refactor(tools): switch to Nix

- Nix is more reproducible (pinned to a specific hash)
- Faster rebuild after changing the package list (due to /nix caching in volume)
- Users can still use make tools (wrapped in Docker) without installing Nix
- Using nix-shell will work if you have nix installed.

Makefile

@@ -27,7 +27,20 @@ post-install:
 	@./scripts/hacks
 
 tools:
-	make -C tools
+	@docker run \
+		--rm \
+		--interactive \
+		--tty \
+		--network host \
+		--env "KUBECONFIG=${KUBECONFIG}" \
+		--volume "/var/run/docker.sock:/var/run/docker.sock" \
+		--volume $(shell pwd):$(shell pwd) \
+		--volume ${HOME}/.ssh:/root/.ssh \
+		--volume ${HOME}/.terraform.d:/root/.terraform.d \
+		--volume homelab-tools-cache:/root/.cache \
+		--volume homelab-tools-nix:/nix \
+		--workdir $(shell pwd) \
+		nixos/nix nix-shell
 
 test:
 	make -C test

docs/installation/production/configuration.md

@@ -2,9 +2,17 @@
 
 Open the tools container, which includes all the tools needed:
 
-```sh
-make tools
-```
+=== "Docker"
+
+    ```sh
+    make tools
+    ```
+
+=== "Nix"
+
+    ```sh
+    nix-shell
+    ```
 
 !!! note
 

docs/installation/production/deployment.md

@@ -2,9 +2,17 @@
 
 Open the tools container if you haven't already:
 
-```sh
-make tools
-```
+=== "Docker"
+
+    ```sh
+    make tools
+    ```
+
+=== "Nix"
+
+    ```sh
+    nix-shell
+    ```
 
 Build the lab:
 

docs/installation/sandbox.md

@@ -39,9 +39,17 @@ git checkout dev
 
 Open the tools container, which includes all the tools needed:
 
-```sh
-make tools
-```
+=== "Docker"
+
+    ```sh
+    make tools
+    ```
+
+=== "Nix"
+
+    ```sh
+    nix-shell
+    ```
 
 Build a development cluster and bootstrap it:
 

mkdocs.yml

@@ -31,6 +31,8 @@ markdown_extensions:
         - name: mermaid
           class: mermaid
           format: !!python/name:pymdownx.superfences.fence_code_format
+  - pymdownx.tabbed:
+      alternate_style: true
 
 nav:
   - Home: index.md

scripts/configure

@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/env python
 
 # WIP
 # TODO clean this up

scripts/hacks

@@ -1,4 +1,4 @@
-#!/bin/python
+#!/usr/bin/env python
 
 """
 Quick and dirty script for things that I can't/don't have time to do properly yet

scripts/take-screenshots

@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/env python
 
 # WIP
 # - [x] take screenshot

scripts/wait-main-apps

@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/env python
 
 import requests
 

shell.nix

@@ -0,0 +1,40 @@
+# https://status.nixos.org
+{ pkgs ? import (fetchTarball "https://github.com/NixOS/nixpkgs/archive/f034b5693a26625f56068af983ed7727a60b5f8b.tar.gz") {} }:
+
+let
+  python-packages = pkgs.python3.withPackages (p: with p; [
+    jinja2
+    kubernetes
+    netaddr
+    rich
+  ]);
+in
+pkgs.mkShell {
+  buildInputs = with pkgs; [
+    ansible
+    ansible-lint
+    bmake
+    diffutils
+    docker
+    docker-compose_1 # TODO upgrade to version 2
+    git
+    go
+    grc
+    iproute2
+    k9s
+    kube3d
+    kubectl
+    kubernetes-helm
+    kustomize
+    libisoburn
+    neovim
+    openssh
+    p7zip
+    pre-commit
+    shellcheck
+    terraform
+    yamllint
+
+    python-packages
+  ];
+}

test/tools_test.go

@@ -1,16 +1,32 @@
 package test
 
 import (
+	"fmt"
+	"path/filepath"
 	"testing"
 
 	"github.com/gruntwork-io/terratest/modules/docker"
 )
 
 func TestToolsContainer(t *testing.T) {
-	tag := "homelab-tools"
-	buildOptions := &docker.BuildOptions{
-		Tags: []string{tag},
+	image := "nixos/nix"
+	projectRoot, _ := filepath.Abs("../")
+
+	options := &docker.RunOptions{
+		Remove: true,
+		Volumes: []string{
+			fmt.Sprintf("%s:%s", projectRoot, projectRoot),
+			"homelab-tools-cache:/root/.cache",
+			"homelab-tools-nix:/nix",
+		},
+		OtherOptions: []string{
+			"--workdir", projectRoot,
+		},
+		Command: []string{
+			"nix-shell",
+			"--command", "exit",
+		},
 	}
 
-	docker.Build(t, "../tools", buildOptions)
+	docker.Run(t, image, options)
 }

tools/Dockerfile

@@ -1,48 +0,0 @@
-FROM archlinux
-
-# Sort mirrors by speed
-RUN pacman --sync --refresh --noconfirm \
-    reflector \
-    && reflector \
-    --save /etc/pacman.d/mirrorlist \
-    --protocol https \
-    --latest 20 \
-    --sort rate
-
-RUN pacman --sync --refresh --noconfirm \
-    ansible \
-    ansible-lint \
-    diffutils \
-    docker \
-    docker-compose \
-    git \
-    go \
-    graphviz \
-    grc \
-    helm \
-    k9s \
-    kubectl \
-    kustomize \
-    libisoburn \
-    make \
-    mdbook \
-    neovim \
-    openssh \
-    p7zip \
-    python \
-    python-jinja \
-    python-kubernetes \
-    python-netaddr \
-    python-pip \
-    python-pre-commit \
-    python-rich \
-    shellcheck \
-    sudo \
-    terraform \
-    yamllint
-
-RUN curl -L https://github.com/k3d-io/k3d/releases/latest/download/k3d-linux-amd64 -o /usr/local/bin/k3d -s \
-    && chmod +x /usr/local/bin/k3d
-
-# TODO https://github.com/ansible-collections/community.docker/issues/216
-RUN pip install docker-compose

tools/Makefile

@@ -1,25 +0,0 @@
-.POSIX:
-
-TAG = homelab-tools
-
-default: build run
-
-build:
-	@docker build . --tag ${TAG}
-
-run:
-	@docker run \
-		--rm \
-		--interactive \
-		--tty \
-		--network host \
-		--env "TERM=${TERM}" \
-		--env "HOME=${HOME}" \
-		--env "KUBECONFIG=${KUBECONFIG}" \
-		--volume "${HOME}:${HOME}" \
-		--volume "/var/run/docker.sock:/var/run/docker.sock" \
-		--volume "/etc/passwd:/etc/passwd" \
-		--user "$(shell id -u ${USER}):$(shell id -g ${USER})" \
-		--group-add "$(shell getent group docker | cut -d ':' -f 3)" \
-		--workdir "$(shell pwd)/.." \
-		${TAG}