wroclaw-git-backups/nix
1
0
Fork 0
mirror of https://github.com/NixOS/nix synced 2025-06-24 13:51:16 +02:00
Code Activity

docker: use callPackage, parametrise the image build

Browse source
This commit is contained in:
Pol Dellaiera 2025-06-12 19:07:20 +02:00
parent 5abaf361a4
commit 5862f38d00
3 changed files with 58 additions and 45 deletions
Download patch file Download diff file Expand all files Collapse all files

90
docker.nix
View file

@ -1,6 +1,10 @@
{ {
pkgs ? import <nixpkgs> { }, # Core dependencies
lib ? pkgs.lib, pkgs,
lib,
runCommand,
buildPackages,
# Image configuration
name ? "nix", name ? "nix",
tag ? "latest", tag ? "latest",
bundleNixpkgs ? true, bundleNixpkgs ? true,
@ -14,36 +18,52 @@
gid ? 0, gid ? 0,
uname ? "root", uname ? "root",
gname ? "root", gname ? "root",
# Default Packages
nix,
bashInteractive,
coreutils-full,
gnutar,
gzip,
gnugrep,
which,
curl,
less,
wget,
man,
cacert,
findutils,
iana-etc,
git,
openssh,
# Other dependencies
shadow,
}: }:
let let
defaultPkgs = defaultPkgs = [
with pkgs; nix
[ bashInteractive
nix coreutils-full
bashInteractive gnutar
coreutils-full gzip
gnutar gnugrep
gzip which
gnugrep curl
which less
curl wget
less man
wget cacert.out
man findutils
cacert.out iana-etc
findutils git
iana-etc openssh
git ] ++ extraPkgs;
openssh
]
++ extraPkgs;
users = users =
{ {
root = { root = {
uid = 0; uid = 0;
shell = "${pkgs.bashInteractive}/bin/bash"; shell = lib.getExe bashInteractive;
home = "/root"; home = "/root";
gid = 0; gid = 0;
groups = [ "root" ]; groups = [ "root" ];
@ -52,7 +72,7 @@ let
nobody = { nobody = {
uid = 65534; uid = 65534;
shell = "${pkgs.shadow}/bin/nologin"; shell = lib.getExe' shadow "nologin";
home = "/var/empty"; home = "/var/empty";
gid = 65534; gid = 65534;
groups = [ "nobody" ]; groups = [ "nobody" ];
@ -63,7 +83,7 @@ let
// lib.optionalAttrs (uid != 0) { // lib.optionalAttrs (uid != 0) {
"${uname}" = { "${uname}" = {
uid = uid; uid = uid;
shell = "${pkgs.bashInteractive}/bin/bash"; shell = lib.getExe bashInteractive;
home = "/home/${uname}"; home = "/home/${uname}";
gid = gid; gid = gid;
groups = [ "${gname}" ]; groups = [ "${gname}" ];
@ -170,7 +190,7 @@ let
baseSystem = baseSystem =
let let
nixpkgs = pkgs.path; nixpkgs = pkgs.path;
channel = pkgs.runCommand "channel-nixos" { inherit bundleNixpkgs; } '' channel = runCommand "channel-nixos" { inherit bundleNixpkgs; } ''
mkdir $out mkdir $out
if [ "$bundleNixpkgs" ]; then if [ "$bundleNixpkgs" ]; then
ln -s ${ ln -s ${
@ -182,11 +202,11 @@ let
echo "[]" > $out/manifest.nix echo "[]" > $out/manifest.nix
fi fi
''; '';
rootEnv = pkgs.buildPackages.buildEnv { rootEnv = buildPackages.buildEnv {
name = "root-profile-env"; name = "root-profile-env";
paths = defaultPkgs; paths = defaultPkgs;
}; };
manifest = pkgs.buildPackages.runCommand "manifest.nix" { } '' manifest = buildPackages.runCommand "manifest.nix" { } ''
cat > $out <<EOF cat > $out <<EOF
[ [
${lib.concatStringsSep "\n" ( ${lib.concatStringsSep "\n" (
@ -215,7 +235,7 @@ let
] ]
EOF EOF
''; '';
profile = pkgs.buildPackages.runCommand "user-environment" { } '' profile = buildPackages.runCommand "user-environment" { } ''
mkdir $out mkdir $out
cp -a ${rootEnv}/* $out/ cp -a ${rootEnv}/* $out/
ln -s ${manifest} $out/manifest.nix ln -s ${manifest} $out/manifest.nix
@ -228,7 +248,7 @@ let
else else
flake-registry; flake-registry;
in in
pkgs.runCommand "base-system" runCommand "base-system"
{ {
inherit inherit
passwdContents passwdContents
@ -290,8 +310,8 @@ let
echo "${channelURL} ${channelName}" > $out${userHome}/.nix-channels echo "${channelURL} ${channelName}" > $out${userHome}/.nix-channels
mkdir -p $out/bin $out/usr/bin mkdir -p $out/bin $out/usr/bin
ln -s ${pkgs.coreutils-full}/bin/env $out/usr/bin/env ln -s ${lib.getExe' coreutils-full "env"} $out/usr/bin/env
ln -s ${pkgs.bashInteractive}/bin/bash $out/bin/sh ln -s ${lib.getExe bashInteractive} $out/bin/sh
'' ''
+ (lib.optionalString (flake-registry-path != null) '' + (lib.optionalString (flake-registry-path != null) ''
@ -300,7 +320,7 @@ let
globalFlakeRegistryPath="$nixCacheDir/flake-registry.json" globalFlakeRegistryPath="$nixCacheDir/flake-registry.json"
ln -s ${flake-registry-path} $out$globalFlakeRegistryPath ln -s ${flake-registry-path} $out$globalFlakeRegistryPath
mkdir -p $out/nix/var/nix/gcroots/auto mkdir -p $out/nix/var/nix/gcroots/auto
rootName=$(${pkgs.nix}/bin/nix --extra-experimental-features nix-command hash file --type sha1 --base32 <(echo -n $globalFlakeRegistryPath)) rootName=$(${lib.getExe' nix "nix"} --extra-experimental-features nix-command hash file --type sha1 --base32 <(echo -n $globalFlakeRegistryPath))
ln -s $globalFlakeRegistryPath $out/nix/var/nix/gcroots/auto/$rootName ln -s $globalFlakeRegistryPath $out/nix/var/nix/gcroots/auto/$rootName
'') '')
); );
@ -332,7 +352,7 @@ pkgs.dockerTools.buildLayeredImageWithNixDb {
''; '';
config = { config = {
Cmd = [ "${userHome}/.nix-profile/bin/bash" ]; Cmd = [ (lib.getExe bashInteractive) ];
User = "${toString uid}:${toString gid}"; User = "${toString uid}:${toString gid}";
Env = [ Env = [
"USER=${uname}" "USER=${uname}"

3
flake.nix
View file

@ -404,8 +404,7 @@
dockerImage = dockerImage =
let let
pkgs = nixpkgsFor.${system}.native; pkgs = nixpkgsFor.${system}.native;
image = import ./docker.nix { image = pkgs.callPackage ./docker.nix {
inherit pkgs;
tag = pkgs.nix.version; tag = pkgs.nix.version;
}; };
in in

10
tests/nixos/nix-docker.nix
View file

@ -1,21 +1,15 @@
# Test the container built by ../../docker.nix. # Test the container built by ../../docker.nix.
{ {
lib,
config, config,
nixpkgs,
hostPkgs,
... ...
}: }:
let let
pkgs = config.nodes.machine.nixpkgs.pkgs; pkgs = config.nodes.machine.nixpkgs.pkgs;
nixImage = import ../../docker.nix { nixImage = pkgs.callPackage ../../docker.nix { };
inherit (config.nodes.machine.nixpkgs) pkgs; nixUserImage = pkgs.callPackage ../../docker.nix {
};
nixUserImage = import ../../docker.nix {
inherit (config.nodes.machine.nixpkgs) pkgs;
name = "nix-user"; name = "nix-user";
uid = 1000; uid = 1000;
gid = 1000; gid = 1000;