feat: convert to flake, based on

https://icewind.nl/entry/gitea-actions-nix/
2023-11-10 18:20:41 +01:00 · 2023-11-10 18:20:41 +01:00 · 3c5574e281
parent ed1e7dbbd7
commit 3c5574e281
4 changed files with 219 additions and 36 deletions
--- a/README.md
+++ b/README.md
@ -1,13 +1,24 @@
 # nix-flakes-node docker image

+Heavily based on:
+- https://icewind.nl/entry/gitea-actions-nix/
+
 How to build:
 ```
-docker load --input $(nix-build default.nix)
+nix build .#runner
+image=$((docker load < ./result) | sed -n '$s/^Loaded image: //p')
+docker tag "$image" nix-flakes-node:latest
+```
+
+Push to forgejo docker registry:
+```
+docker login git.pub.solar
+docker tag nix-flakes-node:latest git.pub.solar/pub-solar/nix-flakes-node:latest
+docker push git.pub.solar/pub-solar/nix-flakes-node:latest
 ```

 How to test:
 ```
-docker tag nix-flakes-node:ghyn1438kgxp09pxlpg6xakyw2fkjyhi nix-flakes-node:latest
 docker run -it --rm nix-flakes-node:latest bash

 bash-5.2# node
--- a/default.nix
+++ b/default.nix
@ -1,34 +0,0 @@
-{ pkgs ? import <nixpkgs> { }
-
-, pkgsLinux ? import <nixpkgs> { system = "x86_64-linux"; }
-
-}:
-let
-  nixFlakesImage = pkgs.dockerTools.pullImage {
-  imageName = "docker.nix-community.org/nixpkgs/nix-flakes";
-  imageDigest = "sha256:c564622ed14cccc8c5faa93d2540da29101200f41c442c824da83f54d4915a40";
-  sha256 = "15zkpmcrzqplz3fyi5z3gbjag19k627lszdvl93i2rb3ajkbvch6";
-  finalImageName = "docker.nix-community.org/nixpkgs/nix-flakes";
-  finalImageTag = "latest";
-  os = "linux";
-  arch = "x86_64";
-};
-in
-
-pkgs.dockerTools.buildImage {
-
-  name = "nix-flakes-node";
-
-  fromImage = nixFlakesImage;
-  fromImageTag = "latest";
-
-  copyToRoot = pkgs.buildEnv {
-    name = "image-root";
-    paths = [ pkgsLinux.nodejs_20 ];
-    pathsToLink = [ "/bin" ];
-  };
-
-  config = {
-    Cmd = [ "/bin/bash" ];
-  };
-}
--- a/flake.lock
+++ b/flake.lock
@ -0,0 +1,134 @@
+{
+  "nodes": {
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1673956053,
+        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "flake-utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1694529238,
+        "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "lowdown-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1633514407,
+        "narHash": "sha256-Dw32tiMjdK9t3ETl5fzGrutQTzh2rufgZV4A/BbxuD4=",
+        "owner": "kristapsdz",
+        "repo": "lowdown",
+        "rev": "d2c2b44ff6c27b936ec27358a2653caaef8f73b8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "kristapsdz",
+        "repo": "lowdown",
+        "type": "github"
+      }
+    },
+    "nix": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "lowdown-src": "lowdown-src",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "nixpkgs-regression": "nixpkgs-regression"
+      },
+      "locked": {
+        "lastModified": 1696259154,
+        "narHash": "sha256-WNmifcTsN9aG1ONkv+l2BC4sHZZxtNKy0keqBHXXQ7w=",
+        "owner": "nixos",
+        "repo": "nix",
+        "rev": "f5f4de6a550327b4b1a06123c2e450f1b92c73b6",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "2.18.1",
+        "repo": "nix",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1699291058,
+        "narHash": "sha256-5ggduoaAMPHUy4riL+OrlAZE14Kh7JWX4oLEs22ZqfU=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "41de143fda10e33be0f47eab2bfe08a50f234267",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-23.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-regression": {
+      "locked": {
+        "lastModified": 1643052045,
+        "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "nix": "nix",
+        "nixpkgs": "nixpkgs"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
--- a/flake.nix
+++ b/flake.nix
@ -0,0 +1,72 @@
+{
+  description = "Base image with nix for forgejo-actions-runner";
+
+  inputs = {
+    nix.url = "github:/nixos/nix?ref=2.18.1"; # Using nix 2.18.1
+    nix.inputs.nixpkgs.follows = "nixpkgs";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05"; # Stable NixOS 23.05 for our packages
+    flake-utils.url = "github:numtide/flake-utils";
+  };
+
+  outputs = {
+    self,
+    flake-utils,
+    nix,
+    nixpkgs,
+    ...
+  }:
+    flake-utils.lib.eachDefaultSystem (system: let
+      pkgs = (import nixpkgs) {
+        inherit system;
+      };
+      lib = pkgs.lib;
+    in rec {
+      packages = rec {
+        # A modified version of the nixos/nix image
+        # re-using the upstream nix docker image generation code
+        # https://github.com/NixOS/nix/blob/2.18.1/docker.nix
+        base = import (nix + "/docker.nix") {
+          inherit pkgs;
+          name = "nix-ci-base";
+          maxLayers = 10;
+          extraPkgs = with pkgs; [
+            nodejs_20 # Node.js is needed for running most 3rd party actions
+            # Add any other pre-installed packages here
+          ];
+          # Change this if you want
+          channelURL = "https://nixos.org/channels/nixpkgs-23.05";
+          nixConf = {
+            substituters = [
+              "https://cache.nixos.org/"
+              "https://nix-community.cachix.org"
+              # Insert any other binary caches here
+              "https://pub-solar.cachix.org/"
+            ];
+            trusted-public-keys = [
+              "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+              "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+              # Insert the public keys for those binary caches here
+              "pub-solar.cachix.org-1:ZicXIxKgdxMtgSJECWR8iihZxHRvu8ObL4n2cuBmtos="
+            ];
+            # Allow using the new flake commands in our workflows
+            experimental-features = ["nix-command" "flakes"]; 
+          };
+        };
+        # Make /bin/ available on the image
+        runner = pkgs.dockerTools.buildImage {
+          name = "nix-runner";
+          tag = "latest";
+        
+          fromImage = base;
+          fromImageName = null;
+          fromImageTag = "latest";
+        
+          copyToRoot = pkgs.buildEnv {
+            name = "image-root";
+            paths = [pkgs.coreutils-full];
+            pathsToLink = ["/bin"]; # add coreutuls (which includes sleep) to /bin
+          };
+        };
+      };
+    });
+}