json bugs

Change-Id: Icc3aa20e64446276716fbbb87535fd5b50628010
2024-06-07 01:35:26 -07:00 · 2024-06-07 01:35:26 -07:00 · 563013c97d
parent a7c271d78c
commit 563013c97d
3 changed files with 121 additions and 47 deletions
--- a/docker.nix
+++ b/docker.nix
@ -1,9 +1,10 @@
 {
  pkgs ? import <nixpkgs> { },
+  nix2container,
  lib ? pkgs.lib,
  name ? "lix",
  tag ? "latest",
-  bundleNixpkgs ? true,
+  bundleNixpkgs ? false,
  channelName ? "nixpkgs",
  channelURL ? "https://nixos.org/channels/nixpkgs-unstable",
  extraPkgs ? [ ],
@ -12,10 +13,8 @@
  flake-registry ? null,
 }:
 let
-  defaultPkgs =
-    with pkgs;
-    [
-      nix
+  # a big pile of reasonably sized things
+  layer1Pkgs = with pkgs; [
    bashInteractive
    coreutils-full
    gnutar
@ -29,10 +28,15 @@ let
    cacert.out
    findutils
    iana-etc
-      git
    openssh
-    ]
-    ++ extraPkgs;
+  ];
+  # 120MB of python
+  layer2Pkgs = with pkgs; [ python3 ];
+  # 50MB of git
+  layer3Pkgs = with pkgs; [ git ];
+  layer5Pkgs = with pkgs; [ nix ];
+
+  defaultPkgs = layer1Pkgs ++ layer2Pkgs ++ layer3Pkgs ++ layer5Pkgs ++ extraPkgs;

  users =
    {
@ -139,8 +143,6 @@ let
    ))
    + "\n";

-  baseSystem =
-    let
  nixpkgs = pkgs.path;
  channel = pkgs.runCommand "channel-nixos" { inherit bundleNixpkgs; } ''
    mkdir $out
@ -149,6 +151,9 @@ let
      echo "[]" > $out/manifest.nix
    fi
  '';
+
+  baseSystem =
+    let
      rootEnv = pkgs.buildPackages.buildEnv {
        name = "root-profile-env";
        paths = defaultPkgs;
@ -273,21 +278,65 @@ let
          ln -s $globalFlakeRegistryPath $out/nix/var/nix/gcroots/auto/$rootName
        '')
      );
+
+  layer1 = nix2container.buildLayer { deps = [ layer1Pkgs ]; };
+
+  layer2 = nix2container.buildLayer {
+    layers = [ layer1 ];
+    deps = [ layer2Pkgs ];
+  };
+
+  layer3 = nix2container.buildLayer {
+    layers = [ layer2 ];
+    deps = [ layer3Pkgs ];
+  };
+
+  # 144MB of nixpkgs
+  layer4 = nix2container.buildLayer {
+    layers = [ layer3 ];
+    deps = [ channel ];
+  };
+
+  # Lix on its own layer by itself, largely, hopefully; to improve layer reuse
+  layer5 = nix2container.buildLayer {
+    layers = [ layer4 ];
+    deps = layer5Pkgs;
+  };
 in
-pkgs.dockerTools.buildLayeredImageWithNixDb {
+# TODO: nix db
+nix2container.buildImage {

  inherit name tag maxLayers;

+  layers = [
+    layer1
+    layer2
+    layer3
+    layer4
+    layer5
+  ];
+
  contents = [ baseSystem ];

-  extraCommands = ''
-    rm -rf nix-support
-    ln -s /nix/var/nix/profiles nix/var/nix/gcroots/profiles
-  '';
-  fakeRootCommands = ''
-    chmod 1777 tmp
-    chmod 1777 var/tmp
-  '';
+  initializeNixDatabase = true;
+
+  # extraCommands = ''
+  #   rm -rf nix-support
+  #   ln -s /nix/var/nix/profiles nix/var/nix/gcroots/profiles
+  # '';
+
+  perms = [
+    {
+      path = "/tmp";
+      regex = ".*";
+      mode = "1777";
+    }
+    {
+      path = "/var/tmp";
+      regex = ".*";
+      mode = "1777";
+    }
+  ];

  config = {
    Cmd = [ "/root/.nix-profile/bin/bash" ];
--- a/flake.lock
+++ b/flake.lock
@ -16,6 +16,22 @@
        "type": "github"
      }
    },
+    "nix2container": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1712990762,
+        "narHash": "sha256-hO9W3w7NcnYeX8u8cleHiSpK2YJo7ecarFTUlbybl7k=",
+        "owner": "nlewo",
+        "repo": "nix2container",
+        "rev": "20aad300c925639d5d6cbe30013c8357ce9f2a2e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nlewo",
+        "repo": "nix2container",
+        "type": "github"
+      }
+    },
    "nixpkgs": {
      "locked": {
        "lastModified": 1715123187,
@ -67,6 +83,7 @@
    "root": {
      "inputs": {
        "flake-compat": "flake-compat",
+        "nix2container": "nix2container",
        "nixpkgs": "nixpkgs",
        "nixpkgs-regression": "nixpkgs-regression",
        "pre-commit-hooks": "pre-commit-hooks"
--- a/flake.nix
+++ b/flake.nix
@ -8,6 +8,10 @@
      url = "github:cachix/git-hooks.nix";
      flake = false;
    };
+    nix2container = {
+      url = "github:nlewo/nix2container";
+      flake = false;
+    };
    flake-compat = {
      url = "github:edolstra/flake-compat";
      flake = false;
@ -20,6 +24,7 @@
      nixpkgs,
      nixpkgs-regression,
      pre-commit-hooks,
+      nix2container,
      flake-compat,
    }:

@ -330,19 +335,22 @@
            dockerImage =
              let
                pkgs = nixpkgsFor.${system}.native;
+                nix2container' = import nix2container { inherit pkgs system; };
                image = import ./docker.nix {
                  inherit pkgs;
+                  nix2container = nix2container'.nix2container;
                  tag = pkgs.nix.version;
                };
              in
-              pkgs.runCommand "docker-image-tarball-${pkgs.nix.version}"
-                { meta.description = "Docker image with Lix for ${system}"; }
-                ''
-                  mkdir -p $out/nix-support
-                  image=$out/image.tar.gz
-                  ln -s ${image} $image
-                  echo "file binary-dist $image" >> $out/nix-support/hydra-build-products
-                '';
+              image;
+            # pkgs.runCommand "docker-image-tarball-${pkgs.nix.version}"
+            #   { meta.description = "Docker image with Lix for ${system}"; }
+            #   ''
+            #     mkdir -p $out/nix-support
+            #     image=$out/image.tar.gz
+            #     ln -s ${image} $image
+            #     echo "file binary-dist $image" >> $out/nix-support/hydra-build-products
+            #   '';
          }
          // builtins.listToAttrs (
            map (crossSystem: {