this post was submitted on 02 Sep 2024
42 points (92.0% liked)

Python

6343 readers
4 users here now

Welcome to the Python community on the programming.dev Lemmy instance!

📅 Events

PastNovember 2023

October 2023

July 2023

August 2023

September 2023

🐍 Python project:
💓 Python Community:
✨ Python Ecosystem:
🌌 Fediverse
Communities
Projects
Feeds

founded 1 year ago
MODERATORS
all 12 comments
sorted by: hot top controversial new old
[–] [email protected] 6 points 2 months ago (2 children)

I started to use Nix to build containers that contain just my app and nothing else. The benefit of it is that it makes containers smaller, removes unused components (less potential attack vectors) and a container from a specific checked out version will always be identical (Dockerfile on its own (without extra work) doesn't provide such guarantee). I also have the ability to customize python and dependencies to remove additional pieces that I don't need (this unfortunately requires some experience with Nix, to know how to do it)

I wrote my own abstraction on top of poetry2nix and nix2container to remove need for boilerplate: https://github.com/takeda/nix-cde

The example shows how a hello world application can be packed and then how I can reduce its size further from 178MB to 68.9MB. This doesn't include using musl to get the size even lower than that.

Though I totally agree with author about venv and that's what I did before and still do in situations where I can't use Nix. Venv is standardized and is much more predictable and prevents surprises.

[–] [email protected] 2 points 2 months ago (1 children)

The team I'm part of wants to ditch Nix in favour of just about anything, because no one wants to maintain Nix and everyone sees it as just source of problems :(

I agree that it was complicated to learn Nix for me, too, but now I see benefits in it but I can't make them change their mind and tired of trying. Nix could've been much easier to advocate for if the language itself wasn't this esoteric

[–] [email protected] 2 points 2 months ago* (last edited 2 months ago)

I see that too. Despite what most people say they aren't truly interested in learning new things (at least things that would force them out of their comfort zones).

I mean if team tries to move out then there's not much one can do.

Maybe they can look into using some tooling that whole isn't nix, it uses nix under the hood and still prices some benefits.

I heard about DevBox and Flox. Those at least try to provide a reproducible dev environment (note, I haven't used them myself as I feel that the abstraction they do places limits on nix functionality, but then others might see it as a benefit)

I also am getting impression that as time progresses things are getting smoother over time. With poetry2nix for example the big problem are packages that depend on C libraries, as those are not specified as python dependencies, so poetry2nix has a override file which adds them.

Previously I very frequently had to update and contribute new packages there. I was a bit away from python as was assigned to work on a Go project for half a year and now starting to work on another python project and when tried to use it and things just worked. All I had to do was to use latest poetry2nix and my project then compiled to a working container.

[–] [email protected] 3 points 2 months ago

I'm sorry, but doesn't sound very convincing. The strongest (reiterated) argument is "venv is standard", but so is docker.

[–] [email protected] 2 points 2 months ago

Sacrificing single source of truth over installation state is a huge cost. Can anything justify it?

[–] [email protected] 1 points 2 months ago* (last edited 2 months ago)

Now deploy that on a virtual server, running an emulator.

[–] [email protected] 0 points 2 months ago

Interesting !! 🤓