lytedev/learn-flakes-the-fun-way
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Add container and nixos config

Browse source
This commit is contained in:
Daniel Flanagan 2024-07-08 12:38:39 -05:00
parent 18597260bf
commit 72e86a7324
3 changed files with 102 additions and 49 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -1 +1,2 @@
/result /result
*.qcow2

28
flake.nix
View file

@ -10,6 +10,12 @@
in { in {
packages = pkgsFor (pkgs: { packages = pkgsFor (pkgs: {
default = pkgs.callPackage ./what-is-my-ip.nix {}; default = pkgs.callPackage ./what-is-my-ip.nix {};
container = pkgs.dockerTools.buildImage {
name = "what-is-my-ip-container";
config = {
Cmd = ["${self.outputs.packages.${pkgs.system}.default}/bin/what-is-my-ip"];
};
};
}); });
devShells = pkgsFor (pkgs: { devShells = pkgsFor (pkgs: {
@ -20,5 +26,27 @@
''; '';
}; };
}); });
nixosConfigurations = let
system = "x86_64-linux";
in {
default = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
{
users.users.alice = {
isNormalUser = true;
# enable sudo
extraGroups = ["wheel"];
packages = [
self.outputs.packages.${system}.default
];
initialPassword = "swordfish";
};
system.stateVersion = "24.05";
}
];
};
};
}; };
} }

120
post.md
View file

@ -126,72 +126,96 @@ We can now do binary or source deployments 🚀🛠️📦 since we know the ful
```console ```console
$ nix copy --to ssh://beefcake $(nix build --print-out-paths) $ nix copy --to ssh://beefcake $(nix build --print-out-paths)
$ ssh beefcake $ ssh beefcake /nix/store/lr6wlz2652r35rwzc79samg77l6iqmii-what-is-my-ip/bin/what-is-my-ip
[fmzakari@nixie:~]$ /nix/store/lr6wlz2652r35rwzc79samg77l6iqmii-what-is-my-ip/bin/what-is-my-ip
98.147.178.19 98.147.178.19
``` ```
Maybe though you are stuck with Kubernetes or Docker. Let's use Nix to create an OCI compatible image. Maybe though you are stuck with Kubernetes or Docker. Let's use Nix to create an OCI-compatible image.
```nix ```diff
let diff --git a/flake.nix b/flake.nix
pkgs = import (fetchTarball "https://github.com/NixOS/nixpkgs/archive/nixos-24.05.tar.gz") {}; index 99d6d52..81e98c9 100644
what-is-my-ip = import ./what-is-my-ip.nix {inherit pkgs;}; --- a/flake.nix
in +++ b/flake.nix
pkgs.dockerTools.buildImage { @@ -10,6 +10,12 @@
name = "what-is-my-ip-docker"; in {
config = { packages = pkgsFor (pkgs: {
Cmd = ["${what-is-my-ip}/bin/what-is-my-ip"]; default = pkgs.callPackage ./what-is-my-ip.nix {};
}; + container = pkgs.dockerTools.buildImage {
} + name = "what-is-my-ip-container";
+ config = {
+ Cmd = ["${self.outputs.packages.${pkgs.system}.default}/bin/what-is-my-ip"];
+ };
+ };
});
devShells = pkgsFor (pkgs: {
``` ```
```bash ```bash
docker load < $(nix-build what-is-my-ip-docker.nix) $ docker load < $(nix build .#docker-image --print-out-paths)
Loaded image: what-is-my-ip-docker:c9g6x30invdq1bjfah3w1aw5w52vkdfn Loaded image: what-is-my-ip-docker:c9g6x30invdq1bjfah3w1aw5w52vkdfn
$ docker run -it what-is-my-ip-docker:c9g6x30invdq1bjfah3w1aw5w52vkdfn
docker run -it what-is-my-ip-docker:c9g6x30invdq1bjfah3w1aw5w52vkdfn
24.5.113.148 24.5.113.148
``` ```
Cool! Nix + Docker integration perfectly. The image produced has only the files exactly necessary to run the tool provided, effectively **distroless**. Cool! Nix + Docker integration perfectly. The image produced has only the files exactly necessary to run the tool provided, effectively **distroless**. You may also note that if you are following along, your image digest is exactly the same. **Reproducibility!**
Finally, let's take the last step and create a reproducible operating system using NixOS to contain only the programs we want. Finally, let's take the last step and create a reproducible operating system using NixOS to contain only the programs we want.
```nix ```diff
let diff --git a/flake.nix b/flake.nix
nixpkgs = fetchTarball "https://github.com/NixOS/nixpkgs/archive/nixos-24.05.tar.gz"; index 99d6d52..81e98c9 100644
pkgs = import nixpkgs {}; --- a/flake.nix
what-is-my-ip = import ./what-is-my-ip.nix {inherit pkgs;}; +++ b/flake.nix
nixos = import "${nixpkgs}/nixos" { @@ -10,6 +10,12 @@
configuration = { in {
users.users.alice = { packages = pkgsFor (pkgs: {
isNormalUser = true; default = pkgs.callPackage ./what-is-my-ip.nix {};
# enable sudo + container = pkgs.dockerTools.buildImage {
extraGroups = ["wheel"]; + name = "what-is-my-ip-container";
packages = [ + config = {
what-is-my-ip + Cmd = ["${self.outputs.packages.${pkgs.system}.default}/bin/what-is-my-ip"];
]; + };
initialPassword = "swordfish"; + };
}; });
system.stateVersion = "24.05"; devShells = pkgsFor (pkgs: {
}; @@ -20,5 +26,27 @@
}; '';
in };
nixos.vm });
+
+ nixosConfigurations = let
+ system = "x86_64-linux";
+ in {
+ default = nixpkgs.lib.nixosSystem {
+ inherit system;
+ modules = [
+ {
+ users.users.alice = {
+ isNormalUser = true;
+ # enable sudo
+ extraGroups = ["wheel"];
+ packages = [
+ self.outputs.packages.${system}.default
+ ];
+ initialPassword = "swordfish";
+ };
+ system.stateVersion = "24.05";
+ }
+ ];
+ };
+ };
};
}
``` ```
```console ```console
nix-build what-is-my-ip-vm.nix $ nixos-rebuild build-vm --flake .#default
$ ./result/bin/run-nixos-vm
QEMU_KERNEL_PARAMS=console=ttyS0 ./result/bin/run-nixos-vm -nographic; reset
<<< Welcome to NixOS 24.05pre-git (x86_64) - ttyS0 >>>
Run 'nixos-help' for the NixOS manual.
# I/O snippet from QEMU
nixos login: alice nixos login: alice
Password: Password:
@ -207,7 +231,7 @@ Password:
💥 Hash **lr6wlz2652r35rwzc79samg77l6iqmii** present again! 💥 Hash **lr6wlz2652r35rwzc79samg77l6iqmii** present again!
We took a relatively simple script through a variety of applications in the Nix ecosystem: build recipe, shell, docker image and finally NixOS VM. We took a relatively simple script through a variety of applications in the Nix ecosystem: build recipe, shell, docker image, and finally NixOS VM.
Hopefully, seeing the _fun things_ you can do with Nix might inspire you to push through the hard parts. Hopefully, seeing the _fun things_ you can do with Nix might inspire you to push through the hard parts.