DevOps SRE Sysadmin Development

Nix Package Manager: Create Reproducible Development Environments That Actually Work

September 8, 2025 20 min read
We obsess over locking application dependencies in a `package.json` or `requirements.txt` but let the underlying system libraries drift into chaos. This blind spot is where "works on my machine" bugs are born. A truly reproducible environment requires treating the entire stack from `glibc` to your web framework as a single, immutable artifact.


What is Nix Package Manager?

Enables instant on-boarding for new team members that creates reproducible development environments. Unlike traditional package managers like apt or brew, Nix treats your entire development environment from system libraries to application packages as code defined in a shell.nix file.

Key benefits of Nix:

  • ✅ Eliminates "works on my machine" issues completely
  • ✅ Enables instant onboarding for new team members
  • ✅ Provides atomic upgrades and rollbacks
  • ✅ Works across Linux, macOS, and Windows (WSL)
  • ✅ Manages over 120,000 packages reproducibly


We’ve all been there. A new developer joins the team, and it takes them two days to get the project running locally. A critical bug appears in production but is impossible to reproduce on a developer's laptop. The root cause is almost always the same: environment drift. Subtle differences in OS packages, language runtime, or system libraries create a chaotic landscape where consistency is a fantasy. This is where Nix comes in. Nix isn't just another package manager, it's a paradigm shift. It treats your entire environment from glibc and openssl to python and nodejs as a pure, reproducible artifact defined in code. In this guide, we'll cut through the steep learning curve and show you how to leverage Nix to create a perfectly reproducible development environment that can be shared across your entire team with a single file. You will learn not only how to set it up but why this approach is fundamentally more robust than alternatives like Dockerfiles or requirements.txt.

Prerequisites for This Nix Tutorial

  • Target Audience: Mid-to-Senior Developers, DevOps Engineers, and SREs who are tired of environment inconsistencies.
  • Assumed Knowledge: You should be comfortable with the command line, Git, and the basics of dependency management in at least one language (e.g., npm, pip).
  • No prior Nix experience is required.
  • Tools: A Linux or macOS system, an internet connection, and Git.


Complete Nix Package Manager Tutorial: Step-by-Step Instructions

We'll create a reproducible development environment for a typical web project that requires both Python 3.11 and Node.js 20. This example demonstrates how Nix package manager handles multiple language runtimes seamlessly.

Step 1: Install Nix Package Manager

If you don't have Nix package manager installed, the recommended method is the multi-user installation. This approach provides better security and isolation compared to single-user installations.

Open your terminal and run the official Nix installer:

code
sh <(curl -L https://nixos.org/nix/install) --daemon

Follow the on-screen instructions. This will set up the Nix build daemon and configure your shell for reproducible development environments. You may need to restart your terminal or source your profile script (.zshrc, .bash_profile, etc.) for the changes to take effect.

Step 2: Create Your First Reproducible Development Environment

Let's set up a new project directory for our Nix development environment:

code
mkdir my-nix-project
cd my-nix-project

Now, create a file named shell.nix. This file is the heart of our declarative development environment. It tells Nix exactly what our environment needs for reproducible builds.

code
touch shell.nix

Open shell.nix in your favorite editor and add the following code:

code
# shell.nix
# 1. Import the Nix Packages collection (nixpkgs)
# We pin it to a specific revision for absolute reproducibility.
# This revision is for the nixos-unstable channel as of July 2025.
let
  nixpkgs = fetchTarball "https://github.com/NixOS/nixpkgs/archive/be9e214982e20b8310878ac2baa063a961c1bdf6.tar.gz";
  pkgs = import nixpkgs { };
# 2. Use mkShell to define a development shell
in pkgs.mkShell {
  # 3. List all the packages you need.
  # Nix will provide these exact versions in your shell's PATH.
  buildInputs = with pkgs; [
    python311
    nodejs-20_x
    # Add any other system-level dependencies here
    git
    openssl
  ];
  # 4. (Optional) Run commands when the shell is activated
  shellHook = ''
    echo "✅ Nix environment activated."
    echo "You are now using Python $(python --version) and Node $(node --version)"
    # You can set environment variables or run setup scripts here
    export MY_API_KEY="development_key"
  '';
}

Step 3: Activate Your Nix Development Environment

Now for the magic. From within your project directory, run:

code
nix-shell

The first time you run this Nix command, Nix will download and build all the specified dependencies. This might take a few minutes. However, because Nix uses content-addressed storage, these dependencies are cached globally. Subsequent launches of the shell will be nearly instantaneous. You'll see the shellHook message, and your prompt will change, indicating you are inside the Nix shell.

Step 4: Verify Your Reproducible Environment Works

Let's confirm that we have the correct tools in our isolated development environment:

code
# Inside the nix-shell
$ which python
/nix/store/....-python-3.11.6/bin/python
$ python --version
Python 3.11.6
$ node --version
v20.9.0

Notice the path, it points directly to the isolated Nix store, not /usr/bin/python. This demonstrates Nix's hermetic packaging approach. Now, exit the shell with exit or Ctrl+D and check the versions again. They will revert to your system's default (or not be found at all), proving the isolation works perfectly.

Step 5: Share Your Environment with Your Development Team

The final step is to share this reproducible development environment with your team. Since the entire environment is defined in shell.nix, all you need to do is commit it to your Git repository. Now, any other team member can clone the repository, run nix-shell, and have the exact same development environment down to the last bit. No more "install Python 3.11" in the README. The shell.nix is the executable documentation for reproducible development environments.

Why Nix Package Manager is Superior: Technical Deep Dive

The shell.nix approach is a game-changer for reproducible development environments because it's declarative and pure.

  • Declarative vs. Imperative Package Management: A Dockerfile is imperative. It's a list of commands (RUN apt-get update && apt-get install...) that are executed in order. If the apt repository changes between two builds, you get different results. A shell.nix file is declarative. You specify the desired end state (I need python311), and Nix's purely functional build system figures out how to build or fetch it deterministically.
  • The Power of Pure Functional Package Management: In Nix, packages are built in a sand-boxed environment with no network access and only explicitly declared dependencies. The build recipe and its inputs are hashed, and the output is stored in a path containing that hash (e.g., /nix/store/<hash>-python-3.11.6). This guarantees that if the inputs don't change, the output is bit-for-bit identical. This is the foundation of true reproducibility, something containers can't fully guarantee on their own.
  • Evolution to Nix Flakes: While shell.nix is a fantastic entry point, the modern Nix ecosystem is moving towards Nix Flakes. Flakes are a more structured way to package Nix expressions, explicitly declaring their inputs (like the nixpkgs version) and outputs (like dev shells or packages) in a flake.nix file. They solve the "channel management" problem and make sharing even more hermetic. For now, shell.nix remains the simplest and most effective way to start with Nix package management.

Nix Package Manager: Pros and Cons for Development Teams

Pros: True Reproducibility (Bit-for-bit identical builds), Per-Project Isolation (No version conflicts between projects), Language Agnostic (Manages C libraries, Go, Rust, Python, Node.js, etc.), Atomic Upgrades & Rollbacks (Safe environment updates), Shared Binary Caching (CI/CD and developers can share builds)

Cons: Steep Learning Curve (Nix language and concepts are unique), Initial Setup Overhead (Writing the first shell.nix takes effort), Smaller Community (Compared to Docker, finding answers can be harder), IDE Integration (Requires plugins or tools like direnv), Storage Usage (Nix keeps old versions, requires garbage collection)

Common Nix Pitfalls and How to Avoid Them

  • Fighting the Learning Curve Alone: The Nix language can feel alien. Don't try to master it all at once. Start with a shell.nix template and modify it incrementally. Use the Nixpkgs package search to find available packages, it's your best friend for Nix package discovery.
  • Mixing System Packages and Nix Packages: A common mistake is trying to use a tool from your host OS (e.g., /usr/bin/gcc) on a library provided by Nix. This breaks the hermetic seal that makes Nix's reproducibility possible. Rule of thumb: if your project needs it, add it to buildInputs.
  • DE Integration Issues: Your IDE (like VS Code) might not automatically detect the tools inside your Nix shell. The best solution is to use direnv with nix-direnv. After installing both, you can create a .envrc file with the content use nix and direnv will automatically load the Nix environment whenever you cd into the directory.
  • Forgetting to Pin nixpkgs: If you just use <nixpkgs> without pinning the version via fetchTarball, your build is not fully reproducible, as it will use whatever version of nixpkgs is in the user's local channel. Always pin your nixpkgs version for truly reproducible builds.

Best Practices for Nix in Production

  1. Start Small with Nix: Don't try to migrate your entire organization to Nix package manager at once. Pick a single new project or a problematic existing one and introduce a shell.nix file. Let the team feel the benefits of reproducible development environments firsthand.
  2. Embrace direnv for Seamless Integration: For a seamless developer experience, integrating nix-shell with direnv is a must. It makes the environment activation invisible and automatic, eliminating the need to manually run nix-shell every time.
  3. Explore Nix Flakes Next: Once your team is comfortable with shell.nix, graduating to Nix Flakes is the logical next step for even more robust and structured dependency management in your development workflow.
  4. Maintain Your Environment Regularly: Periodically update the fetchTarball hash in your shell.nix to a more recent nixpkgs commit to receive security updates and new package versions. You can find the latest stable commit at status.nixos.org. This is a deliberate, version-controlled process that ensures reproducible builds across your team.

By adopting Nix package manager, you are investing in stability, predictability, and developer sanity. The initial learning curve is a small price to pay for eliminating an entire class of problems that plague modern software development.

Start Using Nix Package Manager Today

Ready to eliminate "works on my machine" problems forever? Start with the tutorial above and join thousands of developers who've already made the switch to reproducible development environments with Nix.

For more advanced topics, explore Nix Flakes and NixOS for complete system management.

Back to Blog

Need expert help with your IT infrastructure?

Our team of DevOps engineers and cloud specialists can help you implement the solutions discussed in this article.

Our Services Contact Us