Cloud Native NixOS

by Herwig Hochleitner

@bendlas

TOC

Nix

is

  • ... a functional, lazy programming language
  • ... a functional package manager
  • ... an implementation of immutable file sets
  • ... a garbage collector
  • ... a source of terrible puns in german

NixOS

is

  • ... a module system for Nix
  • ... a documented set of options
  • ... a boot loader manager
  • ... a manager for /etc

nixpkgs

is

  • ... NixOS' standard library (of software packages)
  • ... a collection of build recipes (think homebrew)
  • ... so huge, that github won't render our TOC
    github seems to have lifted that restriction

Deployment Options

  • Channels
  • NixOps
  • Disnix
  • nix-copy-closure
  • rsync

Option 0

git

Just update expressions on your NIX_PATH

              
                echo $NIX_PATH
                nixpkgs=/var/nixpkgs:nixos=/var/nixpkgs/nixos:nixos-config=/etc/nixos/configuration.nix

Channels

Official Distribution Mechanism.
Distribute Nix expressions via HTTP.

CI via Hydra allows for automatic creation
and binary cache

NixOps

Many providers. Remote NixOS, container, vm, aws, gce, azure, digital_ocean, hetzner

              
                nixops {create,delete,deploy,modify,start,stop,ssh,...}
              
              
                # machines.nix
                {
                  staging =
                    { ... }: {
                      imports = [ ./configuration.nix ];
                      deployment.targetHost = "11.22.33.44";
                      acme.environment = "staging";
                    };
                  # ...
                }

Disnix

NixOS' - style lifecycle and provision for the cloud

              
                # Deploy / Update
                disnix-env -s services.nix -i infrastructure.nix -d distribution.nix
                # Rollback
                disnix-env --list-generations
                   1   2018-02-13 13:22:35
                   2   2018-02-13 13:30:24   (current)
                disnix-env --rollback
                disnix-env --switch-to-generation 1

nix-copy-closure

Transfer packages between Nix stores

              
                nix-copy-closure --to root@staging $(which pkg)

rsync

Transfer packages between non-Nix machines

              
                rsync -avz \
                  $(nix-store -qR
                    $(which pkg)) \
                  root@staging:/nix/store

Docker

  • Nix does conflict-free deployment
  • Nix does system containers based on systemd
  • Nix does user containers based on unshare
  • Nix does not do overlayfs management
  • Nix does package docker
  • NixOS does include a docker service
  • Nix can build rather efficient docker images

From the manual

            
              buildImage {
                name = "redis";
                tag = "latest";

                fromImage = someBaseImage;
                fromImageName = null;
                fromImageTag = "latest";

                contents = pkgs.redis;
                runAsRoot = ''
                  #!${stdenv.shell}
                  mkdir -p /data
                '';

                config = {
                  Cmd = [ "/bin/redis-server" ];
                  WorkingDir = "/data";
                  Volumes = {
                    "/data" = {};
                  };
                };
              }

RancherOS

NixOS isn't a ready-made package, and it's not tied to Docker. It does, however, solve many of the same problems.

You could conceivably deploy a Kubernetes cluster with Rancher Services via NixOS. Or anything else.

Outro

More Freestyling

Thanks!

Questions?