Nix

Transcript

1. Nix

2. $(who) • Rafael Fernández López (@ereslibre) • Staff Engineer at

   VMware • Interested in libre software and open knowledge • Went through a number of technologies: ◦ KDE ◦ Ruby on Rails ◦ Docker ◦ Kubernetes ◦ Nix ◦ WebAssembly

3. Problem statement.

4. Software is eating the world.

5. Software has already eaten the world.

6. Multiple times.

7. The problem - closer to the metal • The system

   is a snowflake composed of manual changes • How to rollback? How to evolve? How to reproduce? • Change something manually in /etc/…, … and restart a service ◦ System upgrades ◦ Chef/Puppet/Salt help a little ◦ Terraform/Packer get closer to immutable infrastructure; still do not solve the whole issue spectrum

8. The problem - containers • Dockerfile; usually a moving target

   ◦ FROM ubuntu:latest ◦ FROM ubuntu:18.04 • How did we build this container image? Where is the Dockerfile? • Not trivial to write reproducible Dockerfiles ◦ FROM … ◦ RUN … • What do we really want to isolate? ◦ Filesystem, network namespace, PID namespace… • Software supply chain traceability

9. Can we do anything about it?

10. Nix: what is it? • A language

11. Nix: what is it? • A language • A package

    manager

12. Nix: what is it? • A language • A package

    manager • A package collection (nixpkgs)

13. Nix: what is it? • A language • A package

    manager • A package collection (nixpkgs) • A Linux distribution (NixOS)

14. Nix: language • Domain specific • Declarative • Pure •

    Functional • Lazy • Dynamically typed

15. Nix: package manager • Does not follow the Linux Standard

    Base (LSB) • Magic sauce: patchelf ◦ Change the dynamic loader (ELF interpreter) of executables ◦ Change/Shrink the RPATH of executables and libraries ◦ Manage dynamic libraries dependencies (add, remove, replace, change SONAME) • Nix store: globally readable nix store

16. Nix: package collection (nixpkgs) • Over 80,000 software packages •

    Tooling to produce multiple outputs

17. Nix: operating system (NixOS) • Based off nixpkgs • 99.77%

    of the nixos.iso_minimal.x86_64-linux paths are reproducible • Atomic • Trivial rollback capability • nixos-generators

18. Nix: what are you building? • A derivation • A

    container image • A machine image ◦ Azure, Digital Ocean, Amazon EC2, Google Compute Engine, Hyper-V, Libvirt, Proxmox, VMware… • Straightforward cross-compilation ◦ Build platform ◦ Host platform ◦ Target platform (only applicable for compilers and similar tools)

19. Nix: a building block • Direnv • Riff ◦ Automatically

    provide external dependencies for Rust projects (other languages in the future) • nixery.dev • Agenix ◦ Secret management

20. Nix: Flakes • “Experimental” feature (until 3.0?) ◦ Opt-in feature

    • Concept of Inputs and Outputs • Pinned Inputs • Pure

21. Nix: software as a service • Source distribution ◦ Huge

    public binary cache • nix build or nix run ◦ A nixpkgs derivation ▪ From “master” ▪ From a specific release ▪ From a specific revision ◦ A third party package • Development shells

22. Nix: extras • Original paper (18 years ago) ◦ Initial

    release (19 years ago) • Multi-OS, user specific ◦ Home-manager • OS specific ◦ nix-darwin • Deployment ◦ deploy-rs ◦ nix-deploy, nix-delegate ◦ nixery.dev

23. Nix: resources • Documentation • Nix pills • nix.dev •

    NixOS options • Home Manager options • Nix-Darwin options • Flake documentation • Awesome Nix • Reproducibility: NixOS • Hydra