blob: 03d911a7c09d82c20e39f69b9e11aa4dc63aff20 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
|
#!/bin/bash
case "${@}" in
bootstrap-store)
[[ -d ${HOME}/nix ]] || {
docker create --name nix-data nixos/nix sh >/dev/null 2>&1
sudo docker cp nix-data:/nix /
docker rm nix-data
}
docker create -v ${HOME}/nix:/nix --name nix-data nixos/nix sh >/dev/null 2>&1
;;
nuke)
docker rm nix-data
docker rm nixos-${USER}
;;
"")
if ! docker image ls | grep nixos-${USER}; then
cat > /tmp/docker-build-${USER} <<EOF
FROM alpine
# Add your user the alpine way
RUN apk add --no-cache --update shadow \
&& groupadd -g $(id -g) ${USER} \
&& useradd -g $(id -g) --groups wheel -u $(id -u) ${USER}
# Enable HTTPS support in wget and set nsswitch.conf to make resolution work within containers
RUN apk add --no-cache --update openssl \
&& echo hosts: files dns > /etc/nsswitch.conf
# Download Nix and install it into the system.
ARG NIX_VERSION=2.3.14
RUN wget https://nixos.org/releases/nix/nix-\${NIX_VERSION}/nix-\${NIX_VERSION}-\$(uname -m)-linux.tar.xz \
&& tar xf nix-\${NIX_VERSION}-\$(uname -m)-linux.tar.xz \
&& addgroup -g 30000 -S nixbld \
&& for i in \$(seq 1 30); do adduser -S -D -h /var/empty -g "Nix build user \$i" -u \$((30000 + i)) -G nixbld nixbld\$i ; done \
&& mkdir -m 0755 /etc/nix \
&& echo 'sandbox = false' > /etc/nix/nix.conf \
&& mkdir -m 0755 /nix && USER=root sh nix-\${NIX_VERSION}-\$(uname -m)-linux/install \
&& ln -s /nix/var/nix/profiles/default/etc/profile.d/nix.sh /etc/profile.d/ \
&& rm -r /nix-\${NIX_VERSION}-\$(uname -m)-linux* \
&& /nix/var/nix/profiles/default/bin/nix-collect-garbage --delete-old \
&& /nix/var/nix/profiles/default/bin/nix-store --optimise \
&& /nix/var/nix/profiles/default/bin/nix-store --verify --check-contents
ONBUILD ENV \
ENV=/etc/profile \
USER=root \
PATH=/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin \
GIT_SSL_CAINFO=/etc/ssl/certs/ca-certificates.crt \
NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
ENV \
ENV=/etc/profile \
USER=root \
PATH=/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin \
GIT_SSL_CAINFO=/etc/ssl/certs/ca-certificates.crt \
NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt \
NIX_PATH=/nix/var/nix/profiles/per-user/root/channels
EOF
docker build . -t nixos-${USER} -f /tmp/docker-build-${USER}
fi
docker run --volumes-from=nix-data --rm -it \
-v /etc/ssl/certs/ca-bundle.crt:/etc/ssl/certs/ca-certificates.crt \
-e GIT_SSL_CAINFO=/etc/ssl/certs/ca-certificates.crt \
-e NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt \
-e SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt \
-e USER=${USER} \
-u $(id -u):$(id -g) \
--group-add wheel \
-v ${HOME}:${HOME} \
-w ${HOME} \
--name nixos-${USER} \
--network host \
nixos-${USER} bash
;;
clear)
docker run --rm --volumes-from=nix-data nixos/nix nix-collect-garbage -d
;;
list)
docker run --rm --volumes-from nix-data nixos/nix ls -la /nix
;;
esac
|
