Say Goodbye to Containers - Ephemeral Environments with Nix Shell

แชร์
ฝัง
  • เผยแพร่เมื่อ 21 พ.ย. 2024

ความคิดเห็น • 288

  • @DevOpsToolkit
    @DevOpsToolkit  9 หลายเดือนก่อน +27

    What do you think of Nix? Can it replace containers on your laptop (for tools, not apps)?

    • @SuperHeroINTJ
      @SuperHeroINTJ 9 หลายเดือนก่อน +6

      Nix does not do distributed deployment (multi-host) [of applications/containers], I use Kubernetes for that. So I use Nix for the host (servers, workstation), development environment and containers. But not for deployment beyond a single host.

    • @sligit
      @sligit 9 หลายเดือนก่อน +4

      I run NixOS on my desktop and laptop and I like it a lot, but I'm not comfortable enough with the Nix language to really use it effectively for building my own packages and environments yet, it has quite a steep learning curve.

    • @DevOpsToolkit
      @DevOpsToolkit  9 หลายเดือนก่อน +3

      @SuperHeroINTJ I do not use Nix to run apps. That's where kubernetes excels. I use it as ephemeral environments for tools i need.

    • @DevOpsToolkit
      @DevOpsToolkit  9 หลายเดือนก่อน +2

      @sligit oh yeah. It has a very steep learning curve if you want to go beyond simple use cases. For me it works well since I'm not building packages or doing anything "fancy". I use it almost exclusively as ephemeral ebbs for tooling (not apps).

    • @sligit
      @sligit 9 หลายเดือนก่อน +2

      @@DevOpsToolkit Yeah it's great for that.

  • @arnabseal7629
    @arnabseal7629 9 หลายเดือนก่อน +44

    I'm loving the fact that someone is finally speaking about this! ❤

  • @wolfymaster
    @wolfymaster 9 หลายเดือนก่อน +13

    Viktor - your use case is the exact same use case I have had teaching students and nix has become a foundation in the platform I am building. Love hearing your experience!

  • @SuperHeroINTJ
    @SuperHeroINTJ 9 หลายเดือนก่อน +12

    Nix is amazing good. I have been using to synchronize all my 24 hosts, host K3s, and to generate containers. Yes! Nix generates containers that are equal bit by bit no matter in what environment. And in a declarative manner!

    • @SuperHeroINTJ
      @SuperHeroINTJ 9 หลายเดือนก่อน +3

      Nix unifies the software stack. The dependency chain is same be it on a host, server and containers. Nix builds once. Then, you can re-use the artifact/cache everywhere. Also supports Musl. It can generate container images smaller than Alpine when using NixNG.

  • @itssoaztek4592
    @itssoaztek4592 9 หลายเดือนก่อน +16

    A video which addresses more Nix features would be awesome.

  • @Fabian-_-
    @Fabian-_- 9 หลายเดือนก่อน +17

    Nix is awesome, switched to NixOS on everything, doing local dev with Nix and custom modules, doing CI with Nix and Gitlab through a custom module, etc.
    I want Nix everywhere, it's extremely nice as a developer to be able to configure and "program" everything, like writing custom modules etc.

  • @conundrum2u
    @conundrum2u 9 หลายเดือนก่อน +2

    nice video. I've been using nixOS for a few months now and as a developer it simplifies my workflow significantly and for all of the languages and frameworks I use. no more worry about version conflicts. one thing I was going to mention about nix and build environments in containers, I would absolutely reduce the size of all ontainers by volume mounting the nix store.

    • @slavikdoter
      @slavikdoter 8 หลายเดือนก่อน +1

      Please pin this

  • @SuperHeroINTJ
    @SuperHeroINTJ 9 หลายเดือนก่อน +11

    Nix has it's own CI called Hydra for continuously building Nix packages. Hydra can upload to a S3 storage, then you consume Nix packages from binary cache (S3, etc). Hydra is a bit more clever when building packages because it sends individual packages to cache instead of doing full builds and only then sending to cache. This is helpful when having lots of builders building simultaneously. It is possible to re-use cache early. I'm unsure if Nix without Hydra does that too.

  • @codingcocoon
    @codingcocoon 9 หลายเดือนก่อน +3

    Finally, an explanation of Nix package manager that I can understand. Thank you so much for this video.

  • @SeanCCosgrove
    @SeanCCosgrove 9 หลายเดือนก่อน +3

    At work we use nix flakes in each repo defining tools (and specific versions) required for deploying and working on what's in the repo, e.g. terragrunt, terraform, kubectl, etc. Overall it's been handy, We've considered moving to containers instead for that use case, but since it works it's not a high priority, and doubtless there are pain points we'd run into.

  • @lucianogs
    @lucianogs 9 หลายเดือนก่อน +4

    Thank you for the amazing video. Your ability to showcase the tool while teaching how to use it is truly a superpower!

  • @sharperguy
    @sharperguy 4 หลายเดือนก่อน +1

    There is a lot of work still to be done on making every development environment work well with Nix But the great thing is that once you get something setup and working, it is very easy to publish that code so others can use it too.

  • @dandogamer
    @dandogamer 9 หลายเดือนก่อน +3

    Wow this is insane! I do some contracting on the side and often have to download various software to work on different projects (I cant imagine how much random clutter I have rn), this can greatly simplify my workflow for different clients. Then once the project is done clean up is super simple!

    • @DevOpsToolkit
      @DevOpsToolkit  9 หลายเดือนก่อน +1

      That's my primary usage of Nix. Spin up what I need when I need it and destroy it once I'm done. Since everything I work on is in a Git repo, I just keep `shell.nix` in each and start my working session with `nix-shell`.

  • @yol1982
    @yol1982 9 หลายเดือนก่อน +7

    Also kinda nice to use the nix dockertools to build your container images.

  • @ErnestGWilsonII
    @ErnestGWilsonII 9 หลายเดือนก่อน +5

    ❤ Wow, very nicely done and what a great find! I can tell you times when my world changed, VMWare, docker, lambda, python virtual environments, and now NIX shell!
    This is indeed, a game changer, thank you for making this video and sharing it with all of us!
    I am now subscribed to your channel with notifications, enabled, and of course, thumbs up!
    Thank you,
    Ernie in Pennsylvania

  • @scottscoble2500
    @scottscoble2500 9 หลายเดือนก่อน +7

    I was talking with my team about Nix right before this video went up. It's an incredible piece of tech. I'm exploring how to separate runtime dependencies and build artifacts using nix flakes; this might also make a good video. Well done.

  • @snowke5095
    @snowke5095 8 หลายเดือนก่อน +1

    Very interesting. I really like that they are solving this problem. Thank you for sharing!

  • @IvanRizzante
    @IvanRizzante 9 หลายเดือนก่อน +2

    Thanks for another great video! Generally speaking I find this approach good whenever you want to have your tools with you to do something ephemeral, the CrossPlane course example is nicely fitting here. In that case the container approach may be overkilling.
    I even think that there are similarities here with the container based approach, like you have to install nix on the host, you still have a local cache of what you install, and so on.
    My preference still goes to containers whenever you're able to define a set of tools that you always use for some reason, for example when preparing a develoment environment.
    Containers in my opinion are great to enable remote development with tecnologies I use, like devcontainers and DevPod.
    Certainly I woudn't use them to run pipelines locally!

    • @DevOpsToolkit
      @DevOpsToolkit  9 หลายเดือนก่อน +1

      I agree. When working remotely, containers are a better choice. But, when local work is in wurstion, i switched fully to nix, except for the apps themselves.

    • @IvanRizzante
      @IvanRizzante 9 หลายเดือนก่อน +1

      @@DevOpsToolkit sorry I didn't notice that you already wrote "except for the app themselves" before! I agree this is a better approach

  • @1oglop1
    @1oglop1 หลายเดือนก่อน +2

    From experience, nix in theory works great, in practice most Nix users spend their weekends configuring/fixing Nix.

  • @nenharma82
    @nenharma82 3 หลายเดือนก่อน +1

    Leaving a lot of comments on your vids lately.. I’m really getting into Nix and ephemeral shells and environments because of your videos and it’s a great solution for a problem that has existed like forever. Why is nobody using it? I quickly pitched it to a team of devs I’m working with and some were interested and others just made fun of it… I’ll slowly adopt it further until I find the reason why nobody else is using it 😅

    • @DevOpsToolkit
      @DevOpsToolkit  3 หลายเดือนก่อน

      I'm not sure that "nobody" is using Nix. I feel that the number of Nix users is steadily growing. I might not be as mainstream as, let's say, Kubernetes, but it's getting there.

  • @starrwulfe
    @starrwulfe 9 หลายเดือนก่อน +1

    Nix makes it totally easy to make portable OS agnostic development environments everywhere as well. I have a folder where I'm teaching myself GoLang by building a web CMS app/framework and I can use my Mac or Windows (running WSL) or even in a NixOS VM. So whenever I have some free time, Just pop into one of the environments, do a git sync, tinker and code, git sync and done!

    • @DevOpsToolkit
      @DevOpsToolkit  9 หลายเดือนก่อน

      That's my favorite use case. Put nix shell file into a repo and everything i need to work on it is there.

  • @RobFisherUK
    @RobFisherUK 9 หลายเดือนก่อน +1

    I've been using this for a while now for work stuff. The other important thing can be to get everyone using the same versions of things. You can do this with flakes. The file is flake.nix, inside you define one or more devenvs, and the command is nix develop. The first time you do this you get a lock file that specifies the versions.

  • @timstewart2800
    @timstewart2800 9 หลายเดือนก่อน +2

    This great video rekindled my interest in Nix. Thank you so much!

  • @BeyondTypeScript
    @BeyondTypeScript 9 หลายเดือนก่อน +2

    Amazing content! Thank you for sharing! I recently started exploring nix and I think this is pretty exciting for the reason you mentioned in the beginning - keep the mac virgin and lightweight. I am curious about mixing nix with tmux and nvim.

  • @bhomiktakhar8226
    @bhomiktakhar8226 9 หลายเดือนก่อน +3

    Nix looks like a great tool for ex2 based automations.

  • @robdewhirst7525
    @robdewhirst7525 9 หลายเดือนก่อน +1

    This was the best Nix tutorial I have seen so far, and I have given up on a couple of them.
    I was really excited until I saw Windows requires WSL2. As a minority linux user I often want to share my TTPs with my majority Windows colleagues but if they have to install WSL I might as well stick to containers.

    • @DevOpsToolkit
      @DevOpsToolkit  9 หลายเดือนก่อน +2

      I think that WSL is a must, no matter whether one uses Nix or not. Most of what we do is on Linux and being able to be in a similar environments as production is important. On top of that, trainings, tutorials, scripts, etc. (almost) always assume that one is using Linux or Unix . MacOS is essentially a UI on top of Unix. There are many other reasons but it all boils down to Linux/Unix being a standard. WSL is, in my opinion, the most important addition to Windows.
      P.S. I rarely use Windows myself so I might be completely wrong on that one.

    • @pumpalBo
      @pumpalBo 9 หลายเดือนก่อน +1

      @@DevOpsToolkit WSL + the 'Windows Terminal' store app. But people are so lazy or so hard to make make a change of what they are used to... I'm tired talking colleagues into start using WSL, tired of seeing someone going VS Code + PS for terminal - it's beyond me why it's so big of a hesitation for most people ..

    • @pumpalBo
      @pumpalBo 9 หลายเดือนก่อน +1

      ​@@DevOpsToolkit WSL + the "Windows Terminal" app from the store! Mentioning it here as I know some people have never heard of it, and IMO this is the closest you can get to a real Linux multitab terminal. WSL also pairs nicely with VSC with the WSL extension which is another "a must" .

  • @shiftx999
    @shiftx999 9 หลายเดือนก่อน +27

    Nix is first and foremost a language of the functional kind, which just so happens to be able to build and install packages. Now cover flakes, you'll love them, honestly. Reusable Nix.

    • @aggranular
      @aggranular 9 หลายเดือนก่อน

      I like to think of nix as being primarily a software deployment model. As per Eeclo’s thesis. The nix language is just a (partial) means of realising this model. You could create and build derivations without using nix language at all. tweag’s blog post: “NIX - TAMING UNIX WITH FUNCTIONAL PROGRAMMING” is a good, and relatively short exposition of the core ideas

  • @Muaahaa
    @Muaahaa 9 หลายเดือนก่อน +1

    Nix is very good, and Nix Shell is a killer feature. Wish more OSS supported it to make contributing easier to get started with.

  • @emjones8092
    @emjones8092 9 หลายเดือนก่อน +2

    I would love to see this catch on.
    I've been running nixos on one of my machines for a month/so and I love the implications on sscm this ecosystem has

  • @ekolteenarp
    @ekolteenarp 9 หลายเดือนก่อน +2

    In the context of local development, sure you may not need containers. But I think you'll agree that containers are still very much desirable for other things.

    • @DevOpsToolkit
      @DevOpsToolkit  9 หลายเดือนก่อน +1

      Absolutely. All my apps run as containers in production and since i ephemeral environments to be as close to production as possible, apps are always in containers. I do not use Nix to run my apps. I use it to get the tooling required to work on a project.

    • @ekolteenarp
      @ekolteenarp 9 หลายเดือนก่อน +1

      @@DevOpsToolkit it's just that the title made it seem like one doesn't need containers at all :)

    • @DevOpsToolkit
      @DevOpsToolkit  9 หลายเดือนก่อน

      @ekolteenarp true. I should change it.

  • @aosamai
    @aosamai 8 หลายเดือนก่อน +1

    fantastic video and explanation, many thanks.

  • @bingolio
    @bingolio 5 หลายเดือนก่อน +1

    Great Vid. Would love to hear more about why Docker was a no go VS nix pkg mgr vs Distrobox

  • @JimMendenhall
    @JimMendenhall 8 หลายเดือนก่อน +1

    Thanks for this!

  • @Qwertyuioia
    @Qwertyuioia 5 หลายเดือนก่อน +1

    big nix fan

  • @BarakBarOrion
    @BarakBarOrion 9 หลายเดือนก่อน +3

    Nix is great, Nixos is even better

  • @mintoo2cool
    @mintoo2cool 9 หลายเดือนก่อน +4

    it's like virtual environment but for the shell .. very nice. this seems to be a great tool for managed/hosted development environments.

  • @Michael-sh1fb
    @Michael-sh1fb 8 หลายเดือนก่อน +1

    First time viewer, recommended by the algorithm. I subscribed :)

  • @syrus3k
    @syrus3k 9 หลายเดือนก่อน +4

    The nix hash bang thing is the killer feature here... Love that!

  • @igortalic2021
    @igortalic2021 9 หลายเดือนก่อน +2

    Odlican video i kanal, ne znam kako tek sad nailazim na njega! Pozdrav :)

  • @valtersilva5386
    @valtersilva5386 9 หลายเดือนก่อน +1

    Very keen to know your thoughts on comparing this approach with immutable infrastructure. Great video by the way!

    • @DevOpsToolkit
      @DevOpsToolkit  9 หลายเดือนก่อน

      I would not compare it with immutable infrastructure. I use Nix to generate local environments, mostly focused on tools I need. My apps are still running in containers which are running in Kubernetes in one of the hyperscalers.

  • @ScrotoTBaggins
    @ScrotoTBaggins 9 หลายเดือนก่อน +1

    That intro goes way harder than expected

  • @ryebridgeriver5473
    @ryebridgeriver5473 หลายเดือนก่อน +1

    Love your work, can you please share your advice on a backup strategy for kubernetes ? I’m hearing good things about Velero.

    • @DevOpsToolkit
      @DevOpsToolkit  หลายเดือนก่อน

      Adding it to my to-do list...

  • @ChrisHalden007
    @ChrisHalden007 9 หลายเดือนก่อน +2

    Great video. Thanks

  • @aldrickdev
    @aldrickdev 3 หลายเดือนก่อน +1

    Great video, though I wanted to know, what do I do if I want to install a tool of a specific version? For example if I want my shell to have go version 1.20 (not the latest), how do I specify that?

    • @DevOpsToolkit
      @DevOpsToolkit  3 หลายเดือนก่อน

      You can specify versions but, before you do, I strongly suggest checking devbox (there is a video on this channel). It greatly simplifies versioning and quite a few other things related to nix packages.

  • @MrMotoX450
    @MrMotoX450 9 หลายเดือนก่อน +2

    Wow this changes everything! BUT....there is 1 major flaw. I started setting up my configs and immediately noticed that there is no real way to specify the package version. For example, I need an older version of the Velero cli to match the version of Velero running on the cluster, however nix does not seem to have anything like velero:1.9.4. And no, I don't want to go to lazamar and specify the tar hash in my configs for each package.

    • @conundrum2u
      @conundrum2u 9 หลายเดือนก่อน

      so if you take a look at the nix package repository in a lot of cases you'll see the mainline package having a bare name, "python" for example which is currently at version 3.11 and different versions having different package names, like "python312" for the release candidate version. when you're building your shell.nix obviously you can use those packages, but if your needed version doesn't exist, then you may need to create your own nix repository. then it becomes as simple as copying one of the other build expressions, updating the source location and hash (which nix-build does for you) and giving it a package name that matches the version. then all you have to do is specify that channel in your nix shell script and you're good to go. it's really not as bad as it sounds

  • @neutral139
    @neutral139 9 หลายเดือนก่อน +1

    Nix is awesome and there is a newer way of doing this (different, not specifically better) using just the `nix` command.
    However, it might be an issue for your purposes because by default the commands are not enabled.

  • @patrickprucha5522
    @patrickprucha5522 9 หลายเดือนก่อน +1

    thank you for the very informative video!

  • @alessandro-affinito
    @alessandro-affinito 9 หลายเดือนก่อน +1

    The idea is cool, cgroups and namespaces should be enough to have an isolated and reproducible ci. Also LXD containers.
    But they're still not useful for a mature CI environment where you need to integrate with an IDE for building and debugging code, export artifacts like reports, security scanning and signing immutable layers.
    Are they going in this direction with Nixos?

    • @DevOpsToolkit
      @DevOpsToolkit  9 หลายเดือนก่อน

      Assuming that you're talking about local IDE, Nix Shell works like any other Shell and everything you're normally using in an IDE should still work.
      P.S. That video is all about Nix Shell, not NixOS.

    • @alessandro-affinito
      @alessandro-affinito 9 หลายเดือนก่อน +1

      @@DevOpsToolkit sry I meant nix shell for the CI and nix Flakes for the CD

    • @DevOpsToolkit
      @DevOpsToolkit  9 หลายเดือนก่อน

      I'm not sure I understood. Why would you use an IDE in pipelines (CI)? Independently of that... If you do use Nix in Pipelines, it is effectivelly a replacement for containers (for tools, not apps).

    • @alessandro-affinito
      @alessandro-affinito 9 หลายเดือนก่อน +1

      @@DevOpsToolkit I mean we need the same tool with same settings to be available as in the ci pipeline as in the development process ( integrated with the Ide possibly) as we do today with docker.
      I don't know if today this is already possible to replace with nix ecosystem.

    • @DevOpsToolkit
      @DevOpsToolkit  9 หลายเดือนก่อน +1

      @alessandro-affinito you're right. If everything needs to be exactly the same, you need to choose one of those (Nix or containers) and use them everywhere. That will also mean that you will not be able to use IDE for any tasks. If everything needs to be exactly the same and given that IDEs are silly to use in pipelines, they are out as well.
      Personalky, I think those are extremes that are not beneficial.

  • @ffelegal
    @ffelegal 9 หลายเดือนก่อน +1

    My fear of using this shiny new ways of installing packages/environments is that I never know if I'm stalling a compromised version of the package. I still prefer to install something the way the producer recommends rather than a more practical, well intentionned packager. But maybe I'm just paranoide. Containers at least are a little bit sepparate from your OS, nix shell looks like python virtual environments, a workaround with PATH. Anyway, thanks for the video.

  • @biscotty6669
    @biscotty6669 9 หลายเดือนก่อน +1

    I don't think that this has been stated explicitly...nix provides truly reproducible build environments (which containers typically don't/can't). Nix is not a deployment tool. It can produce a Docker image without needing a Dockerfile. Then you deploy with k8s or podman (or docker itself if you must ;-)
    Docker and nix are different tools for different purposes. Nix is for consistent builds and dev environment.

  • @rubenhakopian
    @rubenhakopian 9 หลายเดือนก่อน +1

    Very nice! Would you suggest using nix when building pipeline containers vs doing apt-get installs and lots of other makeshift things?

    • @DevOpsToolkit
      @DevOpsToolkit  9 หลายเดือนก่อน +1

      My recommendation would be to do neither. Build images with what you need and use them in pipelines. They are well equiped to use containers. Switch to nix if that is not an option (which is rarely the case).

  • @simranbanwait
    @simranbanwait 9 หลายเดือนก่อน +1

    Quality content

  • @neogeo8267
    @neogeo8267 9 หลายเดือนก่อน +1

    Struggling to understand something - I see how nix-shell can standardize development environments across developers (awesome) but then when it comes time to replicate the same environment on production machines, how would one do this without also running prod in nix (likely not great / isolation etc?)
    Very interested in this tool - thank you.

    • @DevOpsToolkit
      @DevOpsToolkit  9 หลายเดือนก่อน +2

      I do not use Nix to create environments where apps are running. I use Kubernetes, preferably remote, for that. My use case for Nix is to standardize tooling I need for developement. For example, the project I'm working on right now, needs `gum`, `git`, `gh`, `helm`, `kubectl`, `kind`, `yq`, `jq`, `bat`, `buildpack`, and `aws`. Instead of having all those permanently installed on my laptop, I just enter the directory with the repo and execute `nix-shell` which picks up those tools from the `shell.nix` file in that same directory. On top of those, it is, at least for me, extremely useful when experimenting. Instead of constantly accumulating new CLIs instelled with `brew` and, probably, left on my laptop forever not matter whether I use them or not, I just pull them into `nix-shell` session and `exit` when finished.
      In other words, `nix-shell`, in my case, is not a replacement for app environments but, rather, a temporary env. that brings me all the tools I need. On top of that, anyone who wants to work with me on the same project can just start a `nix-shell` session without having to worry whether he or she has the tools I use.

    • @neogeo8267
      @neogeo8267 9 หลายเดือนก่อน +1

      @@DevOpsToolkit thanks for keeping me on the rails. We've struggled for long enough with unification of development environments and runtime environments that my brain didn't recognize the contrast between the tooling bits and the runtime bits.
      I can see how this would be extremely valuable for that.
      Presently we use docker to handle rt environment but do nothing for tooling. I'll be considering that now that I'm presently and consciously aware of that divide.
      Thanks again

  • @russianbotfarm3036
    @russianbotfarm3036 9 หลายเดือนก่อน +3

    Actually starts at 5:00.

  • @shiftx999
    @shiftx999 9 หลายเดือนก่อน +2

    Wondered when you would cover this :)

  • @easmithdev
    @easmithdev 8 หลายเดือนก่อน +1

    Hi Viktor. I'm curious about something in your demo. You were using "kind" in your nix-shell, but I didn't see you also add Docker to the package list for the nix-shell environment. Does nix-shell install Docker as a dependency to "kind"?

    • @DevOpsToolkit
      @DevOpsToolkit  8 หลายเดือนก่อน

      It does not work with Docker. I do not use Nix Shell for any non-cli app like VSCode, Slack, or Docker, but only for CLIs.

    • @easmithdev
      @easmithdev 8 หลายเดือนก่อน +1

      @@DevOpsToolkit I see. So, to use Kind while in a nix-shell, you also need to install Docker separately (outside of nix-shell) on the host, right?

    • @DevOpsToolkit
      @DevOpsToolkit  8 หลายเดือนก่อน

      @easmithdev i think so. I haven't tried to run docker through nix so i might be wrong.

  • @jsaenzMusic
    @jsaenzMusic 9 หลายเดือนก่อน

    I've been hearing about Nix for a while now and love the appeal. However, I see a lot of similarities to cloud- init. Not necessarily the ephemeral stuff, but more the reproducibility via a central config. It seems you can create ephemeralility via a cow file system with snapshotting capabilities but of course would have to roll up the solution yourself to leverage cloud-init. Curious what your thoughts are. Have been really appreciating your channel and videos. Also heard you as a guest on the Dev-Ops Podcast. Thanks for your content!

  • @zoop2174
    @zoop2174 9 หลายเดือนก่อน +1

    I tried nixos 4 years ago and was basically just confused. I got kubernetes to work on it but due to it not using standard paths longhorn didn't work.
    So I put it away. But now there's a lot more tutorials available for it and I'll try again to daily drive it.

    • @SuperHeroINTJ
      @SuperHeroINTJ 9 หลายเดือนก่อน +1

      Longhorn works fine in NixOS. The solution for that problem is simple: Just extend PATH environment variable this way: "PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin" I usually use Kyverno for that.

    • @SuperHeroINTJ
      @SuperHeroINTJ 9 หลายเดือนก่อน

      NixOS K3s has been well maintained. @euank did good work there.

    • @zoop2174
      @zoop2174 9 หลายเดือนก่อน +1

      @@SuperHeroINTJ that's cool, this workaround wasn't available then - but I switched to Talos for K8S deployment now already, which just recently got longhorn support :)

  • @sureshadapa7194
    @sureshadapa7194 9 หลายเดือนก่อน +1

    What about kernel and os arch type bindings? More on shift left / true devops point of view

  • @squalazzo
    @squalazzo 9 หลายเดือนก่อน +2

    there's a fundamental aspect completely missing in your video: versioning...
    does nix-shell support package versioning? How can i use a fixed nodejs or java or anything else version?
    at work we use various script with asdf to allow this kind of setup, with specific versions based on the directory you go into, thanks to direnv... and we had to take care of fixing the asdf azure-cli plugin because it didn't work anymore after python update to 3.11, for example...

    • @DevOpsToolkit
      @DevOpsToolkit  9 หลายเดือนก่อน +1

      Yes it does support versioning.

    • @biscotty6669
      @biscotty6669 9 หลายเดือนก่อน +2

      One of nix's strengths is the granularity of it's pinning... not only version level but commit level. Dockerfiles are convenient but don't ensure true reproducibility while building a Docker image with nix does (no apt install/update stuff...)

  • @javisartdesign
    @javisartdesign 9 หลายเดือนก่อน +1

    Nice tool! really eager to start using it and see use cases. It would work with packages that requires sudo priviledges?

    • @DevOpsToolkit
      @DevOpsToolkit  9 หลายเดือนก่อน

      Yeah. It's essentially a (more powerful) Shell.

  • @cheebadigga4092
    @cheebadigga4092 9 หลายเดือนก่อน +1

    I know Nix and I've always wondered if we should use a Nix-based container image, or a scratch-based container image with a static nix-shell (if that's even a thing), for example for pipelines. I still have no solid conclusion

  • @ArchaicDemise-ex1lq
    @ArchaicDemise-ex1lq 8 หลายเดือนก่อน +1

    I really like nix containers for some uses, but I'm still new to them - can nix environments block access to the computer, I'm more and more using containers and have zero dev tools on my host because I can't trust the package maintainers to not be crooked or get hacked.
    Especially with the npm/node.js ecosystem, my new dev box has zero node.js /npm/yarn etc on the host.

    • @DevOpsToolkit
      @DevOpsToolkit  8 หลายเดือนก่อน +1

      You need to trust someone or something. If you're using containers as a way to install tools, you still have packages either through base images or by adding `apk install` or whatever you might be using. Unless you are using Linux on your laptop, those containers are running in VMs which is isolated but you are probably mounting volumes and processes so it's not bullet proof either. At the end of the day, you need to trust something unless you're willing to inspect the code of whatever you're using.

    • @ArchaicDemise-ex1lq
      @ArchaicDemise-ex1lq 8 หลายเดือนก่อน +1

      @@DevOpsToolkit I've been a long time linux user, for 30 years or so. So I know the foundations of trusting trust. I'm careful about what to trust and NPM/Node.js have proven to me, that they are not trustworthy at a rate that is high enough to just give them access to my machine.
      I expect that docker and the container ecosystem that is powered by the linux kernel to be robust enough to prevent the random arbitrary code from encrypting the entirety of my harddrive and returning it for the cool sum of a single bitcoin.
      I know that it will not stop an exfiltration bot or a crypto miner from running
      I never allow the docker socket to be mounted, so they cant use that to elevate privileges and I'm aware there could be bugs that get exploited overall
      I don't mind random code running on my machine so much as I just don't want it to screw over my day.
      I'm just worried about the liability of lost productivity due to something malicious happening to the data on my computer.
      The policy of 'default to everything open' was design of the past, and should be considered deprecated at some cost but not all costs.

  • @airman122469
    @airman122469 9 หลายเดือนก่อน +1

    I love the concept of Nix. But for some reason I personally struggle with getting everything working as I want. Probably because I’m so used to Arch, and recall much from Debian and Red Hat, and Nix is a total departure from those.
    Maybe one day I’ll get good with Nix. It does in fact appear to be superior.

  • @adityaavanth345
    @adityaavanth345 9 หลายเดือนก่อน +3

    You can also make a video on devbox which uses nix for dev environments.

    • @DevOpsToolkit
      @DevOpsToolkit  9 หลายเดือนก่อน +1

      Adding it to my TODO list... :)

    • @solidguy01
      @solidguy01 9 หลายเดือนก่อน +1

      you've beaten me to it 😅

    • @DevOpsToolkit
      @DevOpsToolkit  7 หลายเดือนก่อน

      Done: th-cam.com/video/WiFLtcBvGMU/w-d-xo.html

  • @martinchlumsky4226
    @martinchlumsky4226 9 หลายเดือนก่อน +1

    How does Nix handle pinning versions of packages? And how up-to-date are the packages?

    • @DevOpsToolkit
      @DevOpsToolkit  9 หลายเดือนก่อน +2

      You can specify a version so instead of `normalPackages.nodejs` you can set it to `normalPackages.nodejs-12_x`.
      As for how up-to-date packages are... It depends on maintainers of a specific package (just as anything else in open source depends on maintainers). My personal experience is that packages are up-to-date most of the time, sometimes one version behind, and rarely old.

    • @martinchlumsky4226
      @martinchlumsky4226 9 หลายเดือนก่อน +1

      @@DevOpsToolkit thank you!

  • @strayferal
    @strayferal 9 หลายเดือนก่อน +1

    Hmm. Very interesting. But how much reliable is this? I will try it anyway...

  • @IonMudreac
    @IonMudreac 9 หลายเดือนก่อน +3

    direnv could be even simpler as you can select cource for separate gcp azure aws

    • @DevOpsToolkit
      @DevOpsToolkit  9 หลายเดือนก่อน

      I'm using Charm Gum scripts so that people can choose and provide info interactively.

  • @jbadeau
    @jbadeau 9 หลายเดือนก่อน +1

    There are a few tools in this space including, asdf, mise/rtx moonrepo proto, devbox.

  • @gskluzacek
    @gskluzacek 9 หลายเดือนก่อน +1

    so I'm assuming that Nix would only be able to handle stuff that is command line driven in nature, it won't be able to do stuff with like GUI IDEs, correct? Say for example if I was using PyCharm and I wanted to use Nix to install a whole bunch of tools, there wouldn't be anyway to get PyCharm to use those tools installed by Nix? Like a specific version of Python say or c compilers etc.?

    • @DevOpsToolkit
      @DevOpsToolkit  9 หลายเดือนก่อน

      Not sure... I use it almost exclusively to setup CLIs since i tend to work trom a terminal most of the time (excluding editing and observability).

    • @MattiaMari
      @MattiaMari 8 หลายเดือนก่อน +1

      In my very limited experience with Nix, I solved this by installing my IDE in the nix shell and then running it from the nix shell itself. I don't know if a better option exists.

  • @Danijam2
    @Danijam2 9 หลายเดือนก่อน +1

    How do you compare Nix versus DevContainers? Can Nix help with the problem of enabling repo maintainers to declaratively set the development environment for anyone who cloned and attempts to build the repo source?

    • @DevOpsToolkit
      @DevOpsToolkit  9 หลายเดือนก่อน

      I prefer using it for local development. For remote stuff containers are a better choice.

    • @biscotty6669
      @biscotty6669 9 หลายเดือนก่อน +1

      Nix excels at this. By using a shared nix config all developers are ensured the EXACT same environment, fully provisioned, with a simple command. Docker containers are good for deployment/distribution and can be used to share dev environments but that's what nix is best at. You used the word "declare" which hits the nail on the head: nix is declarative while containers are imperative.

  • @gzoechi
    @gzoechi 9 หลายเดือนก่อน +1

    I started Nix 2 months ago. My biggest regret is that I didn't start earlier.

  • @ivantomica
    @ivantomica 9 หลายเดือนก่อน +3

    And if you like LISP, you might find Guix amusing. Based on (idea of) Nix, kinda 🙂

    • @ama054000
      @ama054000 9 หลายเดือนก่อน +2

      I tried Guix after using Nix for about a year, and it turns out that at least for me that guix was a gateway drug to more lisp. 7 years on guix now, and I'm addicted.

  • @nathanruben3372
    @nathanruben3372 9 หลายเดือนก่อน +1

    What about networking? nix or guix solves development environmenk in terms of libraries and dependencies, but one of containers appeal that you can create complicated stacks with private networking for dev, test, production environments....

    • @DevOpsToolkit
      @DevOpsToolkit  9 หลายเดือนก่อน

      For me, Nix can never replace app environments simply because they need to mimic production as much as possible and that means either kubernetes or cloud services like Google Cloud Run. The part of nix that i am using is related to tooling using for development but does not go to production.

  • @homfes
    @homfes 4 หลายเดือนก่อน +1

    I'm still not convinced that this can replace containers. I see in this video that I can come up with a file that gives the users a set of programs that are required in the environment. What I don't see is how the configuration of those programs can be used as well.
    Your statement about "oh-my-zsh" custom prompt tells me that the base operating system's configuration is used in the nix shell. What should I do if I want the environment to have its own zshrc file without bothering the user's configuration?

    • @DevOpsToolkit
      @DevOpsToolkit  4 หลายเดือนก่อน +1

      I don't think it is replacing containers for running apps but, rather, for tools needed locally or in pipelines. Also, I would recommend devbox instead of using nix directly.

    • @homfes
      @homfes 4 หลายเดือนก่อน +1

      @@DevOpsToolkit Thanks. I will try to look more into devbox to see if it will fit my needs.

    • @homfes
      @homfes 4 หลายเดือนก่อน +1

      I decided against using devbox. I was looking for an alternative to using a container. I'm not sure how janky the solution is but what worked for me is setting the $HOME variable to the directory that runs the nix shell. I had to do it shellHook.

    • @DevOpsToolkit
      @DevOpsToolkit  4 หลายเดือนก่อน

      @homfes have you tried creating a container image with devbox?

    • @homfes
      @homfes 4 หลายเดือนก่อน +1

      @@DevOpsToolkit I did not. When I loooked into devbox, it just seemed like an addiitonal layer over nix that doesn't immeidately address my initial concern with Nix itself so I just explored a solution without it.

  • @Norfeldt
    @Norfeldt 9 หลายเดือนก่อน +1

    Looks very interesting. You say it will allow windows, macOS and Linux devs to work on the same repo in the same env, but what about a repo that uses symlinks?

    • @DevOpsToolkit
      @DevOpsToolkit  9 หลายเดือนก่อน

      I haven't tried it with symlinks, but i guess it should work.

    • @Norfeldt
      @Norfeldt 9 หลายเดือนก่อน +1

      @@DevOpsToolkit i just asked Bing chat and it said that would still be an issue 😢

    • @Norfeldt
      @Norfeldt 9 หลายเดือนก่อน +1

      A case (for me) of using symlinks would be one repo with one directory for front-end and one for backend and then having shared types files between them

    • @DevOpsToolkit
      @DevOpsToolkit  9 หลายเดือนก่อน

      I haven't tried that but it should be easy to verify.

  • @ifzhafrzv349
    @ifzhafrzv349 9 หลายเดือนก่อน +1

    Which most lightweight, nixshell or container docker?

    • @DevOpsToolkit
      @DevOpsToolkit  9 หลายเดือนก่อน

      I prefer Nix for tools and containers for apps.

  • @Diemermakes
    @Diemermakes 8 หลายเดือนก่อน +1

    As far as the pipelines goes, why not just have your pipeline cache/restore that nix cache? Then you have a really clean setup that replicates your local dev without having to potentially manage both solutions depending on the context.

    • @DevOpsToolkit
      @DevOpsToolkit  8 หลายเดือนก่อน

      I think I have a better solution which I'll explore in a video in a couple of weeks 🙂
      What i was trying to say is that I'm not sure that rewriting pipelines to nix provides enough return of investment. For new ones it is a good option.

  • @cowgod77
    @cowgod77 9 หลายเดือนก่อน +1

    Very interesting, haven't dug into Nix yet, thanks for the intro.
    On a separate subject, I'm hoping you'll be talking about Apple's new Pkl language and how it compares with Cue for managing Kubernetes manifests. I've been meaning to dig into Cue, based on your past recommendations, but now I'm curious whether it makes more sense to look at Pkl. It sounds quite promising.

    • @DevOpsToolkit
      @DevOpsToolkit  9 หลายเดือนก่อน +2

      I'm still in the process of experimenting with pkl. I need a bit more time before i start working on the material.

    • @DryBones111
      @DryBones111 8 หลายเดือนก่อน +1

      The problem I have with Pkl is that it is built on an inheritance based model whereas CUE is explicitly immutable.

    • @DevOpsToolkit
      @DevOpsToolkit  8 หลายเดือนก่อน +1

      That is indeed one of the big difference. Personally, i prefer CUE immutability but I also recognize that is one of the reasons for CUEs steeper learning curve.

    • @DevOpsToolkit
      @DevOpsToolkit  8 หลายเดือนก่อน

      Here it goes: th-cam.com/video/Nm1ioWPRRVQ/w-d-xo.html

  • @joebowbeer
    @joebowbeer 9 หลายเดือนก่อน +1

    Going in, I'm hoping you will compare nix to what I would naturally turn to: devcontainer and devpod. (Is nix the emacs of k8s?) After watching, it will be interesting, for me at least, to find out how wrong I was going in. Nix runs as non-root with seccomp restrictions?

    • @DevOpsToolkit
      @DevOpsToolkit  9 หลายเดือนก่อน

      Nix is many things but, in my case, it is first and foremost a way to start a shell with all the tools i need without installing any of them on my machine. Devpod is, essentially, a VM.

    • @joebowbeer
      @joebowbeer 9 หลายเดือนก่อน +1

      After watching, I wonder which (PSS) admission policies I need to disable on my namespace before I can run nix.

    • @DevOpsToolkit
      @DevOpsToolkit  9 หลายเดือนก่อน

      @joebowbeer i never tried running it in kubernetes (assuming that's what you meant by namespaces). I don't see it being of any use there.

    • @joebowbeer
      @joebowbeer 9 หลายเดือนก่อน +1

      @@DevOpsToolkit oh! I was thinking the title referred to k8s ephemeral containers. sorry for not tracking.

    • @DevOpsToolkit
      @DevOpsToolkit  9 หลายเดือนก่อน

      @joebowbeer that's my bad. I should have explained it better.

  • @antonk1620
    @antonk1620 9 หลายเดือนก่อน +1

    what about security/isolation like firejail?

    • @DevOpsToolkit
      @DevOpsToolkit  9 หลายเดือนก่อน

      I haven't used firejail so I can't comment on it.

  • @geofftsjy
    @geofftsjy 6 หลายเดือนก่อน +1

    You said don't use nix for CI/CD pipelines, use containers. Agreed. You should rebuild those. But couldn't you just use nix in the container build? That way your dev and CI/CD environments use the same setup?

    • @DevOpsToolkit
      @DevOpsToolkit  6 หลายเดือนก่อน

      I started doing that, but with Devbox instead of Nix directly.

    • @geofftsjy
      @geofftsjy 6 หลายเดือนก่อน +1

      @@DevOpsToolkit lol. After writing that comment, I saw your devbox video and have spent the last 24 hours rebuilding all my workspaces with devbox. I think I'm in love. I haven't tried the devcontainer/codespaces stuff yet but that will be huge.

  • @marsrocket
    @marsrocket 9 หลายเดือนก่อน +1

    This doesn’t address the problem of differing or missing library versions, which is why containers are a thing. If anything the ephemeral-ness of containers is a problem.

    • @DevOpsToolkit
      @DevOpsToolkit  9 หลายเดือนก่อน

      Assuming that you're referring to tools we're using while developing and not libraries in app code (as what I shown in the video), you can pin them to any version you need.

  • @alancaldelas
    @alancaldelas 9 หลายเดือนก่อน +1

    How is this different from something like Fedora CoreOS or Tumbleweed

    • @DevOpsToolkit
      @DevOpsToolkit  9 หลายเดือนก่อน +1

      To begin with, it works on every OS. I, for example, am a Mac user who i not planning to ditch macOS for CoreOS.

  • @gzoechi
    @gzoechi 9 หลายเดือนก่อน +1

    Combining what you demonstrated with direnv which makes it even more convenient.
    It's also a rather minimal use case for what Nix provides.

  • @noext7001
    @noext7001 9 หลายเดือนก่อน +1

    how network work inside a nix shell ? can i access a service running on the host ?

    • @DevOpsToolkit
      @DevOpsToolkit  9 หลายเดือนก่อน

      I would not recommend nix as a destination for your apps. Use kubernetes for that. I use Nix as ephemeral environments for the tools i need, not for the apps.

    • @SuperHeroINTJ
      @SuperHeroINTJ 9 หลายเดือนก่อน

      @@DevOpsToolkit I think you should explore Nix for building containers. That is a very valid use case. And common too. And dependencies can be shared with shell. So it is less work than having to double package it for Dockerfile & Alpine.

    • @noext7001
      @noext7001 9 หลายเดือนก่อน +1

      yes, its for a tool that connect to database to exec some sql script
      @@DevOpsToolkit

  • @Barkley-tv9bu
    @Barkley-tv9bu 8 หลายเดือนก่อน +1

    Isn't it just a fancy flatpak?

    • @DevOpsToolkit
      @DevOpsToolkit  8 หลายเดือนก่อน

      To begin with, Flatpack is a package manager for Linux while Nix packages work everywhere...

  • @USONOFAV
    @USONOFAV 9 หลายเดือนก่อน +1

    cube-cuttle or cube-control?

    • @DevOpsToolkit
      @DevOpsToolkit  9 หลายเดือนก่อน

      I tend to say cube-cuttle but i heard others saying at least 5 variations of it.

  • @hambroman
    @hambroman 9 หลายเดือนก่อน +1

    How does Nix work with secrets and authentication. If I start a Nix shell do I need to reconfigure ssh for example?

    • @DevOpsToolkit
      @DevOpsToolkit  9 หลายเดือนก่อน

      Nix Shell is a shell just as sh or zsh or bash so there's no need to SSH into it.

    • @hambroman
      @hambroman 9 หลายเดือนก่อน +1

      @@DevOpsToolkit Sorry, I meant what is the nix way of setting up ssh or secrets to access other resources from a nix shell. For example does my ssh config used for github or a bastion host persist across nix shells?

    • @DevOpsToolkit
      @DevOpsToolkit  9 หลายเดือนก่อน +1

      @hambroman yes it does persist. I think you're mixing OS with Shell. If i would create a new VM with NixOS, if would need new keys and what so not. However, I was just switching from one Shell, from zsh, to another, to nix-shell.

  • @patricklamprecht240
    @patricklamprecht240 9 หลายเดือนก่อน +1

    Maybe you can also do a follow up video on nix flakes

    • @DevOpsToolkit
      @DevOpsToolkit  9 หลายเดือนก่อน +1

      Adding it to my TODO list... :)

  • @smthngsmthngsmthngdarkside
    @smthngsmthngsmthngdarkside 9 หลายเดือนก่อน +1

    Does nix run on windows yet? No wsl2 doesn't count

    • @DevOpsToolkit
      @DevOpsToolkit  9 หลายเดือนก่อน

      It doesn't (without WSL).

  • @shazmailz
    @shazmailz 9 หลายเดือนก่อน +2

    Not clear to me how this is better than a writing a "Dockerfile" with the packages you need installed inside.

    • @DevOpsToolkit
      @DevOpsToolkit  9 หลายเดือนก่อน

      Assuming that you are using windows or macos, containers are running in a VM and that complicates things like, for example access to binaries you already have installed, filesystem, local network, etc. Nix Shell is just a shell like bash or ish with the additional abilities to temporarily install additional packages.

    • @shazmailz
      @shazmailz 9 หลายเดือนก่อน +1

      Ok but file systems and local networks can be mounted/exposed in containers. Access to other binaries on the system kind of goes against the notion of "isolated environments" as well.@@DevOpsToolkit

    • @DevOpsToolkit
      @DevOpsToolkit  9 หลายเดือนก่อน

      @shazmailz you're right, but i think we're talking about different types of environments. I guess you're referring to preview environments like those you would spin up when creating a PR while I'm talking about a way to create an ephemeral environment that will bring me all the tools i need while working in my laptop. In that case, i am not concerned about isolation and i still run my apps as containers one way or another. What i was talking about is s way to bring in all the tooling i need (e.g. kubectl, jq, yq, g loud, etc.) in a way that is not permanent. I got sick of having thousands of random binaries/CLIs floating around my laptop, many of them to be used sporadically, some even never again. When i execute brew list, I do not even recognize more than half of the output.

    • @BDnevernind
      @BDnevernind 9 หลายเดือนก่อน +1

      I'm still confused as to the difference/advantages. This is exactly how I use a Dockefile that can be built according to local context, filesystem mounted, run interactively or truly ephemerally (one command at a time), using just what is needed from the host environment, and deployed to pipeline. Requires the same number of prerequisites on every host system (including WSL on Windows). And you can deoloy the same image to CI/CD, no duplication. I see no effective difference but I know i must be missing something.

    • @DevOpsToolkit
      @DevOpsToolkit  9 หลายเดือนก่อน +1

      @BDnevernind I'm was not talking about the pipelines but the tools (CLIs) you need while working (e.g. kubectl, yq, jq, helm, nodes, etc.). Are you spinning containers for those while working on your laptop?

  • @pmarreck
    @pmarreck 9 หลายเดือนก่อน +1

    I think everyone who knows a certain amount of Nix would love to use it for deployments... AND YET...
    The way to do this seems forever non-obvious

  • @tobeypeters
    @tobeypeters 9 หลายเดือนก่อน +1

    I'm confused ... Isn't nix a stand-alone OS? How'd you install it? You create a virtual machine with nixOS installed? obviously, not. Cause, I'd be easier to install docker and be given a container. Got to be missing something.

    • @DevOpsToolkit
      @DevOpsToolkit  9 หลายเดือนก่อน

      Nix is quite a few things. I explored in that video only Nox Shell, not the OS.

    • @biscotty6669
      @biscotty6669 9 หลายเดือนก่อน +1

      One of the confusing things about nix is what the hell it is 😊. Nix is both a package management system and a scripting language which can be installed on any OS. NixOS is an operating system built with nix but you don't need to run NixOS to use nix.

    • @DevOpsToolkit
      @DevOpsToolkit  7 หลายเดือนก่อน

      Nix is indeed very confusing. It has a very steep learning curve and, as you said, it is too many things at once. Personally, I use it only as a package manager where those packages can be installed anywhere and are ephemeral in natuve. I don't use it directly but through Devbox (video is coming up tomorrow).

  • @shadowangel-ou6bg
    @shadowangel-ou6bg 9 หลายเดือนก่อน +1

    seems to have issues with selinux.

  • @BeOnlyChaos
    @BeOnlyChaos 9 หลายเดือนก่อน +1

    And now onto nix flakes? :D

  • @Rundik
    @Rundik 9 หลายเดือนก่อน +1

    Why gh and not git?

    • @DevOpsToolkit
      @DevOpsToolkit  9 หลายเดือนก่อน +1

      gh Has some GitHub specific commands like, for example, to fork a repo or to create it.

    • @biscotty6669
      @biscotty6669 9 หลายเดือนก่อน +1

      Going to the website to create repos always annoyed me. With the CLI I can just `"git repo create" and I don't have to open my browser. Plus other conveniences.

  • @TankaNafaka
    @TankaNafaka 9 หลายเดือนก่อน +1

    I use VS Code with Dev Containers.

  •  9 หลายเดือนก่อน +1

    I like the prospect of nix. But the installation and removal of nix itself makes it a hard sell for my team members

  • @yash1152
    @yash1152 3 หลายเดือนก่อน +1

    1:46 bye! keep on blabbering.