Packaging services with Nix By Jonas Chevalier (aka. zimbatm)
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Packaging services with Nix
By Jonas Chevalier (aka. zimbatm)
Hi !
Real-world experience
“Excel on steroids”
http://www.alphasheets.com/
● Mono-repo
● Frontend written in React-js
● Backend written in Haskell +
python + Java + R
● Deploying on Kubernetes
What is Nix?
Pure build system + Functional language
≃Composable + Reproducible builds
https://nixos.org/nix/
Composable? Reproducible?
Key: “/nix/store/${sha256(build inputs)}”
Value: sandbox-build(build inputs)
=> tree
Language?
{ lib, mkYarnPackage, srcPath ? ../../frontend }:
mkYarnPackage {
src = srcPath;
packageJson = srcPath + "/package.json";
yarnLock = srcPath + "/yarn.lock";
buildPhase = ''
yarn build
'';
installPhase = ''
mkdir -p $out/var
cp -r dist/ $out/var/www
'';
}
Nixpkgs
https://github.com/nixos/nixpkgs
~12k packages
Actively maintained w/ security updates
Binary cache
TODO apphttps://github.com/numtide/todo
mvc-nix
Use TodoMvc as an example
CI / CD pipeline
Monorepo -> Docker image -> Push to registry -> Deploy changes
What do we want?
CI
☐ Only build what has changed
☐ Run tests when the code has changed
☐ Build containers from each services
☐ Only ship the runtime dependencies
☐ Manage security updates
Developer
☐ Application dependencies available
☐ Reduced dev/prod parity for debugging
☐ Access to pre-built binaries
DemoWish me luck
What do we get?
CI
☑ Only build what has changed
☑ Run tests on all the code that has changed
☑ Push containers to registry
☑ Only ship the runtime dependencies
☑ Manage security updates
Developer
☑ Application dependencies available
☑ Reduced dev/prod parity for debugging
☑ Access to pre-built binaries
Some downsides
● Not mainstream yet, less StackOverflow juice
● Developers are now required to install Nix
● Limited incremental builds compared to language-specific
● Missing tool to cull the container images
● Nix slower than Yarn on fetch
The
endQuestions ?
Thanks
https://zimbatm.com/
https://twitter.com/zimbatm/
https://github.com/numtide/todomvc-nix
Docker Problems
● Unnecessary rebuilds
○ With shared libraries
● Handle security updates
● Only run tests for components that change
● Minimal containers, don’t ship build dependencies
● Developer dependencies
● Dockerfiles are not composable
Related Documents
