cheatsheet, samples and notes for my it's all broken talk
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
rpi3
README.org
notes.org
shell.nix

README.org

nix-repl

(true && false)
(7/4) # division
7/4 # path literal
builtins.length [1 2 3 "x"]
[1 2 3] ++ [4 5]
builtins.head [1 2 3 4]
builtins.tail [1 2 3 4]
{foo = [1 2]; bar = "x";}
let a = 1; in { a = 2; b = a; }.b
with { a = 1; b = 2; }; a + b
({x,y}: x + "-" + y) { x = "a"; y = "b";}

Simple package

{bash, writeScript}:
writeScript "hello-2020" ''
  #!${bash}/bin/bash
  echo "Hello 2020!"
'';
nix-build -E '(import <nixpkgs> {}).callPackage ./default.nix {}'
nix-build -E '(import <nixpkgs> {}).callPackage ./default.nix {}'
ls 
realpath result
nix-shell -p coreutils

Haskell package

nix-shell -p stack -p cabal2nix
stack new hello2020
cd hello2020
nix-build -E 'with import <nixpkgs> {}; haskellPackages.callPackage ./default.nix {}'
ls
./result/bin/sample-exe

Store

nix-store --query --tree $(which git)
nix-store --query --graph $(which git) | dot -Tpng > graph.png && open graph.png

Shell

nix-shell

nix-shell -p hello
nix-shell -p hello --run "which hello"
nix-shell -p git <<'HEREDOC'
        git status
HEREDOC

scripting

#!/usr/bin/env nix-shell
#!nix-shell -i python3 -p nodejs
....

environment

with import <nixpkgs> {};
stdenv.mkDerivation {
  name = "env";
  buildInputs = [
    redis
    (python.buildEnv.override {
      extraLibs = [pythonPackages.redis];
    });
  ];
  shellHook = ''
    export PYTHONPATH=`pwd`
  '';
}
cd pyenv
nix-build  -o result

see [[~/.nixpkgs/config.nix]config.nix]]

~/D/D/notes/its-all-broken:no-branch*? λ

Configuration.nix

ssh peel@the-2020-machine.local
cat /etc/nixos/configuration.nix

Queue config

Add extra rabbit to a machine:

vim /etc/nixos/configuration.nix
services.rabbitmq = {
  enable = true;
};
nixos-rebuild switch

NixOps

Virtualbox

Logical machine spec

{
  network.description = "web server";

  webserver =
  { config, pkgs, ... }:
  {
    services.httpd.enable = true;
    services.httpd.adminAddr = "jane@doe.com";
    builtins.toFile "${src}/webroot/index.html" ''
     <h1>Hello ChamberConf!</h1>
    '';
    services.httpd.documentRoot = "${src}/";
    networking.firewall.allowedTCPPorts = [ 80 ];
  };
}

Physical machine spec

{
  webserver = 
  { config, pkgs, ... }:
  { deployment.targetEnv = "virtualbox";
    deployment.virtualbox.memorySize = 1024;
    deployment.virtualbox.vcpu = 2;
    deployment.virtualbox.headless = true;
  };
}

Running

On a linux machine you can use those directly. On a macOS you will need a builder capable of building linux packages. See: https://github.com/LnL7/nix-docker#building-an-image which you can automate with a provided script:

source <(curl -fsSL https://raw.githubusercontent.com/LnL7/nix-docker/master/start-docker-nix-build-slave)
#create
nixops create ./logical.nix ./physical.nix -d nix-vbox
# list deployments
nixops list
# deployments state
nixops info -d nix-vbox
# deploy machine
nixops deploy -d nix-vbox
# deployment state after deployment
nixops info -d nix-vbox
# ssh into machine
nixops ssh -d nix-vbox webserver
# make a change to logical.nix or physical.nix
vim -t *.nix
# redeploy machine
nixops deploy -d nix-vbox
# check machine status
nixops check -d nix-vbox
# fix failed deployments
nixops deploy --check
# destroy machine
nixops destroy -d nix-vbox --confirm

Multiple Vboxes

Logical machines

Important: remote config hostname == logical name (as with docker-compose) 2x backend + load balancer:

let 
  backend =
    { config, pkgs, ...}:
    { services.httpd.enable = true;
      services.httpd.adminAddr = "jane@doe.com";
      services.httpd.documentRoot = "${pkgs.valgrind.doc}/share/doc/valgrind/html";
      networking.firewall.allowedTCPPorts = [ 80 ];
    };
in
{
  network.description = "Load balanced network";
  proxy = 
    { config, pkgs, nodes, ...}:
    { services.httpd.enable = true;
      services.httpd.adminAddr = "iCanTellYouAboutPain@doe.org";
      services.httpd.extraModules = [ "proxy_balancer" "lbmethod_byrequests" ];
      services.httpd.extraConfig = ''
        <Proxy balancer://cluster>
          Allow from all
          BalancerMember http://backend1 retry=0
          BalancerMember http://backend2 retry=0
        </Proxy>
        ProxyPass         /    balancer://cluster/
        ProxyPassReverse  /    balancer://cluster/
      '';
      networking.firewall.allowedTCPPorts = [ 80 ];
    };
  backend1 = backend;
  backend2 = backend;
}

Physical machines

let 
  vbox = {deployment.targetEnv = "virtualbox";
in 
{ proxy = vbox;
  backend1 = vbox;
  backend2 = vbox;
}

Running

nixops create ./logical.nix ./physical.nix -d networked-vbox
nixops deploy -d networked-vbox

Raspberry Pi running NixOS

Physical machine spec

Important: no ~deployment.targetEnv~ - use deployment.targetHost w/ hostname or IP

{
  fileserver =
  { deployment.targetHost = "192.168.43.145";
    services.nfs.server.enable = true;
    services.nfs.server.exports = "/home/peel/2020";
  };
}

Running

nixops create ./logical.nix ./physical.nix nix-rpi
nixops deploy -d nix-rpi
nixops destroy -d nix-rpi

Digital Ocean

Physical machines spec

Important: uses nixos-infect.

{
  resources.sshKeyPairs.ssh-key = {};
  machine =
    { config, pkgs, ...}:
    { services.nginx.enable = true;
      services.openssh.enable = true;
      deployment.targetEnv = "digitalOcean";
      deployment.digialOcean.enableIpv6 = true;
      deployment.digialOcean.region = "ams2";
      deployment.digialOcean.size = "512mb";
      #set DIGITAL_OCEAN_AUTH_TOKEN env or:
      #deployment.digitalOcean.authToken = "";
    };
}

Disnix

Moved to a separate repo…