Forem: Cristian Angulo The latest articles on Forem by Cristian Angulo (@nietzscheson). https://forem.com/nietzscheson https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F163793%2F94fd217e-b116-4c4d-95a5-8208878cbb66.png Forem: Cristian Angulo https://forem.com/nietzscheson en Microservices Federation (GraphQL, Python and Apollo) Cristian Angulo Mon, 23 Mar 2026 18:29:59 +0000 https://forem.com/nietzscheson/microservices-federation-graphql-python-and-apollo-3n0 https://forem.com/nietzscheson/microservices-federation-graphql-python-and-apollo-3n0 <h1> graphql #python #fastapi #docker </h1> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnddalb019sbfde6prlcu.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnddalb019sbfde6prlcu.png" alt=" " width="681" height="361"></a><br> When building microservices, one of the hardest challenges is exposing a single, unified API to the client without coupling your services together.</p> <p><a href="https://www.apollographql.com/docs/federation" rel="noopener noreferrer">Apollo Federation 2</a> solves this: each service owns its slice of the graph, and a <strong>Gateway</strong> composes them into one supergraph — transparently.</p> <p>This is the architecture we'll be building:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Client └─► Gateway :4000 ├─► User Service :5001 /graphql ├─► Product Service :5002 /graphql └─► Order Service :5003 /graphql └─► Postgres :5432 ├── users DB ├── products DB └── orders DB </code></pre> </div> <p>The full source code is here: <a href="https://github.com/nietzscheson/microservices-federation" rel="noopener noreferrer">https://github.com/nietzscheson/microservices-federation</a></p> <h2> Stack </h2> <ul> <li> <strong>Gateway</strong>: Node.js + <code>@apollo/gateway</code> / Apollo Router (Rust)</li> <li> <strong>Services</strong>: Python 3.13 + FastAPI + Strawberry GraphQL</li> <li> <strong>ORM</strong>: SQLAlchemy 2 + Alembic</li> <li> <strong>DB</strong>: PostgreSQL 17</li> <li> <strong>Packages</strong>: <code>uv</code> </li> <li> <strong>DI</strong>: <code>dependency-injector</code> </li> <li> <strong>Infra</strong>: Docker Compose</li> </ul> <h2> Database: one Postgres, three databases </h2> <p>We use the same trick from my <a href="https://dev.to/nietzscheson/multiples-postgres-databases-in-one-service-with-docker-compose-4fdf">previous article</a>: a single Postgres container that initializes multiple databases via an entrypoint script.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">### docker/postgres/multiple-databases.sh</span> <span class="c">#!/bin/bash</span> <span class="nb">set</span> <span class="nt">-e</span> <span class="nb">set</span> <span class="nt">-u</span> <span class="k">function </span>create_user_and_database<span class="o">()</span> <span class="o">{</span> <span class="nb">local </span><span class="nv">database</span><span class="o">=</span><span class="nv">$1</span> <span class="nb">echo</span> <span class="s2">" Creating user and database '</span><span class="nv">$database</span><span class="s2">'"</span> psql <span class="nt">-v</span> <span class="nv">ON_ERROR_STOP</span><span class="o">=</span>1 <span class="nt">--username</span> <span class="s2">"</span><span class="nv">$POSTGRES_USER</span><span class="s2">"</span> <span class="o">&lt;&lt;-</span><span class="no">EOSQL</span><span class="sh"> CREATE USER </span><span class="nv">$database</span><span class="sh">; CREATE DATABASE </span><span class="nv">$database</span><span class="sh">; GRANT ALL PRIVILEGES ON DATABASE </span><span class="nv">$database</span><span class="sh"> TO </span><span class="nv">$database</span><span class="sh">; </span><span class="no">EOSQL </span><span class="o">}</span> <span class="k">if</span> <span class="o">[</span> <span class="nt">-n</span> <span class="s2">"</span><span class="nv">$POSTGRES_MULTIPLE_DATABASES</span><span class="s2">"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"Multiple database creation requested: </span><span class="nv">$POSTGRES_MULTIPLE_DATABASES</span><span class="s2">"</span> <span class="k">for </span>db <span class="k">in</span> <span class="si">$(</span><span class="nb">echo</span> <span class="nv">$POSTGRES_MULTIPLE_DATABASES</span> | <span class="nb">tr</span> <span class="s1">','</span> <span class="s1">' '</span><span class="si">)</span><span class="p">;</span> <span class="k">do </span>create_user_and_database <span class="nv">$db</span> <span class="k">done </span><span class="nb">echo</span> <span class="s2">"Multiple databases created"</span> <span class="k">fi</span> </code></pre> </div> <h2> Docker Compose </h2> <p>Each service gets its own <code>DATABASE_URL</code> pointing to its isolated database inside the same Postgres instance. The services share a single multi-stage <code>Dockerfile</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1">### docker-compose.yaml</span> <span class="na">services</span><span class="pi">:</span> <span class="na">postgres</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">postgres:17.4</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">postgres</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">6543:5432"</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">POSTGRES_PASSWORD</span><span class="pi">:</span> <span class="s">postgres</span> <span class="na">POSTGRES_MULTIPLE_DATABASES</span><span class="pi">:</span> <span class="s">users,products,orders</span> <span class="na">healthcheck</span><span class="pi">:</span> <span class="na">test</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">CMD-SHELL"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">pg_isready</span><span class="nv"> </span><span class="s">-U</span><span class="nv"> </span><span class="s">postgres"</span><span class="pi">]</span> <span class="na">interval</span><span class="pi">:</span> <span class="s">5s</span> <span class="na">timeout</span><span class="pi">:</span> <span class="s">5s</span> <span class="na">retries</span><span class="pi">:</span> <span class="m">5</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./docker/postgres/multiple-databases.sh:/docker-entrypoint-initdb.d/multiple-databases.sh</span> <span class="na">user</span><span class="pi">:</span> <span class="na">build</span><span class="pi">:</span> <span class="na">context</span><span class="pi">:</span> <span class="s">./services</span> <span class="na">dockerfile</span><span class="pi">:</span> <span class="s">./Dockerfile</span> <span class="na">target</span><span class="pi">:</span> <span class="s">user</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">DATABASE_URL</span><span class="pi">:</span> <span class="s">postgresql://postgres:postgres@postgres:5432/users</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">5001:5000</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="na">postgres</span><span class="pi">:</span> <span class="na">condition</span><span class="pi">:</span> <span class="s">service_healthy</span> <span class="na">product</span><span class="pi">:</span> <span class="na">build</span><span class="pi">:</span> <span class="na">context</span><span class="pi">:</span> <span class="s">./services</span> <span class="na">dockerfile</span><span class="pi">:</span> <span class="s">./Dockerfile</span> <span class="na">target</span><span class="pi">:</span> <span class="s">product</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">DATABASE_URL</span><span class="pi">:</span> <span class="s">postgresql://postgres:postgres@postgres:5432/products</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">5002:5000</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="na">postgres</span><span class="pi">:</span> <span class="na">condition</span><span class="pi">:</span> <span class="s">service_healthy</span> <span class="na">order</span><span class="pi">:</span> <span class="na">build</span><span class="pi">:</span> <span class="na">context</span><span class="pi">:</span> <span class="s">./services</span> <span class="na">dockerfile</span><span class="pi">:</span> <span class="s">./Dockerfile</span> <span class="na">target</span><span class="pi">:</span> <span class="s">order</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">DATABASE_URL</span><span class="pi">:</span> <span class="s">postgresql://postgres:postgres@postgres:5432/orders</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">5003:5000</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="na">postgres</span><span class="pi">:</span> <span class="na">condition</span><span class="pi">:</span> <span class="s">service_healthy</span> <span class="na">gateway</span><span class="pi">:</span> <span class="na">build</span><span class="pi">:</span> <span class="na">context</span><span class="pi">:</span> <span class="s">./gateway</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">4000:4000"</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="na">user</span><span class="pi">:</span> <span class="na">condition</span><span class="pi">:</span> <span class="s">service_healthy</span> <span class="na">product</span><span class="pi">:</span> <span class="na">condition</span><span class="pi">:</span> <span class="s">service_healthy</span> <span class="na">order</span><span class="pi">:</span> <span class="na">condition</span><span class="pi">:</span> <span class="s">service_healthy</span> </code></pre> </div> <h2> Multi-stage Dockerfile </h2> <p>All three services share a single <code>Dockerfile</code> using multi-stage builds and <code>uv</code> for fast dependency installation.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="c">### services/Dockerfile</span> <span class="k">FROM</span><span class="w"> </span><span class="s">python:3.13</span><span class="w"> </span><span class="k">AS</span><span class="w"> </span><span class="s">base</span> <span class="k">COPY</span><span class="s"> --from=ghcr.io/astral-sh/uv:latest /uv /uvx /usr/local/bin/</span> <span class="k">ENV</span><span class="s"> UV_PROJECT_ENVIRONMENT=/opt/venv</span> <span class="k">ENV</span><span class="s"> PATH="/opt/venv/bin:$PATH"</span> <span class="k">ENV</span><span class="s"> PYTHONPATH=.</span> <span class="k">FROM</span><span class="w"> </span><span class="s">base</span><span class="w"> </span><span class="k">AS</span><span class="w"> </span><span class="s">user</span> <span class="k">WORKDIR</span><span class="s"> /services/user</span> <span class="k">COPY</span><span class="s"> user/pyproject.toml ./</span> <span class="k">RUN </span>uv <span class="nb">sync</span> <span class="nt">--no-install-project</span> <span class="k">CMD</span><span class="s"> ["uv", "run", "uvicorn", "src.app:app", "--host", "0.0.0.0", "--port", "5000"]</span> <span class="k">FROM</span><span class="w"> </span><span class="s">base</span><span class="w"> </span><span class="k">AS</span><span class="w"> </span><span class="s">product</span> <span class="k">WORKDIR</span><span class="s"> /services/product</span> <span class="k">COPY</span><span class="s"> product/pyproject.toml ./</span> <span class="k">RUN </span>uv <span class="nb">sync</span> <span class="nt">--no-install-project</span> <span class="k">CMD</span><span class="s"> ["uv", "run", "uvicorn", "src.app:app", "--host", "0.0.0.0", "--port", "5000"]</span> <span class="k">FROM</span><span class="w"> </span><span class="s">base</span><span class="w"> </span><span class="k">AS</span><span class="w"> </span><span class="s">order</span> <span class="k">WORKDIR</span><span class="s"> /services/order</span> <span class="k">COPY</span><span class="s"> order/pyproject.toml ./</span> <span class="k">RUN </span>uv <span class="nb">sync</span> <span class="nt">--no-install-project</span> <span class="k">CMD</span><span class="s"> ["uv", "run", "uvicorn", "src.app:app", "--host", "0.0.0.0", "--port", "5000"]</span> </code></pre> </div> <h2> Dependency Injection </h2> <p>Each service uses the same DI pattern: <code>pydantic-settings</code> reads <code>DATABASE_URL</code> from the environment, and <code>dependency-injector</code> wires the SQLAlchemy engine and session as singletons.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1">### services/order/src/containers.py </span> <span class="kn">from</span> <span class="n">dependency_injector</span> <span class="kn">import</span> <span class="n">containers</span><span class="p">,</span> <span class="n">providers</span> <span class="kn">from</span> <span class="n">sqlalchemy</span> <span class="kn">import</span> <span class="n">create_engine</span> <span class="kn">from</span> <span class="n">sqlalchemy.orm</span> <span class="kn">import</span> <span class="n">sessionmaker</span> <span class="kn">from</span> <span class="n">src.settings</span> <span class="kn">import</span> <span class="n">Settings</span> <span class="k">class</span> <span class="nc">MainContainer</span><span class="p">(</span><span class="n">containers</span><span class="p">.</span><span class="n">DeclarativeContainer</span><span class="p">):</span> <span class="n">settings</span> <span class="o">=</span> <span class="n">providers</span><span class="p">.</span><span class="nc">Configuration</span><span class="p">(</span><span class="n">pydantic_settings</span><span class="o">=</span><span class="p">[</span><span class="nc">Settings</span><span class="p">()])</span> <span class="n">engine</span> <span class="o">=</span> <span class="n">providers</span><span class="p">.</span><span class="nc">Singleton</span><span class="p">(</span> <span class="n">create_engine</span><span class="p">,</span> <span class="n">settings</span><span class="p">.</span><span class="n">database_url</span><span class="p">,</span> <span class="p">)</span> <span class="n">session</span> <span class="o">=</span> <span class="n">providers</span><span class="p">.</span><span class="nc">Singleton</span><span class="p">(</span> <span class="n">sessionmaker</span><span class="p">,</span> <span class="n">bind</span><span class="o">=</span><span class="n">engine</span><span class="p">,</span> <span class="n">expire_on_commit</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="p">)</span> </code></pre> </div> <h2> The Federation Pattern </h2> <p>This is the core of the project. Here's how the three services relate to each other without a single Python import between them.</p> <h3> User Service — owns the entity </h3> <p>The User service defines the full <code>UserType</code> with <code>keys=["id"]</code> and implements <code>resolve_reference</code>. The Gateway calls this whenever another service references a <code>UserType</code> by its ID.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1">### services/user/src/app.py </span> <span class="nd">@strawberry.federation.type</span><span class="p">(</span><span class="n">keys</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">])</span> <span class="k">class</span> <span class="nc">UserType</span><span class="p">:</span> <span class="nb">id</span><span class="p">:</span> <span class="n">strawberry</span><span class="p">.</span><span class="n">ID</span> <span class="n">name</span><span class="p">:</span> <span class="nb">str</span> <span class="nd">@classmethod</span> <span class="k">def</span> <span class="nf">resolve_reference</span><span class="p">(</span><span class="n">cls</span><span class="p">,</span> <span class="o">**</span><span class="n">representation</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="sh">"</span><span class="s">UserType</span><span class="sh">"</span><span class="p">:</span> <span class="k">with</span> <span class="nc">Session</span><span class="p">()</span> <span class="k">as</span> <span class="n">session</span><span class="p">:</span> <span class="n">user</span> <span class="o">=</span> <span class="n">session</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="n">User</span><span class="p">,</span> <span class="n">representation</span><span class="p">[</span><span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">])</span> <span class="k">return</span> <span class="nf">cls</span><span class="p">(</span><span class="nb">id</span><span class="o">=</span><span class="n">user</span><span class="p">.</span><span class="nb">id</span><span class="p">,</span> <span class="n">name</span><span class="o">=</span><span class="n">user</span><span class="p">.</span><span class="n">name</span><span class="p">)</span> </code></pre> </div> <h3> Product Service — stubs UserType </h3> <p>The Product service doesn't import anything from the User service. It declares a <strong>stub</strong> <code>UserType</code> with only <code>id</code>. The Gateway knows it needs to resolve the rest from the User service.</p> <p><code>strawberry.Private</code> is the key pattern here: it stores the raw foreign key integer inside the Python object without exposing it to the GraphQL schema.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1">### services/product/src/app.py </span> <span class="nd">@strawberry.federation.type</span><span class="p">(</span><span class="n">keys</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">])</span> <span class="k">class</span> <span class="nc">UserType</span><span class="p">:</span> <span class="nb">id</span><span class="p">:</span> <span class="n">strawberry</span><span class="p">.</span><span class="n">ID</span> <span class="o">=</span> <span class="n">strawberry</span><span class="p">.</span><span class="n">federation</span><span class="p">.</span><span class="n">field</span> <span class="c1"># stub </span> <span class="nd">@classmethod</span> <span class="k">def</span> <span class="nf">resolve_reference</span><span class="p">(</span><span class="n">cls</span><span class="p">,</span> <span class="nb">id</span><span class="p">:</span> <span class="n">strawberry</span><span class="p">.</span><span class="n">ID</span><span class="p">):</span> <span class="k">return</span> <span class="nc">UserType</span><span class="p">(</span><span class="nb">id</span><span class="p">)</span> <span class="nd">@strawberry.federation.type</span><span class="p">(</span><span class="n">keys</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">])</span> <span class="k">class</span> <span class="nc">ProductType</span><span class="p">:</span> <span class="nb">id</span><span class="p">:</span> <span class="n">strawberry</span><span class="p">.</span><span class="n">ID</span> <span class="n">name</span><span class="p">:</span> <span class="nb">str</span> <span class="n">_created_by</span><span class="p">:</span> <span class="n">strawberry</span><span class="p">.</span><span class="n">Private</span><span class="p">[</span><span class="n">typing</span><span class="p">.</span><span class="n">Optional</span><span class="p">[</span><span class="nb">int</span><span class="p">]]</span> <span class="o">=</span> <span class="bp">None</span> <span class="nd">@strawberry.field</span> <span class="k">def</span> <span class="nf">created_by</span><span class="p">(</span><span class="n">self</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="n">typing</span><span class="p">.</span><span class="n">Optional</span><span class="p">[</span><span class="n">UserType</span><span class="p">]:</span> <span class="k">if</span> <span class="n">self</span><span class="p">.</span><span class="n">_created_by</span> <span class="ow">is</span> <span class="ow">not</span> <span class="bp">None</span><span class="p">:</span> <span class="k">return</span> <span class="nc">UserType</span><span class="p">(</span><span class="nb">id</span><span class="o">=</span><span class="n">self</span><span class="p">.</span><span class="n">_created_by</span><span class="p">)</span> <span class="k">return</span> <span class="bp">None</span> </code></pre> </div> <h3> Order Service — stubs both </h3> <p>The Order service stubs both <code>UserType</code> and <code>ProductType</code>. An <code>OrderType</code> holds both foreign keys privately and exposes them as federated references.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1">### services/order/src/app.py </span> <span class="nd">@strawberry.federation.type</span><span class="p">(</span><span class="n">keys</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">])</span> <span class="k">class</span> <span class="nc">UserType</span><span class="p">:</span> <span class="nb">id</span><span class="p">:</span> <span class="n">strawberry</span><span class="p">.</span><span class="n">ID</span> <span class="o">=</span> <span class="n">strawberry</span><span class="p">.</span><span class="n">federation</span><span class="p">.</span><span class="n">field</span> <span class="nd">@classmethod</span> <span class="k">def</span> <span class="nf">resolve_reference</span><span class="p">(</span><span class="n">cls</span><span class="p">,</span> <span class="nb">id</span><span class="p">:</span> <span class="n">strawberry</span><span class="p">.</span><span class="n">ID</span><span class="p">):</span> <span class="k">return</span> <span class="nc">UserType</span><span class="p">(</span><span class="nb">id</span><span class="p">)</span> <span class="nd">@strawberry.federation.type</span><span class="p">(</span><span class="n">keys</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">])</span> <span class="k">class</span> <span class="nc">ProductType</span><span class="p">:</span> <span class="nb">id</span><span class="p">:</span> <span class="n">strawberry</span><span class="p">.</span><span class="n">ID</span> <span class="o">=</span> <span class="n">strawberry</span><span class="p">.</span><span class="n">federation</span><span class="p">.</span><span class="n">field</span> <span class="nd">@classmethod</span> <span class="k">def</span> <span class="nf">resolve_reference</span><span class="p">(</span><span class="n">cls</span><span class="p">,</span> <span class="nb">id</span><span class="p">:</span> <span class="n">strawberry</span><span class="p">.</span><span class="n">ID</span><span class="p">):</span> <span class="k">return</span> <span class="nc">ProductType</span><span class="p">(</span><span class="nb">id</span><span class="p">)</span> <span class="nd">@strawberry.federation.type</span><span class="p">(</span><span class="n">keys</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">])</span> <span class="k">class</span> <span class="nc">OrderType</span><span class="p">:</span> <span class="nb">id</span><span class="p">:</span> <span class="n">strawberry</span><span class="p">.</span><span class="n">ID</span> <span class="n">name</span><span class="p">:</span> <span class="nb">str</span> <span class="n">_created_by</span><span class="p">:</span> <span class="n">strawberry</span><span class="p">.</span><span class="n">Private</span><span class="p">[</span><span class="n">typing</span><span class="p">.</span><span class="n">Optional</span><span class="p">[</span><span class="nb">int</span><span class="p">]]</span> <span class="o">=</span> <span class="bp">None</span> <span class="n">_product</span><span class="p">:</span> <span class="n">strawberry</span><span class="p">.</span><span class="n">Private</span><span class="p">[</span><span class="n">typing</span><span class="p">.</span><span class="n">Optional</span><span class="p">[</span><span class="nb">int</span><span class="p">]]</span> <span class="o">=</span> <span class="bp">None</span> <span class="nd">@strawberry.field</span> <span class="k">def</span> <span class="nf">created_by</span><span class="p">(</span><span class="n">self</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="n">typing</span><span class="p">.</span><span class="n">Optional</span><span class="p">[</span><span class="n">UserType</span><span class="p">]:</span> <span class="k">if</span> <span class="n">self</span><span class="p">.</span><span class="n">_created_by</span> <span class="ow">is</span> <span class="ow">not</span> <span class="bp">None</span><span class="p">:</span> <span class="k">return</span> <span class="nc">UserType</span><span class="p">(</span><span class="nb">id</span><span class="o">=</span><span class="n">self</span><span class="p">.</span><span class="n">_created_by</span><span class="p">)</span> <span class="k">return</span> <span class="bp">None</span> <span class="nd">@strawberry.field</span> <span class="k">def</span> <span class="nf">product</span><span class="p">(</span><span class="n">self</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="n">typing</span><span class="p">.</span><span class="n">Optional</span><span class="p">[</span><span class="n">ProductType</span><span class="p">]:</span> <span class="k">if</span> <span class="n">self</span><span class="p">.</span><span class="n">_product</span> <span class="ow">is</span> <span class="ow">not</span> <span class="bp">None</span><span class="p">:</span> <span class="k">return</span> <span class="nc">ProductType</span><span class="p">(</span><span class="nb">id</span><span class="o">=</span><span class="n">self</span><span class="p">.</span><span class="n">_product</span><span class="p">)</span> <span class="k">return</span> <span class="bp">None</span> </code></pre> </div> <p>So a query like this, sent to the Gateway on port 4000:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight graphql"><code><span class="k">query</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="n">orders</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="n">id</span><span class="w"> </span><span class="n">name</span><span class="w"> </span><span class="n">createdBy</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="n">name</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="n">product</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="n">name</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Is resolved by the Gateway in three steps:</p> <ol> <li>Fetch orders from the Order service → gets <code>createdBy: {id}</code> and <code>product: {id}</code> </li> <li>Send an <code>_entities</code> lookup to the User service to hydrate the user</li> <li>Send an <code>_entities</code> lookup to the Product service to hydrate the product</li> </ol> <p>The services are completely decoupled at the code level. The contract is purely a runtime GraphQL protocol.</p> <h2> The Gateway </h2> <p>We ship two gateway implementations.</p> <h3> Apollo Gateway (Node.js) </h3> <p>Simple, no compile step. Introspects each subgraph at startup.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="err">###</span> <span class="nx">gateway</span><span class="o">/</span><span class="nx">server</span><span class="p">.</span><span class="nx">js</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">ApolloGateway</span><span class="p">,</span> <span class="nx">IntrospectAndCompose</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">"</span><span class="s2">@apollo/gateway</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">ApolloServer</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">"</span><span class="s2">@apollo/server</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">gateway</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">ApolloGateway</span><span class="p">({</span> <span class="na">supergraphSdl</span><span class="p">:</span> <span class="k">new</span> <span class="nc">IntrospectAndCompose</span><span class="p">({</span> <span class="na">subgraphs</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">"</span><span class="s2">users</span><span class="dl">"</span><span class="p">,</span> <span class="na">url</span><span class="p">:</span> <span class="dl">"</span><span class="s2">http://user:5000/graphql</span><span class="dl">"</span> <span class="p">},</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">"</span><span class="s2">products</span><span class="dl">"</span><span class="p">,</span> <span class="na">url</span><span class="p">:</span> <span class="dl">"</span><span class="s2">http://product:5000/graphql</span><span class="dl">"</span> <span class="p">},</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">"</span><span class="s2">orders</span><span class="dl">"</span><span class="p">,</span> <span class="na">url</span><span class="p">:</span> <span class="dl">"</span><span class="s2">http://order:5000/graphql</span><span class="dl">"</span> <span class="p">},</span> <span class="p">],</span> <span class="p">}),</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">server</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">ApolloServer</span><span class="p">({</span> <span class="nx">gateway</span> <span class="p">});</span> </code></pre> </div> <h3> Apollo Router (Rust) </h3> <p>The <code>Dockerfile</code> for the gateway uses this approach. It composes a static SDL file using the <code>rover</code> CLI (retrying for 30s while services come up), then starts the high-performance Apollo Router binary.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">### gateway/entrypoint.sh</span> <span class="k">for </span>i <span class="k">in</span> <span class="si">$(</span><span class="nb">seq </span>1 30<span class="si">)</span><span class="p">;</span> <span class="k">do if </span>rover supergraph compose <span class="nt">--config</span> /app/supergraph.yaml 2&gt;/dev/null <span class="o">&gt;</span> /tmp/supergraph.graphql <span class="se">\</span> <span class="o">&amp;&amp;</span> <span class="o">[</span> <span class="nt">-s</span> /tmp/supergraph.graphql <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">cp</span> /tmp/supergraph.graphql /app/supergraph.graphql <span class="nb">echo</span> <span class="s2">"Supergraph composed successfully"</span> <span class="nb">break </span><span class="k">fi </span><span class="nb">echo</span> <span class="s2">"Waiting for subgraphs... (attempt </span><span class="nv">$i</span><span class="s2">/30)"</span> <span class="nb">sleep </span>3 <span class="k">done </span><span class="nb">exec </span>router <span class="nt">--dev</span> <span class="nt">--config</span> /app/router.yaml <span class="nt">--supergraph</span> /app/supergraph.graphql <span class="nt">--log</span> info </code></pre> </div> <p>The <code>supergraph.yaml</code> tells <code>rover</code> where to find each subgraph:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1">### gateway/supergraph.yaml</span> <span class="na">federation_version</span><span class="pi">:</span> <span class="s">=2.9.0</span> <span class="na">subgraphs</span><span class="pi">:</span> <span class="na">users</span><span class="pi">:</span> <span class="na">routing_url</span><span class="pi">:</span> <span class="s">http://user:5000/graphql</span> <span class="na">schema</span><span class="pi">:</span> <span class="na">subgraph_url</span><span class="pi">:</span> <span class="s">http://user:5000/graphql</span> <span class="na">products</span><span class="pi">:</span> <span class="na">routing_url</span><span class="pi">:</span> <span class="s">http://product:5000/graphql</span> <span class="na">schema</span><span class="pi">:</span> <span class="na">subgraph_url</span><span class="pi">:</span> <span class="s">http://product:5000/graphql</span> <span class="na">orders</span><span class="pi">:</span> <span class="na">routing_url</span><span class="pi">:</span> <span class="s">http://order:5000/graphql</span> <span class="na">schema</span><span class="pi">:</span> <span class="na">subgraph_url</span><span class="pi">:</span> <span class="s">http://order:5000/graphql</span> </code></pre> </div> <h2> Running it </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker compose up <span class="nt">--build</span> </code></pre> </div> <p>Open the Apollo Router sandbox at <a href="http://localhost:4000" rel="noopener noreferrer">http://localhost:4000</a> and run:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight graphql"><code><span class="k">mutation</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="n">userCreate</span><span class="p">(</span><span class="n">name</span><span class="p">:</span><span class="w"> </span><span class="s2">"Alice"</span><span class="p">)</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="n">id</span><span class="w"> </span><span class="n">name</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="k">mutation</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="n">productCreate</span><span class="p">(</span><span class="n">name</span><span class="p">:</span><span class="w"> </span><span class="s2">"Widget"</span><span class="p">,</span><span class="w"> </span><span class="n">createdBy</span><span class="p">:</span><span class="w"> </span><span class="mi">1</span><span class="p">)</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="n">id</span><span class="w"> </span><span class="n">name</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="k">mutation</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="n">orderCreate</span><span class="p">(</span><span class="n">name</span><span class="p">:</span><span class="w"> </span><span class="s2">"Order #1"</span><span class="p">,</span><span class="w"> </span><span class="n">createdBy</span><span class="p">:</span><span class="w"> </span><span class="mi">1</span><span class="p">,</span><span class="w"> </span><span class="n">product</span><span class="p">:</span><span class="w"> </span><span class="mi">1</span><span class="p">)</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="n">id</span><span class="w"> </span><span class="n">name</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="k">query</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="n">orders</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="n">id</span><span class="w"> </span><span class="n">name</span><span class="w"> </span><span class="n">createdBy</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="n">name</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="n">product</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="n">name</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h2> Key Takeaways </h2> <ul> <li> <strong><code>resolve_reference</code></strong> is the federation contract — any federated entity must implement it so the Gateway can hydrate it from just an <code>id</code>.</li> <li> <strong><code>strawberry.Private</code></strong> lets you store raw foreign keys in your Python object without leaking them into the GraphQL schema.</li> <li> <strong>Services are truly decoupled</strong> — zero Python imports across service boundaries. The only contract is the GraphQL protocol at runtime.</li> <li> <strong>One Dockerfile, three services</strong> — multi-stage builds keep your infra DRY.</li> <li> <strong><code>uv</code> over pip/poetry</strong> — significantly faster installs, especially in Docker layer caching.</li> </ul> api architecture microservices python Turning block/goose into an AI SRE Agent Cristian Angulo Wed, 14 Jan 2026 01:25:02 +0000 https://forem.com/nietzscheson/turning-blockgoose-into-an-ai-sre-agent-1465 https://forem.com/nietzscheson/turning-blockgoose-into-an-ai-sre-agent-1465 <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9hk342u39regqhf358lz.jpeg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9hk342u39regqhf358lz.jpeg" alt=" " width="800" height="436"></a></p> <p>In this post, I’ll explain how I configured Goose to behave like a real SRE: querying AWS CloudWatch, reasoning about incidents, and operating inside a <strong>fully reproducible Nix environment</strong>.</p> <h2> What is block/goose? </h2> <p><code>block/goose</code> is an autonomous agent framework designed to execute workflows using LLMs plus external tools. Think of it as a <strong>CLI-native AI operator</strong> that can:</p> <ul> <li>Call tools (APIs, CLIs, MCP servers)</li> <li>Maintain session context</li> <li>Execute multi-step reasoning loops</li> </ul> <p>What makes Goose interesting for SRE is that it <strong>does not try to replace tools</strong> — it <em>orchestrates them</em>.</p> <h2> Why an AI SRE Agent? </h2> <p>A real SRE spends most of their time doing:</p> <ul> <li>Investigations across logs, metrics, and alarms</li> <li>Repeating the same diagnostic steps</li> <li>Cross-referencing infra state with recent changes</li> <li>Reducing operational toil</li> </ul> <p>This repo turns Goose into an agent that can:</p> <ul> <li>Query <strong>CloudWatch logs, metrics, and alarms</strong> </li> <li>Reason about AWS infrastructure health</li> <li>Follow structured incident workflows</li> <li>Act as a first-response investigator</li> </ul> <p>This is <strong>not</strong> ChatOps fluff — it’s an operational assistant.</p> <h2> Architecture Overview </h2> <p>The setup has three pillars:</p> <ol> <li><strong>Goose as the reasoning engine</strong></li> <li><strong>MCP servers as tool providers</strong></li> <li> <strong>Nix Flakes as the environment orchestrator</strong> </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Goose (LLM Agent) ├── CloudWatch MCP Server ├── AWS CLI ├── GitHub MCP (optional) └── Local tooling (jq, httpie, docker, task) </code></pre> </div> <p>Everything runs inside a <strong>reproducible dev shell</strong>.</p> <h2> The Reproducible Environment (Nix) </h2> <p>Just like all my other projects, this one is driven by a <code>flake.nix</code>.</p> <p>Why? Because SRE tooling is fragile:</p> <ul> <li>AWS CLI versions</li> <li>Node vs Python tooling</li> <li>MCP servers via <code>uvx</code> or <code>npx</code> </li> </ul> <p>Nix eliminates all of that drift.</p> <p>Once inside the shell, you already have:</p> <ul> <li>AWS credentials</li> <li>Goose CLI</li> <li>CloudWatch tooling</li> <li>JSON processing tools</li> </ul> <p>No README ritual. No “install this first”.</p> <h2> Configuring Goose as an SRE Agent </h2> <p>The heart of the system is the Goose configuration.</p> <h3> Provider &amp; Model </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="s">NIXPKGS_ALLOW_UNFREE=1</span> <span class="s">GOOGLE_GEMINI_MODEL_NAME=gemini-2.5-flash</span> <span class="s">GITHUB_PERSONAL_ACCESS_TOKEN=</span> <span class="s">SENTRY_ACCESS_TOKEN=</span> </code></pre> </div> <p>Fast, cheap, and good at tool orchestration — perfect for SRE tasks.</p> <h2> CloudWatch as a First-Class Tool </h2> <p>This is where Goose becomes <em>useful</em>.</p> <h3> CloudWatch MCP Extension </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">GOOSE_PROVIDER</span><span class="pi">:</span> <span class="s">google</span> <span class="na">GOOSE_MODEL</span><span class="pi">:</span> <span class="s">gemini-2.5-flash</span> <span class="na">extensions</span><span class="pi">:</span> <span class="na">cloudwatch</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">type</span><span class="pi">:</span> <span class="s">stdio</span> <span class="na">name</span><span class="pi">:</span> <span class="s">cloudwatch</span> <span class="na">description</span><span class="pi">:</span> <span class="s">AWS CloudWatch Observability (metrics/logs/alarms) via awslabs.cloudwatch-mcp-server</span> <span class="na">cmd</span><span class="pi">:</span> <span class="s">uvx</span> <span class="na">args</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">awslabs.cloudwatch-mcp-server@latest</span> <span class="na">envs</span><span class="pi">:</span> <span class="na">region</span><span class="pi">:</span> <span class="s">us-east-1</span> <span class="na">profile</span><span class="pi">:</span> <span class="s">default</span> <span class="na">FASTMCP_LOG_LEVEL</span><span class="pi">:</span> <span class="s">ERROR</span> <span class="na">env_keys</span><span class="pi">:</span> <span class="pi">[]</span> <span class="na">timeout</span><span class="pi">:</span> <span class="m">30000</span> <span class="na">bundled</span><span class="pi">:</span> <span class="kc">null</span> <span class="na">available_tools</span><span class="pi">:</span> <span class="pi">[]</span> <span class="na">github</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">type</span><span class="pi">:</span> <span class="s">stdio</span> <span class="na">name</span><span class="pi">:</span> <span class="s">github</span> <span class="na">description</span><span class="pi">:</span> <span class="s">GitHub MCP Server</span> <span class="na">cmd</span><span class="pi">:</span> <span class="s">npx</span> <span class="na">args</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">-y</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">@modelcontextprotocol/server-github"</span> <span class="na">timeout</span><span class="pi">:</span> <span class="m">30000</span> <span class="na">sentry</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">type</span><span class="pi">:</span> <span class="s">stdio</span> <span class="na">name</span><span class="pi">:</span> <span class="s">sentry</span> <span class="na">description</span><span class="pi">:</span> <span class="s">Sentry MCP Server</span> <span class="na">cmd</span><span class="pi">:</span> <span class="s">npx</span> <span class="na">args</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">-y</span> <span class="pi">-</span> <span class="s">mcp-remote@latest</span> <span class="pi">-</span> <span class="s">https://mcp.sentry.dev/mcp</span> <span class="na">timeout</span><span class="pi">:</span> <span class="m">30000</span> </code></pre> </div> <p>This gives the agent the ability to:</p> <ul> <li>Fetch metrics</li> <li>Query logs</li> <li>Inspect alarms</li> <li>Reason over time-series data</li> </ul> <p>This is the same data an SRE would manually inspect — just faster.</p> <h2> How Goose Behaves Like an SRE </h2> <p>Instead of prompting Goose with generic questions, I treat it like a teammate.</p> <p>Examples:</p> <ul> <li><em>“Investigate elevated 5xx errors in the last 30 minutes.”</em></li> <li><em>“Check if latency correlates with a deploy.”</em></li> <li><em>“Summarize CloudWatch alarms for this service.”</em></li> </ul> <p>Goose:</p> <ol> <li>Chooses the right tool</li> <li>Queries CloudWatch</li> <li>Interprets the output</li> <li>Produces a human-readable diagnosis</li> </ol> <p>No dashboards. No clicking. Just answers.</p> <h2> Why This Works </h2> <h3> 1. Tools, Not Plugins </h3> <p>Goose doesn’t hallucinate metrics — it queries real AWS APIs.</p> <h3> 2. Reproducibility </h3> <p>Anyone can clone the repo and get <strong>the same SRE agent</strong>.</p> <h3> 3. Composability </h3> <p>You can add:</p> <ul> <li>GitHub MCP (for correlating PRs)</li> <li>PagerDuty</li> <li>Terraform state inspection</li> <li>Custom runbooks</li> </ul> <p>The agent evolves with your infrastructure.</p> <h2> Entering the Environment </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>nix <span class="nt">--extra-experimental-features</span> <span class="s1">'nix-command flakes'</span> develop <span class="nt">--impure</span> </code></pre> </div> <p>Why <code>--impure</code>?</p> <ul> <li>AWS credentials</li> <li>Docker socket</li> <li>Local MCP binaries</li> </ul> <p>This is intentional and controlled.</p> <h2> What This Is <em>Not</em> </h2> <ul> <li>❌ A replacement for on-call engineers</li> <li>❌ A magic “fix production” bot</li> <li>❌ Another ChatOps toy</li> </ul> <p>This <strong>is</strong>:</p> <ul> <li>A first-response investigator</li> <li>A context-gathering machine</li> <li>A force multiplier for SREs</li> </ul> <h2> Conclusion </h2> <p>SRE work is pattern-based, repetitive, and highly procedural.</p> <p>That makes it <strong>perfect</strong> for AI agents — as long as they:</p> <ul> <li>Use real tools</li> <li>Run in real environments</li> <li>Respect operational boundaries</li> </ul> <p>With <code>block/goose</code>, MCP servers, and Nix, you get exactly that.</p> <p>If you’re curious about AI agents <em>that actually do ops</em>, this is a solid place to start.</p> sre ai devops observability Why I Love Using Nix for All My Projects Cristian Angulo Sat, 10 Jan 2026 21:18:46 +0000 https://forem.com/nietzscheson/why-i-love-using-nix-for-all-my-projects-3147 https://forem.com/nietzscheson/why-i-love-using-nix-for-all-my-projects-3147 <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fl8r4vfby4000p6g71hr2.jpeg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fl8r4vfby4000p6g71hr2.jpeg" alt="Nix Development" width="800" height="446"></a></p> <p>"It works on my machine" is a phrase that has haunted software development for decades. Whether it's a teammate having a different version of Python, a CI server missing a specific C library, or your global Node.js version conflicting with a legacy project, environment drift is a silent productivity killer.</p> <p>I resolved this by moving my entire development workflow to <strong>Nix Flakes</strong>. </p> <p>Nix guarantees that if a project works today, it will work exactly the same way six months from now, or on a completely different machine, without manual installation steps.</p> <h3> Why Nix? </h3> <p>In modern software development, we don't just write code; we manage a fleet of tools. Nix provides a declarative way to handle:</p> <ul> <li> <strong>Isolation:</strong> No more polluting your global <code>/usr/local/bin</code>. Every tool stays within the project.</li> <li> <strong>Reproducibility:</strong> Every dependency is pinned. If I use Python 3.12.1, everyone on the team uses 3.12.1.</li> <li> <strong>Automation:</strong> Using the <code>shellHook</code>, we can automate the startup of services, credential helpers, and environment variables.</li> </ul> <h3> The Project Orchestrator: <code>flake.nix</code> </h3> <p>I use a <code>flake.nix</code> in every repository. This specific configuration handles a complex stack: Python (managed by <strong>uv</strong>), AWS (with ECR automation), Docker, and various security tools.</p> <h3> flake.nix </h3> <div class="highlight js-code-highlight"> <pre class="highlight nix"><code><span class="p">{</span> <span class="nv">description</span> <span class="o">=</span> <span class="s2">"DevShell con Terraform, Docker, Python y ECR login"</span><span class="p">;</span> <span class="nv">inputs</span> <span class="o">=</span> <span class="p">{</span> <span class="nv">nixpkgs</span><span class="o">.</span><span class="nv">url</span> <span class="o">=</span> <span class="s2">"github:NixOS/nixpkgs/nixos-unstable"</span><span class="p">;</span> <span class="nv">flake-utils</span><span class="o">.</span><span class="nv">url</span> <span class="o">=</span> <span class="s2">"github:numtide/flake-utils"</span><span class="p">;</span> <span class="p">};</span> <span class="nv">outputs</span> <span class="o">=</span> <span class="p">{</span> <span class="nv">self</span><span class="p">,</span> <span class="nv">nixpkgs</span><span class="p">,</span> <span class="nv">flake-utils</span> <span class="p">}:</span> <span class="nv">flake-utils</span><span class="o">.</span><span class="nv">lib</span><span class="o">.</span><span class="nv">eachDefaultSystem</span> <span class="p">(</span><span class="nv">system</span><span class="p">:</span> <span class="kd">let</span> <span class="nv">pkgs</span> <span class="o">=</span> <span class="kr">import</span> <span class="nv">nixpkgs</span> <span class="p">{</span> <span class="kn">inherit</span> <span class="nv">system</span><span class="p">;</span> <span class="p">};</span> <span class="nv">pythonEnv</span> <span class="o">=</span> <span class="nv">pkgs</span><span class="o">.</span><span class="nv">python312</span><span class="o">.</span><span class="nv">withPackages</span> <span class="p">(</span><span class="nv">ps</span><span class="p">:</span> <span class="kn">with</span> <span class="nv">ps</span><span class="p">;</span> <span class="p">[</span> <span class="nv">pip</span> <span class="p">]);</span> <span class="nv">commonDeps</span> <span class="o">=</span> <span class="kn">with</span> <span class="nv">pkgs</span><span class="p">;</span> <span class="p">[</span> <span class="nv">pythonEnv</span> <span class="nv">uv</span> <span class="nv">git</span> <span class="nv">terraform</span> <span class="nv">python312</span> <span class="nv">awscli</span> <span class="nv">gcc</span> <span class="nv">stdenv</span><span class="o">.</span><span class="nv">cc</span><span class="o">.</span><span class="nv">cc</span><span class="o">.</span><span class="nv">lib</span> <span class="nv">httpie</span> <span class="nv">go</span> <span class="nv">go-task</span> <span class="nv">docker</span> <span class="nv">amazon-ecr-credential-helper</span> <span class="nv">jq</span> <span class="nv">nodejs_20</span> <span class="nv">nodePackages</span><span class="o">.</span><span class="nv">lerna</span> <span class="nv">google-chrome</span> <span class="nv">subfinder</span> <span class="nv">amass</span> <span class="nv">imagemagick</span> <span class="nv">yarn</span> <span class="p">];</span> <span class="kn">in</span> <span class="p">{</span> <span class="nv">devShells</span><span class="o">.</span><span class="nv">default</span> <span class="o">=</span> <span class="nv">pkgs</span><span class="o">.</span><span class="nv">mkShell</span> <span class="p">{</span> <span class="nv">packages</span> <span class="o">=</span> <span class="nv">commonDeps</span><span class="p">;</span> <span class="nv">shellHook</span> <span class="o">=</span> <span class="s2">''</span><span class="err"> </span><span class="s2"> # 1. Python &amp; uv Setup</span><span class="err"> </span><span class="s2"> pyenv global system</span><span class="err"> </span><span class="s2"> export pythonEnv=</span><span class="si">${</span><span class="nv">pythonEnv</span><span class="si">}</span><span class="err"> </span><span class="s2"> export PATH=$PATH:</span><span class="si">${</span><span class="nv">pythonEnv</span><span class="si">}</span><span class="s2">/bin</span><span class="err"> </span><span class="s2"> # Ensure uv uses the Nix-provided Python interpreter</span><span class="err"> </span><span class="s2"> export UV_PYTHON=</span><span class="si">${</span><span class="nv">pythonEnv</span><span class="si">}</span><span class="s2">/bin/python</span><span class="err"> </span><span class="s2"> # 2. Service Orchestration</span><span class="err"> </span><span class="s2"> docker compose up --build -d</span><span class="err"> </span><span class="s2"> docker compose ps -a</span><span class="err"> </span><span class="s2"> task dependencies</span><span class="err"> </span><span class="s2"> # 3. AWS &amp; Docker Credential Automation</span><span class="err"> </span><span class="s2"> mkdir -p ~/.docker</span><span class="err"> </span><span class="s2"> echo '{</span><span class="err"> </span><span class="s2"> "credsStore": "ecr-login"</span><span class="err"> </span><span class="s2"> }' &gt; ~/.docker/config.json</span><span class="err"> </span><span class="s2"> echo "Docker config set to use docker-credential-ecr-login"</span><span class="err"> </span><span class="s2"> ''</span><span class="p">;</span> <span class="nv">LD_LIBRARY_PATH</span> <span class="o">=</span> <span class="nv">pkgs</span><span class="o">.</span><span class="nv">lib</span><span class="o">.</span><span class="nv">makeLibraryPath</span> <span class="p">[</span> <span class="nv">pkgs</span><span class="o">.</span><span class="nv">stdenv</span><span class="o">.</span><span class="nv">cc</span><span class="o">.</span><span class="nv">cc</span><span class="o">.</span><span class="nv">lib</span> <span class="p">];</span> <span class="p">};</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <h3> How it works: A Deep Dive </h3> <ol> <li>The Declarative Environment Inside commonDeps, I list everything from compilers (gcc) to specialized tools like amazon-ecr-credential-helper. When someone joins the project, they don't need to "install" these manually. Nix handles the fetching and linking into an isolated environment, ensuring that your system remains clean and the project remains portable.</li> </ol> <h3> 2. The uv Advantage </h3> <p>I use uv because of its incredible speed and its seamless integration with existing Python environments. By setting export UV_PYTHON=${pythonEnv}/bin/python in the shellHook, I tell uv to use the exact Python binary managed by Nix. This ensures total consistency between the package manager and OS-level dependencies.</p> <h3> 3. The shellHook Magic </h3> <p>This is where Nix transcends being a simple package manager and becomes a project manager:</p> <p>Automatic Infrastructure: As soon as I enter the shell, docker compose up runs. My databases and local services are ready before I even type my first line of code.</p> <p>Automated Config: It writes the ~/.docker/config.json automatically. This allows me to push/pull from AWS ECR without ever having to run manual aws ecr get-login-password steps.</p> <p>Task Execution: Running task dependencies ensures that any sub-requirements (like npm install or go mod download) are checked and verified as soon as the shell opens.</p> <h3> Entering the Environment </h3> <p>To activate this entire setup, I use the following command:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> nix <span class="nt">--extra-experimental-features</span> <span class="s1">'nix-command flakes'</span> develop <span class="nt">--impure</span> <span class="nt">--command</span> zsh </code></pre> </div> <p>--extra-experimental-features 'nix-command flakes': Enables the modern Nix Flake commands required for this setup.</p> <p>--impure: This is essential because the shellHook needs to interact with the outside world (your home directory for ~/.docker and the system Docker socket).</p> <p>--command zsh: Drops me directly into my preferred shell with the entire environment already loaded and ready to go.</p> <h3> Conclusion </h3> <p>Nix has fundamentally transformed how I approach project setups. Instead of a long README.md containing 20 manual installation steps that are prone to failure, I provide a single flake.nix that defines the entire universe for the project.</p> <p>It is faster, safer, and 100% reproducible. If it works for me, it will work for you.</p> nix devops productivity python Multiples Postgres databases in one service with Docker Compose Cristian Angulo Tue, 21 Mar 2023 20:36:35 +0000 https://forem.com/nietzscheson/multiples-postgres-databases-in-one-service-with-docker-compose-4fdf https://forem.com/nietzscheson/multiples-postgres-databases-in-one-service-with-docker-compose-4fdf <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6hbribpzdsrwf96miict.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6hbribpzdsrwf96miict.png" alt=" " width="800" height="800"></a></p> <p>Sometimes, we need to have multiple database instances to test our projects. Until now, Docker and Docker Compose don't have an easy alternative to resolve this. </p> <p>Some people (and I) have gotten around this by creating services for each database they need:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1">### docker-compose.yaml</span> <span class="na">services</span><span class="pi">:</span> <span class="na">postgres_1</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">postgres:latest</span> <span class="na">postgres_2</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">postgres:latest</span> </code></pre> </div> <p>I resolved this by adding a new entrypoint and setting a environment var in the Docker Compose Service for Postgres:</p> <p>The container entrypoint:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">### entrypoint.sh</span> <span class="c">#!/bin/bash</span> <span class="nb">set</span> <span class="nt">-e</span> <span class="nb">set</span> <span class="nt">-u</span> <span class="k">function </span>create_user_and_database<span class="o">()</span> <span class="o">{</span> <span class="nb">local </span><span class="nv">database</span><span class="o">=</span><span class="nv">$1</span> <span class="nb">echo</span> <span class="s2">" Creating user and database '</span><span class="nv">$database</span><span class="s2">'"</span> psql <span class="nt">-v</span> <span class="nv">ON_ERROR_STOP</span><span class="o">=</span>1 <span class="nt">--username</span> <span class="s2">"</span><span class="nv">$POSTGRES_USER</span><span class="s2">"</span> <span class="o">&lt;&lt;-</span><span class="no">EOSQL</span><span class="sh"> CREATE USER </span><span class="nv">$database</span><span class="sh">; CREATE DATABASE </span><span class="nv">$database</span><span class="sh">; GRANT ALL PRIVILEGES ON DATABASE </span><span class="nv">$database</span><span class="sh"> TO </span><span class="nv">$database</span><span class="sh">; </span><span class="no">EOSQL </span><span class="o">}</span> <span class="k">if</span> <span class="o">[</span> <span class="nt">-n</span> <span class="s2">"</span><span class="nv">$POSTGRES_MULTIPLE_DATABASES</span><span class="s2">"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"Multiple database creation requested: </span><span class="nv">$POSTGRES_MULTIPLE_DATABASES</span><span class="s2">"</span> <span class="k">for </span>db <span class="k">in</span> <span class="si">$(</span><span class="nb">echo</span> <span class="nv">$POSTGRES_MULTIPLE_DATABASES</span> | <span class="nb">tr</span> <span class="s1">','</span> <span class="s1">' '</span><span class="si">)</span><span class="p">;</span> <span class="k">do </span>create_user_and_database <span class="nv">$db</span> <span class="k">done </span><span class="nb">echo</span> <span class="s2">"Multiple databases created"</span> <span class="k">fi</span> </code></pre> </div> <p>And the docker-compose service:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1">### docker-compose.yaml</span> <span class="na">postgres</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">postgres:alpine</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">postgres</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">5432:5432</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">POSTGRES_PASSWORD</span><span class="pi">:</span> <span class="s2">"</span><span class="s">postgres"</span> <span class="na">POSTGRES_MULTIPLE_DATABASES</span><span class="pi">:</span> <span class="s">users, products, orders</span> <span class="na">healthcheck</span><span class="pi">:</span> <span class="na">test</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">CMD-SHELL"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">pg_isready</span><span class="nv"> </span><span class="s">-U</span><span class="nv"> </span><span class="s">postgres"</span><span class="pi">]</span> <span class="na">interval</span><span class="pi">:</span> <span class="s">5s</span> <span class="na">timeout</span><span class="pi">:</span> <span class="s">5s</span> <span class="na">retries</span><span class="pi">:</span> <span class="m">5</span> <span class="err"> </span><span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./&lt;path-of-the-entrypoint&gt;/multiple-databases.sh:/docker-entrypoint-initdb.d/multiple-databases.sh</span> </code></pre> </div> docker postgres