NexVeridian/docker-nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

hi

Browse source
This commit is contained in:
zimbatm 2019-01-19 00:04:11 +01:00
commit b44f7f85f3
No known key found for this signature in database
GPG key ID: 71BAF6D40C1D63D7
16 changed files with 302 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
.gitignore vendored Normal file
View file

@ -0,0 +1,3 @@
# Nix
result
result-*

30
.gitlab-ci.yml Normal file
View file

@ -0,0 +1,30 @@
image: nixos/nix:latest
stages:
- build
- publish
before_script:
- nix-shell --run .gitlab/docker-login
nixos-unstable:
extends: .build
variables:
NIXPKGS_CHANNEL: nixos-unstable
nixos-18.09:
extends: .build
variables:
NIXPKGS_CHANNEL: nixos-18.09
# ---- templates ---
.build:
stage: build
script:
- nix-shell --run ./build
- nix-shell --run .gitlab/push-master
variables:
NIX_PATH: "nixpkgs=channel:${NIXPKGS_CHANNEL}"
REGISTRY_URL: "${CI_REGISTRY_IMAGE}/${NIXPKGS_CHANNEL}"

13
.gitlab/docker-login Executable file
View file

@ -0,0 +1,13 @@
#!/bin/sh -eu
mkdir ~/.docker
cat <<DOCKER_CONF > ~/.docker/config.json
{
"auths": {
"$CI_REGISTRY": {
"auth": "$(printf "%s:%s" "$CI_REGISTRY_USER" "$CI_REGISTRY_PASSWORD" | base64)"
}
}
}
DOCKER_CONF

6
.gitlab/push-master Executable file
View file

@ -0,0 +1,6 @@
#!/bin/sh -eu
if [ "$CI_COMMIT_REF_NAME" = master ]; then
exec ./push-all
else
echo "=== not pushing on non-master ==="
fi

21
LICENSE Normal file
View file

@ -0,0 +1,21 @@
MIT License
Copyright (c) 2019 zimbatm and contributors
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

50
README.md Normal file
View file

@ -0,0 +1,50 @@
# docker-nixpkgs: docker images from nixpkgs
This project is a collection of docker images automatically produced with Nix
and the latest nixpkgs package set. It even refreshes every morning a 4:00 UTC
thanks to the [Gitlab CI schedules][gitlab-schedules].
It's also a good demonstration on how to build and publish Docker images with
Nix.
Always keep your docker images fresh!
## Why use Nix to build docker images?
Nix has a number of advantages over Dockerfile when producing docker images:
* builds are actually reproducible
* Nix will only rebuild the minimum set of changes
* Nix can produce automatic optimised layers for you
## Example usage
Here is an example of using one of the docker images. Usage will change from
image to image.
```
# the user must have an account at gitlab
$ docker login registry.gitlab.com
# run the curl image which has curl as an entry-point
$ docker run -ti --rm registry.gitlab.com/zimbatm/docker-nixpkgs/nixos-unstable/curl http://ifconfig.co
180.52.248.114
```
## List of images
| Image | Description |
| --- | --- |
| curl | just curl as an entrypoint |
| nix | nix with deps |
| nix-unstable | nixUnstable with deps |
## Channels
| Name |
| --- |
| nixos-unstable |
| nixos-18.09 |
[gitlab-schedules]: https://gitlab.com/zimbatm/docker-nixpkgs/pipeline_schedules

6
build Executable file
View file

@ -0,0 +1,6 @@
#!/bin/sh -eu
# build *all* the docker images
nix-build release.nix \
--no-out-link \
"$@"

20
curl/default.nix Normal file
View file

@ -0,0 +1,20 @@
{ dockerTools
, cacert
, curl
}:
dockerTools.buildImage {
inherit (curl) name;
contents = [
cacert
curl
];
config = {
Entrypoint = [ "/bin/curl" ];
Env = [
"PATH=/bin"
"SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt"
];
};
}

7
default.nix Normal file
View file

@ -0,0 +1,7 @@
{ nixpkgs ? <nixpkgs> }:
import nixpkgs {
config = {};
overlays = [
(import ./overlay.nix)
];
}

53
nix/default.nix Normal file
View file

@ -0,0 +1,53 @@
{ dockerTools
, bash
, cacert
, coreutils
, curl
, gitMinimal
, gnutar
, gzip
, iana-etc
, nix
, xz
}:
dockerTools.buildImageWithNixDb {
inherit (nix) name;
contents = [
./root
coreutils
# add /bin/sh
bash
nix
# runtime dependencies of nix
cacert
gitMinimal
gnutar
gzip
xz
# for haskell binaries
iana-etc
];
extraCommands = ''
# for /usr/bin/env
mkdir usr
ln -s ../bin usr/bin
# make sure /tmp exists
mkdir -m 0777 tmp
'';
config = {
Cmd = [ "/bin/bash" ];
Env = [
"ENV=/etc/profile.d/nix.sh"
"NIX_PATH=nixpkgs=channel:nixpkgs-unstable"
"PAGER=cat"
"PATH=/usr/bin:/bin"
"SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt"
];
};
}

21
nix/root/etc/group Normal file
View file

@ -0,0 +1,21 @@
root:x:0:
wheel:x:1:
kmem:x:2:
tty:x:3:
messagebus:x:4:
disk:x:6:
audio:x:17:
floppy:x:18:
uucp:x:19:
lp:x:20:
cdrom:x:24:
tape:x:25:
video:x:26:
dialout:x:27:
utmp:x:29:
adm:x:55:
keys:x:96:
users:x:100:
input:x:174:
nixbld:x:30000:nixbld1,nixbld10,nixbld11,nixbld12,nixbld13,nixbld14,nixbld15,nixbld16,nixbld17,nixbld18,nixbld19,nixbld2,nixbld20,nixbld21,nixbld22,nixbld23,nixbld24,nixbld25,nixbld26,nixbld27,nixbld28,nixbld29,nixbld3,nixbld30,nixbld31,nixbld32,nixbld4,nixbld5,nixbld6,nixbld7,nixbld8,nixbld9
nogroup:x:65534:

34
nix/root/etc/passwd Normal file
View file

@ -0,0 +1,34 @@
root:x:0:0:System administrator:/root:/bin/bash
nixbld1:x:30001:30000:Nix build user 1:/var/empty:/run/current-system/sw/bin/nologin
nixbld2:x:30002:30000:Nix build user 2:/var/empty:/run/current-system/sw/bin/nologin
nixbld3:x:30003:30000:Nix build user 3:/var/empty:/run/current-system/sw/bin/nologin
nixbld4:x:30004:30000:Nix build user 4:/var/empty:/run/current-system/sw/bin/nologin
nixbld5:x:30005:30000:Nix build user 5:/var/empty:/run/current-system/sw/bin/nologin
nixbld6:x:30006:30000:Nix build user 6:/var/empty:/run/current-system/sw/bin/nologin
nixbld7:x:30007:30000:Nix build user 7:/var/empty:/run/current-system/sw/bin/nologin
nixbld8:x:30008:30000:Nix build user 8:/var/empty:/run/current-system/sw/bin/nologin
nixbld9:x:30009:30000:Nix build user 9:/var/empty:/run/current-system/sw/bin/nologin
nixbld10:x:30010:30000:Nix build user 10:/var/empty:/run/current-system/sw/bin/nologin
nixbld11:x:30011:30000:Nix build user 11:/var/empty:/run/current-system/sw/bin/nologin
nixbld12:x:30012:30000:Nix build user 12:/var/empty:/run/current-system/sw/bin/nologin
nixbld13:x:30013:30000:Nix build user 13:/var/empty:/run/current-system/sw/bin/nologin
nixbld14:x:30014:30000:Nix build user 14:/var/empty:/run/current-system/sw/bin/nologin
nixbld15:x:30015:30000:Nix build user 15:/var/empty:/run/current-system/sw/bin/nologin
nixbld16:x:30016:30000:Nix build user 16:/var/empty:/run/current-system/sw/bin/nologin
nixbld17:x:30017:30000:Nix build user 17:/var/empty:/run/current-system/sw/bin/nologin
nixbld18:x:30018:30000:Nix build user 18:/var/empty:/run/current-system/sw/bin/nologin
nixbld19:x:30019:30000:Nix build user 19:/var/empty:/run/current-system/sw/bin/nologin
nixbld20:x:30020:30000:Nix build user 20:/var/empty:/run/current-system/sw/bin/nologin
nixbld21:x:30021:30000:Nix build user 21:/var/empty:/run/current-system/sw/bin/nologin
nixbld22:x:30022:30000:Nix build user 22:/var/empty:/run/current-system/sw/bin/nologin
nixbld23:x:30023:30000:Nix build user 23:/var/empty:/run/current-system/sw/bin/nologin
nixbld24:x:30024:30000:Nix build user 24:/var/empty:/run/current-system/sw/bin/nologin
nixbld25:x:30025:30000:Nix build user 25:/var/empty:/run/current-system/sw/bin/nologin
nixbld26:x:30026:30000:Nix build user 26:/var/empty:/run/current-system/sw/bin/nologin
nixbld27:x:30027:30000:Nix build user 27:/var/empty:/run/current-system/sw/bin/nologin
nixbld28:x:30028:30000:Nix build user 28:/var/empty:/run/current-system/sw/bin/nologin
nixbld29:x:30029:30000:Nix build user 29:/var/empty:/run/current-system/sw/bin/nologin
nixbld30:x:30030:30000:Nix build user 30:/var/empty:/run/current-system/sw/bin/nologin
nixbld31:x:30031:30000:Nix build user 31:/var/empty:/run/current-system/sw/bin/nologin
nixbld32:x:30032:30000:Nix build user 32:/var/empty:/run/current-system/sw/bin/nologin
nobody:x:65534:65534:Unprivileged account (don't use!):/var/empty:/run/current-system/sw/bin/nologin

14
overlay.nix Normal file
View file

@ -0,0 +1,14 @@
_: pkgs: {
docker-nixpkgs = rec {
curl = pkgs.callPackage ./curl {};
nix = pkgs.callPackage ./nix {};
# docker images must be lower-cased
nix-unstable = nix.overrideAttrs (self: {
nix = pkgs.nixUnstable;
});
};
}

12
push-all Executable file
View file

@ -0,0 +1,12 @@
#!/bin/sh -eu
: "${CI_REGISTRY_IMAGE:=registry.gitlab.com/zimbatm/docker-nixpkgs}"
: "${REGISTRY_URL:=$CI_REGISTRY_IMAGE/undefined}"
releases_json=$(nix-instantiate ./release.nix --strict --eval --json)
for attr in $(echo "$releases_json" | jq -r "keys[]") ; do
file=$(echo "$releases_json" | jq -r ".\"$attr\"")
echo "--- $attr -> $file"
skopeo copy "docker-archive://$file" "docker://$REGISTRY_URL/$attr:latest"
done

4
release.nix Normal file
View file

@ -0,0 +1,4 @@
let
pkgs = import ./. {};
in
pkgs.docker-nixpkgs

8
shell.nix Normal file
View file

@ -0,0 +1,8 @@
{ channel ? "nixos-unstable" }@args:
with import ./. args;
mkShell {
buildInputs = [
jq
skopeo
];
}