Add container and nixos config
This commit is contained in:
parent
18597260bf
commit
72e86a7324
3 changed files with 102 additions and 49 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -1 +1,2 @@
|
||||||
/result
|
/result
|
||||||
|
*.qcow2
|
||||||
|
|
28
flake.nix
28
flake.nix
|
@ -10,6 +10,12 @@
|
||||||
in {
|
in {
|
||||||
packages = pkgsFor (pkgs: {
|
packages = pkgsFor (pkgs: {
|
||||||
default = pkgs.callPackage ./what-is-my-ip.nix {};
|
default = pkgs.callPackage ./what-is-my-ip.nix {};
|
||||||
|
container = pkgs.dockerTools.buildImage {
|
||||||
|
name = "what-is-my-ip-container";
|
||||||
|
config = {
|
||||||
|
Cmd = ["${self.outputs.packages.${pkgs.system}.default}/bin/what-is-my-ip"];
|
||||||
|
};
|
||||||
|
};
|
||||||
});
|
});
|
||||||
|
|
||||||
devShells = pkgsFor (pkgs: {
|
devShells = pkgsFor (pkgs: {
|
||||||
|
@ -20,5 +26,27 @@
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
|
|
||||||
|
nixosConfigurations = let
|
||||||
|
system = "x86_64-linux";
|
||||||
|
in {
|
||||||
|
default = nixpkgs.lib.nixosSystem {
|
||||||
|
inherit system;
|
||||||
|
modules = [
|
||||||
|
{
|
||||||
|
users.users.alice = {
|
||||||
|
isNormalUser = true;
|
||||||
|
# enable sudo
|
||||||
|
extraGroups = ["wheel"];
|
||||||
|
packages = [
|
||||||
|
self.outputs.packages.${system}.default
|
||||||
|
];
|
||||||
|
initialPassword = "swordfish";
|
||||||
|
};
|
||||||
|
system.stateVersion = "24.05";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
138
post.md
138
post.md
|
@ -126,72 +126,96 @@ We can now do binary or source deployments 🚀🛠️📦 since we know the ful
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ nix copy --to ssh://beefcake $(nix build --print-out-paths)
|
$ nix copy --to ssh://beefcake $(nix build --print-out-paths)
|
||||||
$ ssh beefcake
|
$ ssh beefcake /nix/store/lr6wlz2652r35rwzc79samg77l6iqmii-what-is-my-ip/bin/what-is-my-ip
|
||||||
|
|
||||||
[fmzakari@nixie:~]$ /nix/store/lr6wlz2652r35rwzc79samg77l6iqmii-what-is-my-ip/bin/what-is-my-ip
|
|
||||||
98.147.178.19
|
98.147.178.19
|
||||||
```
|
```
|
||||||
|
|
||||||
Maybe though you are stuck with Kubernetes or Docker. Let's use Nix to create an OCI compatible image.
|
Maybe though you are stuck with Kubernetes or Docker. Let's use Nix to create an OCI-compatible image.
|
||||||
|
|
||||||
```nix
|
```diff
|
||||||
let
|
diff --git a/flake.nix b/flake.nix
|
||||||
pkgs = import (fetchTarball "https://github.com/NixOS/nixpkgs/archive/nixos-24.05.tar.gz") {};
|
index 99d6d52..81e98c9 100644
|
||||||
what-is-my-ip = import ./what-is-my-ip.nix {inherit pkgs;};
|
--- a/flake.nix
|
||||||
in
|
+++ b/flake.nix
|
||||||
pkgs.dockerTools.buildImage {
|
@@ -10,6 +10,12 @@
|
||||||
name = "what-is-my-ip-docker";
|
in {
|
||||||
config = {
|
packages = pkgsFor (pkgs: {
|
||||||
Cmd = ["${what-is-my-ip}/bin/what-is-my-ip"];
|
default = pkgs.callPackage ./what-is-my-ip.nix {};
|
||||||
|
+ container = pkgs.dockerTools.buildImage {
|
||||||
|
+ name = "what-is-my-ip-container";
|
||||||
|
+ config = {
|
||||||
|
+ Cmd = ["${self.outputs.packages.${pkgs.system}.default}/bin/what-is-my-ip"];
|
||||||
|
+ };
|
||||||
|
+ };
|
||||||
|
});
|
||||||
|
|
||||||
|
devShells = pkgsFor (pkgs: {
|
||||||
|
```
|
||||||
|
|
||||||
|
```bash
|
||||||
|
$ docker load < $(nix build .#docker-image --print-out-paths)
|
||||||
|
Loaded image: what-is-my-ip-docker:c9g6x30invdq1bjfah3w1aw5w52vkdfn
|
||||||
|
$ docker run -it what-is-my-ip-docker:c9g6x30invdq1bjfah3w1aw5w52vkdfn
|
||||||
|
24.5.113.148
|
||||||
|
```
|
||||||
|
|
||||||
|
Cool! Nix + Docker integration perfectly. The image produced has only the files exactly necessary to run the tool provided, effectively **distroless**. You may also note that if you are following along, your image digest is exactly the same. **Reproducibility!**
|
||||||
|
|
||||||
|
Finally, let's take the last step and create a reproducible operating system using NixOS to contain only the programs we want.
|
||||||
|
|
||||||
|
```diff
|
||||||
|
diff --git a/flake.nix b/flake.nix
|
||||||
|
index 99d6d52..81e98c9 100644
|
||||||
|
--- a/flake.nix
|
||||||
|
+++ b/flake.nix
|
||||||
|
@@ -10,6 +10,12 @@
|
||||||
|
in {
|
||||||
|
packages = pkgsFor (pkgs: {
|
||||||
|
default = pkgs.callPackage ./what-is-my-ip.nix {};
|
||||||
|
+ container = pkgs.dockerTools.buildImage {
|
||||||
|
+ name = "what-is-my-ip-container";
|
||||||
|
+ config = {
|
||||||
|
+ Cmd = ["${self.outputs.packages.${pkgs.system}.default}/bin/what-is-my-ip"];
|
||||||
|
+ };
|
||||||
|
+ };
|
||||||
|
});
|
||||||
|
|
||||||
|
devShells = pkgsFor (pkgs: {
|
||||||
|
@@ -20,5 +26,27 @@
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
});
|
||||||
|
+
|
||||||
|
+ nixosConfigurations = let
|
||||||
|
+ system = "x86_64-linux";
|
||||||
|
+ in {
|
||||||
|
+ default = nixpkgs.lib.nixosSystem {
|
||||||
|
+ inherit system;
|
||||||
|
+ modules = [
|
||||||
|
+ {
|
||||||
|
+ users.users.alice = {
|
||||||
|
+ isNormalUser = true;
|
||||||
|
+ # enable sudo
|
||||||
|
+ extraGroups = ["wheel"];
|
||||||
|
+ packages = [
|
||||||
|
+ self.outputs.packages.${system}.default
|
||||||
|
+ ];
|
||||||
|
+ initialPassword = "swordfish";
|
||||||
|
+ };
|
||||||
|
+ system.stateVersion = "24.05";
|
||||||
|
+ }
|
||||||
|
+ ];
|
||||||
|
+ };
|
||||||
|
+ };
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
```bash
|
|
||||||
❯ docker load < $(nix-build what-is-my-ip-docker.nix)
|
|
||||||
Loaded image: what-is-my-ip-docker:c9g6x30invdq1bjfah3w1aw5w52vkdfn
|
|
||||||
|
|
||||||
❯ docker run -it what-is-my-ip-docker:c9g6x30invdq1bjfah3w1aw5w52vkdfn
|
|
||||||
24.5.113.148
|
|
||||||
```
|
|
||||||
|
|
||||||
Cool! Nix + Docker integration perfectly. The image produced has only the files exactly necessary to run the tool provided, effectively **distroless**.
|
|
||||||
|
|
||||||
Finally, let's take the last step and create a reproducible operating system using NixOS to contain only the programs we want.
|
|
||||||
|
|
||||||
```nix
|
|
||||||
let
|
|
||||||
nixpkgs = fetchTarball "https://github.com/NixOS/nixpkgs/archive/nixos-24.05.tar.gz";
|
|
||||||
pkgs = import nixpkgs {};
|
|
||||||
what-is-my-ip = import ./what-is-my-ip.nix {inherit pkgs;};
|
|
||||||
nixos = import "${nixpkgs}/nixos" {
|
|
||||||
configuration = {
|
|
||||||
users.users.alice = {
|
|
||||||
isNormalUser = true;
|
|
||||||
# enable sudo
|
|
||||||
extraGroups = ["wheel"];
|
|
||||||
packages = [
|
|
||||||
what-is-my-ip
|
|
||||||
];
|
|
||||||
initialPassword = "swordfish";
|
|
||||||
};
|
|
||||||
|
|
||||||
system.stateVersion = "24.05";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
in
|
|
||||||
nixos.vm
|
|
||||||
```
|
|
||||||
|
|
||||||
```console
|
```console
|
||||||
❯ nix-build what-is-my-ip-vm.nix
|
$ nixos-rebuild build-vm --flake .#default
|
||||||
|
$ ./result/bin/run-nixos-vm
|
||||||
❯ QEMU_KERNEL_PARAMS=console=ttyS0 ./result/bin/run-nixos-vm -nographic; reset
|
|
||||||
|
|
||||||
<<< Welcome to NixOS 24.05pre-git (x86_64) - ttyS0 >>>
|
|
||||||
|
|
||||||
Run 'nixos-help' for the NixOS manual.
|
|
||||||
|
|
||||||
|
# I/O snippet from QEMU
|
||||||
nixos login: alice
|
nixos login: alice
|
||||||
Password:
|
Password:
|
||||||
|
|
||||||
|
@ -207,7 +231,7 @@ Password:
|
||||||
|
|
||||||
💥 Hash **lr6wlz2652r35rwzc79samg77l6iqmii** present again!
|
💥 Hash **lr6wlz2652r35rwzc79samg77l6iqmii** present again!
|
||||||
|
|
||||||
We took a relatively simple script through a variety of applications in the Nix ecosystem: build recipe, shell, docker image and finally NixOS VM.
|
We took a relatively simple script through a variety of applications in the Nix ecosystem: build recipe, shell, docker image, and finally NixOS VM.
|
||||||
|
|
||||||
Hopefully, seeing the _fun things_ you can do with Nix might inspire you to push through the hard parts.
|
Hopefully, seeing the _fun things_ you can do with Nix might inspire you to push through the hard parts.
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue