oci-images/nixos-runner
1
0
Fork 0
Code Issues 1 Pull requests 1 Packages 1 Wiki Activity Actions

Actions: podman without remote flag #2

Closed
flyinggecko wants to merge 0 commits from flyinggecko/nix-flake-update/patch into main AGit
pull from: flyinggecko/nix-flake-update/patch
merge into: oci-images:main
Conversation 0 Commits - Files changed 6 +17 -75
6 changed files with 17 additions and 75 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
.forgejo/workflows/publish.yaml
View file

@ -4,20 +4,20 @@ on:
push: push:
branches: branches:
- main - main
paths:
- "**.nix"
- flake.lock
schedule: schedule:
- cron: "0 0 * * 1,3,5" - cron: "0 0 * * 1,3,5"
jobs: jobs:
build: build:
runs-on: nixos-latest runs-on: nixos-latest
strategy: strategy: &strategy
matrix: matrix:
container: [ nixos ] container: [ nixos ]
version: [ "24.11", "unstable" ] version: [ "24.11", "unstable" ]
steps: steps:
- name: pre-requisites
run: |
nix-env -iA nixpkgs.docker nixpkgs.podman nixpkgs.nodejs_20 nixpkgs.gnused nixpkgs.coreutils && mkdir -p ~/.config/nix && echo "experimental-features = nix-command flakes" > ~/.config/nix/nix.conf
- name: checkout - name: checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
@ -34,11 +34,3 @@ jobs:
- name: load image into podman - name: load image into podman
run: | run: |
podman load < ${{ steps.pkgs.outputs.pkgs-name }} podman load < ${{ steps.pkgs.outputs.pkgs-name }}
- name: publish image
uses: actions/push-to-registry@v2
with:
image: oci-images/nixos-runner/${{ matrix.container }}
tags: ${{ matrix.version }}
registry: git.flyinggecko.org
username: flyinggecko
password: ${{ secrets.REGISTRY_TOKEN }}

2
.forgejo/workflows/update.yaml
View file

@ -8,6 +8,8 @@ jobs:
flake-lock-update: flake-lock-update:
runs-on: nixos-latest runs-on: nixos-latest
steps: steps:
- run: nix-env -iA nixpkgs.nodejs_20 nixpkgs.gnused nixpkgs.coreutils
- run: mkdir -p ~/.config/nix && echo "experimental-features = nix-command flakes" > ~/.config/nix/nix.conf
- uses: actions/checkout@v4 - uses: actions/checkout@v4
with: with:
ref: 'main' ref: 'main'

1
.gitignore vendored
View file

@ -3,4 +3,3 @@
result result
result-* result-*
nixos-*

12
flake.lock generated
View file

@ -20,11 +20,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1739923778, "lastModified": 1738702386,
"narHash": "sha256-BqUY8tz0AQ4to2Z4+uaKczh81zsGZSYxjgvtw+fvIfM=", "narHash": "sha256-nJj8f78AYAxl/zqLiFGXn5Im1qjFKU8yBPKoWEeZN5M=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "36864ed72f234b9540da4cf7a0c49e351d30d3f1", "rev": "030ba1976b7c0e1a67d9716b17308ccdab5b381e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -36,11 +36,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1739866667, "lastModified": 1738680400,
"narHash": "sha256-EO1ygNKZlsAC9avfcwHkKGMsmipUk1Uc0TbrEZpkn64=", "narHash": "sha256-ooLh+XW8jfa+91F1nhf9OF7qhuA/y1ChLx6lXDNeY5U=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "73cf49b8ad837ade2de76f87eb53fc85ed5d4680", "rev": "799ba5bffed04ced7067a91798353d360788b30d",
"type": "github" "type": "github"
}, },
"original": { "original": {

54
flake.nix
View file

@ -24,12 +24,12 @@
cacert cacert
coreutils coreutils
curl curl
docker
podman podman
findutils findutils
gawk gawk
gitFull gitFull
gnugrep gnugrep
gnused
gnutar gnutar
gzip gzip
jq jq
@ -60,44 +60,7 @@
with pkgs; with pkgs;
(imagePackages pkgs) (imagePackages pkgs)
++ [ ++ [
(pkgs.writeTextFile {
(writeTextFile {
name = "containerPolicy";
destination = "/etc/containers/policy.json";
text = ''
{
"default": [
{
"type": "insecureAcceptAnything"
}
],
"transports":
{
"docker-daemon":
{
"": [{"type":"insecureAcceptAnything"}]
}
}
}
'';
})
(writeTextFile {
name = "containerRegistries";
destination = "/etc/containers/registries.conf";
text = ''
[registries.block]
registries = []
[registries.insecure]
registries = []
[registries.search]
registries = ["docker.io", "quay.io"]
'';
})
(writeTextFile {
name = "passwd"; name = "passwd";
destination = "/etc/passwd"; destination = "/etc/passwd";
text = builtins.concatStringsSep "\n" [ text = builtins.concatStringsSep "\n" [
@ -137,8 +100,7 @@
"nobody:x:65534:65534:Unprivileged account (don't use!):/var/empty:/run/current-system/sw/bin/nologin" "nobody:x:65534:65534:Unprivileged account (don't use!):/var/empty:/run/current-system/sw/bin/nologin"
]; ];
}) })
(pkgs.writeTextFile {
(writeTextFile {
name = "group"; name = "group";
destination = "/etc/group"; destination = "/etc/group";
text = builtins.concatStringsSep "\n" [ text = builtins.concatStringsSep "\n" [
@ -165,8 +127,7 @@
"nogroup:x:65534:" "nogroup:x:65534:"
]; ];
}) })
(pkgs.writeTextFile {
(writeTextFile {
name = "nsswitch.conf"; name = "nsswitch.conf";
destination = "/etc/nsswitch.conf"; destination = "/etc/nsswitch.conf";
text = builtins.concatStringsSep "\n" [ text = builtins.concatStringsSep "\n" [
@ -181,8 +142,7 @@
"rpc: files" "rpc: files"
]; ];
}) })
(pkgs.writeTextFile {
(writeTextFile {
name = "nix.conf"; name = "nix.conf";
destination = "/etc/nix/nix.conf"; destination = "/etc/nix/nix.conf";
text = builtins.concatStringsSep "\n" [ text = builtins.concatStringsSep "\n" [
@ -193,19 +153,15 @@
]; ];
}) })
]; ];
extraCommands = builtins.concatStringsSep "\n" [ extraCommands = builtins.concatStringsSep "\n" [
# /usr/bin/env # /usr/bin/env
"mkdir usr" "mkdir usr"
"ln -s ../bin usr/bin" "ln -s ../bin usr/bin"
# create /tmp # create /tmp
"mkdir -m 1777 tmp" "mkdir -m 1777 tmp"
"mkdir -m 0755 var"
"ln -s ../tmp var/tmp"
# root needs a home # root needs a home
"mkdir -vp root" "mkdir -vp root"
]; ];
config = { config = {
Cmd = [ "/bin/bash" ]; Cmd = [ "/bin/bash" ];
Env = [ Env = [

7
renovate.json
View file

@ -1,7 +0,0 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"config:recommended",
":semanticCommits"
]
}