lytedev/learn-flakes-the-fun-way
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Add container and nixos config

Browse source
This commit is contained in:
Daniel Flanagan 2024-07-08 12:38:39 -05:00
parent 18597260bf
commit 72e86a7324
3 changed files with 102 additions and 49 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -1 +1,2 @@
/result /result
*.qcow2

28
flake.nix
View file

@ -10,6 +10,12 @@
in { in {
packages = pkgsFor (pkgs: { packages = pkgsFor (pkgs: {
default = pkgs.callPackage ./what-is-my-ip.nix {}; default = pkgs.callPackage ./what-is-my-ip.nix {};
container = pkgs.dockerTools.buildImage {
name = "what-is-my-ip-container";
config = {
Cmd = ["${self.outputs.packages.${pkgs.system}.default}/bin/what-is-my-ip"];
};
};
}); });
devShells = pkgsFor (pkgs: { devShells = pkgsFor (pkgs: {
@ -20,5 +26,27 @@
''; '';
}; };
}); });
nixosConfigurations = let
system = "x86_64-linux";
in {
default = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
{
users.users.alice = {
isNormalUser = true;
# enable sudo
extraGroups = ["wheel"];
packages = [
self.outputs.packages.${system}.default
];
initialPassword = "swordfish";
};
system.stateVersion = "24.05";
}
];
};
};
}; };
} }

138
post.md
View file

@ -126,72 +126,96 @@ We can now do binary or source deployments 🚀🛠️📦 since we know the ful
```console ```console
$ nix copy --to ssh://beefcake $(nix build --print-out-paths) $ nix copy --to ssh://beefcake $(nix build --print-out-paths)
$ ssh beefcake $ ssh beefcake /nix/store/lr6wlz2652r35rwzc79samg77l6iqmii-what-is-my-ip/bin/what-is-my-ip
[fmzakari@nixie:~]$ /nix/store/lr6wlz2652r35rwzc79samg77l6iqmii-what-is-my-ip/bin/what-is-my-ip
98.147.178.19 98.147.178.19
``` ```
Maybe though you are stuck with Kubernetes or Docker. Let's use Nix to create an OCI compatible image. Maybe though you are stuck with Kubernetes or Docker. Let's use Nix to create an OCI-compatible image.
```nix ```diff
let diff --git a/flake.nix b/flake.nix
pkgs = import (fetchTarball "https://github.com/NixOS/nixpkgs/archive/nixos-24.05.tar.gz") {}; index 99d6d52..81e98c9 100644
what-is-my-ip = import ./what-is-my-ip.nix {inherit pkgs;}; --- a/flake.nix
in +++ b/flake.nix
pkgs.dockerTools.buildImage { @@ -10,6 +10,12 @@
name = "what-is-my-ip-docker"; in {
config = { packages = pkgsFor (pkgs: {
Cmd = ["${what-is-my-ip}/bin/what-is-my-ip"]; default = pkgs.callPackage ./what-is-my-ip.nix {};
+ container = pkgs.dockerTools.buildImage {
+ name = "what-is-my-ip-container";
+ config = {
+ Cmd = ["${self.outputs.packages.${pkgs.system}.default}/bin/what-is-my-ip"];
+ };
+ };
});
devShells = pkgsFor (pkgs: {
```
```bash
$ docker load < $(nix build .#docker-image --print-out-paths)
Loaded image: what-is-my-ip-docker:c9g6x30invdq1bjfah3w1aw5w52vkdfn
$ docker run -it what-is-my-ip-docker:c9g6x30invdq1bjfah3w1aw5w52vkdfn
24.5.113.148
```
Cool! Nix + Docker integration perfectly. The image produced has only the files exactly necessary to run the tool provided, effectively **distroless**. You may also note that if you are following along, your image digest is exactly the same. **Reproducibility!**
Finally, let's take the last step and create a reproducible operating system using NixOS to contain only the programs we want.
```diff
diff --git a/flake.nix b/flake.nix
index 99d6d52..81e98c9 100644
--- a/flake.nix
+++ b/flake.nix
@@ -10,6 +10,12 @@
in {
packages = pkgsFor (pkgs: {
default = pkgs.callPackage ./what-is-my-ip.nix {};
+ container = pkgs.dockerTools.buildImage {
+ name = "what-is-my-ip-container";
+ config = {
+ Cmd = ["${self.outputs.packages.${pkgs.system}.default}/bin/what-is-my-ip"];
+ };
+ };
});
devShells = pkgsFor (pkgs: {
@@ -20,5 +26,27 @@
'';
};
});
+
+ nixosConfigurations = let
+ system = "x86_64-linux";
+ in {
+ default = nixpkgs.lib.nixosSystem {
+ inherit system;
+ modules = [
+ {
+ users.users.alice = {
+ isNormalUser = true;
+ # enable sudo
+ extraGroups = ["wheel"];
+ packages = [
+ self.outputs.packages.${system}.default
+ ];
+ initialPassword = "swordfish";
+ };
+ system.stateVersion = "24.05";
+ }
+ ];
+ };
+ };
}; };
} }
``` ```
```bash
docker load < $(nix-build what-is-my-ip-docker.nix)
Loaded image: what-is-my-ip-docker:c9g6x30invdq1bjfah3w1aw5w52vkdfn
docker run -it what-is-my-ip-docker:c9g6x30invdq1bjfah3w1aw5w52vkdfn
24.5.113.148
```
Cool! Nix + Docker integration perfectly. The image produced has only the files exactly necessary to run the tool provided, effectively **distroless**.
Finally, let's take the last step and create a reproducible operating system using NixOS to contain only the programs we want.
```nix
let
nixpkgs = fetchTarball "https://github.com/NixOS/nixpkgs/archive/nixos-24.05.tar.gz";
pkgs = import nixpkgs {};
what-is-my-ip = import ./what-is-my-ip.nix {inherit pkgs;};
nixos = import "${nixpkgs}/nixos" {
configuration = {
users.users.alice = {
isNormalUser = true;
# enable sudo
extraGroups = ["wheel"];
packages = [
what-is-my-ip
];
initialPassword = "swordfish";
};
system.stateVersion = "24.05";
};
};
in
nixos.vm
```
```console ```console
nix-build what-is-my-ip-vm.nix $ nixos-rebuild build-vm --flake .#default
$ ./result/bin/run-nixos-vm
QEMU_KERNEL_PARAMS=console=ttyS0 ./result/bin/run-nixos-vm -nographic; reset
<<< Welcome to NixOS 24.05pre-git (x86_64) - ttyS0 >>>
Run 'nixos-help' for the NixOS manual.
# I/O snippet from QEMU
nixos login: alice nixos login: alice
Password: Password:
@ -207,7 +231,7 @@ Password:
💥 Hash **lr6wlz2652r35rwzc79samg77l6iqmii** present again! 💥 Hash **lr6wlz2652r35rwzc79samg77l6iqmii** present again!
We took a relatively simple script through a variety of applications in the Nix ecosystem: build recipe, shell, docker image and finally NixOS VM. We took a relatively simple script through a variety of applications in the Nix ecosystem: build recipe, shell, docker image, and finally NixOS VM.
Hopefully, seeing the _fun things_ you can do with Nix might inspire you to push through the hard parts. Hopefully, seeing the _fun things_ you can do with Nix might inspire you to push through the hard parts.