mirror of https://github.com/foo-dogsquared/wiki.git synced 2025-01-31 07:57:57 +00:00

Gabriel Arazas 7c75fc2531 Update notes on the cloud computing course and Nix

Was able to finally pass through the ArgoCD installation among other
things. I also updated more exercises to tangle my solutions into a file.

2021-07-04 11:55:02 +08:00

8.1 KiB

Raw Blame History

The basics of Nix package manager

Ecosystem
Reproducible executables
Components of the package manager
Overlays
Nix flakes

Nix package manager is a great tool for reproducibility as you can easily set up your environment. Taking it up to the next level with NixOS, your whole installation.

Ecosystem

Nix has several tools that integrates them into the already existing ecosystem of developer tools.

direnv has integration with Nix as well as a lot of editors.
lorri replaces nix-shell integrating with direnv.
niv provides a easier way to manage dependencies though it will be easier with Nix flakes.
/foodogsquared/wiki/src/commit/92a8179dd00ea2c2e2a317edb5c2682f56425268/structured/Nix%20flakes is an upcoming feature for Nix, replacing the traditional Nix channels into a decentralized set of derivations that can be retrieved from anywhere similar to Go modules ¹.
Cachix is a cache service enabling to easily distribute binaries built with Nix.

Reproducible executables

You can create a reproducible executable that only requires Nix.

Here's a sample script that uses multiple dependencies.

If the script interact with the network (e.g., curl, wget) and the environment is completely pure, don't forget to install public Certificate Authorities with cacert.

#!/usr/bin/env nix-shell
#! nix-shell --pure -i bash -p coreutils curl cacert jq fzf findutils

# A quick command line interface for creating a gitignore with the API from https://gitignore.io.
# This script comes with a simple caching to avoid creating too much requests.

set -eo pipefail

CACHE_FILE="${XDG_CACHE_DIR:-$HOME/.cache}/gitignore-io.langs.json"

# Check if the language list is downloaded for the last hour (3600 seconds).
if [ ! -e $CACHE_FILE ] || test $(expr $(date "+%s") - $(date -r $CACHE_FILE "+%s")) -gt 3600
then
    ping "gitignore.io" --count 4 && curl --silent --location --output $CACHE_FILE "https://gitignore.io/api/list?format=json"
fi

KEYS=$(jq 'keys | .[] | @text' --raw-output $CACHE_FILE | fzf --multi | while read lang; do echo " .[\"$lang\"].contents"; done | paste -s -d ',')

jq "$KEYS" --raw-output $CACHE_FILE

Components of the package manager

Holistically, Nix is made up of at least four components: the store, the language, the derivations, and the sandbox.

The store is a immutable centralized location where all of the outputs are placed.
The derivations are essentially build instructions.
The language (also called as Nix but we'll refer to it as Nixlang) is a domain-specific language for creating derivations.
The build process can be locked in a sandbox, improving the reproducibility of a setup and lowering the attack surface for a malicious package.

Overlays

You can override values in Nix as a way to customize nixpkgs. For example, if you want to use a different version from the nixpkgs channel, you can change the appropriate value.

let overlay = self: super:
      {
        ncmpcpp = super.ncmpcpp.override { visualizerSupport = true; };
      }

For another example, you can see some examples from Neovim and Veloren (which also uses Nix flakes).

You can set overlays automatically either by setting nixpkgs.overlays from your system configuration or ~/.config/nixpkgs/overlays/ folder for user-specific settings. You could also set overlays for standalone Nix code similarly through the overlays key — e.g., import <nixpkgs> ? { overlays = (self: super: { } ); };.

TODO Nix flakes

As of 2021-06-30, the version used for this note is at v2.3 so it needs to be invoked with the unstable version.

similar to Guix channels
a collection of packages and functions while making it easy to configure Nix declaratively
replaces the traditional Nix channels since fully reproducing an environment with Nix requires special care in practice; plus, there's no standard way of composing projects with Nix
as of 2021-06-30, this is on the unstable version of the Nix package manager and needs some additional configuration

why flakes?

provides a structure for discoverability
makes 100% reproducibility a little easier with Nix
in case you're using NixOS, it also provides an easier way to extend it with third-party custom modules

Here's an example to interact with a flake. It will show the entire outputs of a flake as well as the normalized version of the flake object.

#! nix-shell -i bash -p nixUnstable
nix --experimental-features 'nix-command flakes' flake show <<flake-sample-object()>> | sed -e "s/\x1b\[.\{1,5\}m//g"

github:edolstra/dwarffs/f691e2c991e75edb22836f1dbe632c40324215c5
├───checks
│   ├───aarch64-linux
│   │   ├───build: derivation 'dwarffs-0.1.20210121.f691e2c'
│   │   └───test: derivation 'vm-test-run-unnamed'
│   ├───i686-linux
│   │   ├───build: derivation 'dwarffs-0.1.20210121.f691e2c'
│   │   └───test: derivation 'vm-test-run-unnamed'
│   └───x86_64-linux
│       ├───build: derivation 'dwarffs-0.1.20210121.f691e2c'
│       └───test: derivation 'vm-test-run-unnamed'
├───defaultPackage
│   ├───aarch64-linux: package 'dwarffs-0.1.20210121.f691e2c'
│   ├───i686-linux: package 'dwarffs-0.1.20210121.f691e2c'
│   └───x86_64-linux: package 'dwarffs-0.1.20210121.f691e2c'
├───nixosModules
│   └───dwarffs: NixOS module
└───overlay: Nixpkgs overlay

Let's build from one of the outputs of call_flake-sample-object().

#! nix-shell -i bash -p nixUnstable
nix --experimental-features 'nix-command flakes' build 'github:edolstra/dwarffs#checks.aarch64-linux.build'

nix --experimental-features 'nix-command flakes' shell 'github:edolstra/dwarffs' --command dwarffs --version

fusermount version: 2.9.9

For full reproducibility, you can refer to specific point of a flake (e.g., commit).

To easily get a pinned URL, you can run flake metadata subcommand.

#! nix-shell -i bash -p nixUnstable
nix --experimental-features 'nix-command flakes' flake metadata 'github:edolstra/dwarffs' | sed -e "s/\x1b\[.\{1,5\}m//g"

Resolved URL:  github:edolstra/dwarffs
Locked URL:    github:edolstra/dwarffs/f691e2c991e75edb22836f1dbe632c40324215c5
Description:   A filesystem that fetches DWARF debug info from the Internet on demand
Path:          /nix/store/769s05vjydmc2lcf6b02az28wsa9ixh1-source
Revision:      f691e2c991e75edb22836f1dbe632c40324215c5
Last modified: 2021-01-21 22:41:26
Inputs:
├───nix: github:NixOS/nix/6254b1f5d298ff73127d7b0f0da48f142bdc753c
│   ├───lowdown-src: github:kristapsdz/lowdown/1705b4a26fbf065d9574dce47a94e8c7c79e052f
│   └───nixpkgs: github:NixOS/nixpkgs/ad0d20345219790533ebe06571f82ed6b034db31
└───nixpkgs follows input 'nix/nixpkgs'

#! nix-shell -i bash -p nixUnstable
nix --experimental-features 'nix-command flakes' shell github:edolstra/dwarffs/f691e2c991e75edb22836f1dbe632c40324215c5 --command dwarffs --version

fusermount version: 2.9.9

At a glance, anyways. I'm not experienced enough with Go to say that with utmost confidence.

8.1 KiB Raw Blame History