What do you think of Nix? Can it replace containers on your laptop (for tools, not apps)?
@SuperHeroINTJ10 ай бұрын
Nix does not do distributed deployment (multi-host) [of applications/containers], I use Kubernetes for that. So I use Nix for the host (servers, workstation), development environment and containers. But not for deployment beyond a single host.
@sligit10 ай бұрын
I run NixOS on my desktop and laptop and I like it a lot, but I'm not comfortable enough with the Nix language to really use it effectively for building my own packages and environments yet, it has quite a steep learning curve.
@DevOpsToolkit10 ай бұрын
@SuperHeroINTJ I do not use Nix to run apps. That's where kubernetes excels. I use it as ephemeral environments for tools i need.
@DevOpsToolkit10 ай бұрын
@sligit oh yeah. It has a very steep learning curve if you want to go beyond simple use cases. For me it works well since I'm not building packages or doing anything "fancy". I use it almost exclusively as ephemeral ebbs for tooling (not apps).
@sligit10 ай бұрын
@@DevOpsToolkit Yeah it's great for that.
@arnabseal762910 ай бұрын
I'm loving the fact that someone is finally speaking about this! ❤
@wolfymaster10 ай бұрын
Viktor - your use case is the exact same use case I have had teaching students and nix has become a foundation in the platform I am building. Love hearing your experience!
@itssoaztek459210 ай бұрын
A video which addresses more Nix features would be awesome.
@SuperHeroINTJ10 ай бұрын
Nix has it's own CI called Hydra for continuously building Nix packages. Hydra can upload to a S3 storage, then you consume Nix packages from binary cache (S3, etc). Hydra is a bit more clever when building packages because it sends individual packages to cache instead of doing full builds and only then sending to cache. This is helpful when having lots of builders building simultaneously. It is possible to re-use cache early. I'm unsure if Nix without Hydra does that too.
@SuperHeroINTJ10 ай бұрын
Nix is amazing good. I have been using to synchronize all my 24 hosts, host K3s, and to generate containers. Yes! Nix generates containers that are equal bit by bit no matter in what environment. And in a declarative manner!
@SuperHeroINTJ10 ай бұрын
Nix unifies the software stack. The dependency chain is same be it on a host, server and containers. Nix builds once. Then, you can re-use the artifact/cache everywhere. Also supports Musl. It can generate container images smaller than Alpine when using NixNG.
@Fabian-_-10 ай бұрын
Nix is awesome, switched to NixOS on everything, doing local dev with Nix and custom modules, doing CI with Nix and Gitlab through a custom module, etc. I want Nix everywhere, it's extremely nice as a developer to be able to configure and "program" everything, like writing custom modules etc.
@lucianogs10 ай бұрын
Thank you for the amazing video. Your ability to showcase the tool while teaching how to use it is truly a superpower!
@conundrum2u10 ай бұрын
nice video. I've been using nixOS for a few months now and as a developer it simplifies my workflow significantly and for all of the languages and frameworks I use. no more worry about version conflicts. one thing I was going to mention about nix and build environments in containers, I would absolutely reduce the size of all ontainers by volume mounting the nix store.
@slavikdoter10 ай бұрын
Please pin this
@codingcocoon10 ай бұрын
Finally, an explanation of Nix package manager that I can understand. Thank you so much for this video.
@yol198210 ай бұрын
Also kinda nice to use the nix dockertools to build your container images.
@dandogamer10 ай бұрын
Wow this is insane! I do some contracting on the side and often have to download various software to work on different projects (I cant imagine how much random clutter I have rn), this can greatly simplify my workflow for different clients. Then once the project is done clean up is super simple!
@DevOpsToolkit10 ай бұрын
That's my primary usage of Nix. Spin up what I need when I need it and destroy it once I'm done. Since everything I work on is in a Git repo, I just keep `shell.nix` in each and start my working session with `nix-shell`.
@SeanCCosgrove10 ай бұрын
At work we use nix flakes in each repo defining tools (and specific versions) required for deploying and working on what's in the repo, e.g. terragrunt, terraform, kubectl, etc. Overall it's been handy, We've considered moving to containers instead for that use case, but since it works it's not a high priority, and doubtless there are pain points we'd run into.
@ErnestGWilsonII10 ай бұрын
❤ Wow, very nicely done and what a great find! I can tell you times when my world changed, VMWare, docker, lambda, python virtual environments, and now NIX shell! This is indeed, a game changer, thank you for making this video and sharing it with all of us! I am now subscribed to your channel with notifications, enabled, and of course, thumbs up! Thank you, Ernie in Pennsylvania
@snowke509510 ай бұрын
Very interesting. I really like that they are solving this problem. Thank you for sharing!
@timstewart280010 ай бұрын
This great video rekindled my interest in Nix. Thank you so much!
@sharperguy5 ай бұрын
There is a lot of work still to be done on making every development environment work well with Nix But the great thing is that once you get something setup and working, it is very easy to publish that code so others can use it too.
@scottscoble250010 ай бұрын
I was talking with my team about Nix right before this video went up. It's an incredible piece of tech. I'm exploring how to separate runtime dependencies and build artifacts using nix flakes; this might also make a good video. Well done.
@BeyondTypeScript10 ай бұрын
Amazing content! Thank you for sharing! I recently started exploring nix and I think this is pretty exciting for the reason you mentioned in the beginning - keep the mac virgin and lightweight. I am curious about mixing nix with tmux and nvim.
@IvanRizzante10 ай бұрын
Thanks for another great video! Generally speaking I find this approach good whenever you want to have your tools with you to do something ephemeral, the CrossPlane course example is nicely fitting here. In that case the container approach may be overkilling. I even think that there are similarities here with the container based approach, like you have to install nix on the host, you still have a local cache of what you install, and so on. My preference still goes to containers whenever you're able to define a set of tools that you always use for some reason, for example when preparing a develoment environment. Containers in my opinion are great to enable remote development with tecnologies I use, like devcontainers and DevPod. Certainly I woudn't use them to run pipelines locally!
@DevOpsToolkit10 ай бұрын
I agree. When working remotely, containers are a better choice. But, when local work is in wurstion, i switched fully to nix, except for the apps themselves.
@IvanRizzante10 ай бұрын
@@DevOpsToolkit sorry I didn't notice that you already wrote "except for the app themselves" before! I agree this is a better approach
@igortalic202110 ай бұрын
Odlican video i kanal, ne znam kako tek sad nailazim na njega! Pozdrav :)
@Michael-sh1fb10 ай бұрын
First time viewer, recommended by the algorithm. I subscribed :)
@aosamai10 ай бұрын
fantastic video and explanation, many thanks.
@JimMendenhall9 ай бұрын
Thanks for this!
@emjones809210 ай бұрын
I would love to see this catch on. I've been running nixos on one of my machines for a month/so and I love the implications on sscm this ecosystem has
@bhomiktakhar822610 ай бұрын
Nix looks like a great tool for ex2 based automations.
@1oglop12 ай бұрын
From experience, nix in theory works great, in practice most Nix users spend their weekends configuring/fixing Nix.
@valter_silva_au10 ай бұрын
Very keen to know your thoughts on comparing this approach with immutable infrastructure. Great video by the way!
@DevOpsToolkit10 ай бұрын
I would not compare it with immutable infrastructure. I use Nix to generate local environments, mostly focused on tools I need. My apps are still running in containers which are running in Kubernetes in one of the hyperscalers.
@ryebridgeriver54733 ай бұрын
Love your work, can you please share your advice on a backup strategy for kubernetes ? I’m hearing good things about Velero.
@DevOpsToolkit3 ай бұрын
Adding it to my to-do list...
@ChrisHalden00710 ай бұрын
Great video. Thanks
@starrwulfe10 ай бұрын
Nix makes it totally easy to make portable OS agnostic development environments everywhere as well. I have a folder where I'm teaching myself GoLang by building a web CMS app/framework and I can use my Mac or Windows (running WSL) or even in a NixOS VM. So whenever I have some free time, Just pop into one of the environments, do a git sync, tinker and code, git sync and done!
@DevOpsToolkit10 ай бұрын
That's my favorite use case. Put nix shell file into a repo and everything i need to work on it is there.
@nenharma825 ай бұрын
Leaving a lot of comments on your vids lately.. I’m really getting into Nix and ephemeral shells and environments because of your videos and it’s a great solution for a problem that has existed like forever. Why is nobody using it? I quickly pitched it to a team of devs I’m working with and some were interested and others just made fun of it… I’ll slowly adopt it further until I find the reason why nobody else is using it 😅
@DevOpsToolkit5 ай бұрын
I'm not sure that "nobody" is using Nix. I feel that the number of Nix users is steadily growing. I might not be as mainstream as, let's say, Kubernetes, but it's getting there.
@RobFisherUK10 ай бұрын
I've been using this for a while now for work stuff. The other important thing can be to get everyone using the same versions of things. You can do this with flakes. The file is flake.nix, inside you define one or more devenvs, and the command is nix develop. The first time you do this you get a lock file that specifies the versions.
@alessandro-affinito10 ай бұрын
The idea is cool, cgroups and namespaces should be enough to have an isolated and reproducible ci. Also LXD containers. But they're still not useful for a mature CI environment where you need to integrate with an IDE for building and debugging code, export artifacts like reports, security scanning and signing immutable layers. Are they going in this direction with Nixos?
@DevOpsToolkit10 ай бұрын
Assuming that you're talking about local IDE, Nix Shell works like any other Shell and everything you're normally using in an IDE should still work. P.S. That video is all about Nix Shell, not NixOS.
@alessandro-affinito10 ай бұрын
@@DevOpsToolkit sry I meant nix shell for the CI and nix Flakes for the CD
@DevOpsToolkit10 ай бұрын
I'm not sure I understood. Why would you use an IDE in pipelines (CI)? Independently of that... If you do use Nix in Pipelines, it is effectivelly a replacement for containers (for tools, not apps).
@alessandro-affinito10 ай бұрын
@@DevOpsToolkit I mean we need the same tool with same settings to be available as in the ci pipeline as in the development process ( integrated with the Ide possibly) as we do today with docker. I don't know if today this is already possible to replace with nix ecosystem.
@DevOpsToolkit10 ай бұрын
@alessandro-affinito you're right. If everything needs to be exactly the same, you need to choose one of those (Nix or containers) and use them everywhere. That will also mean that you will not be able to use IDE for any tasks. If everything needs to be exactly the same and given that IDEs are silly to use in pipelines, they are out as well. Personalky, I think those are extremes that are not beneficial.
@bingolio6 ай бұрын
Great Vid. Would love to hear more about why Docker was a no go VS nix pkg mgr vs Distrobox
@robdewhirst752510 ай бұрын
This was the best Nix tutorial I have seen so far, and I have given up on a couple of them. I was really excited until I saw Windows requires WSL2. As a minority linux user I often want to share my TTPs with my majority Windows colleagues but if they have to install WSL I might as well stick to containers.
@DevOpsToolkit10 ай бұрын
I think that WSL is a must, no matter whether one uses Nix or not. Most of what we do is on Linux and being able to be in a similar environments as production is important. On top of that, trainings, tutorials, scripts, etc. (almost) always assume that one is using Linux or Unix . MacOS is essentially a UI on top of Unix. There are many other reasons but it all boils down to Linux/Unix being a standard. WSL is, in my opinion, the most important addition to Windows. P.S. I rarely use Windows myself so I might be completely wrong on that one.
@pumpalBo10 ай бұрын
@@DevOpsToolkit WSL + the 'Windows Terminal' store app. But people are so lazy or so hard to make make a change of what they are used to... I'm tired talking colleagues into start using WSL, tired of seeing someone going VS Code + PS for terminal - it's beyond me why it's so big of a hesitation for most people ..
@pumpalBo10 ай бұрын
@@DevOpsToolkit WSL + the "Windows Terminal" app from the store! Mentioning it here as I know some people have never heard of it, and IMO this is the closest you can get to a real Linux multitab terminal. WSL also pairs nicely with VSC with the WSL extension which is another "a must" .
@patrickprucha552210 ай бұрын
thank you for the very informative video!
@aldrickdev4 ай бұрын
Great video, though I wanted to know, what do I do if I want to install a tool of a specific version? For example if I want my shell to have go version 1.20 (not the latest), how do I specify that?
@DevOpsToolkit4 ай бұрын
You can specify versions but, before you do, I strongly suggest checking devbox (there is a video on this channel). It greatly simplifies versioning and quite a few other things related to nix packages.
@easmithdev9 ай бұрын
Hi Viktor. I'm curious about something in your demo. You were using "kind" in your nix-shell, but I didn't see you also add Docker to the package list for the nix-shell environment. Does nix-shell install Docker as a dependency to "kind"?
@DevOpsToolkit9 ай бұрын
It does not work with Docker. I do not use Nix Shell for any non-cli app like VSCode, Slack, or Docker, but only for CLIs.
@easmithdev9 ай бұрын
@@DevOpsToolkit I see. So, to use Kind while in a nix-shell, you also need to install Docker separately (outside of nix-shell) on the host, right?
@DevOpsToolkit9 ай бұрын
@easmithdev i think so. I haven't tried to run docker through nix so i might be wrong.
@BarakBarOrion10 ай бұрын
Nix is great, Nixos is even better
@shiftx99910 ай бұрын
Wondered when you would cover this :)
@ScrotoTBaggins10 ай бұрын
That intro goes way harder than expected
@ekolteenarp10 ай бұрын
In the context of local development, sure you may not need containers. But I think you'll agree that containers are still very much desirable for other things.
@DevOpsToolkit10 ай бұрын
Absolutely. All my apps run as containers in production and since i ephemeral environments to be as close to production as possible, apps are always in containers. I do not use Nix to run my apps. I use it to get the tooling required to work on a project.
@ekolteenarp10 ай бұрын
@@DevOpsToolkit it's just that the title made it seem like one doesn't need containers at all :)
@DevOpsToolkit10 ай бұрын
@ekolteenarp true. I should change it.
@MrMotoX45010 ай бұрын
Wow this changes everything! BUT....there is 1 major flaw. I started setting up my configs and immediately noticed that there is no real way to specify the package version. For example, I need an older version of the Velero cli to match the version of Velero running on the cluster, however nix does not seem to have anything like velero:1.9.4. And no, I don't want to go to lazamar and specify the tar hash in my configs for each package.
@conundrum2u10 ай бұрын
so if you take a look at the nix package repository in a lot of cases you'll see the mainline package having a bare name, "python" for example which is currently at version 3.11 and different versions having different package names, like "python312" for the release candidate version. when you're building your shell.nix obviously you can use those packages, but if your needed version doesn't exist, then you may need to create your own nix repository. then it becomes as simple as copying one of the other build expressions, updating the source location and hash (which nix-build does for you) and giving it a package name that matches the version. then all you have to do is specify that channel in your nix shell script and you're good to go. it's really not as bad as it sounds
@Muaahaa10 ай бұрын
Nix is very good, and Nix Shell is a killer feature. Wish more OSS supported it to make contributing easier to get started with.
@squalazzo10 ай бұрын
there's a fundamental aspect completely missing in your video: versioning... does nix-shell support package versioning? How can i use a fixed nodejs or java or anything else version? at work we use various script with asdf to allow this kind of setup, with specific versions based on the directory you go into, thanks to direnv... and we had to take care of fixing the asdf azure-cli plugin because it didn't work anymore after python update to 3.11, for example...
@DevOpsToolkit10 ай бұрын
Yes it does support versioning.
@biscotty666910 ай бұрын
One of nix's strengths is the granularity of it's pinning... not only version level but commit level. Dockerfiles are convenient but don't ensure true reproducibility while building a Docker image with nix does (no apt install/update stuff...)
@adityaavanth34510 ай бұрын
You can also make a video on devbox which uses nix for dev environments.
@DevOpsToolkit10 ай бұрын
Adding it to my TODO list... :)
@solidguy0110 ай бұрын
you've beaten me to it 😅
@DevOpsToolkit9 ай бұрын
Done: kzbin.info/www/bejne/jZqpfaeZd9t6g7c
@neutral13910 ай бұрын
Nix is awesome and there is a newer way of doing this (different, not specifically better) using just the `nix` command. However, it might be an issue for your purposes because by default the commands are not enabled.
@ArchaicDemise-ex1lq10 ай бұрын
I really like nix containers for some uses, but I'm still new to them - can nix environments block access to the computer, I'm more and more using containers and have zero dev tools on my host because I can't trust the package maintainers to not be crooked or get hacked. Especially with the npm/node.js ecosystem, my new dev box has zero node.js /npm/yarn etc on the host.
@DevOpsToolkit10 ай бұрын
You need to trust someone or something. If you're using containers as a way to install tools, you still have packages either through base images or by adding `apk install` or whatever you might be using. Unless you are using Linux on your laptop, those containers are running in VMs which is isolated but you are probably mounting volumes and processes so it's not bullet proof either. At the end of the day, you need to trust something unless you're willing to inspect the code of whatever you're using.
@ArchaicDemise-ex1lq10 ай бұрын
@@DevOpsToolkit I've been a long time linux user, for 30 years or so. So I know the foundations of trusting trust. I'm careful about what to trust and NPM/Node.js have proven to me, that they are not trustworthy at a rate that is high enough to just give them access to my machine. I expect that docker and the container ecosystem that is powered by the linux kernel to be robust enough to prevent the random arbitrary code from encrypting the entirety of my harddrive and returning it for the cool sum of a single bitcoin. I know that it will not stop an exfiltration bot or a crypto miner from running I never allow the docker socket to be mounted, so they cant use that to elevate privileges and I'm aware there could be bugs that get exploited overall I don't mind random code running on my machine so much as I just don't want it to screw over my day. I'm just worried about the liability of lost productivity due to something malicious happening to the data on my computer. The policy of 'default to everything open' was design of the past, and should be considered deprecated at some cost but not all costs.
@Danijam210 ай бұрын
How do you compare Nix versus DevContainers? Can Nix help with the problem of enabling repo maintainers to declaratively set the development environment for anyone who cloned and attempts to build the repo source?
@DevOpsToolkit10 ай бұрын
I prefer using it for local development. For remote stuff containers are a better choice.
@biscotty666910 ай бұрын
Nix excels at this. By using a shared nix config all developers are ensured the EXACT same environment, fully provisioned, with a simple command. Docker containers are good for deployment/distribution and can be used to share dev environments but that's what nix is best at. You used the word "declare" which hits the nail on the head: nix is declarative while containers are imperative.
@syrus3k10 ай бұрын
The nix hash bang thing is the killer feature here... Love that!
@cheebadigga409210 ай бұрын
I know Nix and I've always wondered if we should use a Nix-based container image, or a scratch-based container image with a static nix-shell (if that's even a thing), for example for pipelines. I still have no solid conclusion
@shiftx99910 ай бұрын
Nix is first and foremost a language of the functional kind, which just so happens to be able to build and install packages. Now cover flakes, you'll love them, honestly. Reusable Nix.
@aggranular10 ай бұрын
I like to think of nix as being primarily a software deployment model. As per Eeclo’s thesis. The nix language is just a (partial) means of realising this model. You could create and build derivations without using nix language at all. tweag’s blog post: “NIX - TAMING UNIX WITH FUNCTIONAL PROGRAMMING” is a good, and relatively short exposition of the core ideas
@jsaenzMusic10 ай бұрын
I've been hearing about Nix for a while now and love the appeal. However, I see a lot of similarities to cloud- init. Not necessarily the ephemeral stuff, but more the reproducibility via a central config. It seems you can create ephemeralility via a cow file system with snapshotting capabilities but of course would have to roll up the solution yourself to leverage cloud-init. Curious what your thoughts are. Have been really appreciating your channel and videos. Also heard you as a guest on the Dev-Ops Podcast. Thanks for your content!
@homfes6 ай бұрын
I'm still not convinced that this can replace containers. I see in this video that I can come up with a file that gives the users a set of programs that are required in the environment. What I don't see is how the configuration of those programs can be used as well. Your statement about "oh-my-zsh" custom prompt tells me that the base operating system's configuration is used in the nix shell. What should I do if I want the environment to have its own zshrc file without bothering the user's configuration?
@DevOpsToolkit6 ай бұрын
I don't think it is replacing containers for running apps but, rather, for tools needed locally or in pipelines. Also, I would recommend devbox instead of using nix directly.
@homfes6 ай бұрын
@@DevOpsToolkit Thanks. I will try to look more into devbox to see if it will fit my needs.
@homfes6 ай бұрын
I decided against using devbox. I was looking for an alternative to using a container. I'm not sure how janky the solution is but what worked for me is setting the $HOME variable to the directory that runs the nix shell. I had to do it shellHook.
@DevOpsToolkit6 ай бұрын
@homfes have you tried creating a container image with devbox?
@homfes6 ай бұрын
@@DevOpsToolkit I did not. When I loooked into devbox, it just seemed like an addiitonal layer over nix that doesn't immeidately address my initial concern with Nix itself so I just explored a solution without it.
@biscotty666910 ай бұрын
I don't think that this has been stated explicitly...nix provides truly reproducible build environments (which containers typically don't/can't). Nix is not a deployment tool. It can produce a Docker image without needing a Dockerfile. Then you deploy with k8s or podman (or docker itself if you must ;-) Docker and nix are different tools for different purposes. Nix is for consistent builds and dev environment.
@IonMudreac10 ай бұрын
direnv could be even simpler as you can select cource for separate gcp azure aws
@DevOpsToolkit10 ай бұрын
I'm using Charm Gum scripts so that people can choose and provide info interactively.
@rubenhakopian10 ай бұрын
Very nice! Would you suggest using nix when building pipeline containers vs doing apt-get installs and lots of other makeshift things?
@DevOpsToolkit10 ай бұрын
My recommendation would be to do neither. Build images with what you need and use them in pipelines. They are well equiped to use containers. Switch to nix if that is not an option (which is rarely the case).
@martinchlumsky422610 ай бұрын
How does Nix handle pinning versions of packages? And how up-to-date are the packages?
@DevOpsToolkit10 ай бұрын
You can specify a version so instead of `normalPackages.nodejs` you can set it to `normalPackages.nodejs-12_x`. As for how up-to-date packages are... It depends on maintainers of a specific package (just as anything else in open source depends on maintainers). My personal experience is that packages are up-to-date most of the time, sometimes one version behind, and rarely old.
@martinchlumsky422610 ай бұрын
@@DevOpsToolkit thank you!
@Norfeldt10 ай бұрын
Looks very interesting. You say it will allow windows, macOS and Linux devs to work on the same repo in the same env, but what about a repo that uses symlinks?
@DevOpsToolkit10 ай бұрын
I haven't tried it with symlinks, but i guess it should work.
@Norfeldt10 ай бұрын
@@DevOpsToolkit i just asked Bing chat and it said that would still be an issue 😢
@Norfeldt10 ай бұрын
A case (for me) of using symlinks would be one repo with one directory for front-end and one for backend and then having shared types files between them
@DevOpsToolkit10 ай бұрын
I haven't tried that but it should be easy to verify.
@zoop217410 ай бұрын
I tried nixos 4 years ago and was basically just confused. I got kubernetes to work on it but due to it not using standard paths longhorn didn't work. So I put it away. But now there's a lot more tutorials available for it and I'll try again to daily drive it.
@SuperHeroINTJ10 ай бұрын
Longhorn works fine in NixOS. The solution for that problem is simple: Just extend PATH environment variable this way: "PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin" I usually use Kyverno for that.
@SuperHeroINTJ10 ай бұрын
NixOS K3s has been well maintained. @euank did good work there.
@zoop217410 ай бұрын
@@SuperHeroINTJ that's cool, this workaround wasn't available then - but I switched to Talos for K8S deployment now already, which just recently got longhorn support :)
@mintoo2cool10 ай бұрын
it's like virtual environment but for the shell .. very nice. this seems to be a great tool for managed/hosted development environments.
@gskluzacek10 ай бұрын
so I'm assuming that Nix would only be able to handle stuff that is command line driven in nature, it won't be able to do stuff with like GUI IDEs, correct? Say for example if I was using PyCharm and I wanted to use Nix to install a whole bunch of tools, there wouldn't be anyway to get PyCharm to use those tools installed by Nix? Like a specific version of Python say or c compilers etc.?
@DevOpsToolkit10 ай бұрын
Not sure... I use it almost exclusively to setup CLIs since i tend to work trom a terminal most of the time (excluding editing and observability).
@MattiaMari10 ай бұрын
In my very limited experience with Nix, I solved this by installing my IDE in the nix shell and then running it from the nix shell itself. I don't know if a better option exists.
@sureshadapa719410 ай бұрын
What about kernel and os arch type bindings? More on shift left / true devops point of view
@neogeo826710 ай бұрын
Struggling to understand something - I see how nix-shell can standardize development environments across developers (awesome) but then when it comes time to replicate the same environment on production machines, how would one do this without also running prod in nix (likely not great / isolation etc?) Very interested in this tool - thank you.
@DevOpsToolkit10 ай бұрын
I do not use Nix to create environments where apps are running. I use Kubernetes, preferably remote, for that. My use case for Nix is to standardize tooling I need for developement. For example, the project I'm working on right now, needs `gum`, `git`, `gh`, `helm`, `kubectl`, `kind`, `yq`, `jq`, `bat`, `buildpack`, and `aws`. Instead of having all those permanently installed on my laptop, I just enter the directory with the repo and execute `nix-shell` which picks up those tools from the `shell.nix` file in that same directory. On top of those, it is, at least for me, extremely useful when experimenting. Instead of constantly accumulating new CLIs instelled with `brew` and, probably, left on my laptop forever not matter whether I use them or not, I just pull them into `nix-shell` session and `exit` when finished. In other words, `nix-shell`, in my case, is not a replacement for app environments but, rather, a temporary env. that brings me all the tools I need. On top of that, anyone who wants to work with me on the same project can just start a `nix-shell` session without having to worry whether he or she has the tools I use.
@neogeo826710 ай бұрын
@@DevOpsToolkit thanks for keeping me on the rails. We've struggled for long enough with unification of development environments and runtime environments that my brain didn't recognize the contrast between the tooling bits and the runtime bits. I can see how this would be extremely valuable for that. Presently we use docker to handle rt environment but do nothing for tooling. I'll be considering that now that I'm presently and consciously aware of that divide. Thanks again
@ifzhafrzv34910 ай бұрын
Which most lightweight, nixshell or container docker?
@DevOpsToolkit10 ай бұрын
I prefer Nix for tools and containers for apps.
@javisartdesign10 ай бұрын
Nice tool! really eager to start using it and see use cases. It would work with packages that requires sudo priviledges?
@DevOpsToolkit10 ай бұрын
Yeah. It's essentially a (more powerful) Shell.
@ffelegal10 ай бұрын
My fear of using this shiny new ways of installing packages/environments is that I never know if I'm stalling a compromised version of the package. I still prefer to install something the way the producer recommends rather than a more practical, well intentionned packager. But maybe I'm just paranoide. Containers at least are a little bit sepparate from your OS, nix shell looks like python virtual environments, a workaround with PATH. Anyway, thanks for the video.
@strayferal10 ай бұрын
Hmm. Very interesting. But how much reliable is this? I will try it anyway...
@russianbotfarm303610 ай бұрын
Actually starts at 5:00.
@joebowbeer10 ай бұрын
Going in, I'm hoping you will compare nix to what I would naturally turn to: devcontainer and devpod. (Is nix the emacs of k8s?) After watching, it will be interesting, for me at least, to find out how wrong I was going in. Nix runs as non-root with seccomp restrictions?
@DevOpsToolkit10 ай бұрын
Nix is many things but, in my case, it is first and foremost a way to start a shell with all the tools i need without installing any of them on my machine. Devpod is, essentially, a VM.
@joebowbeer10 ай бұрын
After watching, I wonder which (PSS) admission policies I need to disable on my namespace before I can run nix.
@DevOpsToolkit10 ай бұрын
@joebowbeer i never tried running it in kubernetes (assuming that's what you meant by namespaces). I don't see it being of any use there.
@joebowbeer10 ай бұрын
@@DevOpsToolkit oh! I was thinking the title referred to k8s ephemeral containers. sorry for not tracking.
@DevOpsToolkit10 ай бұрын
@joebowbeer that's my bad. I should have explained it better.
@nathanruben337210 ай бұрын
What about networking? nix or guix solves development environmenk in terms of libraries and dependencies, but one of containers appeal that you can create complicated stacks with private networking for dev, test, production environments....
@DevOpsToolkit10 ай бұрын
For me, Nix can never replace app environments simply because they need to mimic production as much as possible and that means either kubernetes or cloud services like Google Cloud Run. The part of nix that i am using is related to tooling using for development but does not go to production.
@Diemermakes10 ай бұрын
As far as the pipelines goes, why not just have your pipeline cache/restore that nix cache? Then you have a really clean setup that replicates your local dev without having to potentially manage both solutions depending on the context.
@DevOpsToolkit10 ай бұрын
I think I have a better solution which I'll explore in a video in a couple of weeks 🙂 What i was trying to say is that I'm not sure that rewriting pipelines to nix provides enough return of investment. For new ones it is a good option.
@cgalo4 ай бұрын
7:55 that script needs what now?!?
@DevOpsToolkit4 ай бұрын
That script uses 'gum' CLI.
@noext700110 ай бұрын
how network work inside a nix shell ? can i access a service running on the host ?
@DevOpsToolkit10 ай бұрын
I would not recommend nix as a destination for your apps. Use kubernetes for that. I use Nix as ephemeral environments for the tools i need, not for the apps.
@SuperHeroINTJ10 ай бұрын
@@DevOpsToolkit I think you should explore Nix for building containers. That is a very valid use case. And common too. And dependencies can be shared with shell. So it is less work than having to double package it for Dockerfile & Alpine.
@noext700110 ай бұрын
yes, its for a tool that connect to database to exec some sql script @@DevOpsToolkit
@jbadeau10 ай бұрын
There are a few tools in this space including, asdf, mise/rtx moonrepo proto, devbox.
@antonk162010 ай бұрын
what about security/isolation like firejail?
@DevOpsToolkit10 ай бұрын
I haven't used firejail so I can't comment on it.
@cowgod7710 ай бұрын
Very interesting, haven't dug into Nix yet, thanks for the intro. On a separate subject, I'm hoping you'll be talking about Apple's new Pkl language and how it compares with Cue for managing Kubernetes manifests. I've been meaning to dig into Cue, based on your past recommendations, but now I'm curious whether it makes more sense to look at Pkl. It sounds quite promising.
@DevOpsToolkit10 ай бұрын
I'm still in the process of experimenting with pkl. I need a bit more time before i start working on the material.
@DryBones11110 ай бұрын
The problem I have with Pkl is that it is built on an inheritance based model whereas CUE is explicitly immutable.
@DevOpsToolkit10 ай бұрын
That is indeed one of the big difference. Personally, i prefer CUE immutability but I also recognize that is one of the reasons for CUEs steeper learning curve.
@DevOpsToolkit9 ай бұрын
Here it goes: kzbin.info/www/bejne/hJ6UmqKNhbeFjLM
@hambroman10 ай бұрын
How does Nix work with secrets and authentication. If I start a Nix shell do I need to reconfigure ssh for example?
@DevOpsToolkit10 ай бұрын
Nix Shell is a shell just as sh or zsh or bash so there's no need to SSH into it.
@hambroman10 ай бұрын
@@DevOpsToolkit Sorry, I meant what is the nix way of setting up ssh or secrets to access other resources from a nix shell. For example does my ssh config used for github or a bastion host persist across nix shells?
@DevOpsToolkit10 ай бұрын
@hambroman yes it does persist. I think you're mixing OS with Shell. If i would create a new VM with NixOS, if would need new keys and what so not. However, I was just switching from one Shell, from zsh, to another, to nix-shell.
@patricklamprecht24010 ай бұрын
Maybe you can also do a follow up video on nix flakes
@DevOpsToolkit10 ай бұрын
Adding it to my TODO list... :)
@airman12246910 ай бұрын
I love the concept of Nix. But for some reason I personally struggle with getting everything working as I want. Probably because I’m so used to Arch, and recall much from Debian and Red Hat, and Nix is a total departure from those. Maybe one day I’ll get good with Nix. It does in fact appear to be superior.
@Qwertyuioia6 ай бұрын
big nix fan
@simranbanwait10 ай бұрын
Quality content
@alancaldelas10 ай бұрын
How is this different from something like Fedora CoreOS or Tumbleweed
@DevOpsToolkit10 ай бұрын
To begin with, it works on every OS. I, for example, am a Mac user who i not planning to ditch macOS for CoreOS.
@ivantomica10 ай бұрын
And if you like LISP, you might find Guix amusing. Based on (idea of) Nix, kinda 🙂
@ama05400010 ай бұрын
I tried Guix after using Nix for about a year, and it turns out that at least for me that guix was a gateway drug to more lisp. 7 years on guix now, and I'm addicted.
@USONOFAV10 ай бұрын
cube-cuttle or cube-control?
@DevOpsToolkit10 ай бұрын
I tend to say cube-cuttle but i heard others saying at least 5 variations of it.
@Barkley-tv9bu10 ай бұрын
Isn't it just a fancy flatpak?
@DevOpsToolkit10 ай бұрын
To begin with, Flatpack is a package manager for Linux while Nix packages work everywhere...
@tobeypeters10 ай бұрын
I'm confused ... Isn't nix a stand-alone OS? How'd you install it? You create a virtual machine with nixOS installed? obviously, not. Cause, I'd be easier to install docker and be given a container. Got to be missing something.
@DevOpsToolkit10 ай бұрын
Nix is quite a few things. I explored in that video only Nox Shell, not the OS.
@biscotty666910 ай бұрын
One of the confusing things about nix is what the hell it is 😊. Nix is both a package management system and a scripting language which can be installed on any OS. NixOS is an operating system built with nix but you don't need to run NixOS to use nix.
@DevOpsToolkit9 ай бұрын
Nix is indeed very confusing. It has a very steep learning curve and, as you said, it is too many things at once. Personally, I use it only as a package manager where those packages can be installed anywhere and are ephemeral in natuve. I don't use it directly but through Devbox (video is coming up tomorrow).
@geofftsjy7 ай бұрын
You said don't use nix for CI/CD pipelines, use containers. Agreed. You should rebuild those. But couldn't you just use nix in the container build? That way your dev and CI/CD environments use the same setup?
@DevOpsToolkit7 ай бұрын
I started doing that, but with Devbox instead of Nix directly.
@geofftsjy7 ай бұрын
@@DevOpsToolkit lol. After writing that comment, I saw your devbox video and have spent the last 24 hours rebuilding all my workspaces with devbox. I think I'm in love. I haven't tried the devcontainer/codespaces stuff yet but that will be huge.
@smthngsmthngsmthngdarkside10 ай бұрын
Does nix run on windows yet? No wsl2 doesn't count
@DevOpsToolkit10 ай бұрын
It doesn't (without WSL).
@marsrocket10 ай бұрын
This doesn’t address the problem of differing or missing library versions, which is why containers are a thing. If anything the ephemeral-ness of containers is a problem.
@DevOpsToolkit10 ай бұрын
Assuming that you're referring to tools we're using while developing and not libraries in app code (as what I shown in the video), you can pin them to any version you need.
@gzoechi10 ай бұрын
I started Nix 2 months ago. My biggest regret is that I didn't start earlier.
@shazmailz10 ай бұрын
Not clear to me how this is better than a writing a "Dockerfile" with the packages you need installed inside.
@DevOpsToolkit10 ай бұрын
Assuming that you are using windows or macos, containers are running in a VM and that complicates things like, for example access to binaries you already have installed, filesystem, local network, etc. Nix Shell is just a shell like bash or ish with the additional abilities to temporarily install additional packages.
@shazmailz10 ай бұрын
Ok but file systems and local networks can be mounted/exposed in containers. Access to other binaries on the system kind of goes against the notion of "isolated environments" as well.@@DevOpsToolkit
@DevOpsToolkit10 ай бұрын
@shazmailz you're right, but i think we're talking about different types of environments. I guess you're referring to preview environments like those you would spin up when creating a PR while I'm talking about a way to create an ephemeral environment that will bring me all the tools i need while working in my laptop. In that case, i am not concerned about isolation and i still run my apps as containers one way or another. What i was talking about is s way to bring in all the tooling i need (e.g. kubectl, jq, yq, g loud, etc.) in a way that is not permanent. I got sick of having thousands of random binaries/CLIs floating around my laptop, many of them to be used sporadically, some even never again. When i execute brew list, I do not even recognize more than half of the output.
@BDnevernind10 ай бұрын
I'm still confused as to the difference/advantages. This is exactly how I use a Dockefile that can be built according to local context, filesystem mounted, run interactively or truly ephemerally (one command at a time), using just what is needed from the host environment, and deployed to pipeline. Requires the same number of prerequisites on every host system (including WSL on Windows). And you can deoloy the same image to CI/CD, no duplication. I see no effective difference but I know i must be missing something.
@DevOpsToolkit10 ай бұрын
@BDnevernind I'm was not talking about the pipelines but the tools (CLIs) you need while working (e.g. kubectl, yq, jq, helm, nodes, etc.). Are you spinning containers for those while working on your laptop?
@BeOnlyChaos10 ай бұрын
And now onto nix flakes? :D
@DevOpsToolkit10 ай бұрын
Correct
@shadowangel-ou6bg10 ай бұрын
seems to have issues with selinux.
@gzoechi10 ай бұрын
Combining what you demonstrated with direnv which makes it even more convenient. It's also a rather minimal use case for what Nix provides.
@pmarreck10 ай бұрын
I think everyone who knows a certain amount of Nix would love to use it for deployments... AND YET... The way to do this seems forever non-obvious
@Rundik10 ай бұрын
Why gh and not git?
@DevOpsToolkit10 ай бұрын
gh Has some GitHub specific commands like, for example, to fork a repo or to create it.
@biscotty666910 ай бұрын
Going to the website to create repos always annoyed me. With the CLI I can just `"git repo create" and I don't have to open my browser. Plus other conveniences.
10 ай бұрын
I like the prospect of nix. But the installation and removal of nix itself makes it a hard sell for my team members
@gerryn210 ай бұрын
I guess you never heard about packer and vagrant.
@DevOpsToolkit10 ай бұрын
I know that one can create a VM as a work environment but that is cumbersome. That's why we have containers.
@gerryn210 ай бұрын
@@DevOpsToolkit Docker isn't commercially available for free anymore though...
@DevOpsToolkit10 ай бұрын
Docker isn't, but Docker is only one of many ways to run containers. Have you tried Rancher Desktop?
@gerryn210 ай бұрын
@@DevOpsToolkit You're right. Still. Ecosystem needs to equalize for a solution that the big players want. Right now that's VMware (which is rapidly falling apart ofc), and Hyper-V. These engineers come for cheap and they do good work, these platforms are GOOD. Arguably Hyper-V has an advantage today because of inconclusive licensing. In my opinion - containers are proper for certain endpoints you want to access, but for your major infrastructure - I would still go for local AD, exchange at azure, and devops on either cloud providers k8s, and then production on the cheapest provider for your service, if you're a data provider that'll be different that if you're a retailer for example. Naam sayin'? :D tldr: I don't think the ecosystem of containers is completely ready to take over full production.
@DevOpsToolkit10 ай бұрын
Containers are not ready to take over complete production. Nothing is. Some will say that VMs are not ready for complete production and will run some workloads on bare metal. Nothing ever replaces everything. Containers are ready for significant amount of workloads and the ecosystem around containers is unlike anything we saw in the past.