oci-images/nixos-runner
1
0
Fork 0
Code Issues 1 Pull requests 1 Packages 1 Wiki Activity Actions

Merge pull request 'flake.lock: Update' (#6) from flyinggecko/nix-flake-update/patch into main #7

Closed
flyinggecko wants to merge 0 commits from flyinggecko/nix-flake-update/patch into main AGit
pull from: flyinggecko/nix-flake-update/patch
merge into: oci-images:main
Conversation 0 Commits - Files changed 12 +42 -235
12 changed files with 42 additions and 235 deletions
Download patch file Download diff file Expand all files Collapse all files

4
.envrc
View file

@ -1,4 +0,0 @@
#!/usr/bin/env bash
if has nix; then
use flake
fi

7
.forgejo/actionlint.yaml
View file

@ -1,7 +0,0 @@
# Configuration related to self-hosted runner.
self-hosted-runner:
# Labels of self-hosted runner in array of strings.
labels:
- nixos-latest
- nixos-unstable
- nixos-24.11

20
.forgejo/workflows/format_pull.yaml
View file

@ -1,20 +0,0 @@
name: format
on:
pull_request:
paths-ignore:
- "**.lock"
jobs:
test:
runs-on: nixos-latest
steps:
- name: checkout
uses: actions/checkout@v4
with:
ref: "main"
- name: dev
uses: actions/nix/develop@main
with:
flake: .
run: treefmt --ci

3
.forgejo/workflows/publish.yaml
View file

@ -4,9 +4,6 @@ on:
push:
branches:
- main
paths:
- "**.nix"
- flake.lock
schedule:
- cron: "0 0 * * 1,3,5"

2
.gitignore vendored
View file

@ -4,5 +4,3 @@ result
result-*
nixos-*
.direnv/

13
.pre-commit-config.yaml
View file

@ -1,13 +0,0 @@
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v5.0.0
hooks:
- id: trailing-whitespace
- id: end-of-file-fixer
- repo: local
hooks:
- id: treefmt
name: treefmt
pass_filenames: false
entry: treefmt
language: system

50
flake.lock generated
View file

@ -20,11 +20,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1748421225,
"narHash": "sha256-XXILOc80tvlvEQgYpYFnze8MkQQmp3eQxFbTzb3m/R0=",
"lastModified": 1739206421,
"narHash": "sha256-PwQASeL2cGVmrtQYlrBur0U20Xy07uSWVnFup2PHnDs=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "78add7b7abb61689e34fc23070a8f55e1d26185b",
"rev": "44534bc021b85c8d78e465021e21f33b856e2540",
"type": "github"
},
"original": {
@ -36,11 +36,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1748693115,
"narHash": "sha256-StSrWhklmDuXT93yc3GrTlb0cKSS0agTAxMGjLKAsY8=",
"lastModified": 1739020877,
"narHash": "sha256-mIvECo/NNdJJ/bXjNqIh8yeoSjVLAuDuTUzAo7dzs8Y=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "910796cabe436259a29a72e8d3f5e180fc6dfacc",
"rev": "a79cfe0ebd24952b580b1cf08cd906354996d547",
"type": "github"
},
"original": {
@ -54,9 +54,7 @@
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable",
"systems": "systems_2",
"treefmt-nix": "treefmt-nix"
"nixpkgs-unstable": "nixpkgs-unstable"
}
},
"systems": {
@ -73,40 +71,6 @@
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"id": "systems",
"type": "indirect"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1748243702,
"narHash": "sha256-9YzfeN8CB6SzNPyPm2XjRRqSixDopTapaRsnTpXUEY8=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "1f3f7b784643d488ba4bf315638b2b0a4c5fb007",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
}
},
"root": "root",

92
flake.nix
View file

@ -5,19 +5,14 @@
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
flake-utils.url = "github:numtide/flake-utils";
# Treefmt for formatting
treefmt-nix.url = "github:numtide/treefmt-nix";
treefmt-nix.inputs.nixpkgs.follows = "nixpkgs";
};
outputs =
{
self,
nixpkgs,
nixpkgs-unstable,
flake-utils,
treefmt-nix,
systems,
...
}:
flake-utils.lib.eachDefaultSystem (
system:
@ -26,11 +21,10 @@
imagePackages =
pkgs: with pkgs; [
bashInteractive
bats
cacert
coreutils
curl
direnv
podman
findutils
gawk
gitFull
@ -39,20 +33,20 @@
gnutar
gzip
jq
lix
makeWrapper
nodejs
nvd
openssh
openssl
podman
reuse
openssh
rsync
shellcheck
sops
sudo
wget
xz
makeWrapper
bats
shellcheck
reuse
lix
sops
nvd
];
containerLambda =
name: tag: pkgs':
@ -61,7 +55,7 @@
in
pkgs.dockerTools.buildImageWithNixDb {
name = "git.flyinggecko.org/oci-images/nixos-runner/${name}";
inherit tag;
tag = tag;
copyToRoot =
with pkgs;
(imagePackages pkgs)
@ -71,20 +65,20 @@
name = "containerPolicy";
destination = "/etc/containers/policy.json";
text = ''
{
"default": [
{
"type": "insecureAcceptAnything"
}
],
"transports":
{
"docker-daemon":
{
"": [{"type":"insecureAcceptAnything"}]
}
}
}
{
"default": [
{
"type": "insecureAcceptAnything"
}
],
"transports":
{
"docker-daemon":
{
"": [{"type":"insecureAcceptAnything"}]
}
}
}
'';
})
@ -92,14 +86,14 @@
name = "containerRegistries";
destination = "/etc/containers/registries.conf";
text = ''
[registries.block]
registries = []
[registries.block]
registries = []
[registries.insecure]
registries = []
[registries.insecure]
registries = []
[registries.search]
registries = ["docker.io", "quay.io"]
[registries.search]
registries = ["docker.io", "quay.io"]
'';
})
@ -198,14 +192,6 @@
"trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
];
})
(writeTextFile {
name = "bashrc";
destination = "/etc/bashrc";
text = builtins.concatStringsSep "\n" [
"eval \"$(${pkgs.lib.getExe direnv} hook bash)\""
];
})
];
extraCommands = builtins.concatStringsSep "\n" [
@ -235,28 +221,12 @@
];
};
};
forEachSystem =
f:
nixpkgs.lib.genAttrs (import systems) (
system:
let
pkgs = import nixpkgs {
inherit system;
};
in
f pkgs
);
treefmtEval = forEachSystem (pkgs: treefmt-nix.lib.evalModule pkgs ./treefmt.nix);
in
{
packages = {
nixos-2411 = containerLambda "nixos" "24.11" nixpkgs;
nixos-unstable = containerLambda "nixos" "unstable" nixpkgs-unstable;
};
# dev shells in project
devShells = import ./shell.nix { inherit nixpkgs treefmtEval system; };
}
);
}

16
justfile
View file

@ -1,16 +0,0 @@
set quiet
[private]
default: help
# this help
help:
just --list --list-submodules
# install pre-commit hooks
hook-install:
pre-commit install --install-hooks
# format using `treefmt`
fmt:
treefmt

9
renovate.json
View file

@ -1,10 +1,9 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"config:recommended",
":semanticCommits"
"config:recommended"
],
"nix":{
"enabled": true
}
"nix": {
"enabled": true
}
}

23
shell.nix
View file

@ -1,23 +0,0 @@
{
nixpkgs,
treefmtEval,
system,
...
}:
let
pkgs = nixpkgs.legacyPackages.${system};
packages = with pkgs; [
git
pre-commit
just
];
in
{
default = pkgs.mkShell {
inherit packages;
# nativeBuildInputs = packages;
inputsFrom = [
treefmtEval.${pkgs.system}.config.build.devShell
];
};
}

38
treefmt.nix
View file

@ -1,38 +0,0 @@
_: {
settings = {
# General config
# allow-missing-formatter = true;
on-unmatched = "debug";
global.excludes = [
# lock files
"*.lock"
];
formatter.actionlint = {
options = [
"-config-file"
".forgejo/actionlint.yaml"
];
includes = [
".forgejo/workflows/*.yml"
".forgejo/workflows/*.yaml"
];
};
formatter.yamlfmt.excludes = [
".forgejo/*"
];
};
programs = {
# Nix
deadnix.enable = true;
nixfmt.enable = true;
statix.enable = true;
# Config files
yamlfmt.enable = true;
# ActionLint/forgejo workflows
actionlint.enable = true;
};
}