Hello! This is Edgar and Robbie, and we’re excited to share with you the public release of nix-snapshotter! nix-snapshotter brings native understanding of Nix packages to containerd, the industry standard container runtime.
We built this because Nix is a great fit for making efficient containers. They don’t need an OS because Nix captures all dependencies exactly. However, the current process of creating Nix images is subpar because one needs to transform Nix packages into a format that container runtimes understand.
Using nix-snapshotter, instead of downloading image layers, packages come directly from the Nix store. Packages can be fetched from a binary cache or built on the fly if necessary. All existing non-Nix images continue to be supported, and Nix layers can be interleaved with normal layers.
nix-snapshotter also provides a CRI image service, which allows Kubernetes to resolve image manifests from Nix directly too. This enables for the first time, fully declarative Kubernetes resources, all the way down to the image specification and its contents. With this, you can even run pure Nix images without a Docker Registry at all, if you wish.
We’d love for you to try it out, there is a one-liner for Nix users to boot a VM with everything pre-configured: GitHub - pdtpartners/nix-snapshotter: Brings native understanding of Nix packages to containerd
nix run "github:pdtpartners/nix-snapshotter#vm"
nixos login: root # (Ctrl-a then x to quit)
# Running `pkgs.hello` image with nix-snapshotter
nerdctl run ghcr.io/pdtpartners/hello
# Running `pkgs.redis` image with kubernetes & nix-snapshotter
kubectl apply -f /etc/kubernetes/redis/
# Wait a few seconds...
watch kubectl get pods
# And a kubernetes service will be ready to forward port 30000 to the redis
# pod, so you can test it out with a `ping` command
redis-cli -p 30000 ping
See corresponding HackerNews discussion.