Nix-NixOS-NixOps: From Development to Deployment

Nicolas B. Pierron

Nix, NixOS, NixOps
Benefits of Isolation

Nicolas B. Pierron
NixOS developer, FOSDEM 2015

Benefits of Isolation

Goal:

  1. Highlights benefits of package isolation.
  2. Makes you promote isolation to your package manager.
  3. Makes you experiment with Nix, NixOS, and NixOps

This Presentation

  1. Package Manager issues
    1. Coherency & Isolation
    2. Source vs. Binary
  2. Nix, Developer Friendly
  3. NixOS, Abstract Configuration
  4. NixOps, Deployment Friendly

Package Manager knowledge

Filesystem Hierarchy Standard (FHS)

A typical Linux system has, among others, the following directories:

       /bin   This directory contains executable programs which are needed
              in single user mode and to bring the system up or repair it.

       /lib   This directory should hold those shared libraries that are
              necessary to boot the system and to run the commands in the
              root filesystem.

Filesystem Hierarchy Standard (FHS)

Filesystem Hierarchy Standard (FHS)

Package Manager knowledge

Package Manager lack-knowledge

Package Manager Isolation

FHS + hidden (non-standard) path

FHS + hidden (non-standard) path

User Environment + hidden path

This Presentation

  1. Package Manager issues
    1. Coherency & Isolation
    2. Source vs. Binary
  2. Nix, Developer Friendly
  3. NixOS, Abstract Configuration
  4. NixOps, Deployment Friendly

Source vs. Binary Packages

FHS, source distribution sucks!

Customization, binary distribution sucks!

This Presentation

  1. Package Manager issues
  2. Nix, Developer Friendly
    1. Introduction
    2. Customize packages
    3. Building Environments
  3. NixOS, Abstract Configuration
  4. NixOps, Deployment Friendly

Nix Daemon

  • Build for the user
  • Store in isolation
  • Independent of the package manager
    • Backend of the Nix language
    • Backend of Guix (Scheme)

Nix language - derivation

derivation {
  name = "my-package";
  builder = ./builder.sh;
  system = "x86-64-linux";
  envvar = 1;
}

Nixpkgs - stdenv.mkDerivation

{ stdenv, fetchurl, zlib, bzip2, …, openssl }:
stdenv.mkDerivation {
  name = "python3-3.4.2";
  src = fetchurl {
    url = http://www.python.org/…/Python-3.4.2.tar.xz ;
    sha256 = "1vrd9gqd…s619cv8w";
  };
  buildInputs = [ zlib bzip2 … openssl ];
  // default: ./configure --prefix=$out; make; make install
}

This Presentation

  1. Package Manager issues
  2. Nix, Developer Friendly
    1. Introduction
    2. Customize packages
    3. Building Environments
  3. NixOS, Abstract Configuration
  4. NixOps, Deployment Friendly

Custom dependency

python34.override {
  # Test with LibreSSL fork.
  openssl = libressl;
}

Custom source

lib.overrideDerivation python34 {
  # Do not fetch the sources
  # Use a local copy instead.
  src = /home/nicolas/cpython ;
}

This Presentation

  1. Package Manager issues
  2. Nix, Developer Friendly
    1. Introduction
    2. Customize packages
    3. Building Environments
  3. NixOS, Abstract Configuration
  4. NixOps, Deployment Friendly

nix-shell Build Environment

This Presentation

  1. Package Manager issues
  2. Nix, Developer Friendly
  3. NixOS, Abstract Configuration
    1. Configuration Management
    2. Declarative & Modular
  4. NixOps, Deployment Friendly

Configuration Management

Principle: Automate the configuration to reproduce it.

Many tools:

  • Puppet
  • Chef
  • Ansible
  • Salt

Configuration by mutation

Only describe a subset of the configuration.

Incomplete: Cannot describe the absence of all unused packages.

Configuration by installation

Complete: Anything which is included is present.

Many tools:

  1. rpm
  2. deb

NixOS - Configuration with isolation

This Presentation

  1. Package Manager issues
  2. Nix, Developer Friendly
  3. NixOS, Abstract Configuration
    1. Configuration Management
    2. Declarative & Modular
  4. NixOps, Deployment Friendly

NixOS: Declarative configuration

{
  services.openssh.enable = true;
  users.extraUsers.root.openssh.authorizedKeys.keyFiles = [
    /home/nicolas/.ssh/id.pub
  ];
}

NixOS: Modular configuration

{
  imports = [ ./minimal-conf.nix ];

  services.httpd = {
    enable = true;
    adminAddr = "email@local.host";
    documentRoot = ./. ; # Serve the current directory
  };
  networking.firewall.allowedTCPPorts = [ 80 ];
}

This Presentation

  1. Package Manager issues
  2. Nix, Developer Friendly
  3. NixOS, Abstract Configuration
  4. NixOps, Deployment Friendly

Closures

NixOps: Deploying closures

{
  pres =
    { config, pkgs, ... }:

    { imports = [ ./modular-conf.nix ];
      deployment.targetEnv = "container";
      deployment.container.host = "jupiter.nbp.name";
    };
}

Conclusion

Benefits of isolation:

  • Maps directly to the package manager graph.
  • Explicits external program dependencies.
  • Help testing custom package.
  • Setup multiple environment (even for users).
  • Copy closures of a package, or a complete system.