Andrew Tropin
April 25, 2019
whereis
whoami && who
Mutating global state using config files!
sudo vim /etc/.../postgresql.conf
sudo service postgresql restart
Which can conflict with maintainer version.
Mutating global state using package managers!
apt-get install python python-pip
pip install wakatime
snap install vscode
curl https://nixos.org/nix/install | sh
./configure && make && make install
Which can’t be undone.
???
Note: (virtualenv, node_modules, docker)
of functional package and system management
hash(input) + package + version
ldd $(which zsh)
ls /gnu/store
echo $PATH | sed 's/:/\n/g'
readlink ~/.guix-profile
# ...
Solves dependencies problem.
Binary or source?
guix package -s
guix package -i
guix package -u
guix environment --ad-hoc gcc@5.5.0 hello tree
# --pure
# --container
# echo /gnu/store/*
Solves reproducible environment problem.
guix pack
guix pack -f docker
docker load -i
guix challenge bash
Partially solves trust problem.
Remove only unused packages
guix gc
(define-public hello
(package
(name "hello")
(version "2.10")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/hello/hello-" version
".tar.gz"))
(sha256
(base32
"0ssi1wpaf7plaswqqjwigppsg5fyh99vdlb9kzl7c9lng89ndq1i"))))
(build-system gnu-build-system)
(synopsis "Hello, GNU world: An example GNU package")
(description
"GNU Hello prints the message \"Hello, world!\" and then exits. It
serves as an example of standard GNU coding practices. As such, it supports
command-line arguments, multiple languages, and so on.")
(home-page "https://www.gnu.org/software/hello/")
(license gpl3+)))
https://github.com/meiyopeng/guix-packages/blob/master/meiyo/packages/linux-nonfree.scm
guix import gem rails
cat $(which shepherd)
guix system reconfigure ./config.scm
guix system search ssh
(services (cons* (dhcp-client-service)
(service openssh-service-type
(openssh-configuration
(port-number 2222)))
%base-services)))
Remove state from /etc
guix system vm ./config.scm
guix build -S guix
parted # && cryptsetup luksFormat ...
(operating-system
(host-name "functional-machine")
(timezone "Europe/Moscow")
(locale "ru_RU.utf8")
(bootloader (grub-configuration (device "/dev/sda")))
(file-systems (cons (file-system
(device "my-root")
(title ’label)
(mount-point "/")
(type "ext4"))
%base-file-systems))
(users (cons (user-account
(name "bob")
(group "users")
(home-directory "/home/bob"))
%base-user-accounts))
(services (cons* (dhcp-client-service)
(service openssh-service-type)
%base-services)))
guix system init ./config.scm
(service openssh-service-type
(openssh-configuration
(x11-forwarding? #t)
(permit-root-login ’without-password)))
(operating-system
;; ...
(services (remove (lambda (service)
(eq? ntp-service-type
(service-kind service)))
%desktop-services)))
(with-imported-modules
’((gnu build linux-container))
(shepherd-service
(provision ’(bitlbee))
(requirement ’(loopback))
(start #~(make-forkexec-constructor/container
(list #$(file-append bitlbee "/sbin/bitlbee")
...)))
(stop #~(make-kill-destructor))))
on top of minimalistic language
No DLL-hell
No work-for-me packages from dirty envs
No trojans, but user can install packages
Switch symlinks is atomic
--no-substitute
config -> system
Learn the scheme - rule the system
Nix vs Guix