pokemonsay package from the nixpkgs channel in Nix.
Here's a breakdown of the command:
- nix-env: This is the main command used for user environment management in Nix. It can install, upgrade, and remove software, among other tasks.
- -uA: This is a combination of two options. -u stands for upgrade and -A stands for attribute. The -A option allows you to upgrade a package using its attribute path (nixpkgs.pokemonsay in this case), which is often more reliable than using the package name.
- nixpkgs.pokemonsay: This is the attribute path of the package you want to upgrade. nixpkgs is the name of the channel, and pokemonsay is the name of the package in that channel.
When you run nix-env -uA nixpkgs.pokemonsay, Nix will look for the pokemonsay package in the nixpkgs channel and upgrade it in your user environment.
To upgrade all installed packages in your user environment, you can use the command nix-env -u
without specifying a package.
Check for updates
To check for updates to the packages installed on your system without actually installing them, you can use the `nix-env -u` command in "dry run" mode by including the `--dry-run` option. The command would look like this:
nix-env -u --dry-run
Explanation: nix-env -u --dry-run
The nix-env -u --dry-run command will list the updates available for the packages installed on your system without actually applying the updates.
- nix-env : This is the main command used for user environment management in Nix.
- -u : This flag stands for update. When used alone, it will update all installed packages to their latest versions.
- --dry-run : This option prevents the command from actually installing the updates. Instead, it just shows what updates would be installed if you ran the command without the --dry-run option.
List installed packages
To list the packages that you have installed using Nix, you can use the nix-env -q command. If you want to see more details, including the version number, you can use the --verbose flag:
nix-env -q --verbose
Explanation: nix-env -q --verbose
The nix-env -q --verbose command lists all installed packages, showing their names and versions:
- nix-env : This is the main command used for user environment management in Nix. It can install, upgrade, and remove software, among other tasks.
- -q : This option stands for "query". It lists the installed packages.
- --verbose : This option shows more detailed information, including the version number of each installed package.
Check for specific package version
To check the version of a specific package available in the Nix packages channel, you can use the `nix-env -qaP` command with a regex pattern matching the package name:
nix-env -qaP '.*pokemonsay.*'
Explanation: nix-env -qaP '.*pokemonsay.*'
The nix-env -qaP '.*pokemonsay.* command queries the Nix packages channel for available versions of 'pokemonsay', and shows the latest version that is available in the channel.
- nix-env : This is the main command used for user environment management in Nix.
- -qaP : These options stand for "query available --attr-path". It queries the available packages in the Nix packages channel and shows their attribute paths and versions.
- .*pokemonsay.* : This is a regex pattern matching the package name. It will match any package name that contains 'pokemonsay'.
- .*: This part of the pattern matches any number of any characters. The . means "any character", and the * means "zero or more times".
- pokemonsay': This is the sequence of characters that you want to find.
- .*: This part of the pattern matches any number of any characters after 'pokemonsay'.
Certainly, here's the formatted wiki entry:
Remove/Uninstall a Package
To remove or uninstall a package that you have installed using Nix, you can use the nix-env -e command followed by the package name:
nix-env -e pokemonsay
Explanation: nix-env -e pokemonsay
The nix-env -e pokemonsay command uninstalls the 'pokemonsay' package from your user environment in Nix.
Here's a breakdown of the command:
- nix-env: This is the main command used for user environment management in Nix.
- -e: This option stands for "erase", which is used to remove a package.
- pokemonsay: This is the name of the package that you want to remove. You should use the same name format that nix-env -q uses when it lists your installed packages.
After running this command, the 'pokemonsay' package will be removed from your user environment.
To confirm the package has been removed successfully, you can run the nix-env -q command again and you should not see the uninstalled package in the list of installed packages.
Troubleshooting: Uninstalling a Package
In case you encounter an error similar to the following:
warning: selector 'nixpkgs.pokemonsay' matched no installed derivations
This might mean that the package name you're trying to uninstall does not match exactly with the installed version. You should use the name format that appears when you list your installed packages with the `nix-env -q` command.
This command will only remove the package from your user environment. The package's files will remain in the Nix store (/nix/store) until you run a garbage collection operation, which you can do with the nix-collect-garbage command. This is because other users or profiles might still be using the package.
The garbage collector in Nix works by deleting any packages from the Nix store that are no longer referenced by any profiles or by the Nix packages channel. This ensures that it's safe to delete the package: it won't break anything else that depends on it.
Using nix-shell for Temporary Environment
Nix-shell is a command that creates a temporary environment in your shell with certain packages available. The -p option allows you to specify the packages you want to include. For example, if you want to have gcc (the GNU Compiler Collection) available in your shell, you would use:
nix-shell -p gcc
Explanation: nix-shell -p gcc
The nix-shell -p gcc command creates a temporary environment with the specified packages available for use:
- nix-shell : This command creates a temporary shell environment. It's a feature of Nix that lets you create an isolated environment for your shell, where you can make certain packages available without affecting your global environment.
- -p gcc : The -p option specifies the packages you want to include in your temporary environment. In this case, 'gcc' is specified, so the GNU Compiler Collection will be available in the temporary environment.
This command doesn't affect your global environment or other shells. This feature is useful if you want to test a certain package or need to use different versions of packages for different projects. It can also help with scripting, since you can specify exactly which packages a script needs to run.