NixOS: devops-friendly Linux distribution

@ DevOpsDays Ljubljana 2015

Domen Kožar / @iElectric

Best tool for the job?

Nix design values

  • Minimalistic language
  • All operations are atomic
  • Isolation (chroot)
  • Source (freedom) and Binary (pragmatism) source
  • Immutability
$ cat default.nix
derivation {
  name = "my-package";
  builder = ./builder.sh;
  system = "x86-64-linux";
  src = /home/user/bla.tar.gz;
}
$ cat builder.sh
tar xvfz $src
cd plan9port/
mkdir $out
cp planport.sh $out/bin/planport

{ stdenv, fetchurl, fetchgit, openssl, zlib, pcre, libxml2 }:

stdenv.mkDerivation rec {
  name = "nginx-${version}";
  version = "1.4.4";

  src = fetchurl {
    url = "http://nginx.org/download/nginx-${version}.tar.gz";
    sha256 = "1f82845mpgmhvm151fhn2cnqjggw9w7cvsqbva9rb320wmc9m63w";
  };

  buildInputs = [ openssl zlib pcre libxml2 ];
  configureFlags = [ "--with-http_spdy_module" ];
  postInstall = "mv $out/sbin $out/bin";

  meta = with stdenv.lib; {
    description = "A reverse proxy and lightweight webserver";
    maintainers = [ maintainers.domenkozar ];
    platforms = platforms.all;
    license = licenses.bsd2;
  };
}
$ nix-build -A python
/nix/store/pbi1lgank10fy0xpjckbdpgacqw34dsz-python-2.7.9

$ ls -la result
result -> /nix/store/pbi1lgank10fy0xpjckbdpgacqw34dsz-python-2.7.9

$ ./result/bin/python
>>>

$ nix-shell --pure
$ nix-copy-closure --sign result/ domenkozar@example.com
...

Build the app

Run it

Develop the app

Deploy it

NixOS: packages + systemd + Linux kernel

{
  boot.loader.grub.device = "/dev/sda";
  fileSystems."/".device = "/dev/sda1";

  networking.firewall = {
    enable = true;
    allowedTCPPorts = [ 80 ];
  };

  environment.systemPackages = with pkgs; [
    wget
    git
    gnupg
    tmux
  ];
  
  services = {
    sshd.enable = true;
    munin-node.enable = true;
    munin-cron = {
      enable = true;
      hosts = ''
        [${config.networking.hostName}]
        address localhost
      '';
    };
  };
}

Getting started with NixOps

$ nix-env -i nixops

trivial.nix

{
  webserver = { config, pkgs, ... }:
    { services.httpd.enable = true;
      services.httpd.adminAddr = "alice@example.org";
      services.httpd.documentRoot = "${pkgs.valgrind}/share/doc/valgrind/html";
    };
}

trivial-virtualbox.nix

{
  webserver = { config, pkgs, ... }:
    { deployment.targetEnv = "virtualbox";
      deployment.virtualbox.memorySize = 1024; # megabytes
    };
}

Provision and deploy

$ nixops create ./trivial.nix ./trivial-virtualbox.nix -d trivial
33bced96-5f26-11e1-b9d7-9630d48abec1

$ nixops deploy -d trivial
creating VirtualBox VM ‘webserver’...
...

Enjoy the purity

Google for: Why Puppet/Chef/Ansible aren't good enough (and we can do better)

NixOS: devops-friendly Linux distribution

By Domen Kožar

Made with Slides.com

NixOS: devops-friendly Linux distribution

  • 2,456

More from Domen Kožar