| 15 Oct 2021 |
 @kraftnix:matrix.org | although given how infrequently I add new inputs (and then look at the lockfile to optimise the dependency closure), it's not too much of a bit deal for me | 18:01:13 |
| @kraftnix:matrix.org | having an auto-follow the nixpkgs would definitely be useful though for adding inputs | 18:01:30 |
 @timdeh:matrix.org | yeah it's not really a problem until you are working on an organization full of flakes and trying to remove duplicates on every one 😅 | 18:01:44 |
| @kraftnix:matrix.org | in something a bit more offtopic, has anyone else had a look/play with https://github.com/astro/microvm.nix? | 18:03:29 |
| @kraftnix:matrix.org | i've integrated it (somewhat) into my devos config (although a nice integration requires some changes upstream) and it's pretty neat. i'm trialing it as a replacement for nixos-containers | 18:08:06 |
| @timdeh:matrix.org | That's a fairly interesting usecase. Did you make a module that acts similar to nixos-containers or something? | 18:08:54 |
| @kraftnix:matrix.org | i've actually been using Ma27's networkd-containers rewrite of nixos-containers since May (which has an rfc 108) which already has a nicer interface for nixos-containers, and then I have my own wrapper on top to add more functionality such as expanded networking, secrets integration (ala agenix), dataset/storage provisioning (btrfs/zfs)), so I'm just integrating microvm as a hypervisor/provider for it atm | 18:13:25 |
| @kraftnix:matrix.org | * i've actually been using Ma27's networkd-containers rewrite of nixos-containers since May (which has an rfc 108) which already has a nicer interface for nixos-containers, and then I have my own wrapper on top to add more functionality such as expanded networking, secrets integration (ala agenix), dataset/storage provisioning (btrfs/zfs), some simple SNI routing), so I'm just integrating microvm as a hypervisor/provider for it atm | 18:14:15 |
| @kraftnix:matrix.org | btw i do recommend checking out https://github.com/NixOS/nixpkgs/pull/140669 to see the new nixos-container api, it is significantly better than before and I've been using it with 10+ nixos containers on my server since May without issues (it's much more stable + less prone to weird networking issues than the previous nixos-containers) | 18:22:25 |
| @timdeh:matrix.org | nice | 18:22:43 |
| @timdeh:matrix.org | I wonder if this would help you David Arnold (blaggacao) on:
https://github.com/input-output-hk/nomad-driver-nspawn-nixos-container | 18:23:10 |
| @kraftnix:matrix.org | Redacted or Malformed Event | 20:09:49 |
| @kraftnix:matrix.org | ^ sometimes your yubikey just decides to say something | 20:11:59 |
 David Arnold (blaggacao) | In reply to @timdeh:matrix.org
I wonder if this would help you David Arnold (blaggacao) on:
https://github.com/input-output-hk/nomad-driver-nspawn-nixos-container I'd rather have liked to see a move to OCI compliance. That would have made those custom runtime-adapters a whole class of non-ware. | 20:22:28 |
| @timdeh:matrix.org | yeah, I think systemd is the biggest blocker when it comes to OCI compliant NixOS containers unfortunately 😩 | 20:23:40 |
| David Arnold (blaggacao) | Why? | 20:23:51 |
| David Arnold (blaggacao) | systemd is a fair PID 1, no? | 20:24:27 |
| @timdeh:matrix.org | Well, have you found any OCI containers with systemd working inside them? Last I looked I couldn't find any examples 😅 | 20:24:33 |
| @kraftnix:matrix.org | I've done a few experiments with podman + building OCI containers with nix, but it is a bit nasty UX to debug when things don't work (+ rootless networking/containers was an issue at the time, may have changed) | 20:24:34 |
| David Arnold (blaggacao) | I mean, I would be surprised if systemd can't be pid 1 in a encapsulated environment. | 20:25:26 |
| David Arnold (blaggacao) | But systemd is a complete overhead. | 20:25:41 |
| David Arnold (blaggacao) | Sure. | 20:25:43 |
| David Arnold (blaggacao) | A runtime in a runtime 😎 | 20:25:54 |
| David Arnold (blaggacao) | But, if the goal is to make nixos container more interoperable... | 20:26:14 |
| @timdeh:matrix.org | I mean building an OCI container is simple with nix: pkgs.ociTools.buildContainer. It's putting an entire NixOS system inside one, complete with working service modules that's the real trick | 20:26:28 |
| @kraftnix:matrix.org | the systemd overhead is definitely one of the sadder parts of running nixos-containers / VM's on with a nixos hypervisor | 20:26:43 |
| @timdeh:matrix.org | I'm sure it is possible somehow, but I couldn't find an example of anyone who's figured it out yet | 20:26:54 |
| David Arnold (blaggacao) | OCI is just a file system contract + a manifest. | 20:27:16 |
| David Arnold (blaggacao) | And the runtime is an OCI compliemt runtime. | 20:27:27 |
| David Arnold (blaggacao) | What's run, that can be a single static binary. | 20:27:42 |
