)
Declarative configuration model In NixOS, the entire operating system—including the
kernel, applications, system packages, and
configuration files—is built by the Nix
Package manager from a definition in the Nix language. Building a new version will not overwrite previous versions. A NixOS system is configured by specifying the desired state in a Nix expression file, typically /etc/nixos/configuration.nix. The following example configures the bootloader and enables the OpenSSH daemon: { boot.loader.grub.device = "/dev/sda"; fileSystems."/".device = "/dev/sda1"; services.openssh.enable = true; } Changes may be built and activated with the nixos-rebuild command, which evaluates the configuration, builds the necessary derivations, and produces a new system generation. Upgrades and configuration changes to NixOS systems are applied transactionally. New system generations are activated
atomically, so that previous generations are retained and may be rolled back. If an upgrade is interrupted (for example, by power failure), the system remains consistent and will boot either the old or the new configuration. If, after a system update, the new configuration is undesirable, it may be
rolled back by switching to a previous generation (nixos-rebuild switch --rollback). New generations are automatically added to the system bootloader and may be selected prior to boot. Rollbacks are lightweight operations that switch system references to different store paths.
Reproducible system configurations NixOS uses a declarative configuration model that allows system configurations to be reproduced on different machines. By sharing a configuration file with a target machine, users can generate an equivalent system, including the kernel, applications, and system services. Components not managed by the package manager, such as user data, are not affected by this process.
Multi-user package management In addition to the system-wide profile, every normal user in a NixOS system has a profile in which they can install packages without special privileges. In the Nix store, multiple versions of a package may coexist, allowing different users to have alternate versions of the same package installed in their respective profiles, or share an identical version. Nix’s security model restricts what unprivileged users can influence. Prebuilt binaries may be fetched from binary caches that are explicitly trusted by the system configuration, otherwise packages are built locally in a sandbox. Without special privileges, users cannot pass options that would introduce impurities into builds or use untrusted caches.
Nix-shell The nix-shell command starts an interactive shell based on a Nix expression. It allows developers to work with isolated sets of dependencies without affecting the system globally.
Experimental features Nix command The nix command provides a redesigned command-line interface for the Nix package manager, intended to replace the traditional nix-env, nix-build, and related commands. It introduces a more consistent syntax and improved user experience with commands such as nix build, nix develop, and nix run. The goal was to simplify common operations and provide better functionality through a unified command structure.
Flakes Flakes provide a standard structure for Nix expressions that explicitly declare dependencies and outputs. Each flake contains a flake.nix file that specifies its inputs (dependencies, external flakes, repositories) and outputs (packages, NixOS configurations, and development environments). Flakes use a lock file to keep exact versions of dependencies to ensure that evaluations remain reproducible over time. The feature provides a standardized way to define, manage, and share Nix expressions, while making it easier to create and maintain reproducible systems. == Implementation ==