diff --git a/fake_nixpkgs/default.nix b/fake_nixpkgs/default.nix new file mode 100644 index 0000000..eee7aac --- /dev/null +++ b/fake_nixpkgs/default.nix @@ -0,0 +1,10 @@ +_: +throw '' + This container doesn't include nixpkgs. + + The best way to work around that is to pin your dependencies. See + https://nix.dev/tutorials/first-steps/towards-reproducibility-pinning-nixpkgs.html + + Or if you must, override the NIX_PATH environment variable with eg: + "NIX_PATH=nixpkgs=channel:nixos-unstable" +'' diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..6db1db3 --- /dev/null +++ b/flake.lock @@ -0,0 +1,208 @@ +{ + "nodes": { + "attic": { + "inputs": { + "crane": "crane", + "flake-compat": "flake-compat", + "flake-parts": "flake-parts", + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs", + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1725048495, + "narHash": "sha256-vzmyW8Q6fG+QqlsYus+Xbo5s61ciXM4UpStZ2j5Pn54=", + "owner": "zhaofengli", + "repo": "attic", + "rev": "f74cee00364a36e4db8d05dc9c98391e18d9b4f8", + "type": "github" + }, + "original": { + "owner": "zhaofengli", + "repo": "attic", + "type": "github" + } + }, + "crane": { + "inputs": { + "nixpkgs": [ + "attic", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1722960479, + "narHash": "sha256-NhCkJJQhD5GUib8zN9JrmYGMwt4lCRp6ZVNzIiYCl0Y=", + "owner": "ipetkov", + "repo": "crane", + "rev": "4c6c77920b8d44cd6660c1621dea6b3fc4b4c4f4", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "attic", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1722555600, + "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "8471fe90ad337a8074e957b69ca4d0089218391d", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1724999960, + "narHash": "sha256-LB3jqSGW5u1ZcUcX6vO/qBOq5oXHlmOCxsTXGMEitp4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b96f849e725333eb2b1c7f1cb84ff102062468ba", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1724316499, + "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1725001927, + "narHash": "sha256-eV+63gK0Mp7ygCR0Oy4yIYSNcum2VQwnZamHxYTNi+M=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "6e99f2a27d600612004fbd2c3282d614bfee6421", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "attic": "attic", + "flake-utils": "flake-utils_2", + "nixpkgs": "nixpkgs_2" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..84b7770 --- /dev/null +++ b/flake.nix @@ -0,0 +1,95 @@ +{ + description = "A very basic flake"; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-24.05"; + + flake-utils.url = "github:numtide/flake-utils"; + + attic.url = "github:zhaofengli/attic"; + }; + + outputs = { self, nixpkgs, flake-utils, attic }: flake-utils.lib.eachDefaultSystem (system: + let + pkgs = import nixpkgs { + inherit system; + overlays = [ + attic.overlays.default + ]; + }; + + gitReallyMinimal = ( + pkgs.git.override { + perlSupport = false; + pythonSupport = false; + withManual = false; + withpcre2 = false; + } + ).overrideAttrs ( + _: { + # installCheck is broken when perl is disabled + doInstallCheck = false; + } + ); + in + { + packages.default = pkgs.dockerTools.buildImageWithNixDb { + name = "docker-attic-nix"; + tag = "latest"; + + copyToRoot = [ + ./root + + gitReallyMinimal + + (pkgs.writeTextFile { + name = "nix.conf"; + destination = "/etc/nix/nix.conf"; + text = '' + accept-flake-config = true + experimental-features = nix-command flakes + ''; + }) + ] ++ (builtins.attrValues { + inherit (pkgs) + coreutils + bashInteractive + nix + cacert + gnutar + gzip + openssh + xz + nodejs + iana-etc + attic-client; + }); + + extraCommands = '' + # for /usr/bin/env + mkdir usr + ln -s ../bin usr/bin + + # make sure /tmp exists + mkdir -m 1777 tmp + + # need a HOME + mkdir -vp root + ''; + + config = { + Cmd = [ "/bin/bash" ]; + Env = [ + "ENV=/etc/profile.d/nix.sh" + "BASH_ENV=/etc/profile.d/nix.sh" + "NIX_BUILD_SHELL=/bin/bash" + "NIX_PATH=nixpkgs=${./fake_nixpkgs}" + "PAGER=cat" + "PATH=/root/.nix-profile/bin:/nix/var/nix/profiles/per-user/root/profile/bin:/usr/bin:/bin" + "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" + "USER=root" + ]; + }; + }; + }); +} diff --git a/root/group b/root/group new file mode 100644 index 0000000..162f79f --- /dev/null +++ b/root/group @@ -0,0 +1,21 @@ +root:x:0: +wheel:x:1: +kmem:x:2: +tty:x:3: +messagebus:x:4: +disk:x:6: +audio:x:17: +floppy:x:18: +uucp:x:19: +lp:x:20: +cdrom:x:24: +tape:x:25: +video:x:26: +dialout:x:27: +utmp:x:29: +adm:x:55: +keys:x:96: +users:x:100: +input:x:174: +nixbld:x:30000:nixbld1,nixbld10,nixbld11,nixbld12,nixbld13,nixbld14,nixbld15,nixbld16,nixbld17,nixbld18,nixbld19,nixbld2,nixbld20,nixbld21,nixbld22,nixbld23,nixbld24,nixbld25,nixbld26,nixbld27,nixbld28,nixbld29,nixbld3,nixbld30,nixbld31,nixbld32,nixbld4,nixbld5,nixbld6,nixbld7,nixbld8,nixbld9 +nogroup:x:65534: diff --git a/root/nsswitch.conf b/root/nsswitch.conf new file mode 100644 index 0000000..c0c0338 --- /dev/null +++ b/root/nsswitch.conf @@ -0,0 +1,11 @@ +passwd: files mymachines systemd +group: files mymachines systemd +shadow: files + +hosts: files mymachines dns myhostname +networks: files + +ethers: files +services: files +protocols: files +rpc: files \ No newline at end of file diff --git a/root/passwd b/root/passwd new file mode 100644 index 0000000..e7490e6 --- /dev/null +++ b/root/passwd @@ -0,0 +1,34 @@ +root:x:0:0:System administrator:/root:/bin/bash +nixbld1:x:30001:30000:Nix build user 1:/var/empty:/run/current-system/sw/bin/nologin +nixbld2:x:30002:30000:Nix build user 2:/var/empty:/run/current-system/sw/bin/nologin +nixbld3:x:30003:30000:Nix build user 3:/var/empty:/run/current-system/sw/bin/nologin +nixbld4:x:30004:30000:Nix build user 4:/var/empty:/run/current-system/sw/bin/nologin +nixbld5:x:30005:30000:Nix build user 5:/var/empty:/run/current-system/sw/bin/nologin +nixbld6:x:30006:30000:Nix build user 6:/var/empty:/run/current-system/sw/bin/nologin +nixbld7:x:30007:30000:Nix build user 7:/var/empty:/run/current-system/sw/bin/nologin +nixbld8:x:30008:30000:Nix build user 8:/var/empty:/run/current-system/sw/bin/nologin +nixbld9:x:30009:30000:Nix build user 9:/var/empty:/run/current-system/sw/bin/nologin +nixbld10:x:30010:30000:Nix build user 10:/var/empty:/run/current-system/sw/bin/nologin +nixbld11:x:30011:30000:Nix build user 11:/var/empty:/run/current-system/sw/bin/nologin +nixbld12:x:30012:30000:Nix build user 12:/var/empty:/run/current-system/sw/bin/nologin +nixbld13:x:30013:30000:Nix build user 13:/var/empty:/run/current-system/sw/bin/nologin +nixbld14:x:30014:30000:Nix build user 14:/var/empty:/run/current-system/sw/bin/nologin +nixbld15:x:30015:30000:Nix build user 15:/var/empty:/run/current-system/sw/bin/nologin +nixbld16:x:30016:30000:Nix build user 16:/var/empty:/run/current-system/sw/bin/nologin +nixbld17:x:30017:30000:Nix build user 17:/var/empty:/run/current-system/sw/bin/nologin +nixbld18:x:30018:30000:Nix build user 18:/var/empty:/run/current-system/sw/bin/nologin +nixbld19:x:30019:30000:Nix build user 19:/var/empty:/run/current-system/sw/bin/nologin +nixbld20:x:30020:30000:Nix build user 20:/var/empty:/run/current-system/sw/bin/nologin +nixbld21:x:30021:30000:Nix build user 21:/var/empty:/run/current-system/sw/bin/nologin +nixbld22:x:30022:30000:Nix build user 22:/var/empty:/run/current-system/sw/bin/nologin +nixbld23:x:30023:30000:Nix build user 23:/var/empty:/run/current-system/sw/bin/nologin +nixbld24:x:30024:30000:Nix build user 24:/var/empty:/run/current-system/sw/bin/nologin +nixbld25:x:30025:30000:Nix build user 25:/var/empty:/run/current-system/sw/bin/nologin +nixbld26:x:30026:30000:Nix build user 26:/var/empty:/run/current-system/sw/bin/nologin +nixbld27:x:30027:30000:Nix build user 27:/var/empty:/run/current-system/sw/bin/nologin +nixbld28:x:30028:30000:Nix build user 28:/var/empty:/run/current-system/sw/bin/nologin +nixbld29:x:30029:30000:Nix build user 29:/var/empty:/run/current-system/sw/bin/nologin +nixbld30:x:30030:30000:Nix build user 30:/var/empty:/run/current-system/sw/bin/nologin +nixbld31:x:30031:30000:Nix build user 31:/var/empty:/run/current-system/sw/bin/nologin +nixbld32:x:30032:30000:Nix build user 32:/var/empty:/run/current-system/sw/bin/nologin +nobody:x:65534:65534:Unprivileged account (don't use!):/var/empty:/run/current-system/sw/bin/nologin \ No newline at end of file