init

.forgejo/workflows/main.yaml

@@ -4,13 +4,13 @@ jobs:
     runs-on: nix-upstream-latest
     steps:
       - run: echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf
+      - run: mkdir -p /etc/containers && cp default-policy.json /etc/containers/policy.json
       - run: nix-env -i nodejs # bootstrap
-      - run: curl -sLo /etc/containers/policy.json https://github.com/containers/skopeo/blob/879dbc3757610a574f9fcc44ea23ef9e8e2b6fe3/default-policy.json
       - uses: actions/checkout@v4
       - run: |-
           nix develop --command bash -c '
             for line in $(cat tags.txt); do
               IFS=: read -r pkg tag <<< $line
-              skopeo copy --dest-creds="${{ secrets.FJ_USER }}:${{ secrets.FJ_PASS }}" docker-image://$(nix build .#$pkg --print-out-paths) docker://git.10110110.xyz/ci/$tag:latest
+              skopeo copy --dest-creds="${{ secrets.FJ_USER }}:${{ secrets.FJ_PASS }}" oci-archive://$(nix build .#$pkg --print-out-paths) docker://git.10110110.xyz/ci/$tag:latest
             done
           '

default-policy.json

@@ -0,0 +1,14 @@
+{
+    "default": [
+        {
+            "type": "insecureAcceptAnything"
+        }
+    ],
+    "transports":
+        {
+            "docker-daemon":
+                {
+                    "": [{"type":"insecureAcceptAnything"}]
+                }
+        }
+}

flake.nix

@@ -27,7 +27,7 @@
       packages = forEachSupportedSystem (
         { pkgs }:
         {
-          nix-with-node = (import ./pkgs/nix-with-node.nix { inherit pkgs; });
+          nix-with-node = (import ./pkgs/nix-with-node { inherit pkgs; });
         }
       );
       devShells = forEachSupportedSystem (

pkgs/nix-with-node.nix

@@ -1,10 +0,0 @@
-{ pkgs, ... }:
-pkgs.dockerTools.buildLayeredImage {
-  name = "nix-with-node";
-  contents = with pkgs; [
-    nix
-    nodejs
-    bash
-    git
-  ];
-}

pkgs/nix-with-node/default.nix

@@ -0,0 +1,31 @@
+{ pkgs, ... }:
+pkgs.dockerTools.buildLayeredImage {
+  name = "nix-with-node";
+  contents = with pkgs; [
+    ./root
+    bashInteractive
+    cacert
+    coreutils
+    git
+    gnutar
+    gzip
+    nix
+    nodejs
+    openssh
+    xz
+  ];
+
+    config = {
+      Cmd = [ "/bin/bash" ];
+      Env = [
+        "ENV=/etc/profile.d/nix.sh"
+        "NIX_BUILD_SHELL=/bin/bash"
+        "PATH=/usr/bin:/bin"
+        "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
+        "USER=root"
+      ];
+    };
+
+  extraCommands = ''
+  '';
+}

pkgs/nix-with-node/root/etc/nix/nix.conf

@@ -0,0 +1,3 @@
+accept-flake-config = true
+experimental-features = nix-command flakes
+max-jobs = auto