diff options
| author | Eelco Dolstra <edolstra@gmail.com> | 2022-11-03 17:43:40 +0100 |
|---|---|---|
| committer | Eelco Dolstra <edolstra@gmail.com> | 2022-11-03 17:43:40 +0100 |
| commit | b95faccf03e5213b6087626ab8d46e0704aad6b5 (patch) | |
| tree | f9d560f2004f951d8efbf1024292a88366d8efd7 /docker.nix | |
| parent | 47dec825c5daeeb9d615eb4d1eead3dbaa06c7c9 (diff) | |
| parent | dd1970c233a82328445b69e903574e14115ee933 (diff) | |
Merge remote-tracking branch 'origin/master' into auto-uid-allocation
Diffstat (limited to 'docker.nix')
| -rw-r--r-- | docker.nix | 30 |
1 files changed, 21 insertions, 9 deletions
diff --git a/docker.nix b/docker.nix index 251bd2f46..bb2b4e7ff 100644 --- a/docker.nix +++ b/docker.nix @@ -2,8 +2,12 @@ , lib ? pkgs.lib , name ? "nix" , tag ? "latest" +, bundleNixpkgs ? true , channelName ? "nixpkgs" , channelURL ? "https://nixos.org/channels/nixpkgs-unstable" +, extraPkgs ? [] +, maxLayers ? 100 +, nixConf ? {} }: let defaultPkgs = with pkgs; [ @@ -22,13 +26,14 @@ let findutils iana-etc git - ]; + openssh + ] ++ extraPkgs; users = { root = { uid = 0; - shell = "/bin/bash"; + shell = "${pkgs.bashInteractive}/bin/bash"; home = "/root"; gid = 0; }; @@ -120,20 +125,27 @@ let (lib.attrValues (lib.mapAttrs groupToGroup groups)) ); - nixConf = { + defaultNixConf = { sandbox = "false"; build-users-group = "nixbld"; - trusted-public-keys = "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="; + trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ]; }; - nixConfContents = (lib.concatStringsSep "\n" (lib.mapAttrsFlatten (n: v: "${n} = ${v}") nixConf)) + "\n"; + + nixConfContents = (lib.concatStringsSep "\n" (lib.mapAttrsFlatten (n: v: + let + vStr = if builtins.isList v then lib.concatStringsSep " " v else v; + in + "${n} = ${vStr}") (defaultNixConf // nixConf))) + "\n"; baseSystem = let nixpkgs = pkgs.path; - channel = pkgs.runCommand "channel-nixos" { } '' + channel = pkgs.runCommand "channel-nixos" { inherit bundleNixpkgs; } '' mkdir $out - ln -s ${nixpkgs} $out/nixpkgs - echo "[]" > $out/manifest.nix + if [ "$bundleNixpkgs" ]; then + ln -s ${nixpkgs} $out/nixpkgs + echo "[]" > $out/manifest.nix + fi ''; rootEnv = pkgs.buildPackages.buildEnv { name = "root-profile-env"; @@ -228,7 +240,7 @@ let in pkgs.dockerTools.buildLayeredImageWithNixDb { - inherit name tag; + inherit name tag maxLayers; contents = [ baseSystem ]; |