Add container and nixos config

This commit is contained in:
Daniel Flanagan 2024-07-08 12:38:39 -05:00
parent 18597260bf
commit 72e86a7324
3 changed files with 102 additions and 49 deletions

1
.gitignore vendored
View file

@ -1 +1,2 @@
/result
*.qcow2

View file

@ -10,6 +10,12 @@
in {
packages = pkgsFor (pkgs: {
default = pkgs.callPackage ./what-is-my-ip.nix {};
container = pkgs.dockerTools.buildImage {
name = "what-is-my-ip-container";
config = {
Cmd = ["${self.outputs.packages.${pkgs.system}.default}/bin/what-is-my-ip"];
};
};
});
devShells = pkgsFor (pkgs: {
@ -20,5 +26,27 @@
'';
};
});
nixosConfigurations = let
system = "x86_64-linux";
in {
default = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
{
users.users.alice = {
isNormalUser = true;
# enable sudo
extraGroups = ["wheel"];
packages = [
self.outputs.packages.${system}.default
];
initialPassword = "swordfish";
};
system.stateVersion = "24.05";
}
];
};
};
};
}

120
post.md
View file

@ -126,72 +126,96 @@ We can now do binary or source deployments 🚀🛠️📦 since we know the ful
```console
$ nix copy --to ssh://beefcake $(nix build --print-out-paths)
$ ssh beefcake
[fmzakari@nixie:~]$ /nix/store/lr6wlz2652r35rwzc79samg77l6iqmii-what-is-my-ip/bin/what-is-my-ip
$ ssh beefcake /nix/store/lr6wlz2652r35rwzc79samg77l6iqmii-what-is-my-ip/bin/what-is-my-ip
98.147.178.19
```
Maybe though you are stuck with Kubernetes or Docker. Let's use Nix to create an OCI compatible image.
Maybe though you are stuck with Kubernetes or Docker. Let's use Nix to create an OCI-compatible image.
```nix
let
pkgs = import (fetchTarball "https://github.com/NixOS/nixpkgs/archive/nixos-24.05.tar.gz") {};
what-is-my-ip = import ./what-is-my-ip.nix {inherit pkgs;};
in
pkgs.dockerTools.buildImage {
name = "what-is-my-ip-docker";
config = {
Cmd = ["${what-is-my-ip}/bin/what-is-my-ip"];
};
}
```diff
diff --git a/flake.nix b/flake.nix
index 99d6d52..81e98c9 100644
--- a/flake.nix
+++ b/flake.nix
@@ -10,6 +10,12 @@
in {
packages = pkgsFor (pkgs: {
default = pkgs.callPackage ./what-is-my-ip.nix {};
+ container = pkgs.dockerTools.buildImage {
+ name = "what-is-my-ip-container";
+ config = {
+ Cmd = ["${self.outputs.packages.${pkgs.system}.default}/bin/what-is-my-ip"];
+ };
+ };
});
devShells = pkgsFor (pkgs: {
```
```bash
docker load < $(nix-build what-is-my-ip-docker.nix)
$ docker load < $(nix build .#docker-image --print-out-paths)
Loaded image: what-is-my-ip-docker:c9g6x30invdq1bjfah3w1aw5w52vkdfn
docker run -it what-is-my-ip-docker:c9g6x30invdq1bjfah3w1aw5w52vkdfn
$ docker run -it what-is-my-ip-docker:c9g6x30invdq1bjfah3w1aw5w52vkdfn
24.5.113.148
```
Cool! Nix + Docker integration perfectly. The image produced has only the files exactly necessary to run the tool provided, effectively **distroless**.
Cool! Nix + Docker integration perfectly. The image produced has only the files exactly necessary to run the tool provided, effectively **distroless**. You may also note that if you are following along, your image digest is exactly the same. **Reproducibility!**
Finally, let's take the last step and create a reproducible operating system using NixOS to contain only the programs we want.
```nix
let
nixpkgs = fetchTarball "https://github.com/NixOS/nixpkgs/archive/nixos-24.05.tar.gz";
pkgs = import nixpkgs {};
what-is-my-ip = import ./what-is-my-ip.nix {inherit pkgs;};
nixos = import "${nixpkgs}/nixos" {
configuration = {
users.users.alice = {
isNormalUser = true;
# enable sudo
extraGroups = ["wheel"];
packages = [
what-is-my-ip
];
initialPassword = "swordfish";
};
```diff
diff --git a/flake.nix b/flake.nix
index 99d6d52..81e98c9 100644
--- a/flake.nix
+++ b/flake.nix
@@ -10,6 +10,12 @@
in {
packages = pkgsFor (pkgs: {
default = pkgs.callPackage ./what-is-my-ip.nix {};
+ container = pkgs.dockerTools.buildImage {
+ name = "what-is-my-ip-container";
+ config = {
+ Cmd = ["${self.outputs.packages.${pkgs.system}.default}/bin/what-is-my-ip"];
+ };
+ };
});
system.stateVersion = "24.05";
};
};
in
nixos.vm
devShells = pkgsFor (pkgs: {
@@ -20,5 +26,27 @@
'';
};
});
+
+ nixosConfigurations = let
+ system = "x86_64-linux";
+ in {
+ default = nixpkgs.lib.nixosSystem {
+ inherit system;
+ modules = [
+ {
+ users.users.alice = {
+ isNormalUser = true;
+ # enable sudo
+ extraGroups = ["wheel"];
+ packages = [
+ self.outputs.packages.${system}.default
+ ];
+ initialPassword = "swordfish";
+ };
+ system.stateVersion = "24.05";
+ }
+ ];
+ };
+ };
};
}
```
```console
nix-build what-is-my-ip-vm.nix
QEMU_KERNEL_PARAMS=console=ttyS0 ./result/bin/run-nixos-vm -nographic; reset
<<< Welcome to NixOS 24.05pre-git (x86_64) - ttyS0 >>>
Run 'nixos-help' for the NixOS manual.
$ nixos-rebuild build-vm --flake .#default
$ ./result/bin/run-nixos-vm
# I/O snippet from QEMU
nixos login: alice
Password:
@ -207,7 +231,7 @@ Password:
💥 Hash **lr6wlz2652r35rwzc79samg77l6iqmii** present again!
We took a relatively simple script through a variety of applications in the Nix ecosystem: build recipe, shell, docker image and finally NixOS VM.
We took a relatively simple script through a variety of applications in the Nix ecosystem: build recipe, shell, docker image, and finally NixOS VM.
Hopefully, seeing the _fun things_ you can do with Nix might inspire you to push through the hard parts.