From d91162275ca5f166b8371376ff09c757a51f04b0 Mon Sep 17 00:00:00 2001 From: iofq Date: Sun, 11 Jan 2026 23:06:17 -0600 Subject: [PATCH] init --- .forgejo/workflows/main.yaml | 6 +++-- default-policy.json | 14 +++++++++++ flake.nix | 2 +- pkgs/nix-with-node.nix | 10 -------- pkgs/nix-with-node/default.nix | 31 ++++++++++++++++++++++++ pkgs/nix-with-node/root/etc/nix/nix.conf | 3 +++ 6 files changed, 53 insertions(+), 13 deletions(-) create mode 100644 default-policy.json delete mode 100644 pkgs/nix-with-node.nix create mode 100644 pkgs/nix-with-node/default.nix create mode 100644 pkgs/nix-with-node/root/etc/nix/nix.conf diff --git a/.forgejo/workflows/main.yaml b/.forgejo/workflows/main.yaml index f403cb5..a412b55 100644 --- a/.forgejo/workflows/main.yaml +++ b/.forgejo/workflows/main.yaml @@ -5,12 +5,14 @@ jobs: steps: - run: echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf - run: nix-env -i nodejs # bootstrap - - run: curl -sLo /etc/containers/policy.json https://github.com/containers/skopeo/blob/879dbc3757610a574f9fcc44ea23ef9e8e2b6fe3/default-policy.json - uses: actions/checkout@v4 + - run: mkdir -p /etc/containers && cp default-policy.json /etc/containers/policy.json - run: |- nix develop --command bash -c ' for line in $(cat tags.txt); do IFS=: read -r pkg tag <<< $line - skopeo copy --dest-creds="${{ secrets.FJ_USER }}:${{ secrets.FJ_PASS }}" docker-image://$(nix build .#$pkg --print-out-paths) docker://git.10110110.xyz/ci/$tag:latest + cp $(nix build .#$pkg --print-out-paths) /tmp/img.tar.gz + gunzip /tmp/img.tar.gz + skopeo copy --dest-creds="${{ secrets.FJ_USER }}:${{ secrets.FJ_PASS }}" oci-archive:///tmp/img.tar docker://git.10110110.xyz/ci/$tag:latest done ' diff --git a/default-policy.json b/default-policy.json new file mode 100644 index 0000000..dffc54a --- /dev/null +++ b/default-policy.json @@ -0,0 +1,14 @@ +{ + "default": [ + { + "type": "insecureAcceptAnything" + } + ], + "transports": + { + "docker-daemon": + { + "": [{"type":"insecureAcceptAnything"}] + } + } +} diff --git a/flake.nix b/flake.nix index 5416528..cda5c3d 100644 --- a/flake.nix +++ b/flake.nix @@ -27,7 +27,7 @@ packages = forEachSupportedSystem ( { pkgs }: { - nix-with-node = (import ./pkgs/nix-with-node.nix { inherit pkgs; }); + nix-with-node = (import ./pkgs/nix-with-node { inherit pkgs; }); } ); devShells = forEachSupportedSystem ( diff --git a/pkgs/nix-with-node.nix b/pkgs/nix-with-node.nix deleted file mode 100644 index 64343ea..0000000 --- a/pkgs/nix-with-node.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ pkgs, ... }: -pkgs.dockerTools.buildLayeredImage { - name = "nix-with-node"; - contents = with pkgs; [ - nix - nodejs - bash - git - ]; -} diff --git a/pkgs/nix-with-node/default.nix b/pkgs/nix-with-node/default.nix new file mode 100644 index 0000000..a9db729 --- /dev/null +++ b/pkgs/nix-with-node/default.nix @@ -0,0 +1,31 @@ +{ pkgs, ... }: +pkgs.dockerTools.buildLayeredImage { + name = "nix-with-node"; + contents = with pkgs; [ + ./root + bashInteractive + cacert + coreutils + git + gnutar + gzip + nix + nodejs + openssh + xz + ]; + + config = { + Cmd = [ "/bin/bash" ]; + Env = [ + "ENV=/etc/profile.d/nix.sh" + "NIX_BUILD_SHELL=/bin/bash" + "PATH=/usr/bin:/bin" + "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" + "USER=root" + ]; + }; + + extraCommands = '' + ''; +} diff --git a/pkgs/nix-with-node/root/etc/nix/nix.conf b/pkgs/nix-with-node/root/etc/nix/nix.conf new file mode 100644 index 0000000..978cf89 --- /dev/null +++ b/pkgs/nix-with-node/root/etc/nix/nix.conf @@ -0,0 +1,3 @@ +accept-flake-config = true +experimental-features = nix-command flakes +max-jobs = auto