json bugs

Change-Id: Icc3aa20e64446276716fbbb87535fd5b50628010
This commit is contained in:
jade 2024-06-07 01:35:26 -07:00
parent a7c271d78c
commit 563013c97d
3 changed files with 121 additions and 47 deletions

View file

@ -1,9 +1,10 @@
{ {
pkgs ? import <nixpkgs> { }, pkgs ? import <nixpkgs> { },
nix2container,
lib ? pkgs.lib, lib ? pkgs.lib,
name ? "lix", name ? "lix",
tag ? "latest", tag ? "latest",
bundleNixpkgs ? true, bundleNixpkgs ? false,
channelName ? "nixpkgs", channelName ? "nixpkgs",
channelURL ? "https://nixos.org/channels/nixpkgs-unstable", channelURL ? "https://nixos.org/channels/nixpkgs-unstable",
extraPkgs ? [ ], extraPkgs ? [ ],
@ -12,27 +13,30 @@
flake-registry ? null, flake-registry ? null,
}: }:
let let
defaultPkgs = # a big pile of reasonably sized things
with pkgs; layer1Pkgs = with pkgs; [
[ bashInteractive
nix coreutils-full
bashInteractive gnutar
coreutils-full gzip
gnutar gnugrep
gzip which
gnugrep curl
which less
curl wget
less man
wget cacert.out
man findutils
cacert.out iana-etc
findutils openssh
iana-etc ];
git # 120MB of python
openssh layer2Pkgs = with pkgs; [ python3 ];
] # 50MB of git
++ extraPkgs; layer3Pkgs = with pkgs; [ git ];
layer5Pkgs = with pkgs; [ nix ];
defaultPkgs = layer1Pkgs ++ layer2Pkgs ++ layer3Pkgs ++ layer5Pkgs ++ extraPkgs;
users = users =
{ {
@ -139,16 +143,17 @@ let
)) ))
+ "\n"; + "\n";
nixpkgs = pkgs.path;
channel = pkgs.runCommand "channel-nixos" { inherit bundleNixpkgs; } ''
mkdir $out
if [ "$bundleNixpkgs" ]; then
ln -s ${nixpkgs} $out/nixpkgs
echo "[]" > $out/manifest.nix
fi
'';
baseSystem = baseSystem =
let let
nixpkgs = pkgs.path;
channel = pkgs.runCommand "channel-nixos" { inherit bundleNixpkgs; } ''
mkdir $out
if [ "$bundleNixpkgs" ]; then
ln -s ${nixpkgs} $out/nixpkgs
echo "[]" > $out/manifest.nix
fi
'';
rootEnv = pkgs.buildPackages.buildEnv { rootEnv = pkgs.buildPackages.buildEnv {
name = "root-profile-env"; name = "root-profile-env";
paths = defaultPkgs; paths = defaultPkgs;
@ -273,21 +278,65 @@ let
ln -s $globalFlakeRegistryPath $out/nix/var/nix/gcroots/auto/$rootName ln -s $globalFlakeRegistryPath $out/nix/var/nix/gcroots/auto/$rootName
'') '')
); );
layer1 = nix2container.buildLayer { deps = [ layer1Pkgs ]; };
layer2 = nix2container.buildLayer {
layers = [ layer1 ];
deps = [ layer2Pkgs ];
};
layer3 = nix2container.buildLayer {
layers = [ layer2 ];
deps = [ layer3Pkgs ];
};
# 144MB of nixpkgs
layer4 = nix2container.buildLayer {
layers = [ layer3 ];
deps = [ channel ];
};
# Lix on its own layer by itself, largely, hopefully; to improve layer reuse
layer5 = nix2container.buildLayer {
layers = [ layer4 ];
deps = layer5Pkgs;
};
in in
pkgs.dockerTools.buildLayeredImageWithNixDb { # TODO: nix db
nix2container.buildImage {
inherit name tag maxLayers; inherit name tag maxLayers;
layers = [
layer1
layer2
layer3
layer4
layer5
];
contents = [ baseSystem ]; contents = [ baseSystem ];
extraCommands = '' initializeNixDatabase = true;
rm -rf nix-support
ln -s /nix/var/nix/profiles nix/var/nix/gcroots/profiles # extraCommands = ''
''; # rm -rf nix-support
fakeRootCommands = '' # ln -s /nix/var/nix/profiles nix/var/nix/gcroots/profiles
chmod 1777 tmp # '';
chmod 1777 var/tmp
''; perms = [
{
path = "/tmp";
regex = ".*";
mode = "1777";
}
{
path = "/var/tmp";
regex = ".*";
mode = "1777";
}
];
config = { config = {
Cmd = [ "/root/.nix-profile/bin/bash" ]; Cmd = [ "/root/.nix-profile/bin/bash" ];

View file

@ -16,6 +16,22 @@
"type": "github" "type": "github"
} }
}, },
"nix2container": {
"flake": false,
"locked": {
"lastModified": 1712990762,
"narHash": "sha256-hO9W3w7NcnYeX8u8cleHiSpK2YJo7ecarFTUlbybl7k=",
"owner": "nlewo",
"repo": "nix2container",
"rev": "20aad300c925639d5d6cbe30013c8357ce9f2a2e",
"type": "github"
},
"original": {
"owner": "nlewo",
"repo": "nix2container",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1715123187, "lastModified": 1715123187,
@ -67,6 +83,7 @@
"root": { "root": {
"inputs": { "inputs": {
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
"nix2container": "nix2container",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-regression": "nixpkgs-regression", "nixpkgs-regression": "nixpkgs-regression",
"pre-commit-hooks": "pre-commit-hooks" "pre-commit-hooks": "pre-commit-hooks"

View file

@ -8,6 +8,10 @@
url = "github:cachix/git-hooks.nix"; url = "github:cachix/git-hooks.nix";
flake = false; flake = false;
}; };
nix2container = {
url = "github:nlewo/nix2container";
flake = false;
};
flake-compat = { flake-compat = {
url = "github:edolstra/flake-compat"; url = "github:edolstra/flake-compat";
flake = false; flake = false;
@ -20,6 +24,7 @@
nixpkgs, nixpkgs,
nixpkgs-regression, nixpkgs-regression,
pre-commit-hooks, pre-commit-hooks,
nix2container,
flake-compat, flake-compat,
}: }:
@ -330,19 +335,22 @@
dockerImage = dockerImage =
let let
pkgs = nixpkgsFor.${system}.native; pkgs = nixpkgsFor.${system}.native;
nix2container' = import nix2container { inherit pkgs system; };
image = import ./docker.nix { image = import ./docker.nix {
inherit pkgs; inherit pkgs;
nix2container = nix2container'.nix2container;
tag = pkgs.nix.version; tag = pkgs.nix.version;
}; };
in in
pkgs.runCommand "docker-image-tarball-${pkgs.nix.version}" image;
{ meta.description = "Docker image with Lix for ${system}"; } # pkgs.runCommand "docker-image-tarball-${pkgs.nix.version}"
'' # { meta.description = "Docker image with Lix for ${system}"; }
mkdir -p $out/nix-support # ''
image=$out/image.tar.gz # mkdir -p $out/nix-support
ln -s ${image} $image # image=$out/image.tar.gz
echo "file binary-dist $image" >> $out/nix-support/hydra-build-products # ln -s ${image} $image
''; # echo "file binary-dist $image" >> $out/nix-support/hydra-build-products
# '';
} }
// builtins.listToAttrs ( // builtins.listToAttrs (
map (crossSystem: { map (crossSystem: {