sbl/docker-nixpkgs
1
0
Fork 0
forked from github-mirror/docker-nixpkgs
Code Pull Requests Actions Activity

Compare commits

merge into: sbl:push-to-github
Branches Tags
sbl:master sbl:pjjw/nix-flake-runner sbl:pjjw/gitea-actions sbl:nix-unstable-static sbl:push-to-github sbl:nix-container-images
...
pull from: sbl:nix-unstable-static
Branches Tags
sbl:master sbl:pjjw/nix-flake-runner sbl:pjjw/gitea-actions sbl:nix-unstable-static sbl:push-to-github sbl:nix-container-images github-mirror:main github-mirror:nix-container-images

7 Commits
push-to-gi ... nix-unstab

Author SHA1 Message Date
Jörg Thalheim
f5c8f11da0 nix-unstable-static: bump nix 2023-07-20 12:59:44 +02:00
Jörg Thalheim
019b4effa9 nix-unstable-static: add a PATH entry that can be used to bind mount more binaries into the system 2023-07-20 12:59:36 +02:00
Jörg Thalheim
e380dbbda5 nix-unstable-static: add an unprivileged nix user that can be used without entrypoint 2023-07-20 12:59:36 +02:00
Jörg Thalheim
23c51fe60b nix-unstable-static: drop unused openssl 2023-07-20 12:21:18 +02:00
Jonas Chevalier
30ea4a75cd devcontainer: fix build on nixos-unstable (#64) 2023-07-18 17:31:21 +02:00
Franz Pletz
ae6d994038 bump to nixos-23.05 (#59) 
fixes #57
 2023-07-01 22:04:07 +02:00
dependabot[bot]
e9b6514e0e build(deps): bump cachix/install-nix-action from 20 to 22 (#58) 
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 20 to 22.
- [Release notes](https://github.com/cachix/install-nix-action/releases)
- [Commits](https://github.com/cachix/install-nix-action/compare/v20...v22)

---
updated-dependencies:
- dependency-name: cachix/install-nix-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-06-19 12:44:07 +02:00
5 changed files with 22 additions and 12 deletions
Expand all files Collapse all files

4
.github/workflows/nix.yml vendored
View File

@@ -16,12 +16,12 @@ jobs:
matrix: matrix:
channel: channel:
- nixos-unstable - nixos-unstable
- nixos-22.05
- nixos-22.11 - nixos-22.11
- nixos-23.05
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- uses: cachix/install-nix-action@v20 - uses: cachix/install-nix-action@v22
- run: nix-shell --run ./ci.sh - run: nix-shell --run ./ci.sh
env: env:
CI_REGISTRY_AUTH: '${{ secrets.REGISTRY_AUTH }}' CI_REGISTRY_AUTH: '${{ secrets.REGISTRY_AUTH }}'

4
.gitlab-ci.yml
View File

@@ -3,12 +3,12 @@ stages:
build: build:
stage: build stage: build
image: nixpkgs/nix:nixos-22.05 image: nixpkgs/nix:nixos-22.11
script: nix-shell --run ./ci.sh script: nix-shell --run ./ci.sh
parallel: parallel:
matrix: matrix:
- NIXPKGS_CHANNEL: nixos-unstable - NIXPKGS_CHANNEL: nixos-unstable
IMAGE_TAG: latest IMAGE_TAG: latest
- NIXPKGS_CHANNEL: - NIXPKGS_CHANNEL:
- nixos-22.05
- nixos-22.11 - nixos-22.11
- nixos-23.05

2
README.md
View File

@@ -39,8 +39,8 @@ nixpkgs channel describes.
| Channel | Image Tag | Description | | Channel | Image Tag | Description |
| --- | --- | --- | | --- | --- | --- |
| nixos-22.05 | nixos-22.05 | only minor versions that include security updates |
| nixos-22.11 | nixos-22.11 | only minor versions that include security updates | | nixos-22.11 | nixos-22.11 | only minor versions that include security updates |
| nixos-23.05 | nixos-23.05 | only minor versions that include security updates |
| nixos-unstable | latest | latest and greatest, major versions might change | | nixos-unstable | latest | latest and greatest, major versions might change |
## List of images ## List of images

7
images/devcontainer/default.nix
View File

@@ -55,7 +55,12 @@ let
shadow shadow
# for the vscode extension # for the vscode extension
gcc-unwrapped
# HACK: don't include the "libgcc" output. It has overlapping files with
# the "lib" output, and that breaks the build.
(gcc-unwrapped // {
outputs = builtins.filter (x: x != "libgcc") gcc-unwrapped.outputs;
})
iproute iproute
]; ];
}; };

17
images/nix-unstable-static/default.nix
View File

@@ -6,21 +6,20 @@
, python3 , python3
, removeReferencesTo , removeReferencesTo
, runCommand , runCommand
, buildPackages
}: }:
let let
inherit (pkgsStatic) inherit (pkgsStatic)
bashInteractive bashInteractive
busybox busybox
cacert cacert;
openssl
;
bash = bashInteractive; bash = bashInteractive;
# Get nix from Hydra because the nixpkgs one is not fully static # Get nix from Hydra because the nixpkgs one is not fully static
nixStaticBin = fetchurl { nixStaticBin = fetchurl {
url = "https://hydra.nixos.org/build/181573550/download/1/nix"; url = "https://hydra.nixos.org/build/228458395/download/1/nix";
hash = "sha256-zO2xJhQIrLtL/ReTlcorjwsaTO1W5Rnr+sXwcLcujok="; hash = "sha256-H361lUdMpBpBVwInBmpAXKAwjPIf740Jg9Nht0NV66s=";
}; };
nixSymlinks = [ nixSymlinks = [
@@ -64,6 +63,11 @@ let
# Add user home folder # Add user home folder
mkdir home mkdir home
# Create an unpriveleged user that we can use also without the run-as-user.sh script
chmod +w $PWD/etc/group $PWD/etc/passwd
${buildPackages.shadow}/bin/groupadd --prefix $PWD -g 9000 nixuser
${buildPackages.shadow}/bin/useradd --prefix $PWD -m -d /tmp -u 9000 -g 9000 -G nixuser nixuser
# Add SSL CA certs # Add SSL CA certs
cp -a "${cacert}/etc/ssl/certs/ca-bundle.crt" etc/ssl/certs/ca-bundle.crt cp -a "${cacert}/etc/ssl/certs/ca-bundle.crt" etc/ssl/certs/ca-bundle.crt
@@ -117,7 +121,8 @@ let
Env = [ Env = [
"NIX_BUILD_SHELL=/bin/bash" "NIX_BUILD_SHELL=/bin/bash"
"PAGER=cat" "PAGER=cat"
"PATH=/bin" # /host/bin can be used to extend the image with additional binaries
"PATH=/bin:/host/bin"
"SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt" "SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt"
]; ];
}; };