diff --git a/.gitignore b/.gitignore index c4a847d..dbee5b9 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ /result +*.qcow2 diff --git a/flake.nix b/flake.nix index 99d6d52..81e98c9 100644 --- a/flake.nix +++ b/flake.nix @@ -10,6 +10,12 @@ in { packages = pkgsFor (pkgs: { default = pkgs.callPackage ./what-is-my-ip.nix {}; + container = pkgs.dockerTools.buildImage { + name = "what-is-my-ip-container"; + config = { + Cmd = ["${self.outputs.packages.${pkgs.system}.default}/bin/what-is-my-ip"]; + }; + }; }); devShells = pkgsFor (pkgs: { @@ -20,5 +26,27 @@ ''; }; }); + + nixosConfigurations = let + system = "x86_64-linux"; + in { + default = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ + { + users.users.alice = { + isNormalUser = true; + # enable sudo + extraGroups = ["wheel"]; + packages = [ + self.outputs.packages.${system}.default + ]; + initialPassword = "swordfish"; + }; + system.stateVersion = "24.05"; + } + ]; + }; + }; }; } diff --git a/post.md b/post.md index 5316082..4150d95 100644 --- a/post.md +++ b/post.md @@ -126,72 +126,96 @@ We can now do binary or source deployments 🚀🛠️📦 since we know the ful ```console $ nix copy --to ssh://beefcake $(nix build --print-out-paths) -$ ssh beefcake - -[fmzakari@nixie:~]$ /nix/store/lr6wlz2652r35rwzc79samg77l6iqmii-what-is-my-ip/bin/what-is-my-ip +$ ssh beefcake /nix/store/lr6wlz2652r35rwzc79samg77l6iqmii-what-is-my-ip/bin/what-is-my-ip 98.147.178.19 ``` -Maybe though you are stuck with Kubernetes or Docker. Let's use Nix to create an OCI compatible image. +Maybe though you are stuck with Kubernetes or Docker. Let's use Nix to create an OCI-compatible image. -```nix -let - pkgs = import (fetchTarball "https://github.com/NixOS/nixpkgs/archive/nixos-24.05.tar.gz") {}; - what-is-my-ip = import ./what-is-my-ip.nix {inherit pkgs;}; -in - pkgs.dockerTools.buildImage { - name = "what-is-my-ip-docker"; - config = { - Cmd = ["${what-is-my-ip}/bin/what-is-my-ip"]; - }; - } +```diff +diff --git a/flake.nix b/flake.nix +index 99d6d52..81e98c9 100644 +--- a/flake.nix ++++ b/flake.nix +@@ -10,6 +10,12 @@ + in { + packages = pkgsFor (pkgs: { + default = pkgs.callPackage ./what-is-my-ip.nix {}; ++ container = pkgs.dockerTools.buildImage { ++ name = "what-is-my-ip-container"; ++ config = { ++ Cmd = ["${self.outputs.packages.${pkgs.system}.default}/bin/what-is-my-ip"]; ++ }; ++ }; + }); + + devShells = pkgsFor (pkgs: { ``` ```bash -❯ docker load < $(nix-build what-is-my-ip-docker.nix) +$ docker load < $(nix build .#docker-image --print-out-paths) Loaded image: what-is-my-ip-docker:c9g6x30invdq1bjfah3w1aw5w52vkdfn - -❯ docker run -it what-is-my-ip-docker:c9g6x30invdq1bjfah3w1aw5w52vkdfn +$ docker run -it what-is-my-ip-docker:c9g6x30invdq1bjfah3w1aw5w52vkdfn 24.5.113.148 ``` -Cool! Nix + Docker integration perfectly. The image produced has only the files exactly necessary to run the tool provided, effectively **distroless**. +Cool! Nix + Docker integration perfectly. The image produced has only the files exactly necessary to run the tool provided, effectively **distroless**. You may also note that if you are following along, your image digest is exactly the same. **Reproducibility!** Finally, let's take the last step and create a reproducible operating system using NixOS to contain only the programs we want. -```nix -let - nixpkgs = fetchTarball "https://github.com/NixOS/nixpkgs/archive/nixos-24.05.tar.gz"; - pkgs = import nixpkgs {}; - what-is-my-ip = import ./what-is-my-ip.nix {inherit pkgs;}; - nixos = import "${nixpkgs}/nixos" { - configuration = { - users.users.alice = { - isNormalUser = true; - # enable sudo - extraGroups = ["wheel"]; - packages = [ - what-is-my-ip - ]; - initialPassword = "swordfish"; - }; - - system.stateVersion = "24.05"; - }; - }; -in - nixos.vm +```diff +diff --git a/flake.nix b/flake.nix +index 99d6d52..81e98c9 100644 +--- a/flake.nix ++++ b/flake.nix +@@ -10,6 +10,12 @@ + in { + packages = pkgsFor (pkgs: { + default = pkgs.callPackage ./what-is-my-ip.nix {}; ++ container = pkgs.dockerTools.buildImage { ++ name = "what-is-my-ip-container"; ++ config = { ++ Cmd = ["${self.outputs.packages.${pkgs.system}.default}/bin/what-is-my-ip"]; ++ }; ++ }; + }); + + devShells = pkgsFor (pkgs: { +@@ -20,5 +26,27 @@ + ''; + }; + }); ++ ++ nixosConfigurations = let ++ system = "x86_64-linux"; ++ in { ++ default = nixpkgs.lib.nixosSystem { ++ inherit system; ++ modules = [ ++ { ++ users.users.alice = { ++ isNormalUser = true; ++ # enable sudo ++ extraGroups = ["wheel"]; ++ packages = [ ++ self.outputs.packages.${system}.default ++ ]; ++ initialPassword = "swordfish"; ++ }; ++ system.stateVersion = "24.05"; ++ } ++ ]; ++ }; ++ }; + }; + } ``` ```console -❯ nix-build what-is-my-ip-vm.nix - -❯ QEMU_KERNEL_PARAMS=console=ttyS0 ./result/bin/run-nixos-vm -nographic; reset - -<<< Welcome to NixOS 24.05pre-git (x86_64) - ttyS0 >>> - -Run 'nixos-help' for the NixOS manual. +$ nixos-rebuild build-vm --flake .#default +$ ./result/bin/run-nixos-vm +# I/O snippet from QEMU nixos login: alice Password: @@ -207,7 +231,7 @@ Password: 💥 Hash **lr6wlz2652r35rwzc79samg77l6iqmii** present again! -We took a relatively simple script through a variety of applications in the Nix ecosystem: build recipe, shell, docker image and finally NixOS VM. +We took a relatively simple script through a variety of applications in the Nix ecosystem: build recipe, shell, docker image, and finally NixOS VM. Hopefully, seeing the _fun things_ you can do with Nix might inspire you to push through the hard parts.