oci-images/nixos-runner
1
0
Fork 0
Code Issues 1 Pull requests 1 Packages 1 Wiki Activity Actions

Merge pull request 'flake.lock: Update' (#6) from flyinggecko/nix-flake-update/patch into main #7

Closed
flyinggecko wants to merge 0 commits from flyinggecko/nix-flake-update/patch into main AGit
pull from: flyinggecko/nix-flake-update/patch
merge into: oci-images:main
Conversation 0 Commits - Files changed 12 +42 -235
12 changed files with 42 additions and 235 deletions
Download patch file Download diff file Expand all files Collapse all files

4
.envrc
View file

@ -1,4 +0,0 @@
#!/usr/bin/env bash
if has nix; then
use flake
fi

7
.forgejo/actionlint.yaml
View file

@ -1,7 +0,0 @@
# Configuration related to self-hosted runner.
self-hosted-runner:
# Labels of self-hosted runner in array of strings.
labels:
- nixos-latest
- nixos-unstable
- nixos-24.11

20
.forgejo/workflows/format_pull.yaml
View file

@ -1,20 +0,0 @@
name: format
on:
pull_request:
paths-ignore:
- "**.lock"
jobs:
test:
runs-on: nixos-latest
steps:
- name: checkout
uses: actions/checkout@v4
with:
ref: "main"
- name: dev
uses: actions/nix/develop@main
with:
flake: .
run: treefmt --ci

3
.forgejo/workflows/publish.yaml
View file

@ -4,9 +4,6 @@ on:
push: push:
branches: branches:
- main - main
paths:
- "**.nix"
- flake.lock
schedule: schedule:
- cron: "0 0 * * 1,3,5" - cron: "0 0 * * 1,3,5"

2
.gitignore vendored
View file

@ -4,5 +4,3 @@ result
result-* result-*
nixos-* nixos-*
.direnv/

13
.pre-commit-config.yaml
View file

@ -1,13 +0,0 @@
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v5.0.0
hooks:
- id: trailing-whitespace
- id: end-of-file-fixer
- repo: local
hooks:
- id: treefmt
name: treefmt
pass_filenames: false
entry: treefmt
language: system

50
flake.lock generated
View file

@ -20,11 +20,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1748421225, "lastModified": 1739206421,
"narHash": "sha256-XXILOc80tvlvEQgYpYFnze8MkQQmp3eQxFbTzb3m/R0=", "narHash": "sha256-PwQASeL2cGVmrtQYlrBur0U20Xy07uSWVnFup2PHnDs=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "78add7b7abb61689e34fc23070a8f55e1d26185b", "rev": "44534bc021b85c8d78e465021e21f33b856e2540",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -36,11 +36,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1748693115, "lastModified": 1739020877,
"narHash": "sha256-StSrWhklmDuXT93yc3GrTlb0cKSS0agTAxMGjLKAsY8=", "narHash": "sha256-mIvECo/NNdJJ/bXjNqIh8yeoSjVLAuDuTUzAo7dzs8Y=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "910796cabe436259a29a72e8d3f5e180fc6dfacc", "rev": "a79cfe0ebd24952b580b1cf08cd906354996d547",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -54,9 +54,7 @@
"inputs": { "inputs": {
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable"
"systems": "systems_2",
"treefmt-nix": "treefmt-nix"
} }
}, },
"systems": { "systems": {
@ -73,40 +71,6 @@
"repo": "default", "repo": "default",
"type": "github" "type": "github"
} }
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"id": "systems",
"type": "indirect"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1748243702,
"narHash": "sha256-9YzfeN8CB6SzNPyPm2XjRRqSixDopTapaRsnTpXUEY8=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "1f3f7b784643d488ba4bf315638b2b0a4c5fb007",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

92
flake.nix
View file

@ -5,19 +5,14 @@
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
flake-utils.url = "github:numtide/flake-utils"; flake-utils.url = "github:numtide/flake-utils";
# Treefmt for formatting
treefmt-nix.url = "github:numtide/treefmt-nix";
treefmt-nix.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = outputs =
{ {
self,
nixpkgs, nixpkgs,
nixpkgs-unstable, nixpkgs-unstable,
flake-utils, flake-utils,
treefmt-nix,
systems,
...
}: }:
flake-utils.lib.eachDefaultSystem ( flake-utils.lib.eachDefaultSystem (
system: system:
@ -26,11 +21,10 @@
imagePackages = imagePackages =
pkgs: with pkgs; [ pkgs: with pkgs; [
bashInteractive bashInteractive
bats
cacert cacert
coreutils coreutils
curl curl
direnv podman
findutils findutils
gawk gawk
gitFull gitFull
@ -39,20 +33,20 @@
gnutar gnutar
gzip gzip
jq jq
lix
makeWrapper
nodejs nodejs
nvd
openssh
openssl openssl
podman openssh
reuse
rsync rsync
shellcheck
sops
sudo sudo
wget wget
xz xz
makeWrapper
bats
shellcheck
reuse
lix
sops
nvd
]; ];
containerLambda = containerLambda =
name: tag: pkgs': name: tag: pkgs':
@ -61,7 +55,7 @@
in in
pkgs.dockerTools.buildImageWithNixDb { pkgs.dockerTools.buildImageWithNixDb {
name = "git.flyinggecko.org/oci-images/nixos-runner/${name}"; name = "git.flyinggecko.org/oci-images/nixos-runner/${name}";
inherit tag; tag = tag;
copyToRoot = copyToRoot =
with pkgs; with pkgs;
(imagePackages pkgs) (imagePackages pkgs)
@ -71,20 +65,20 @@
name = "containerPolicy"; name = "containerPolicy";
destination = "/etc/containers/policy.json"; destination = "/etc/containers/policy.json";
text = '' text = ''
{ {
"default": [ "default": [
{ {
"type": "insecureAcceptAnything" "type": "insecureAcceptAnything"
} }
], ],
"transports": "transports":
{ {
"docker-daemon": "docker-daemon":
{ {
"": [{"type":"insecureAcceptAnything"}] "": [{"type":"insecureAcceptAnything"}]
} }
} }
} }
''; '';
}) })
@ -92,14 +86,14 @@
name = "containerRegistries"; name = "containerRegistries";
destination = "/etc/containers/registries.conf"; destination = "/etc/containers/registries.conf";
text = '' text = ''
[registries.block] [registries.block]
registries = [] registries = []
[registries.insecure] [registries.insecure]
registries = [] registries = []
[registries.search] [registries.search]
registries = ["docker.io", "quay.io"] registries = ["docker.io", "quay.io"]
''; '';
}) })
@ -198,14 +192,6 @@
"trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
]; ];
}) })
(writeTextFile {
name = "bashrc";
destination = "/etc/bashrc";
text = builtins.concatStringsSep "\n" [
"eval \"$(${pkgs.lib.getExe direnv} hook bash)\""
];
})
]; ];
extraCommands = builtins.concatStringsSep "\n" [ extraCommands = builtins.concatStringsSep "\n" [
@ -235,28 +221,12 @@
]; ];
}; };
}; };
forEachSystem =
f:
nixpkgs.lib.genAttrs (import systems) (
system:
let
pkgs = import nixpkgs {
inherit system;
};
in
f pkgs
);
treefmtEval = forEachSystem (pkgs: treefmt-nix.lib.evalModule pkgs ./treefmt.nix);
in in
{ {
packages = { packages = {
nixos-2411 = containerLambda "nixos" "24.11" nixpkgs; nixos-2411 = containerLambda "nixos" "24.11" nixpkgs;
nixos-unstable = containerLambda "nixos" "unstable" nixpkgs-unstable; nixos-unstable = containerLambda "nixos" "unstable" nixpkgs-unstable;
}; };
# dev shells in project
devShells = import ./shell.nix { inherit nixpkgs treefmtEval system; };
} }
); );
} }

16
justfile
View file

@ -1,16 +0,0 @@
set quiet
[private]
default: help
# this help
help:
just --list --list-submodules
# install pre-commit hooks
hook-install:
pre-commit install --install-hooks
# format using `treefmt`
fmt:
treefmt

9
renovate.json
View file

@ -1,10 +1,9 @@
{ {
"$schema": "https://docs.renovatebot.com/renovate-schema.json", "$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [ "extends": [
"config:recommended", "config:recommended"
":semanticCommits"
], ],
"nix":{ "nix": {
"enabled": true "enabled": true
} }
} }

23
shell.nix
View file

@ -1,23 +0,0 @@
{
nixpkgs,
treefmtEval,
system,
...
}:
let
pkgs = nixpkgs.legacyPackages.${system};
packages = with pkgs; [
git
pre-commit
just
];
in
{
default = pkgs.mkShell {
inherit packages;
# nativeBuildInputs = packages;
inputsFrom = [
treefmtEval.${pkgs.system}.config.build.devShell
];
};
}

38
treefmt.nix
View file

@ -1,38 +0,0 @@
_: {
settings = {
# General config
# allow-missing-formatter = true;
on-unmatched = "debug";
global.excludes = [
# lock files
"*.lock"
];
formatter.actionlint = {
options = [
"-config-file"
".forgejo/actionlint.yaml"
];
includes = [
".forgejo/workflows/*.yml"
".forgejo/workflows/*.yaml"
];
};
formatter.yamlfmt.excludes = [
".forgejo/*"
];
};
programs = {
# Nix
deadnix.enable = true;
nixfmt.enable = true;
statix.enable = true;
# Config files
yamlfmt.enable = true;
# ActionLint/forgejo workflows
actionlint.enable = true;
};
}