lix-project/lix-installer
17
2
Fork 2
Code Issues 11 Code Review (Gerrit) Projects Activity

Improve container docs somewhat (#472)

Browse source 
* Improve container docs somewhat

* compatibility

* Clarify this
This commit is contained in:
Ana Hobden 2023-05-18 10:14:03 -07:00 committed by GitHub
parent 5a8526268d
commit eb41cc9205
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 36 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

52
README.md
View file

@ -175,6 +175,8 @@ curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix
In Docker/Podman containers or WSL2 instances where an init (like `systemd`) is not present, pass `--init none`.
For containers (without an init):
> **Warning**
> When `--init none` is used, _only_ `root` or users who can elevate to `root` privileges can run Nix:
>
@ -182,48 +184,56 @@ In Docker/Podman containers or WSL2 instances where an init (like `systemd`) is
> sudo -i nix run nixpkgs#hello
> ```
For Docker containers (without an init):
```dockerfile
# Dockerfile
FROM ubuntu:latest
RUN apt update -y
RUN apt install curl -y
COPY nix-installer /nix-installer
RUN /nix-installer install linux --init none --no-confirm
RUN curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install linux \
--extra-conf "sandbox = false" \
--init none \
--no-confirm
ENV PATH="${PATH}:/nix/var/nix/profiles/default/bin"
RUN nix run nixpkgs#hello
```
Podman containers require `sandbox = false` in your `Nix.conf`.
For podman containers without an init:
```dockerfile
# Dockerfile
FROM ubuntu:latest
RUN apt update -y
RUN apt install curl -y
COPY nix-installer /nix-installer
RUN /nix-installer install linux --extra-conf "sandbox = false" --init none --no-confirm
ENV PATH="${PATH}:/nix/var/nix/profiles/default/bin"
RUN nix run nixpkgs#hello
```bash
docker build -t ubuntu-with-nix .
docker run --rm -ti ubuntu-with-nix
docker rmi ubuntu-with-nix
# or
podman build -t ubuntu-with-nix .
podman run --rm -ti ubuntu-with-nix
podman rmi ubuntu-with-nix
```
For Podman containers with a systemd init:
For containers with a systemd init:
```dockerfile
# Dockerfile
FROM ubuntu:latest
RUN apt update -y
RUN apt install curl systemd -y
COPY nix-installer /nix-installer
RUN /nix-installer install linux --extra-conf "sandbox = false" --no-start-daemon --no-confirm
RUN curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install linux \
--extra-conf "sandbox = false" \
--no-start-daemon \
--no-confirm
ENV PATH="${PATH}:/nix/var/nix/profiles/default/bin"
RUN nix run nixpkgs#hello
CMD [ "/usr/sbin/init" ]
CMD [ "/bin/systemd" ]
```
```bash
podman build -t ubuntu-systemd-with-nix .
IMAGE=$(podman create ubuntu-systemd-with-nix)
CONTAINER=$(podman start $IMAGE)
podman exec -ti $CONTAINER /bin/bash
podman rm -f $CONTAINER
podman rmi $IMAGE
```
On some container tools, such as `docker`, `sandbox = false` can be omitted. Omitting it will negatively impact compatibility with container tools like `podman`.
## In WSL2
If [systemd is enabled](https://ubuntu.com/blog/ubuntu-wsl-enable-systemd) it's possible to install Nix as normal using the command at the top of this document:

6
flake.nix
View file

@ -148,7 +148,11 @@
check.check-editorconfig
check.check-semver
]
++ lib.optionals (pkgs.stdenv.isDarwin) (with pkgs; [ libiconv ]);
++ lib.optionals (pkgs.stdenv.isDarwin) (with pkgs; [ libiconv ])
++ lib.optionals (pkgs.stdenv.isLinux) (with pkgs; [
podman
/* users are expected to have a system docker, too */
]);
};
});