Login

u/BeachOtherwise5165

How can I create minimal containers from nixpkgs - without extra dependencies?
▲ 8 r/NixOS

How can I create minimal containers from nixpkgs - without extra dependencies?

One of my reasons for taking an interest in NixOS, was the idea of assembling containers more easily from prebuilt packages, rather than running "apt-get install". The advantages are numerous.

But are the nixpkgs usable for containerization? What extra steps should you take? For example:

  • do you create a wrapper package, that only copies over necessary files - or removes unneeded ones?
  • do you compile statically linked for reduced binary size and simpler filesystem layout?
  • ...

I'm currently facing an issue with the 'squid' package, in that it pulls in a bunch of other packages.

image = pkgs.dockerTools.buildLayeredImage {
  name = "squid";
  tag = "latest";
  contents = with pkgs; [
    coreutils
    squid
  ];

  extraCommands = ''
    mkdir -p var/lib/squid
  '';

  fakeRootCommands = ''
    chown -R 1000:1000 var/*
    chmod 700 var/*
  '';

  config = {
    User = "1000";
    Cmd = [
      "/sbin/sh"
    ];
  };
};

This pulls in systemd (/nix/store/11yzh5vk22ybx1abvs42184ydf2hpdj3-systemd-258.7/), which is obviously not needed.

Reviewing the package source code, I therefore tried override,

(squid.override { systemd = null; libcap = null; pam = null; })

and this builds an image without this package.

But it also requires a full rebuild. A major advantage was in being able to use prebuilt packages. I suppose I can use a binary cache, so the hit wont happen so frequently, but it's significant if this has to be done for every package, especially since systemd service definitions are common.

What are my alternatives?

Is there a way to use prebuilt packages, but remove the dependencies after?

u/BeachOtherwise5165 — 3 days ago
▲ 1 r/NixOS

How do you build container images using nixpkgs packages?

I was thinking that using NixOS packages would be fast to install, since it's a file-copy rather than an installation script (apt-get install), and so on.

But I'm finding it a bit convoluted, and I'm unsure about the correct process.

Popular dependencies are readily available, e.g. python "numpy". But some things need to be retrieved with scripts, like "pip install" and "npm install". But the NixOS build sandbox doesn't allow networking.

  1. Is there a way to enable networking while keeping the sandbox? And would it be as safe as running in a container, i.e. assuming untrustworthy binaries?

When I include "contents [ pkgs.nginx ]", or pkgs.git, it creates folders in the root, like "conf", "libexec", "share". Do they have to be in the root? I assume the packages were compiled with fixed paths? It's more messy and unusual.

  1. Do you just leave the package files as is, or do you move them into more standard locations like /etc and /usr?

  2. Do you slim the images, by removing stuff from the packages, e.g. manpages and locales?

  3. If I can't use the nixos build sandbox, how can I use a container to do the same? Maybe use the nixos container image, mount /nix/store, ... ?

  4. How do you avoid unexpected packages being pulled in, for example "git-minimal" pulls in bash, which I don't want.

reddit.com
u/BeachOtherwise5165 — 7 days ago
▲ 0 r/chinalife

I've been living in China (Shenzhen and Guangzhou) for 6 months now, and I try to explore restaurants every day. But also my girlfriend complains that there's nothing here that she wants to eat, so she ends up at McDonald's as the only "safe" option.

My bad experience is:

- Many coffee places seem to use powder milk, which ends up tasting disgusting, but the milk tea seems okay.

- The "spicy" food options appear to be giving me, and Chinese people, a severe "allergic" reaction where they start sneezing and having to blow their nose (but instead they inhale and spit it out). So I've stopped eating spicy food.

- The "burgers" here are made from a weird processed meat that resembles what you find in chicken nuggets, i.e. likely made from "pink slime" ("Lean finely textured beef or LFTB").

- The "pizza" is so disgusting I couldn't even eat it, and is worse than frozen pizzas in Europe.

- Every mall has maybe 20 restaurants but every menu looks identical: red spicy soup, noodles, slices of meat, 2 pieces of leafy vegetable.

- If they sell fruit, they first have to dip it some powder that is sweet and spicy. I'm frustrated that I can't even buy fruit that hasn't been manhandled to the point where it's no longer resembles food.

My good experience is:

- I've found a few places that basically serve European-style food, and they're really good, serving fresh salad, meat that tastes like meat, and so on.

- I've also found some shops that sell smoothies made from mango/banana/avocado/coconut, as one of the only Chinese healthy options.

- "Barbeque" places sometimes serve unadulterated food, although some of them sluther everything with sweet sauce. The restaurants run by people from Xinjiang are highly preferable.

I'm considering to stop eating out entirely and just learn to cook my own food and make my own smoothies, but I travel a lot and it's inconvenient.

So what's going on? What life hacks am I missing?

Update:

I can't say that I'm surprised by the comments, but I was really hoping for constructive suggestions from people who might have had similar issues.

Perhaps a more polite way to put it, is that I'm a picky eater, I don't like spicy, oily, unhealthy, or industrially processed food.

I love Thai, Vietnamese, and Indian food. So, are there any options that emphasize more natural/vegetarian ingredients, like coconut, raisins, garlic, mango, avocado, and so on?

reddit.com
u/BeachOtherwise5165 — 16 days ago