What would you change in Nix or NixOS?

Development
23

From useful/important to least important:

  • Useful type checker. When one forgets/incorrectly names/… attributes, the error messages are often completely useless. The right kind of type system could help a lot. But this is a nontrivial task.
  • Fully automate minor version updates to existing packages. Such PRs should just be automatically merged if all ofborg tests are green. Reserve human attention to more important tasks and never “burn through” contributors.
  • Secret handling. Like passwords, deployment keys, database passwords, and so on. Each module/service ships its own fragile, noncomposable “solution”.
  • Clean nixpkgs pipelines. Merge trains, a core package set that has to have all tests succeeding before a merge.
  • Better security story. CVEs have to be handled quickly and transparently, by a dedicated, responsive team. And before they are publicly known. This is often a blocker for commercial adoption.
  • Make tests into separate derivations. When packages fail because of tests, disabling them or fixing them shouldn’t need to rebuild everything, but only the test. Similarly, disabling tests should not rebuild everything.
  • Easier entry/migration for existing projects to NixOS. Especially at work we have the situation that someone writes code, infrastructure, CI, etc. without nix, and then at some point people start wishing for reproduceability, fast (cached) pipelines, deterministic builds. But if you’ve set up all the machines without nix already, it’s hard to use nix without switching to NixOS. I don’t know a good solution. Maybe bundling? Ansible integration?
  • Stabilise the nix development. Don’t bring out features so quickly. Test and review them better with a beta user crowd to receive community feedback before breaking stuff for many people.
  • Better meta-programming story, or rather better import-from-derivation story, mainly to update lock files. In particular on Hydra. There are reasons it is not enabled there, but it’s annoying. A lot of “organically evolved” update scripts are lying around because of this. Alternatively, use nix flakes in nixpkgs (and deprecate non-flakes).
  • Modularise toplevel/all-packages.nix and avoid huge files in the future. (Maybe let's sort and/or categorize all-packages?)
9 Likes