Introduction to Nix{,OS,Ops}
What is nix ?
Nix began in 2003 as a research project led by Eelco Dolstra, who sought to develop a system for reliable software deployment. This work culminated in Dolstra's Ph.D. thesis, The Purely Functional Software Deployment Model, which proposed a novel approach to declarative, functional software configuration.
source wiki
So nix is a software deployement system like ansible, or salt-stack
what the difference is the approche where ansible other tools are imperatif
and mutable nixos is declaratif, reproduuctible and.
Features
- Atomic updates
- Rollbacks (incl. from bootloader)
- Reproducible OS build
- Source-based (now merged into nixpkgs).
Functional programming
Based on lambda calculus introduced by Alonzo Church (1930s)
Abstraction based on functions (lambda) and reduction
No side effects:
- No mutable variables
- No loops
you can run open localy a interpretor with the command nix-repl
Nix Primitive Types
nix-repl> builtins.typeOf 42
"int"
nix-repl> builtins.typeOf 42.43
"float"
nix-repl> builtins.typeOf true
"bool"
nix-repl> builtins.typeOf /tmp
"path"
Tail-recursive sum function
let
sumList = list:
let
go = acc: xs:
if xs == [] then
acc
else
go (acc + builtins.head xs) (builtins.tail xs);
in
go 0 list;
in
sumList [1 2 3 4 5] # Result: 15
Lots of builtins functions
Lots of low and high level builtins
functions to:
- Fetch tarballs and source code
- Manipulate strings, lists, sets andpaths
- Do flow control (tests, assert, abort. . . )
builtins.fetchTarball
builtins.fetchurl
builtins.findFile
builtins.fromJSON
builtins.getAttr
builtins.getEnv
builtins.hasAttr
Why an other language?
- Advantages over Descriptive Language
- Can express package complexity (Turing complete)
- Better reusability
- More concise and simple
- and yaml are not a language
Purely Functional package manager
- Package are defined in Nix expressions
- Atomic upgrades and rollbacks
- Several version of the same package on the same system
- Unprivileged package installation
- Provides isolated environments
- Reproducible build from source
- Cache available to get pre-compiled binaries
- Garbage collection
nixpkgs vs nixos
nixpkgs it generaliste pakage manager with each binary is define with derivation like
{
lib,
buildGoModule,
fetchFromGitHub,
}:
buildGoModule rec {
pname = "docker-compose";
version = "2.35.1";
src = fetchFromGitHub {
owner = "docker";
repo = "compose";
rev = "v${version}";
hash = "sha256-Dq2YYiHmtt3j+qHAzsAIW4twbD3viXIjI0MXrV7HIW0=";
};
postPatch = ''
# entirely separate package that breaks the build
rm -rf pkg/e2e/
'';
vendorHash = "sha256-nycjWE3nFmA2csen8jT9lrhwRn5892xIRtrYEn+eVy0=";
ldflags = [
"-X github.com/docker/compose/v2/internal.Version=${version}"
"-s"
"-w"
];
doCheck = false;
installPhase = ''
runHook preInstall
install -D $GOPATH/bin/cmd $out/libexec/docker/cli-plugins/docker-compose
mkdir -p $out/bin
ln -s $out/libexec/docker/cli-plugins/docker-compose $out/bin/docker-compose
runHook postInstall
'';
meta = with lib; {
description = "Docker CLI plugin to define and run multi-container applications with Docker";
mainProgram = "docker-compose";
homepage = "https://github.com/docker/compose";
license = licenses.asl20;
maintainers = [ ];
};
}
nixpkgs generalisation of packagemanager
{
lib,
buildPythonPackage,
fetchFromGitHub,
# build-system
setuptools,
# dependencies
botocore,
jmespath,
s3transfer,
# tests
pytest-xdist,
pytestCheckHook,
}:
buildPythonPackage rec {
pname = "boto3";
inherit (botocore) version; # N.B: botocore, boto3, awscli needs to be updated in lockstep, bump botocore version for updating these.
pyproject = true;
src = fetchFromGitHub {
owner = "boto";
repo = "boto3";
tag = version;
hash = "sha256-89GUr0isFEKmBevWgPW5z4uU1zOTQ1kM8RX1mlsvdXw=";
};
build-system = [
setuptools
];
dependencies = [
botocore
jmespath
s3transfer
];
nativeCheckInputs = [
pytest-xdist
pytestCheckHook
];
pythonImportsCheck = [ "boto3" ];
disabledTestPaths = [
# Integration tests require networking
"tests/integration"
];
optional-dependencies = {
crt = botocore.optional-dependencies.crt;
};
meta = {
description = "AWS SDK for Python";
homepage = "https://github.com/boto/boto3";
changelog = "https://github.com/boto/boto3/blob/${version}/CHANGELOG.rst";
license = lib.licenses.asl20;
longDescription = ''
Boto3 is the Amazon Web Services (AWS) Software Development Kit (SDK) for
Python, which allows Python developers to write software that makes use of
services like Amazon S3 and Amazon EC2.
'';
maintainers = with lib.maintainers; [ anthonyroussel ];
};
}
nixops
like terraform but with nixos syntax
{
deployment.virtualbox.headless = false;
deployment.virtualbox.sharedFolders.predictTruc= {
hostPath = "/home/blabla/Documents/tcmlabs/Capmini";
readOnly = false;
};
deployment.targetEnv = "virtualbox";
deployment.virtualbox.memorySize = 3024;
deployment.virtualbox.vcpu = 2;
users.extraUsers."barbatruc" =
}
hydra
Hydra is a CI system developed for Nix/NixOS that automates building and testing of packages.
It uses Nix expressions to ensure reproducible builds across different machines.
Hydra provides a web interface and notifications to track build results easily
nixhome
{ config, pkgs, ... }:
{
programs.ssh = {
enable = true;
matchBlocks = {
"blabla-host" = {
hostname = "192.168.1.x"; # IP or hostname
user = "barbatruc"; # your SSH username
port = 22;
identityFile = null; # no key — uses password
};
};
};
vscode = pkgs.vscode-with-extensions.override {
vscodeExtensions = with pkgs.vscode-extensions; [
bbenoist.Nix
]
++
pkgs.vscode-utils.extensionsFromVscodeMarketplace [
{
name = "prettier-vscode";
publisher = "esbenp";
version = "2.3.0";
sha256 = "0jv1pzm8bpd7ajvl797gbvxllic1ir8lwc93lq54bdyaizj9sbvz";
}
{
name = "vscode-purty";
publisher = "mvakula";
version = "0.3.0";
sha256 = "0hjp3c7aw6ykzw6aim72hmissdxmr63fy5nyhzwlljjyzc66m7fs";
}
{
name = "language-purescript";
publisher = "nwolverson";
version = "0.2.1";
sha256 = "18n35wp55c6k1yr2yrgg2qjmzk0vhz65bygfdk0z2p19pa4qhxzs";
}
{
name = "ide-purescript";
publisher = "nwolverson";
version = "0.20.8";
sha256 = "16avxmb1191l641r6pd99lw2cgq8gdfipb9n7d0czx1g9vfjr3ip";
}
];
};
}