An Overview of Nix/OS Architecture?

1.a

Yes, you can view Nix also as a build tool which uses /nix/store as a cache. Nix being a package manager is just a side-effect of this design.

1.b

Where your nix expressions are depends on your setup. To figure this out look into your $NIX_PATH variable which points to locations where copies of nixpkgs repo are located. Those copies were (sometimes still are) managed by the nix-channel tool, but in the future you will could point to nixpkgs like:

export NIX_PATH=nixpkgs=https://github.com/NixOS/nixpkgs/archive/16.03.tar.gz

You can read more about NIX_PATH in this blog post about nix search paths

1.c

Yes, packages can be copied between machines. Actually, there is already a tool for this: nix-copy-closure.

2.a

I believe you are talking here about Nix environments that you manage with nix-env. We usually refer to these as nix profiles. What I said about the nix search path (NIX_PATH variable) in point 1 does no really apply to nix-env.

The nix-env tool uses ~/.nix-defexpr, which is part of NIX_PATH by default, but that's only a coincidence. If you empty NIX_PATH, nix-env will still be able to find derivations because of ~/.nix-defexpr.

2.b

A user profile is just a nix environment (described in 2.a) that you can change to anything else, e.g.:

nix-env --switch-profile ./result

where ./result is something in /nix/store or something that points into /nix/store. Then the above command will switch the ~/.nix-profile symlink with your ./result.

2.c

nix-shell is actually closer to the nix-build command. So let me first explain what nix-build does.

nix-build is used to build .nix files (also derivations, but for that I will have to explain what a derivation is). An example how you would use nix-build:

nix-build something.nix

The above command would produce a ./result symlink, which points to something in /nix/store. Nix command will realize the build and store the output into /nix/store.

nix-shell on the other hand will do exactly what nix-build does except it will not trigger the builder script and will drop you into that environment. That way you end up with an environment that you can use to develop nix expressions, which can also be outside the nixpkgs repository (eg. your private projects).

3.a

Nix installs the binary and NixOS creates configuration for that binary and hooks it up with the init system (systemd currently).

3.b

No. This is what other configuration managers do. Nix works the other way around. The difference in approach is nicely described in this blog post.

3.c

As said in 3.a, nix will only install binaries, while nixos will also make sure that the binary is running.

4.a/b/c

Basically there is no limit, do how you think fits you. Once you understand the basic concepts you find what works best for you. Look at others' dotfiles/configurations and have opinions.

I use my collection of nixos configurations to manage laptops for my family with the help of the system.autoUpgrade service.

To create a (build) reproducible environment I wrote a blog post some time ago.

5.

My personal favorite tool that is coming (or is already here) is vulnix. This will check your current system/project against current vulnerabilities (CVEs). And this makes nix stand out against others, especially since it is so easy to use (no enterprise setup).

Another use case that I found for nix is to build reproducible docker images using dockerTools helpers.