forked from lix-project/lix
parent
a7c271d78c
commit
563013c97d
127
docker.nix
127
docker.nix
|
@ -1,9 +1,10 @@
|
|||
{
|
||||
pkgs ? import <nixpkgs> { },
|
||||
nix2container,
|
||||
lib ? pkgs.lib,
|
||||
name ? "lix",
|
||||
tag ? "latest",
|
||||
bundleNixpkgs ? true,
|
||||
bundleNixpkgs ? false,
|
||||
channelName ? "nixpkgs",
|
||||
channelURL ? "https://nixos.org/channels/nixpkgs-unstable",
|
||||
extraPkgs ? [ ],
|
||||
|
@ -12,27 +13,30 @@
|
|||
flake-registry ? null,
|
||||
}:
|
||||
let
|
||||
defaultPkgs =
|
||||
with pkgs;
|
||||
[
|
||||
nix
|
||||
bashInteractive
|
||||
coreutils-full
|
||||
gnutar
|
||||
gzip
|
||||
gnugrep
|
||||
which
|
||||
curl
|
||||
less
|
||||
wget
|
||||
man
|
||||
cacert.out
|
||||
findutils
|
||||
iana-etc
|
||||
git
|
||||
openssh
|
||||
]
|
||||
++ extraPkgs;
|
||||
# a big pile of reasonably sized things
|
||||
layer1Pkgs = with pkgs; [
|
||||
bashInteractive
|
||||
coreutils-full
|
||||
gnutar
|
||||
gzip
|
||||
gnugrep
|
||||
which
|
||||
curl
|
||||
less
|
||||
wget
|
||||
man
|
||||
cacert.out
|
||||
findutils
|
||||
iana-etc
|
||||
openssh
|
||||
];
|
||||
# 120MB of python
|
||||
layer2Pkgs = with pkgs; [ python3 ];
|
||||
# 50MB of git
|
||||
layer3Pkgs = with pkgs; [ git ];
|
||||
layer5Pkgs = with pkgs; [ nix ];
|
||||
|
||||
defaultPkgs = layer1Pkgs ++ layer2Pkgs ++ layer3Pkgs ++ layer5Pkgs ++ extraPkgs;
|
||||
|
||||
users =
|
||||
{
|
||||
|
@ -139,16 +143,17 @@ let
|
|||
))
|
||||
+ "\n";
|
||||
|
||||
nixpkgs = pkgs.path;
|
||||
channel = pkgs.runCommand "channel-nixos" { inherit bundleNixpkgs; } ''
|
||||
mkdir $out
|
||||
if [ "$bundleNixpkgs" ]; then
|
||||
ln -s ${nixpkgs} $out/nixpkgs
|
||||
echo "[]" > $out/manifest.nix
|
||||
fi
|
||||
'';
|
||||
|
||||
baseSystem =
|
||||
let
|
||||
nixpkgs = pkgs.path;
|
||||
channel = pkgs.runCommand "channel-nixos" { inherit bundleNixpkgs; } ''
|
||||
mkdir $out
|
||||
if [ "$bundleNixpkgs" ]; then
|
||||
ln -s ${nixpkgs} $out/nixpkgs
|
||||
echo "[]" > $out/manifest.nix
|
||||
fi
|
||||
'';
|
||||
rootEnv = pkgs.buildPackages.buildEnv {
|
||||
name = "root-profile-env";
|
||||
paths = defaultPkgs;
|
||||
|
@ -273,21 +278,65 @@ let
|
|||
ln -s $globalFlakeRegistryPath $out/nix/var/nix/gcroots/auto/$rootName
|
||||
'')
|
||||
);
|
||||
|
||||
layer1 = nix2container.buildLayer { deps = [ layer1Pkgs ]; };
|
||||
|
||||
layer2 = nix2container.buildLayer {
|
||||
layers = [ layer1 ];
|
||||
deps = [ layer2Pkgs ];
|
||||
};
|
||||
|
||||
layer3 = nix2container.buildLayer {
|
||||
layers = [ layer2 ];
|
||||
deps = [ layer3Pkgs ];
|
||||
};
|
||||
|
||||
# 144MB of nixpkgs
|
||||
layer4 = nix2container.buildLayer {
|
||||
layers = [ layer3 ];
|
||||
deps = [ channel ];
|
||||
};
|
||||
|
||||
# Lix on its own layer by itself, largely, hopefully; to improve layer reuse
|
||||
layer5 = nix2container.buildLayer {
|
||||
layers = [ layer4 ];
|
||||
deps = layer5Pkgs;
|
||||
};
|
||||
in
|
||||
pkgs.dockerTools.buildLayeredImageWithNixDb {
|
||||
# TODO: nix db
|
||||
nix2container.buildImage {
|
||||
|
||||
inherit name tag maxLayers;
|
||||
|
||||
layers = [
|
||||
layer1
|
||||
layer2
|
||||
layer3
|
||||
layer4
|
||||
layer5
|
||||
];
|
||||
|
||||
contents = [ baseSystem ];
|
||||
|
||||
extraCommands = ''
|
||||
rm -rf nix-support
|
||||
ln -s /nix/var/nix/profiles nix/var/nix/gcroots/profiles
|
||||
'';
|
||||
fakeRootCommands = ''
|
||||
chmod 1777 tmp
|
||||
chmod 1777 var/tmp
|
||||
'';
|
||||
initializeNixDatabase = true;
|
||||
|
||||
# extraCommands = ''
|
||||
# rm -rf nix-support
|
||||
# ln -s /nix/var/nix/profiles nix/var/nix/gcroots/profiles
|
||||
# '';
|
||||
|
||||
perms = [
|
||||
{
|
||||
path = "/tmp";
|
||||
regex = ".*";
|
||||
mode = "1777";
|
||||
}
|
||||
{
|
||||
path = "/var/tmp";
|
||||
regex = ".*";
|
||||
mode = "1777";
|
||||
}
|
||||
];
|
||||
|
||||
config = {
|
||||
Cmd = [ "/root/.nix-profile/bin/bash" ];
|
||||
|
|
17
flake.lock
17
flake.lock
|
@ -16,6 +16,22 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nix2container": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1712990762,
|
||||
"narHash": "sha256-hO9W3w7NcnYeX8u8cleHiSpK2YJo7ecarFTUlbybl7k=",
|
||||
"owner": "nlewo",
|
||||
"repo": "nix2container",
|
||||
"rev": "20aad300c925639d5d6cbe30013c8357ce9f2a2e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nlewo",
|
||||
"repo": "nix2container",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1715123187,
|
||||
|
@ -67,6 +83,7 @@
|
|||
"root": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat",
|
||||
"nix2container": "nix2container",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"nixpkgs-regression": "nixpkgs-regression",
|
||||
"pre-commit-hooks": "pre-commit-hooks"
|
||||
|
|
24
flake.nix
24
flake.nix
|
@ -8,6 +8,10 @@
|
|||
url = "github:cachix/git-hooks.nix";
|
||||
flake = false;
|
||||
};
|
||||
nix2container = {
|
||||
url = "github:nlewo/nix2container";
|
||||
flake = false;
|
||||
};
|
||||
flake-compat = {
|
||||
url = "github:edolstra/flake-compat";
|
||||
flake = false;
|
||||
|
@ -20,6 +24,7 @@
|
|||
nixpkgs,
|
||||
nixpkgs-regression,
|
||||
pre-commit-hooks,
|
||||
nix2container,
|
||||
flake-compat,
|
||||
}:
|
||||
|
||||
|
@ -330,19 +335,22 @@
|
|||
dockerImage =
|
||||
let
|
||||
pkgs = nixpkgsFor.${system}.native;
|
||||
nix2container' = import nix2container { inherit pkgs system; };
|
||||
image = import ./docker.nix {
|
||||
inherit pkgs;
|
||||
nix2container = nix2container'.nix2container;
|
||||
tag = pkgs.nix.version;
|
||||
};
|
||||
in
|
||||
pkgs.runCommand "docker-image-tarball-${pkgs.nix.version}"
|
||||
{ meta.description = "Docker image with Lix for ${system}"; }
|
||||
''
|
||||
mkdir -p $out/nix-support
|
||||
image=$out/image.tar.gz
|
||||
ln -s ${image} $image
|
||||
echo "file binary-dist $image" >> $out/nix-support/hydra-build-products
|
||||
'';
|
||||
image;
|
||||
# pkgs.runCommand "docker-image-tarball-${pkgs.nix.version}"
|
||||
# { meta.description = "Docker image with Lix for ${system}"; }
|
||||
# ''
|
||||
# mkdir -p $out/nix-support
|
||||
# image=$out/image.tar.gz
|
||||
# ln -s ${image} $image
|
||||
# echo "file binary-dist $image" >> $out/nix-support/hydra-build-products
|
||||
# '';
|
||||
}
|
||||
// builtins.listToAttrs (
|
||||
map (crossSystem: {
|
||||
|
|
Loading…
Reference in a new issue