Workgroup:Container
We are interested in directly building (minimal) OCI containers from the nixpkgs ecosystem.
People
Tooling
- opencontainers.org
- runc: spawn and run OCI containers (nixpkgs: runc)
- image-spec: container image specification
- runtime-spec: container runtime specification
- image-tools: tools for working with the image-spec
- runtime-tools: tools for working with the runtime-spec
- umoci: intends to be a complete manipulation tool for OCI images with a rootless mode
- projectatomic.io
- containers Github project: golang libraries for interacting with containers
- awakesecurity
- hocker: fetch from docker (v2) registry and generate nix derivations
Nix images
There are a few images that contain Nix with various trade-offs:
- nixos/nix (source) - 200 MB - Official images based on
pkgs.dockerTools
, updated automatically. - u/nixpkgs - (source) - various docker images from nixpkgs, updated daily.
- lnl7/nix/ (source) - 57 MB - Images built out of a Nix derivation.
Interesting threads
- https://github.com/projectatomic/buildah/issues/386: about rootless support
Work In Progress
- Improve image storage in the Nix store
https://github.com/projectatomic/skopeo/issues/481
Projects
Self-Hosted, Minimal Docker/OSI Images
For our platform at Techcultivation we want to generate docker images for all parts of our system. Those images should come in two flavors, development (to quickly spin up local test services, with mock data) and deployment (secure/production-ready). We chose to generate these images purely out of nixpkgs code, so no binary (base) images have to be included.
The current version of the deployment code can be found on our Gitlab.
A basic (pretty messy) postgres image is already done, complete with in-build setup of a mock database. The resulting image is smaller than the “official” one in the docker registry, only uses nixpkgs-native dependencies and only contains the most minimal filetree needed to run the postgres binary.
Still to do: rabbitmq, frontend code, api, refactor, various others.
— Profpatsch (talk) 02:47, 10 February 2018 (UTC)