X3HISPCS4DYF7L5FA6WA2L2SJNO2FAALGFYFLFUQNPNQQENX3CVAC
# This file looks very similar to what official packages in nixpkgs look like
{ stdenv
, cmake
, pkgconfig
, curl
}:
stdenv.mkDerivation rec {
name = "wttr-delft";
src = builtins.path { path = ../src; name = name; };
# Build-time dependencies
# Since we include CMake, Nix will automatically do all the right things:
# We don't need a custom 'buildPhase' or 'installPhase' anymore.
nativeBuildInputs = [ cmake pkgconfig ];
# Dependencies
buildInputs = [ curl.dev ];
# Strict separation of
# nativeBuildInputs (needed at build time only) and
# buildInputs (needed at runtime as well)
strictDeps = true;
}
{ pkgs }:
let
registriesConf = pkgs.writeText "registries.conf" ''
[registries.search]
registries = ['docker.io']
[registries.block]
registries = []
'';
storageConf = pkgs.writeText "storage.conf" ''
[storage]
driver = "overlay"
# rootless_storage_path="$XDG_DATA_HOME/containers/storage"
'';
in pkgs.writeShellScript "podman-setup" ''
# Dont overwrite customised configuration
if ! test -f ~/.config/containers/policy.json; then
echo "Installing missing ~/.config/containers/policy.json"
install -Dm644 ${pkgs.skopeo.src}/default-policy.json ~/.config/containers/policy.json
fi
if ! test -f ~/.config/containers/registries.conf; then
echo "Installing missing ~/.config/containers/registries.conf"
install -Dm644 ${registriesConf} ~/.config/containers/registries.conf
fi
if ! test -f ~/.config/containers/storage.conf; then
echo "Installing missing ~/.config/containers/storage.conf"
install -Dm644 ${storageConf} ~/.config/containers/storage.conf
fi
if ! grep -q "^''${USER}:" /etc/subuid; then
echo "No subuid range defined for user, consider running 'sudo usermod --add-subuids 10000-75535 ''${USER}' to allow rootless podman to work"
fi
''
{ pkgs }:
# Development shell for interacting with containers
# Based on https://gist.github.com/adisbladis/187204cb772800489ee3dac4acdd9947
let
# Provides a script that copies/creates files that are required for rootless podman
podmanSetupScript = import ./podman-setup-script.nix { inherit pkgs; };
# Provides a fake "docker" binary mapping to podman
dockerCompat = pkgs.runCommandNoCC "docker-podman-compat" {} ''
mkdir -p $out/bin
ln -s ${pkgs.podman}/bin/podman $out/bin/docker
'';
in pkgs.mkShell {
name = "podman";
buildInputs = with pkgs; [
podman # Manage pods, containers and images
runc # Container runtime
conmon # Container runtime monitor
skopeo # Interact with container registry
slirp4netns # User-mode networking for unprivileged namespaces
fuse-overlayfs # CoW for images, much faster than default vfs
dockerCompat # Aliases for docker / podman
];
shellHook = ''
# Install configuration required for rootless podman
${podmanSetupScript}
'';
}
{
description = "Simple flake for simple libcurl example";
inputs = {
flake-utils.url = "github:numtide/flake-utils";
nixpkgs.url = "github:NixOS/nixpkgs";
};
outputs = { self, nixpkgs, flake-utils }:
flake-utils.lib.eachDefaultSystem (system:
let
pkgs = import nixpkgs {
inherit system;
overlays = [
(final: prev: {
wttr-delft = prev.callPackage ./wttr-delft.nix {};
})
];
};
# We copy only the static binary to avoid pulling in any unwanted dependencies
wttr-delft-only-binary = pkgs.runCommand "wttr-delft-only-binary" {} ''
mkdir $out
cp ${pkgs.pkgsCross.musl64.pkgsStatic.wttr-delft}/bin/wttr-delft $out
'';
# Docker image containing only the wttr-delft static binary
wttr-delft-container = pkgs.dockerTools.buildImage {
name = "wttr-delft";
tag = "nix";
# created = "now";
config = {
Cmd = [ "${wttr-delft-only-binary}/wttr-delft" ];
Env = [ "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ];
};
};
in
{
packages.default = wttr-delft-container;
devShells.default = import ./podman-devshell.nix { inherit pkgs; };
}
);
}
{
"nodes": {
"flake-utils": {
"locked": {
"lastModified": 1678901627,
"narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1679396235,
"narHash": "sha256-RjmNVFuZQ2e6u35B98JcY9IzVDtZb3d4QcbtfLtNWkE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "008ce261a7e3c532e792cb8e39482f2cc1b192f5",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}
#!/usr/bin/env bash
# shellcheck disable=SC1010,SC2288
set -Eeuo pipefail
dir="$(dirname "${BASH_SOURCE[0]}")"
source "${dir}/../libdemo/libdemo.sh"
h Putting wttr-delft into a container as a small static binary
, We now combine our knowledge of making OCI containers with our knowledge of making static binaries
x pygmentize "${dir}/flake.nix"
h We now choose the \'container\' package we defined:
x nix build "${dir}" -L
x ls -lhH "${dir}/result"
x nix develop "${dir}" --command "${dir}/demo-inside-nix-develop.sh"
#!/usr/bin/env bash
# shellcheck disable=SC2288
set -Eeuo pipefail
dir="$(dirname "${BASH_SOURCE[0]}")"
source "${dir}/../libdemo/libdemo.sh"
h Now we are inside a development shell that has rootless podman again.
h So we start by loading the container we just made into the registry:
x docker load -i "${dir}/result"
h We can see it\'s there:
x "docker image ls | grep 'wttr-delft\|^REPOSITORY'"
h And now we can run it:
x docker run -it localhost/wttr-delft:nix
h The image is very minimal, e.g. there is no interactive shell:
f podman run --entrypoint sh -it localhost/wttr-delft:nix
h We have running containers:
x "podman ps --all --storage | grep 'wttr-delft\|^CONTAINER ID'"
h Let\'s kill them and remove them:
x "podman ps --all --storage | tail -n +2 | grep wttr-delft | awk '{print \$1}' | xargs podman rm"
x "podman image ls | tail -n +2 | grep wttr-delft | awk '{print \$3}' | xargs podman image rm -f"