diff --git a/packages/default.nix b/packages/default.nix index 3b42265..dbefe40 100644 --- a/packages/default.nix +++ b/packages/default.nix @@ -10,8 +10,8 @@ in forAllSystems(system: pkgs = nixpkgsFor.${system}; bonfire = self; - bonfire-lib = self.lib; - bonfire-pkgs = self.packages.${system}; + bonlib = self.lib; + bonpkgs = self.packages.${system}; crane = self.inputs.crane; crane-lib = self.inputs.crane.lib.${system}; @@ -32,4 +32,8 @@ in forAllSystems(system: ultimmc = pkgs.libsForQt5.callPackage ./ultimmc { inherit bonfire; }; cargo-shuttle = pkgs.callPackage ./cargo-shuttle { inherit bonfire crane-lib; }; + + nix-minimal = pkgs.callPackage ./nix-minimal { inherit bonpkgs bonlib; }; + + nix-runner = pkgs.callPackage ./nix-runner { inherit bonpkgs bonlib; }; }) diff --git a/packages/nix-minimal/default.nix b/packages/nix-minimal/default.nix new file mode 100644 index 0000000..9b9a8d3 --- /dev/null +++ b/packages/nix-minimal/default.nix @@ -0,0 +1,136 @@ +{ + pkgs, + lib, + bonlib, + extraPaths ? [], + ... +}: +let + nixPath = pkgs.writeText "nixpkgsError" ''_: throw ''' + This container doesn't include nixpkgs. + Hint: override the NIX_PATH environment variable with eg: + "NIX_PATH=nixpkgs=channel:nixos-unstable" + ''' ''; + + builderIds = let forEach = n: if n == 1 then [n] else [n] ++ forEach (n - 1); in forEach 32; + + withFakeNss = with pkgs; [ + (writeTextDir "etc/passwd" ( + builtins.concatStringsSep "\n" ( + map (n: "nixbld${toString n}:x:${toString (30000 + n)}:30000:Nix build user ${toString n}:/var/empty:/bin/false") builderIds) + + "\n" + '' + root:x:0:0:System administrator:/root:${bashInteractive}/bin/bash + nobody:x:65534:65534:Unprivileged account (don't use!):/var/empty:${shadow}/bin/nologin + '')) + + (writeTextDir "etc/group" '' + root:x:0: + wheel:x:1: + kmem:x:2: + tty:x:3: + messagebus:x:4: + disk:x:6: + audio:x:17: + floppy:x:18: + uucp:x:19: + lp:x:20: + cdrom:x:24: + tape:x:25: + video:x:26: + dialout:x:27: + utmp:x:29: + adm:x:55: + keys:x:96: + users:x:100: + input:x:174: + nixbld:x:30000:${builtins.concatStringsSep "," (map (n: "nixbld${toString n}") builderIds)} + nogroup:x:65534: + '') + + (writeTextDir "etc/nsswitch.conf" '' + passwd: files mymachines systemd + group: files mymachines systemd + shadow: files + + hosts: files mymachines dns myhostname + networks: files + + ethers: files + services: files + protocols: files + rpc: files + '') + ]; + + withNixConf = with pkgs; [ + (writeTextDir "etc/nix/nix.conf" '' + accept-flake-config = true + experimental-features = nix-command flakes + show-trace = true + max-jobs = auto + trusted-users = root + '') + ]; + +in pkgs.dockerTools.buildImageWithNixDb { + name = "nix-minimal"; + tag = "latest"; + + copyToRoot = pkgs.buildEnv { + name = "image-root"; + pathsToLink = [ "/bin" "/etc" ]; + paths = with pkgs; [ + dockerTools.usrBinEnv + + coreutils + bashInteractive + nix + + cacert + gnutar + gzip + xz + openssh + ((git.override { + perlSupport = false; + pythonSupport = false; + withpcre2 = false; + withManual = false; + }).overrideAttrs (_: { doInstallCheck = false; })) + + iana-etc + ] ++ withFakeNss ++ withNixConf ++ extraPaths; + }; + + runAsRoot = with pkgs; '' + #!${runtimeShell} + ${dockerTools.shadowSetup} + ''; + + config = { + Cmd = [ "/bin/bash" ]; + Env = [ + "USER=root" + "PATH=/bin:/usr/bin:/nix/var/nix/profiles/default/bin" + "PAGER=cat" + "ENV=/etc/profile.d/nix.sh" + "BASH_ENV=/etc/profile.d/nix.sh" + "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" + "NIX_BUILD_SHELL=/bin/bash" + "NIX_PATH=nixpkgs=${nixPath}" + ]; + }; +} // { + meta = with lib; { + homepage = "https://vcs.elnafo.ru/L-Nafaryus/bonfire"; + description = "Minimal image with a Nix package manager"; + longDescription = '' + Minimal docker image with Nix package manager (https://nixos.org/). + Enabled features: nix-command, flakes. + Versions: latest + ''; + platforms = platforms.linux; + license = licenses.lgpl21Plus; + maintainers = with bonlib.maintainers; [ L-Nafaryus ]; + }; +} diff --git a/packages/nix-runner/default.nix b/packages/nix-runner/default.nix new file mode 100644 index 0000000..d15674d --- /dev/null +++ b/packages/nix-runner/default.nix @@ -0,0 +1,34 @@ +{ + pkgs, + lib, + bonpkgs, + bonlib, + extraPaths ? [], + ... +}: +pkgs.dockerTools.buildImage { + name = "nix-runner"; + tag = "latest"; + fromImage = bonpkgs.nix-minimal; + + copyToRoot = pkgs.buildEnv { + name = "image-root"; + pathsToLink = [ "/bin" ]; + paths = with pkgs; [ + nodejs + jq + cachix + ] ++ extraPaths; + }; + + config.Cmd = [ "/bin/bash" ]; +} // { + meta = bonpkgs.nix-minimal.meta // { + description = "Image for action runners with a Nix package manager"; + longDescription = '' + Docker image for action runners with Nix package manager (https://nixos.org/). + Enabled features: nix-command, flakes. + Versions: latest + ''; + }; +}