This repo provisions a minimal nix-R container setup intended to run efficient data science DevOps workflows.
- provision containers as remote builders for a nix store.
- provision containers for CI/CD environments, e.g. for data engineering purposes.
This is an experimental proof of concept to deliver a minimal alpine image provinding nix in a multiuser docker environment.
- Build the image on macOS or linux using pinned nix shebang scripts
# nix-shebang script
./build_container.sh alpine-nix .- Run the image
./run_container.sh alpine-nixI've been reading a lot on the internet and I was surprised to find that what I wanted seemed to be a a patchwork of existing problems and solutions. Point out to me if you think the ideas are stubborn or have security holes.
- Containers and Nix are a dream combo.
- I wanted the official nix bash install script to install CppNix. First, because the DetSys/Lix rust installer exits and does not like multiuser docker installation out of the box.
- Alpine images are usually intended to provide instances
- Create a container from a nix-shebang shell script that boostraps the docker
build environment from a reproducibly pinned
default.nix, provingpodmanandqemu(linux) orvfkit(macOS/darwin) virtualization.
Containers for runtimes such as Docker can also be built directly with Nix.
-
pkgs.dockerTools.buildImagecan make potentially smaller docker images. So yeah, the sameDockerfilecan maybe just be injected intopodman runusingresult. Say "hi" to declarativedocker.nixfiles for cross-platform nix builds. -
For example,
buildLayeredImagecan be used to get caching based on layer content.
vfkitis packaged in nixpkgs. It is a command line tool to start VMs through the macOS Virtualization Framework. That's the packaging request, and that's the PR adding it.- Short blog post by Robert Wachs,
which is a workaround to use impure
nix-shellandvfkitinstallation from system to makepodmanwork on macOS.
-
Blog by Mitchell Hashimot how on "Using Nix with Dockerfiles". Its a mature peace of text on how to build and ship applications using CI/CD using containerised Nix setups. It illustrates how to resolve having a separate environment for local development, CI, and building the final Docker image for for production purposes. *"These problems all go away with Nix."
-
Nixery: an ad-hoc container image registry that provides packages from the Nix package manager.
-
tazjin's blog: "Nixery: Improved Layering Design. Discusses layering strategies and algorithms that optimizes the layering strategy and minimixes caches.
-
Discord: "How to build a docker image with a working Nix inside it"
-
LnL7/nix-docker. Docker images for the Nix package manager. It is intended to easily "build a new custom baseimage using specivfic version of nixpkgs", or set up an image that can be used as a remote ssh builder.
-
Repo
nix-community/docker-nixpkgs. A set of Docker images produced with Nix and latest nixpkgs package collection. E.g. providesdocker.nix-community.org/nixpkgs/kubernetes-helm
-
Nested virtualization is used to run Hyper-V inside a Hyper-V virtual machine (VM). According to this Microsoft doc, this is e.g. useful for "Running applications or emulators in a nested VM". Hey, that's our use case building nix derivations.
-
Apparently only Windows 11 supports nested virtualization
-
RedHat blog "How Podman runs on Macs and other container FAQs". Deep dive that helped me to understand how the podman client is interacting with the VM, and how QEMU injection processes etc. work.
- [Xe Iaso: blog titled "I was Wrong about Nix"]https://xeiaso.net/blog/i-was-wrong-about-nix-2020-02-10/().
-> npins is successor: https://vaibhavsagar.com/blog/2018/05/27/quick-easy-nixpkgs-pinning/ https://jade.fyi/blog/pinning-packages-in-nix/
-> no nested virtualization
Running applications or emulators in a nested VM
Testing software releases on VMs
Reducing deployment times for training environments
Using Hyper-V isolation for containers