diff --git a/.envrc b/.envrc new file mode 100644 index 0000000..f713e7e --- /dev/null +++ b/.envrc @@ -0,0 +1,3 @@ +use nix + +source_env_if_exists .local.envrc \ No newline at end of file diff --git a/.github/workflows/nix-build-flake.yml b/.github/workflows/nix-build-flake.yml new file mode 100644 index 0000000..c828dd3 --- /dev/null +++ b/.github/workflows/nix-build-flake.yml @@ -0,0 +1,113 @@ +name: Nix Build +on: + push: + branches: + - master + # for testing at the moment + - flake + pull_request: + workflow_dispatch: + schedule: + # Run once per day + - cron: '0 0 * * *' +jobs: + build: + runs-on: ubuntu-latest + strategy: + matrix: + nix_system: + - "x86_64-linux" + - "aarch64-linux" + nix_channel: + - "nixos-unstable" + - "nixos-22.11" + - "nixos-23.05" + target_image: + - bash + # - busybox + # - cachix + # - cachix-flakes + # - caddy + # - curl + - devcontainer + # - docker-compose + # - hugo + # - kubectl + # - kubernetes-helm + # - nginx + # - nix + # - nix-flakes + # - nix-unstable + # - nix-unstable-static + steps: + - uses: actions/checkout@v3 + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - uses: cachix/install-nix-action@v22 + with: + nix_path: nixpkgs=channel:${{matrix.nix_channel}} + extra_nix_config: | + filter-syscalls = false + experimental-features = nix-command flakes + extra-platforms = aarch64-linux + - uses: DeterminateSystems/magic-nix-cache-action@main + - name: Nix Build Base Images + run: | + nix build '.#docker-nixpkgs.${{matrix.nix_system}}."${{matrix.nix_channel}}".${{matrix.target_image}}' + - name: Login to Registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Load to local registry and retag + run: | + export derivation_name=$(nix derivation show '.#docker-nixpkgs.${{matrix.nix_system}}."${{matrix.nix_channel}}".${{matrix.target_image}}' | jq '.[].outputs.out.path' -r) + export tag=$(cat $derivation_name | docker load | awk '{print $3}') + export image_prefix=ghcr.io/${{github.actor}}/${{secrets.CI_PROJECT_PATH}}/${{matrix.target_image}} + docker tag $tag $image_prefix:${{matrix.nix_channel}}--${{matrix.nix_system}} + docker push $image_prefix:${{matrix.nix_channel}}--${{matrix.nix_system}} + manifests-create: + runs-on: ubuntu-latest + strategy: + matrix: + nix_channel: + - "nixos-unstable" + - "nixos-22.11" + - "nixos-23.05" + target_image: + - bash + # - busybox + # - cachix + # - cachix-flakes + # - caddy + # - curl + - devcontainer + # - docker-compose + # - hugo + # - kubectl + # - kubernetes-helm + # - nginx + # - nix + # - nix-flakes + # - nix-unstable + # - nix-unstable-static + needs: + - build + steps: + - uses: actions/checkout@v3 + - name: Login to Registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Create manifests + run: | + export image_prefix=ghcr.io/${{github.actor}}/${{secrets.CI_PROJECT_PATH}}/${{matrix.target_image}} + docker manifest create $image_prefix:${{matrix.nix_channel}} \ + --amend $image_prefix:${{matrix.nix_channel}}--x86_64-linux \ + --amend $image_prefix:${{matrix.nix_channel}}--aarch64-linux + docker manifest push $image_prefix:${{matrix.nix_channel}} \ No newline at end of file diff --git a/.gitignore b/.gitignore index e5c491e..9d339bf 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,6 @@ # Nix result result-* + +.direnv +.local.envrc \ No newline at end of file diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..90553ff --- /dev/null +++ b/flake.lock @@ -0,0 +1,163 @@ +{ + "nodes": { + "devshell": { + "inputs": { + "nixpkgs": "nixpkgs", + "systems": "systems" + }, + "locked": { + "lastModified": 1692793255, + "narHash": "sha256-yVyj0AE280JkccDHuG1XO9oGxN6bW8ksr/xttXcXzK0=", + "owner": "numtide", + "repo": "devshell", + "rev": "2aa26972b951bc05c3632d4e5ae683cb6771a7c6", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1692799911, + "narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1677383253, + "narHash": "sha256-UfpzWfSxkfXHnb4boXZNaKsAcUrZT9Hw+tao1oZxd08=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "9952d6bc395f5841262b006fbace8dd7e143b634", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-22-11": { + "locked": { + "lastModified": 1688392541, + "narHash": "sha256-lHrKvEkCPTUO+7tPfjIcb7Trk6k31rz18vkyqmkeJfY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ea4c80b39be4c09702b0cb3b42eab59e2ba4f24b", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-22.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-23-05": { + "locked": { + "lastModified": 1692896067, + "narHash": "sha256-jZ5j5RVhDltTidVnxvCEztTVLBMxx/WRUoz8orMPUWw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "7419e94880e41304e67184718eb4270461cf15c7", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1692913444, + "narHash": "sha256-1SvMQm2DwofNxXVtNWWtIcTh7GctEVrS/Xel/mdc6iY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "18324978d632ffc55ef1d928e81630c620f4f447", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "devshell": "devshell", + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs_2", + "nixpkgs-22-11": "nixpkgs-22-11", + "nixpkgs-23-05": "nixpkgs-23-05" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..09cc500 --- /dev/null +++ b/flake.nix @@ -0,0 +1,75 @@ +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + nixpkgs-23-05.url = "github:NixOS/nixpkgs/nixos-23.05"; + nixpkgs-22-11.url = "github:NixOS/nixpkgs/nixos-22.11"; + flake-utils.url = "github:numtide/flake-utils"; + flake-compat = { + url = "github:edolstra/flake-compat"; + flake = false; + }; + devshell.url = "github:numtide/devshell"; + }; + + outputs = { self, nixpkgs, nixpkgs-23-05, nixpkgs-22-11, flake-utils, devshell, ... }: + flake-utils.lib.eachDefaultSystem (system: { + formatter = nixpkgs.legacyPackages.${system}.nixpkgs-fmt; + docker-nixpkgs = + let + pkgs = import nixpkgs { + inherit system; + overlays = [ + (import ./overlay.nix) + (final: prev: { + flakeParameters = { + nixpkgsChannel = "nixos-unstable"; + }; + }) + ]; + }; + pkgs-23-05 = import nixpkgs-23-05 { + inherit system; + overlays = [ + (import ./overlay.nix) + (final: prev: { + flakeParameters = { + nixpkgsChannel = "nixos-23.05"; + }; + }) + ]; + }; + pkgs-22-11 = import nixpkgs-22-11 { + inherit system; + overlays = [ + (import ./overlay.nix) + (final: prev: { + flakeParameters = { + nixpkgsChannel = "nixos-22.11"; + }; + }) + ]; + }; + in + { + "nixos-unstable" = pkgs.docker-nixpkgs; + "nixos-23.05" = pkgs-23-05.docker-nixpkgs; + "nixos-22.11" = pkgs-22-11.docker-nixpkgs; + }; + devShell = + let + pkgs = import nixpkgs { + inherit system; + overlays = [ + devshell.overlays.default + (import ./overlay.nix) + ]; + }; + in + pkgs.devshell.mkShell { + name = "docker-nixpkgs"; + commands = [ ]; + packages = [ ]; + env = [ ]; + }; + }); +} diff --git a/images/devcontainer/default.nix b/images/devcontainer/default.nix index 3b993f6..d9aef4b 100644 --- a/images/devcontainer/default.nix +++ b/images/devcontainer/default.nix @@ -6,6 +6,7 @@ , coreutils , curl , direnv +, flakeParameters , gcc-unwrapped , gitReallyMinimal , glibc @@ -21,11 +22,12 @@ , openssh , procps , shadow +, stdenv , xz , mkUserEnvironment }: let - channel = builtins.getEnv ("NIXPKGS_CHANNEL"); + channel = flakeParameters.nixpkgsChannel; # generate a user profile for the image profile = mkUserEnvironment { @@ -68,7 +70,7 @@ let image = dockerTools.buildImage { name = "devcontainer"; - contents = [ ]; + # contents = [ ]; extraCommands = '' # create the Nix DB @@ -99,14 +101,25 @@ let # make sure /tmp exists mkdir -m 0777 tmp - # allow ubuntu ELF binaries to run. VSCode copies it's own. - mkdir -p lib64 - ln -s ${glibc}/lib64/ld-linux-x86-64.so.2 lib64/ld-linux-x86-64.so.2 - # VSCode assumes that /sbin/ip exists mkdir sbin ln -s /nix/var/nix/profiles/default/bin/ip sbin/ip - ''; + '' + (if stdenv.hostPlatform.isAarch64 then '' + # ld-linux-aarch64.so.1 is needed by vscode-server's in arm architecture + mkdir -p lib + ln -s "${glibc}/lib/ld-linux-aarch64.so.1" lib/ld-linux-aarch64.so.1 + ln -s "${glibc}/lib/ld-linux-aarch64.so.1" lib/ld-linux.so.1 + ln -sf "${stdenv.cc.cc.lib}/lib/libstdc++.so.6" lib/libstdc++.so.6 + '' else "" + ) + (if stdenv.hostPlatform.isx86_64 then '' + # allow ubuntu ELF binaries to run. VSCode copies it's own. + mkdir -p lib64 + ln -s ${glibc}/lib64/ld-linux-x86-64.so.2 lib64/ld-linux-x86-64.so.2 + # ld-linux-x86-64.so.2 is needed by vscode-server's nodejs in case it install 32 bit nodejs + ln -s "${glibc}/lib64/ld-linux-x86-64.so.2" lib64/ld-linux.so.2 + ln -sf "${stdenv.cc.cc.lib}/lib64/libstdc++.so.6" lib64/libstdc++.so.6 + '' else "" + ); config = { Cmd = [ "/nix/var/nix/profiles/default/bin/bash" ]; diff --git a/overlay.nix b/overlay.nix index b480eb3..ddff198 100644 --- a/overlay.nix +++ b/overlay.nix @@ -8,6 +8,10 @@ in # builder stuff can be in the top-level buildCLIImage = pkgs.callPackage ./lib/buildCLIImage.nix { }; + flakeParameters = { + nixpkgsChannel = if builtins.getEnv("NIXPKGS_CHANNEL") != "" then builtins.getEnv("NIXPKGS_CHANNEL") else "nixos-23.05"; + }; + # docker images must be lower-cased docker-nixpkgs = importDir (path: pkgs.callPackage path { }) ./images; diff --git a/shell.nix b/shell.nix index 9c27da4..14c2cc9 100644 --- a/shell.nix +++ b/shell.nix @@ -1,5 +1,5 @@ let - nixpkgs = builtins.fetchTarball "channel:nixos-22.05"; + nixpkgs = builtins.fetchTarball "channel:nixos-23.05"; pkgs = import nixpkgs { config = { }; overlays = [ ]; }; in with pkgs;