EGQ4SEV5BPG6C6TMBWGYH3OE7O3XSKNGBBVO23BBVIX6GFUUZLHAC
{ pkgs }:
let
registriesConf = pkgs.writeText "registries.conf" ''
[registries.search]
registries = ['docker.io']
[registries.block]
registries = []
'';
storageConf = pkgs.writeText "storage.conf" ''
[storage]
driver = "overlay"
# rootless_storage_path="$XDG_DATA_HOME/containers/storage"
'';
in pkgs.writeShellScript "podman-setup" ''
# Dont overwrite customised configuration
if ! test -f ~/.config/containers/policy.json; then
echo "Installing missing ~/.config/containers/policy.json"
install -Dm644 ${pkgs.skopeo.src}/default-policy.json ~/.config/containers/policy.json
fi
if ! test -f ~/.config/containers/registries.conf; then
echo "Installing missing ~/.config/containers/registries.conf"
install -Dm644 ${registriesConf} ~/.config/containers/registries.conf
fi
if ! test -f ~/.config/containers/storage.conf; then
echo "Installing missing ~/.config/containers/storage.conf"
install -Dm644 ${storageConf} ~/.config/containers/storage.conf
fi
if ! grep -q "^''${USER}:" /etc/subuid; then
echo "No subuid range defined for user, consider running 'sudo usermod --add-subuids 10000-75535 ''${USER}' to allow rootless podman to work"
fi
''
];
};
# Docker image containing only wttr-delft
wttr-delft-container = pkgs.dockerTools.buildLayeredImage {
name = "wttr-delft";
tag = "nix";
# created = "now";
contents = [
pkgs.wttr-delft
];
config = {
Cmd = [
"${pkgs.wttr-delft}/bin/wttr-delft"
];
# Needed for curl to work
Env = [
"SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
];
};
};
# Development shell for interacting with containers
# Based on https://gist.github.com/adisbladis/187204cb772800489ee3dac4acdd9947
podman-devshell = let
# Provides a script that copies/creates files that are required for rootless podman
podmanSetupScript = import ./podman-setup-script.nix { inherit pkgs; };
# Provides a fake "docker" binary mapping to podman
dockerCompat = pkgs.runCommandNoCC "docker-podman-compat" {} ''
mkdir -p $out/bin
ln -s ${pkgs.podman}/bin/podman $out/bin/docker
'';
in pkgs.mkShell {
name = "podman";
buildInputs = with pkgs; [
podman # Manage pods, containers and images
runc # Container runtime
conmon # Container runtime monitor
skopeo # Interact with container registry
slirp4netns # User-mode networking for unprivileged namespaces
fuse-overlayfs # CoW for images, much faster than default vfs
dockerCompat # Aliases for docker / podman
#!/usr/bin/env bash
# shellcheck disable=SC1010,SC2288
set -Eeuo pipefail
dir="$(dirname "${BASH_SOURCE[0]}")"
source "${dir}/../libdemo/libdemo.sh"
h Adding CMake
n The more we offload to \'classic\' tools, the easier it is to also build without Nix.
, This makes it an easier sell to use in most cases\; other people are not forced to use it.
, Packaging in this way and making use of the sandboxed Nix build process can hepl find missing dependencies etc.
x pygmentize "${dir}/../src/CMakeLists.txt"
n If we add a proper build system like CMake, the Nix part of building a package gets even easier.
x pygmentize "${dir}/wttr-delft.nix"
x nix build "${dir}" -L
# x nix build "${dir}" -L --rebuild
h Checking out the closure
n The \'closure\' is the full set of all the \(runtime\) dependencies:
x nix path-info -sSrh ./result
h Cross-compilation
, We can very easily set up cross-compilation.
, We use the \'flake-utils\' library to abstract away some of the complications in the flake:
x pygmentize "${dir}/flake.nix"
, If we take a look at what the flake provides:
x nix flake show "${dir}"
h The previous build was for x86_64-linux by default because that is our current system:
x file ./result/bin/wttr-delft
h But we can easily build for aarch64-linux \(e.g. for Raspberry Pi\):
x nix build "${dir}#packages.aarch64-linux.default" -L
x file ./result/bin/wttr-delft
n If you use NixOS it\'s also very simple to set up binfmt to still be able to run the binary!