最佳實踐

最佳實踐#

URLs#

The Nix language syntax supports bare URLs, so one could write https://example.com instead of "https://example.com"

RFC 45 was accepted to deprecate unquoted URLs and provides a number of arguments for how this feature does more harm than good.

小訣竅

Always quote URLs.

Recursive attribute set rec { ... }#

rec allows you to reference names within the same attribute set.

範例:

rec {
  a = 1;
  b = a + 2;
}

{ a = 1; b = 3; }

A common pitfall is to introduce a hard-to-debug error infinite recursion when shadowing a name. The simplest example for this is:

let a = 1; in rec { a = a; }

小訣竅

Avoid rec. Use let ... in.

範例:

let
  a = 1;
in {
  a = a;
  b = a + 2;
}

小訣竅

Self-reference can be achieved by explicitly naming the attribute set:

let
  argset = {
    a = 1;
    b = argset.a + 2;
  };
in
  argset

with scopes#

It's still common to see the following expression in the wild:

with (import <nixpkgs> {});

# ... lots of code

This brings all attributes of the imported expression into scope of the current expression.

There are a number of problems with that approach:

  • Static analysis can't reason about the code, because it would have to actually evaluate this file to see which names are in scope.

  • When more than one with is used, it's not clear anymore where the names are coming from.

  • Scoping rules for with are not intuitive, see this Nix issue for details.

小訣竅

Do not use with at the top of a Nix file. Explicitly assign names in a let expression.

範例:

let
  pkgs = import <nixpkgs> {};
  inherit (pkgs) curl jq;
in

# ...

Smaller scopes are usually less problematic, but can still lead to surprises due to scoping rules.

小訣竅

If you want to avoid with altogether, try replacing expressions of this form

buildInputs = with pkgs; [ curl jq ];

with the following:

buildInputs = builtins.attrValues {
  inherit (pkgs) curl jq;
};

<...> lookup paths#

You will often encounter Nix language code samples that refer to <nixpkgs>.

<...> is special syntax that was introduced in 2011 to conveniently access values from the environment variable $NIX_PATH.

This means the value of a lookup path depends on external system state. When using lookup paths, the same Nix expression can produce different results.

In most cases, $NIX_PATH is set to the latest channel when Nix is installed, and is therefore likely to differ from machine to machine.

備註

Channels are a mechanism for referencing remote Nix expressions and retrieving their latest version.

The state of a subscribed channel is external to the Nix expressions relying on it. It is not easily portable across machines. This may limit reproducibility.

For example, two developers on different machines are likely to have <nixpkgs> point to different revisions of the Nixpkgs repository. Builds may work for one and fail for the other, causing confusion.

小訣竅

Declare dependencies explicitly using the techniques shown in Towards reproducibility: pinning Nixpkgs.

Do not use lookup paths, except in minimal examples.

Some tools expect the lookup path to be set. In that case:

小訣竅

Set $NIX_PATH to a known value in a central location under version control.

NixOS

On NixOS, $NIX_PATH can be set permanently with the nix.nixPath option.

可重現的 Nixpkgs 組態#

To quickly obtain packages for demonstration, we use the following concise pattern:

1import <nixpkgs> {}

However, even when <nixpkgs> is replaced as shown in Towards reproducibility: pinning Nixpkgs, the result may still not be fully reproducible. This is because for historical reasons the Nixpkgs top-level expression by default impurely reads from the file system to obtain configuration parameters. Systems that have the appropriate files populated may end up with different results.

It is a well-known problem that cannot be resolved without breaking existing setups.

小訣竅

Explicitly set config and overlays when importing Nixpkgs:

1import <nixpkgs> { config = {}; overlays = []; }

This is what we do in our tutorials to ensure that the examples will behave exactly as expected. We skip it in minimal examples to reduce distractions.

Updating nested attribute sets#

The attribute set update operator merges two attribute sets.

範例:

{ a = 1; b = 2; } // { b = 3; c = 4; }

{ a = 1; b = 3; c = 4; }

However, names on the right take precedence, and updates are shallow.

範例:

{ a = { b = 1; }; } // { a = { c = 3; }; }

{ a = { c = 3; }; }

Here, key b was completely removed, because the whole a value was replaced.

小訣竅

Use the pkgs.lib.recursiveUpdate Nixpkgs function:

let pkgs = import <nixpkgs> {}; in
pkgs.lib.recursiveUpdate { a = { b = 1; }; } { a = { c = 3;}; }

{ a = { b = 1; c = 3; }; }

可重現的來源路徑#

let pkgs = import <nixpkgs> {}; in

pkgs.stdenv.mkDerivation {
  name = "foo";
  src = ./.;
}

If the Nix file containing this expression is in /home/myuser/myproject, then the store path of src will be /nix/store/<hash>-myproject.

The problem is that now your build is no longer reproducible, as it depends on the parent directory name. That cannot be declared in the source code, and results in an impurity.

If someone builds the project in a directory with a different name, they will get a different store path for src and everything that depends on it. This can be the cause of needless rebuilds.

小訣竅

Use builtins.path with the name attribute set to something fixed.

This will derive the symbolic name of the store path from name instead of the working directory:

let pkgs = import <nixpkgs> {}; in

pkgs.stdenv.mkDerivation {
  name = "foo";
  src = builtins.path { path = ./.; name = "myproject"; };
}
目錄