NixOS - Reproducible Linux Distribution built around systemd

#nixos

Rok Garbas, @garbas

systemd conf 2016

NixOS

Nix Expression language

nixpkgs

nixops

Nix

Hydra

Building a package A

Filesystem /usr

Packaging instructions

Filesystem /usr with package A

Building a package B

Filesystem /usr with package A

Packaging instructions

Filesystem /usr with package
A and B

"traditional" package managers

Building a package B

Packaging instructions

Filesystem
/nix/store/
<hash>-packageB/...

Nix

Building a package A

Packaging instructions

Filesystem
/nix/store/
<hash>-packageA/...

Why Nix

(build) Reproducability

Atomicity

Rollbacks

Complete dependency

Multi version

Nix Demo

System management methods

Divergent

Convergent

Congruent

Disk State

Time

Actual

Target

Disk State

Actual

Target

Time

Disk State

Time

Actual

Target

Building a
config A

Filesystem /etc

configuration options

Filesystem /etc with config A

Building a
config B

Filesystem /etc with config A

configuration options

Filesystem /etc with config
A and B

Looks familiar?

Configuration

Most problems and complexity comes from mutating the state (/usr, /etc, ...)

What if we take Nix and build ...

- linux kernel

- initrd

- bootloader

- init system

- configuration files

- packages

NixOS

Declarative configuration (1/5)

{
  boot.loader.grub.device = "/dev/sda";
  fileSystem."/".device = "/dev/sda1";

  networking.hostname = "webserver";
  networking.firewall.allowedTCPPorts = [ 80 443 ];

  environment.systemPackages = with pkgs; [ htop vim ];

  services.openssh.enable = true

  services.nginx =
    { enable = true;
      virtualHosts."service.example.com" =
        { forceSSL = true;
          enableACME = true;
          location."/".proxyPass = "....";
        };
    };

  ...
}

Declarative configuration (2/5)

{
  ...

  services.xserver.displayManager.kdm.enable = true;
  services.xserver.desktopManager.kde4.enable = true;
  #services.xserver.desktopManager.kde5.enable = true;

  networking.networkmanager.enable = true

  ...
}

Declarative configuration (3/5)

{
  ...

  systemd.services."hello" = {
    description = "Hello";
    serviceConfig.Type = "oneshot";
    serviceConfig.RemainAfterExit = true;
    wantedBy = [ "multi-user.target" ];
    script = ''
      echo "hello"
    '';
  };

  ...
}

Declarative configuration (4/5)

{
  ...
  # lenovo t410
  boot = {
    kernelParams = [
      # Kernel GPU Savings Options (NOTE i915 chipset only)
      "drm.debug=0" "drm.vblankoffdelay=1" "i915.semaphores=1" "i915.modeset=1"
      "i915.use_mmio_flip=1" "i915.powersave=1" "i915.enable_ips=1"
      "i915.disable_power_well=1" "i915.enable_hangcheck=1"
      "i915.enable_cmd_parser=1" "i915.fastboot=0" "i915.enable_ppgtt=1"
      "i915.reset=0" "i915.lvds_use_ssc=0" "i915.enable_psr=0" "vblank_mode=0"
      "i915.i915_enable_rc6=1"
    ];
    blacklistedKernelModules = [
      # Kernel GPU Savings Options (NOTE i915 chipset only)
      "sierra_net" "cdc_mbim" "cdc_ncm" "btusb"
    ];
  };

  hardware.cpu.intel.updateMicrocode = true;

  ...
}

https://github.com/NixOS/nixos-hardware

Declarative configuration (5/5)

{
  ...

  containers.database =
    { config =
      { config, pkgs, ... }:
      { services.postgresql.enable = true;
        services.postgresql.package = pkgs.postgresql92;
      };
  };

  ...
}

Why NixOS?

- atomic upgrades

- rollback

- multi-user package management

- reproducible installations

NixOS demo

NixOS Community

~500 services

current release: 16.09 (happens today :P)

~900 contributors

~11k packages

~13k pull requests / ~4k issues

Caveats of Nix/NixOS

quick "hacks" are hard/impossible

documentation is good but not beginner friendly

steeper learning curve

disk space

no management of application state

Thank you

Questions?

NixOS - Reproducible Linux Distribution built around systemd

By Rok Garbas

Made with Slides.com

NixOS - Reproducible Linux Distribution built around systemd

  • 2,131

More from Rok Garbas