Nix [1] is a purely functional package manager and environment manager known for its reproducible builds and ability to install multiple versions of software side-by-side. Unlike traditional package managers (e.g., APT or Yum), Nix builds packages in isolation and stores them in the Nix store (/nix/store) with unique hash identifiers, ensuring that each build is immutable and isolated. This approach eliminates dependency interference (no more "DLL hell") and enables atomic upgrades and rollbacks of software environments. Advanced users leverage Nix to create development shells, manage system configurations, and even build Docker images – all in a declarative, reproducible manner.

Nix flakes [2], a newer feature (introduced experimentally in Nix 2.4), address several shortcomings of traditional Nix workflows. Flakes introduce a standard project structure and a lock file mechanism to pin dependencies, making the evaluation of Nix expressions as reproducible as the builds themselves. In classic Nix, evaluation could be influenced by external factors (like the NIX_PATH, environment variables, or impure file accesses), meaning two users could get different results from the same Nix code if their environments differed. Flakes enforce hermetic, self-contained Nix projects by requiring explicit declarations of all inputs and locking them to exact versions. Flakes ensure that any machine using a given flake sees the same dependency versions, thus guaranteeing reproducible development environments.

Improved Reproducibility and Dependency Locking

Traditional Nix workflows often relied on channels or the NIX_PATH to obtain Nix expressions (e.g., import <nixpkgs> {}). Channels are essentially pointers to a Nixpkgs version that update over time. This led to a major reproducibility problem: Two machines could evaluate the same import <nixpkgs> expression at different times and end up pulling different commits of Nixpkgs. Channels undermined reproducibility, because there was no guarantee that each developer had the exact same Nixpkgs snapshot unless they manually pinned it. Tools like niv provided manual pinning, but Nix lacked a built-in, convenient way to lock dependencies until the arrival of flakes.

[...]