This commit is contained in:
parent
a45c9c7858
commit
1f937f7239
2 changed files with 35 additions and 30 deletions
|
@ -15,7 +15,7 @@ steps:
|
|||
echo '{"default": [{"type":"insecureAcceptAnything"}]}' > /etc/containers/policy.json
|
||||
- nix-env -iA nixpkgs.skopeo
|
||||
- nix build '.#buildImage'
|
||||
- ./result | gzip --fast | skopeo copy --dest-creds=gitea-bot:$GITEA_KEY docker-archive:/dev/stdin docker://git.chir.rs/darkkirb/nix-containers:buildImage --dest-compress-format zstd --dest-compress-level 12
|
||||
- ./result | gzip --fast | skopeo copy --dest-creds=darkkirb:$GITEA_KEY docker-archive:/dev/stdin docker://git.chir.rs/darkkirb/nix-containers:buildImage --dest-compress-format zstd --dest-compress-level 12
|
||||
environment:
|
||||
GITEA_KEY:
|
||||
from_secret: GITEA_KEY
|
||||
from_secret: DOCKER_KEY
|
||||
|
|
61
flake.nix
61
flake.nix
|
@ -6,33 +6,38 @@
|
|||
flake-utils.url = "github:numtide/flake-utils";
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, flake-utils, ...} @ inputs: flake-utils.lib.eachSystem ["aarch64-linux" "x86_64-linux"] (system:
|
||||
let
|
||||
pkgs = import nixpkgs { inherit system; };
|
||||
in rec {
|
||||
formatter = pkgs.alejandra;
|
||||
packages = {
|
||||
buildImage = pkgs.dockerTools.streamLayeredImage {
|
||||
name = "darkkirb/nix-containers";
|
||||
tag = "build-container";
|
||||
contents = with pkgs; [
|
||||
bashInteractive
|
||||
gzip
|
||||
skopeo
|
||||
nix
|
||||
];
|
||||
config.Env = [
|
||||
"USER=nobody"
|
||||
];
|
||||
maxLayers = 125;
|
||||
fakeRootCommands = ''
|
||||
echo "substituters = https://cache.nixos.org/ https://f000.backblazeb2.com/file/cache-chir-rs/" >> /etc/nix/nix.conf
|
||||
echo "trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nixcache:8KKuGz95Pk4UJ5W/Ni+pN+v+LDTkMMFV4yrGmAYgkDg= hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" >> /etc/nix/nix.conf
|
||||
echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf
|
||||
mkdir /etc/containers
|
||||
echo '{"default": [{"type":"insecureAcceptAnything"}]}' > /etc/containers/policy.json
|
||||
'';
|
||||
outputs = {
|
||||
self,
|
||||
nixpkgs,
|
||||
flake-utils,
|
||||
...
|
||||
} @ inputs:
|
||||
flake-utils.lib.eachSystem ["aarch64-linux" "x86_64-linux"] (system: let
|
||||
pkgs = import nixpkgs {inherit system;};
|
||||
in rec {
|
||||
formatter = pkgs.alejandra;
|
||||
packages = {
|
||||
buildImage = pkgs.dockerTools.streamLayeredImage {
|
||||
name = "darkkirb/nix-containers";
|
||||
tag = "build-container";
|
||||
contents = with pkgs; [
|
||||
bashInteractive
|
||||
gzip
|
||||
skopeo
|
||||
nix
|
||||
];
|
||||
config.Env = [
|
||||
"USER=nobody"
|
||||
];
|
||||
maxLayers = 125;
|
||||
fakeRootCommands = ''
|
||||
echo "substituters = https://cache.nixos.org/ https://f000.backblazeb2.com/file/cache-chir-rs/" >> /etc/nix/nix.conf
|
||||
echo "trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nixcache:8KKuGz95Pk4UJ5W/Ni+pN+v+LDTkMMFV4yrGmAYgkDg= hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" >> /etc/nix/nix.conf
|
||||
echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf
|
||||
mkdir /etc/containers
|
||||
echo '{"default": [{"type":"insecureAcceptAnything"}]}' > /etc/containers/policy.json
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
});
|
||||
});
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue