I'm no longer using nix or nixos. I've gotten a surprising amount of emails about this so I'm summarizing why I no longer use nix here. I don't want this to read like a rant, I just don't want to get questions about it or talk about nix anymore.
When I first started using nix, nixpkgs was extremely stable. Every system rebuild would "just work". Recently, in the last several months I experienced channel blocking failures (amongst many others) in:
- tree
- beautiful soup
- ripgrep
- powerlevel10k
If you are familiar with nix, you realize that if you cannot build even an ancilliary package (such as ripgrep), then your entire home-manager profile will not update. You can (and I have historically) either:
- provide the patch to nixpkgs master (and wait several days to several weeks) for it to filter to nixpkgs-unstable
- carry a local patch to nixpkgs and use a local checkout
- use nixpkgs-stable (which itself is not immune to bugs
- unzip failed to unpack an archive with symlinks
- gdbserver would randomly hang
- tests would fail when building neovim via nix
- coreutils would mysteriously block steamvr from starting
I never debugged these. All I noted is that removing the nix version from my path resulted in the correct behavior, so I removed the package and went on with my life.
macOS has been stuck on the 10.12 SDK for years now. This means gradually packages in nixpkgs are beginning to fail to build, and had to be removed in my nix shells/my home-manager profile for macos. I gradually needed to reintroduce brew, to the point where I wondered what value nix, nixpkgs, and home-manager was adding as a secondary package manager. There is discussion of demoting macOS to tier 3.
I had several overeager Xorg/DE bumps completely break my system because nixpkgs contributors did not test the bump on nvidia.
Every time I wanted to try out a new project (say, a library), I had to spent 10-15 minutes getting the appropriate dependencies in a nix-shell. It was never just "easy". Most projects list the libraries required with a set of dnf or apt commmands to bring the system up to date. I'd rather have a non-hermetic non-reproducible build in 1 minute than spend 15 minutes getting my environment set up before I can even build a project.
I want my system to just work. I don't want to worry about updating, I don't want to worry about patching my software. I want to use common instructions provided by a repository maintainer. I don't like having to worry about whether CVEs affect my system because someone rubber-stamped a PR as "LGTM" without actually testing it. Running a nixpkgs-review and merging without testing leads to broken systems and wasted time.
I understand how to fix most problems I encounter while using nix, I just don't want to spend my time patching nixpkgs on a weekly basis.
I feel like nix is constantly fighting a battle against upstream. There are cheaper (and I know people will say worse) alternatives like containerized development environments, immutable operating systems like silverblue/coreos, and dotfile managers (as an alternative to home-manager. I've switched back to using DNF on fedora, Dockerfiles, and brew on macos. My software life has become simpler, which bodes poorly for my relationship with nix and nixos.