Packaging Services with Nix
17
Packaging services with Nix By Jonas Chevalier (aka. zimbatm)
Transcript of Packaging Services with Nix
Packaging services with Nix
By Jonas Chevalier (aka. zimbatm)
Hi !
Real-world experience
“Excel on steroids”
http://www.alphasheets.com/
● Mono-repo
● Frontend written in React-js
● Backend written in Haskell +
python + Java + R
● Deploying on Kubernetes
What is Nix?
Pure build system + Functional language
≃Composable + Reproducible builds
https://nixos.org/nix/
Composable? Reproducible?
Key: “/nix/store/${sha256(build inputs)}”
Value: sandbox-build(build inputs)
=> tree
Language?
{ lib, mkYarnPackage, srcPath ? ../../frontend }:
mkYarnPackage {
src = srcPath;
packageJson = srcPath + "/package.json";
yarnLock = srcPath + "/yarn.lock";
buildPhase = ''
yarn build
'';
installPhase = ''
mkdir -p $out/var
cp -r dist/ $out/var/www
'';
}
Nixpkgs
https://github.com/nixos/nixpkgs
~12k packages
Actively maintained w/ security updates
Binary cache
TODO apphttps://github.com/numtide/todo
mvc-nix
Use TodoMvc as an example
CI / CD pipeline
Monorepo -> Docker image -> Push to registry -> Deploy changes
What do we want?
CI
☐ Only build what has changed
☐ Run tests when the code has changed
☐ Build containers from each services
☐ Only ship the runtime dependencies
☐ Manage security updates
Developer
☐ Application dependencies available
☐ Reduced dev/prod parity for debugging
☐ Access to pre-built binaries
DemoWish me luck
What do we get?
CI
☑ Only build what has changed
☑ Run tests on all the code that has changed
☑ Push containers to registry
☑ Only ship the runtime dependencies
☑ Manage security updates
Developer
☑ Application dependencies available
☑ Reduced dev/prod parity for debugging
☑ Access to pre-built binaries
Some downsides
● Not mainstream yet, less StackOverflow juice
● Developers are now required to install Nix
● Limited incremental builds compared to language-specific
● Missing tool to cull the container images
● Nix slower than Yarn on fetch
The
endQuestions ?
Thanks
https://zimbatm.com/
https://twitter.com/zimbatm/
https://github.com/numtide/todomvc-nix
Docker Problems
● Unnecessary rebuilds
○ With shared libraries
● Handle security updates
● Only run tests for components that change
● Minimal containers, don’t ship build dependencies
● Developer dependencies
● Dockerfiles are not composable
