-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdevcontainer.nix
66 lines (64 loc) · 2.17 KB
/
devcontainer.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
{
pkgs,
nix2container,
}: let
system = pkgs.system;
nix2containerpkgs = nix2container.packages.${system};
lib = pkgs.lib;
passwd = ''
root:x:0:0::/root:/bin/bash
${lib.concatStringsSep "\n" (lib.genList (i: "nixbld${toString (i + 1)}:x:${toString (i + 30001)}:30000::/var/empty:/run/current-system/sw/bin/nologin") 32)}
'';
group = ''
root:x:0:
nogroup:x:65534:
nixbld:x:30000:${lib.concatStringsSep "," (lib.genList (i: "nixbld${toString (i + 1)}") 32)}
'';
nixcontainer = nix2containerpkgs.nix2container.buildImage {
name = "nix-base";
initializeNixDatabase = true;
copyToRoot = [
# When we want tools in /, we need to symlink them in order to
# still have libraries in /nix/store. This behavior differs from
# dockerTools.buildImage but this allows to avoid having files
# in both / and /nix/store.
(pkgs.buildEnv {
name = "root";
paths = [pkgs.bashInteractive pkgs.coreutils pkgs.nix pkgs.cacert pkgs.home-manager pkgs.git];
pathsToLink = ["/bin" "/etc/ssl" "/tmp"];
})
(pkgs.runCommand "extraDirs" {} ''
mkdir $out
mkdir $out/tmp
mkdir $out/etc
echo '${passwd}' > $out/etc/passwd
echo '${group}' > $out/etc/group
mkdir -p $out/root/.local/state/nix/profiles
echo 'export PATH=/root/.nix-profile/bin:$PATH' > $out/root/.bashrc
'')
# #github:kasuboski/dotfiles?dir=nixos#root@x86
(pkgs.writeShellScriptBin "home-manager-install" ''
${pkgs.home-manager}/bin/home-manager switch --flake .#root@x86
'')
];
maxLayers = 100;
config = {
Cmd = ["/bin/bash"];
Env = [
"USER=root"
"NIX_CONFIG=extra-experimental-features = nix-command flakes"
"SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt"
];
};
};
dockerfile = pkgs.writeText "Dockerfile" ''
FROM ${nixcontainer.imageName}:${nixcontainer.imageTag}
WORKDIR /root/flake
COPY . .
RUN home-manager-install && nix-store --gc
'';
in
pkgs.writeShellScriptBin "buildImage" ''
${nixcontainer.copyToDockerDaemon}/bin/copy-to-docker-daemon
docker build -f ${dockerfile} -t dev:latest .
''