Files
cargoxx-pkgs/runner/flake.nix

98 lines
2.8 KiB
Nix

{
description = "OCI image for cargoxx-pkgs CI jobs: nix + tea + git + jq";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
flake-utils.url = "github:numtide/flake-utils";
};
outputs = { self, nixpkgs, flake-utils }:
flake-utils.lib.eachDefaultSystem (system:
let
pkgs = import nixpkgs { inherit system; };
# Single-user nix config — same defaults used by the cargoxx
# distribution wrapper. Avoids the multi-user nixbld group
# requirement; sandbox disabled because the runner container
# itself doesn't usually have user-namespace support.
nixConfig = ''
experimental-features = nix-command flakes
build-users-group =
sandbox = false
accept-flake-config = true
'';
in {
packages.default = pkgs.dockerTools.buildLayeredImage {
name = "cargoxx-runner-job";
tag = "latest";
contents = with pkgs; [
bashInteractive
coreutils
findutils
gawk
gnugrep
gnused
gnutar
gzip
xz
nix
git
curl
jq
tea
nodejs_20 # JS-based actions/checkout@v4 etc. need `node` on PATH
cacert
iana-etc
];
# Skeleton filesystem layout: /tmp, /etc/passwd for nix,
# writable nix store, cacert pointer.
extraCommands = ''
mkdir -p tmp etc nix/var/{nix,log/nix} root
chmod 1777 tmp
cat > etc/passwd <<'EOF'
root:x:0:0:root:/root:/bin/bash
nobody:x:65534:65534:nobody:/var/empty:/bin/false
EOF
cat > etc/group <<'EOF'
root:x:0:
nobody:x:65534:
EOF
cat > etc/nix/nix.conf <<'EOF'
${nixConfig}
EOF
'';
config = {
Env = [
"PATH=/bin:/usr/bin"
"NIX_CONFIG=${nixConfig}"
"NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt"
"SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt"
"HOME=/root"
"USER=root"
];
Cmd = [ "/bin/bash" ];
WorkingDir = "/root";
};
};
# `nix run .#load-image` builds the image and pipes it into the
# local Docker daemon — no registry needed for single-host
# deployments.
apps.load-image = {
type = "app";
program = toString (pkgs.writeShellScript "load-image" ''
set -euo pipefail
img=$(nix build --no-link --print-out-paths .#default)
echo "loading $img into docker"
${pkgs.docker}/bin/docker load < "$img"
'');
};
});
}