From 93b71cbbc503db8fc6bd3f16322dbb28f7e5212d Mon Sep 17 00:00:00 2001 From: Tamipes Date: Fri, 29 May 2026 16:08:37 +0200 Subject: [PATCH 1/8] feat: mark the minimal image as minimal and extend the defualt one --- README.md | 11 ++++++----- flake.nix | 33 ++++++++++++++++++++++++--------- 2 files changed, 30 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 4a280a5..c75392c 100644 --- a/README.md +++ b/README.md @@ -7,21 +7,22 @@ As you cannot run a forgejo runner with `nixos/nix` due to it not having `node` ```bash USERNAME="tamipes" URL="git.tami.moe" + IMG_NAME="nix" nix build --extra-experimental-features "flakes nix-command" . docker load -i result - docker image tag nix "$URL/$USERNAME/nix:latest" + docker image tag nix "$URL/$USERNAME/$IMG_NAME:latest" docker login "https://$URL" - docker push "$URL/$USERNAME/nix" + docker push "$URL/$USERNAME/$IMG_NAME" rm result # don't forget to cleanup the GC root # I also tag with the date, but this might be unneeded - docker image tag nix "$URL/$USERNAME/nix:latest$(date --iso-8601)" - docker push "$URL/$USERNAME/nix" + docker image tag nix "$URL/$USERNAME/$IMG_NAME:latest$(date --iso-8601)" + docker push "$URL/$USERNAME/$IMG_NAME" ``` # Extra info -- This image is essentially still "based" on `nixos/nix`, but it builds it with nodejs included. Checkout the flake.nix! +- These image are essentially still "based" on `nixos/nix`, but it builds it with nodejs(+extras) included. Checkout the flake.nix! - it does not use `nixos/nix` as a base image, but uses the same build script and adds extra stuff - [nixpkgs manual](https://nix.dev/manual/nix/2.24/installation/installing-docker#docker-image-with-the-latest-development-version-of-nix) - [nixos/nix build script](https://github.com/NixOS/nix/blob/master/docker.nix) diff --git a/flake.nix b/flake.nix index 7163269..9850f00 100644 --- a/flake.nix +++ b/flake.nix @@ -6,16 +6,31 @@ }; outputs = { nixpkgs, nix, self }: let pkgs = import nixpkgs { system = "x86_64-linux"; }; in { - packages.x86_64-linux.default = import (nix + "/docker.nix") { - inherit pkgs; - extraPkgs = [ pkgs.nodejs ]; + packages.x86_64-linux = rec { + default = nix; + minimal-nix = import (nix + "/docker.nix") { + inherit pkgs; + extraPkgs = [ pkgs.nodejs ]; - Labels = { - "org.opencontainers.image.title" = "Nix"; - "org.opencontainers.image.source" = "https://git.tami.moe/tamipes/"; - "org.opencontainers.image.vendor" = "Tamipes"; - "org.opencontainers.image.version" = pkgs.nix.version; - "org.opencontainers.image.description" = "Nix container image with nodejs"; + Labels = { + "org.opencontainers.image.title" = "Nix (minimal)"; + "org.opencontainers.image.source" = "https://git.tami.moe/tamipes/forgejo-actions"; + "org.opencontainers.image.vendor" = "Tamipes"; + "org.opencontainers.image.version" = pkgs.nix.version; + "org.opencontainers.image.description" = "Nix container image with nodejs"; + }; + }; + nix = import (nix + "/docker.nix") { + inherit pkgs; + extraPkgs = [ pkgs.nodejs pkgs.skopeo ]; + + Labels = { + "org.opencontainers.image.title" = "Nix"; + "org.opencontainers.image.source" = "https://git.tami.moe/tamipes/forgejo-actions"; + "org.opencontainers.image.vendor" = "Tamipes"; + "org.opencontainers.image.version" = pkgs.nix.version; + "org.opencontainers.image.description" = "Nix container image with more cli tools"; + }; }; }; }; From 93c533b13e7219efb086166ee1dafa06ebc683f8 Mon Sep 17 00:00:00 2001 From: Tamipes Date: Fri, 29 May 2026 16:15:40 +0200 Subject: [PATCH 2/8] fix: name clash `nix` --- flake.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index 9850f00..f6e805d 100644 --- a/flake.nix +++ b/flake.nix @@ -7,7 +7,8 @@ outputs = { nixpkgs, nix, self }: let pkgs = import nixpkgs { system = "x86_64-linux"; }; in { packages.x86_64-linux = rec { - default = nix; + default = nix-with-tools; + minimal-nix = import (nix + "/docker.nix") { inherit pkgs; extraPkgs = [ pkgs.nodejs ]; @@ -20,7 +21,7 @@ "org.opencontainers.image.description" = "Nix container image with nodejs"; }; }; - nix = import (nix + "/docker.nix") { + nix-with-tools = import (nix + "/docker.nix") { inherit pkgs; extraPkgs = [ pkgs.nodejs pkgs.skopeo ]; From f69de09f52c7d569f7b5fce7d8d08da78f95db3f Mon Sep 17 00:00:00 2001 From: Tamipes Date: Fri, 29 May 2026 16:11:50 +0200 Subject: [PATCH 3/8] feat: run "build and push" on push to `main` --- .github/workflows/build.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 8ed4dbf..d78b1e3 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -2,6 +2,9 @@ name: Build and Push docker image on: workflow_dispatch: workflow_call: + push: + branches: + - main jobs: buildAndPush: From 2fce25f4cdf51e9e679cac36e544203740b7d9d9 Mon Sep 17 00:00:00 2001 From: Tamipes Date: Fri, 29 May 2026 16:24:18 +0200 Subject: [PATCH 4/8] feat: when building on actions use the builtin `skopeo` --- .github/workflows/build.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d78b1e3..064f6cf 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -17,9 +17,9 @@ jobs: run: curl -o /etc/containers/policy.json --create-dirs https://raw.githubusercontent.com/containers/skopeo/refs/heads/main/default-policy.json - name: Push Image run: | - nix shell --extra-experimental-features "flakes nix-command" nixpkgs#skopeo -c sh -c \ - 'skopeo copy --dest-password "$UPLOAD_TOKEN" --dest-username "$USERNAME" docker-archive://$(realpath result) "docker://$IMG_URL:$(date --iso-8601)" && \ - skopeo copy --dest-password "$UPLOAD_TOKEN" --dest-username "$USERNAME" docker-archive://$(realpath result) "docker://$IMG_URL"' + alias skp='skopeo copy --dest-password "$UPLOAD_TOKEN" --dest-username "$USERNAME" "docker-archive://$(realpath result)"' + skp "docker://$IMG_URL:$(date --iso-8601)" && \ + skp "docker://$IMG_URL" env: USERNAME: tamipes UPLOAD_TOKEN: ${{ secrets.UPLOAD_TOKEN }} From 0594840ed385558310b0e3212e1a7120f3e1d183 Mon Sep 17 00:00:00 2001 From: Tamipes Date: Fri, 29 May 2026 16:28:14 +0200 Subject: [PATCH 5/8] fix: can't use `alias` in actions, it seems like... --- .github/workflows/build.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 064f6cf..e35ff4c 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -17,9 +17,8 @@ jobs: run: curl -o /etc/containers/policy.json --create-dirs https://raw.githubusercontent.com/containers/skopeo/refs/heads/main/default-policy.json - name: Push Image run: | - alias skp='skopeo copy --dest-password "$UPLOAD_TOKEN" --dest-username "$USERNAME" "docker-archive://$(realpath result)"' - skp "docker://$IMG_URL:$(date --iso-8601)" && \ - skp "docker://$IMG_URL" + skopeo copy --dest-password "$UPLOAD_TOKEN" --dest-username "$USERNAME" "docker-archive://$(realpath result)" "docker://$IMG_URL:$(date --iso-8601)" && \ + skopeo copy --dest-password "$UPLOAD_TOKEN" --dest-username "$USERNAME" "docker-archive://$(realpath result)" "docker://$IMG_URL" env: USERNAME: tamipes UPLOAD_TOKEN: ${{ secrets.UPLOAD_TOKEN }} From 8a7a7cf2ecfade5f464d5a93d4ed78e9adf84473 Mon Sep 17 00:00:00 2001 From: Tamipes Date: Fri, 29 May 2026 16:47:24 +0200 Subject: [PATCH 6/8] --- Manual update of flake.lock --- --- flake.lock | 38 +++++++++++++++++--------------------- 1 file changed, 17 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index 7478ea2..cfb7c71 100644 --- a/flake.lock +++ b/flake.lock @@ -24,11 +24,11 @@ ] }, "locked": { - "lastModified": 1733312601, - "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "lastModified": 1778716662, + "narHash": "sha256-m1Yf0wZ8j1OHjTc2UwHwyQRSnNeSgLJOd7q5Y45hzi4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "rev": "f7c1a2d347e4c52d5fb8d10cb4d94b5884e546fb", "type": "github" }, "original": { @@ -48,18 +48,14 @@ "nixpkgs": [ "nix", "nixpkgs" - ], - "nixpkgs-stable": [ - "nix", - "nixpkgs" ] }, "locked": { - "lastModified": 1734279981, - "narHash": "sha256-NdaCraHPp8iYMWzdXAt5Nv6sA3MUzlCiGiR586TCwo0=", + "lastModified": 1778507602, + "narHash": "sha256-kTwur1wV+01SdqskVMSo6JMEpg71ps3HpbFY2GsflKs=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "aa9f40c906904ebd83da78e7f328cd8aeaeae785", + "rev": "61ab0e80d9c7ab14c256b5b453d8b3fb0189ba0a", "type": "github" }, "original": { @@ -78,11 +74,11 @@ "nixpkgs-regression": "nixpkgs-regression" }, "locked": { - "lastModified": 1768165334, - "narHash": "sha256-42bXWekwea6E+q00HVskzi7ggMQSr8g/7ApQaNd+mr0=", + "lastModified": 1780022537, + "narHash": "sha256-yhmkWBrvoIi0pSDmyBQZVNd4d1UZvWlgrXbUg8qZlnc=", "owner": "nixos", "repo": "nix", - "rev": "252aff5c8f1dcdea1046b03a8196ef63ecf3b112", + "rev": "9b03e7daa40b3d4d0a40a17d43bcc6c6d2b112ef", "type": "github" }, "original": { @@ -93,15 +89,15 @@ }, "nixpkgs": { "locked": { - "lastModified": 1763948260, - "narHash": "sha256-zZk7fn2ARAqmLwaYTpxBJmj81KIdz11NiWt7ydHHD/M=", - "rev": "1c8ba8d3f7634acac4a2094eef7c32ad9106532c", + "lastModified": 1778003029, + "narHash": "sha256-amc4Y3GF3+anUi7IJeLVzf7hVqLb3ZqCGzYtkVyp7Qw=", + "rev": "0c88e1f2bdb93d5999019e99cb0e61e1fe2af4c5", "type": "tarball", - "url": "https://releases.nixos.org/nixos/25.05/nixos-25.05.813095.1c8ba8d3f763/nixexprs.tar.xz" + "url": "https://releases.nixos.org/nixos/25.11/nixos-25.11.10470.0c88e1f2bdb9/nixexprs.tar.xz" }, "original": { "type": "tarball", - "url": "https://channels.nixos.org/nixos-25.05/nixexprs.tar.xz" + "url": "https://channels.nixos.org/nixos-25.11/nixexprs.tar.xz" } }, "nixpkgs-23-11": { @@ -138,11 +134,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1768127708, - "narHash": "sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs=", + "lastModified": 1779560665, + "narHash": "sha256-tpyBcxPpcQb8ukyNF7DoCwfSY3VPsxHoYwj00Cayv5o=", "owner": "nixos", "repo": "nixpkgs", - "rev": "ffbc9f8cbaacfb331b6017d5a5abb21a492c9a38", + "rev": "64c08a7ca051951c8eae34e3e3cb1e202fe36786", "type": "github" }, "original": { From 0b4c3b11a1c34ec477449b77766187399752446d Mon Sep 17 00:00:00 2001 From: tamipes Date: Wed, 3 Jun 2026 19:04:58 +0200 Subject: [PATCH 7/8] fix: README.md use $IMG_NAME more --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index c75392c..a3c180c 100644 --- a/README.md +++ b/README.md @@ -10,13 +10,13 @@ As you cannot run a forgejo runner with `nixos/nix` due to it not having `node` IMG_NAME="nix" nix build --extra-experimental-features "flakes nix-command" . docker load -i result - docker image tag nix "$URL/$USERNAME/$IMG_NAME:latest" + docker image tag "$IMG_NAME" "$URL/$USERNAME/$IMG_NAME:latest" docker login "https://$URL" docker push "$URL/$USERNAME/$IMG_NAME" rm result # don't forget to cleanup the GC root # I also tag with the date, but this might be unneeded - docker image tag nix "$URL/$USERNAME/$IMG_NAME:latest$(date --iso-8601)" + docker image tag "$IMG_NAME" "$URL/$USERNAME/$IMG_NAME:latest$(date --iso-8601)" docker push "$URL/$USERNAME/$IMG_NAME" ``` From c5f67c568ccee89f3e6f6d3a601a8d4e9f3c75bd Mon Sep 17 00:00:00 2001 From: Tamipes Date: Thu, 4 Jun 2026 21:48:32 +0200 Subject: [PATCH 8/8] feat: add my `nix-cache` to the full container --- flake.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/flake.nix b/flake.nix index f6e805d..0b32008 100644 --- a/flake.nix +++ b/flake.nix @@ -24,6 +24,13 @@ nix-with-tools = import (nix + "/docker.nix") { inherit pkgs; extraPkgs = [ pkgs.nodejs pkgs.skopeo ]; + nixConf = { + extra-substituters = [ "https://nix-cache.tami.moe" ]; + trusted-public-keys = [ + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + "nix-cache.tami.moe:3jrWZ412K0YTFfKMJC6ftc4lsugeMVWDBiudFCAdDb8=" + ]; + }; Labels = { "org.opencontainers.image.title" = "Nix";