From 563013c97d1c543c3d12358613d5a32ba064cef4 Mon Sep 17 00:00:00 2001 From: Jade Lovelace Date: Fri, 7 Jun 2024 01:35:26 -0700 Subject: [PATCH] json bugs Change-Id: Icc3aa20e64446276716fbbb87535fd5b50628010 --- docker.nix | 127 +++++++++++++++++++++++++++++++++++++---------------- flake.lock | 17 +++++++ flake.nix | 24 ++++++---- 3 files changed, 121 insertions(+), 47 deletions(-) diff --git a/docker.nix b/docker.nix index cec3a2950..81f757fc3 100644 --- a/docker.nix +++ b/docker.nix @@ -1,9 +1,10 @@ { pkgs ? import { }, + nix2container, lib ? pkgs.lib, name ? "lix", tag ? "latest", - bundleNixpkgs ? true, + bundleNixpkgs ? false, channelName ? "nixpkgs", channelURL ? "https://nixos.org/channels/nixpkgs-unstable", extraPkgs ? [ ], @@ -12,27 +13,30 @@ flake-registry ? null, }: let - defaultPkgs = - with pkgs; - [ - nix - bashInteractive - coreutils-full - gnutar - gzip - gnugrep - which - curl - less - wget - man - cacert.out - findutils - iana-etc - git - openssh - ] - ++ extraPkgs; + # a big pile of reasonably sized things + layer1Pkgs = with pkgs; [ + bashInteractive + coreutils-full + gnutar + gzip + gnugrep + which + curl + less + wget + man + cacert.out + findutils + iana-etc + openssh + ]; + # 120MB of python + layer2Pkgs = with pkgs; [ python3 ]; + # 50MB of git + layer3Pkgs = with pkgs; [ git ]; + layer5Pkgs = with pkgs; [ nix ]; + + defaultPkgs = layer1Pkgs ++ layer2Pkgs ++ layer3Pkgs ++ layer5Pkgs ++ extraPkgs; users = { @@ -139,16 +143,17 @@ let )) + "\n"; + nixpkgs = pkgs.path; + channel = pkgs.runCommand "channel-nixos" { inherit bundleNixpkgs; } '' + mkdir $out + if [ "$bundleNixpkgs" ]; then + ln -s ${nixpkgs} $out/nixpkgs + echo "[]" > $out/manifest.nix + fi + ''; + baseSystem = let - nixpkgs = pkgs.path; - channel = pkgs.runCommand "channel-nixos" { inherit bundleNixpkgs; } '' - mkdir $out - if [ "$bundleNixpkgs" ]; then - ln -s ${nixpkgs} $out/nixpkgs - echo "[]" > $out/manifest.nix - fi - ''; rootEnv = pkgs.buildPackages.buildEnv { name = "root-profile-env"; paths = defaultPkgs; @@ -273,21 +278,65 @@ let ln -s $globalFlakeRegistryPath $out/nix/var/nix/gcroots/auto/$rootName '') ); + + layer1 = nix2container.buildLayer { deps = [ layer1Pkgs ]; }; + + layer2 = nix2container.buildLayer { + layers = [ layer1 ]; + deps = [ layer2Pkgs ]; + }; + + layer3 = nix2container.buildLayer { + layers = [ layer2 ]; + deps = [ layer3Pkgs ]; + }; + + # 144MB of nixpkgs + layer4 = nix2container.buildLayer { + layers = [ layer3 ]; + deps = [ channel ]; + }; + + # Lix on its own layer by itself, largely, hopefully; to improve layer reuse + layer5 = nix2container.buildLayer { + layers = [ layer4 ]; + deps = layer5Pkgs; + }; in -pkgs.dockerTools.buildLayeredImageWithNixDb { +# TODO: nix db +nix2container.buildImage { inherit name tag maxLayers; + layers = [ + layer1 + layer2 + layer3 + layer4 + layer5 + ]; + contents = [ baseSystem ]; - extraCommands = '' - rm -rf nix-support - ln -s /nix/var/nix/profiles nix/var/nix/gcroots/profiles - ''; - fakeRootCommands = '' - chmod 1777 tmp - chmod 1777 var/tmp - ''; + initializeNixDatabase = true; + + # extraCommands = '' + # rm -rf nix-support + # ln -s /nix/var/nix/profiles nix/var/nix/gcroots/profiles + # ''; + + perms = [ + { + path = "/tmp"; + regex = ".*"; + mode = "1777"; + } + { + path = "/var/tmp"; + regex = ".*"; + mode = "1777"; + } + ]; config = { Cmd = [ "/root/.nix-profile/bin/bash" ]; diff --git a/flake.lock b/flake.lock index 8e59b2942..436cbcd03 100644 --- a/flake.lock +++ b/flake.lock @@ -16,6 +16,22 @@ "type": "github" } }, + "nix2container": { + "flake": false, + "locked": { + "lastModified": 1712990762, + "narHash": "sha256-hO9W3w7NcnYeX8u8cleHiSpK2YJo7ecarFTUlbybl7k=", + "owner": "nlewo", + "repo": "nix2container", + "rev": "20aad300c925639d5d6cbe30013c8357ce9f2a2e", + "type": "github" + }, + "original": { + "owner": "nlewo", + "repo": "nix2container", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1715123187, @@ -67,6 +83,7 @@ "root": { "inputs": { "flake-compat": "flake-compat", + "nix2container": "nix2container", "nixpkgs": "nixpkgs", "nixpkgs-regression": "nixpkgs-regression", "pre-commit-hooks": "pre-commit-hooks" diff --git a/flake.nix b/flake.nix index 8460201b0..eba792cb1 100644 --- a/flake.nix +++ b/flake.nix @@ -8,6 +8,10 @@ url = "github:cachix/git-hooks.nix"; flake = false; }; + nix2container = { + url = "github:nlewo/nix2container"; + flake = false; + }; flake-compat = { url = "github:edolstra/flake-compat"; flake = false; @@ -20,6 +24,7 @@ nixpkgs, nixpkgs-regression, pre-commit-hooks, + nix2container, flake-compat, }: @@ -330,19 +335,22 @@ dockerImage = let pkgs = nixpkgsFor.${system}.native; + nix2container' = import nix2container { inherit pkgs system; }; image = import ./docker.nix { inherit pkgs; + nix2container = nix2container'.nix2container; tag = pkgs.nix.version; }; in - pkgs.runCommand "docker-image-tarball-${pkgs.nix.version}" - { meta.description = "Docker image with Lix for ${system}"; } - '' - mkdir -p $out/nix-support - image=$out/image.tar.gz - ln -s ${image} $image - echo "file binary-dist $image" >> $out/nix-support/hydra-build-products - ''; + image; + # pkgs.runCommand "docker-image-tarball-${pkgs.nix.version}" + # { meta.description = "Docker image with Lix for ${system}"; } + # '' + # mkdir -p $out/nix-support + # image=$out/image.tar.gz + # ln -s ${image} $image + # echo "file binary-dist $image" >> $out/nix-support/hydra-build-products + # ''; } // builtins.listToAttrs ( map (crossSystem: {