Repository: nix-community/docker-nixpkgs
Branch: main
Commit: 10b83cdcf12c
Files: 55
Total size: 40.0 KB
Directory structure:
gitextract_p0b97sxe/
├── .github/
│ ├── dependabot.yml
│ └── workflows/
│ └── nix.yml
├── .gitignore
├── .gitlab-ci.yml
├── LICENSE
├── README.md
├── ci-manifests.sh
├── ci.sh
├── default.nix
├── docker-login
├── dockerhub-metadata
├── generate-manifests
├── images/
│ ├── attic/
│ │ └── default.nix
│ ├── bash/
│ │ └── default.nix
│ ├── busybox/
│ │ └── default.nix
│ ├── cachix/
│ │ └── default.nix
│ ├── cachix-flakes/
│ │ └── default.nix
│ ├── caddy/
│ │ └── default.nix
│ ├── curl/
│ │ └── default.nix
│ ├── devcontainer/
│ │ ├── README.md
│ │ ├── default.nix
│ │ └── root/
│ │ └── etc/
│ │ ├── bashrc
│ │ ├── group
│ │ ├── nsswitch.conf
│ │ ├── pam.d/
│ │ │ └── other
│ │ ├── passwd
│ │ └── shadow
│ ├── devenv/
│ │ └── default.nix
│ ├── docker-compose/
│ │ └── default.nix
│ ├── hugo/
│ │ └── default.nix
│ ├── kubectl/
│ │ └── default.nix
│ ├── kubernetes-helm/
│ │ └── default.nix
│ ├── maddy/
│ │ └── default.nix
│ ├── nginx/
│ │ └── default.nix
│ ├── nix/
│ │ ├── default.nix
│ │ ├── fake_nixpkgs/
│ │ │ └── default.nix
│ │ └── root/
│ │ └── etc/
│ │ ├── group
│ │ ├── nsswitch.conf
│ │ └── passwd
│ ├── nix-flakes/
│ │ └── default.nix
│ ├── nix-unstable/
│ │ └── default.nix
│ ├── nix-unstable-static/
│ │ ├── README.md
│ │ ├── default.nix
│ │ ├── docker-nix-user.sh
│ │ └── run_as_user.sh
│ ├── pocket-id/
│ │ └── default.nix
│ └── yarr/
│ └── default.nix
├── lib/
│ ├── buildCLIImage.nix
│ ├── importDir.nix
│ └── mkUserEnvironment.nix
├── overlay.nix
├── pkgs.nix
├── push-all
├── readme-image-matrix
└── shell.nix
================================================
FILE CONTENTS
================================================
================================================
FILE: .github/dependabot.yml
================================================
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
================================================
FILE: .github/workflows/nix.yml
================================================
name: Nix
on:
push:
branches:
- main
pull_request:
workflow_dispatch:
schedule:
# Run once per day
- cron: '0 0 * * *'
jobs:
build:
strategy:
# Keep building the other channels if one fails
fail-fast: false
matrix:
channel:
- nixos-unstable
- nixos-25.05
- nixos-25.11
system:
- aarch64-linux
- x86_64-linux
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v6
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
with:
platforms: arm64
- uses: DeterminateSystems/nix-installer-action@main
with:
extra-conf: |
extra-platforms = aarch64-linux
- uses: DeterminateSystems/magic-nix-cache-action@main
- name: Push to Docker Hub
run: nix-shell --run ./ci.sh
env:
CI_PROJECT_PATH: 'nixpkgs'
CI_REGISTRY: 'docker.io'
CI_REGISTRY_AUTH: '${{ secrets.REGISTRY_AUTH }}'
NIXPKGS_CHANNEL: '${{ matrix.channel }}'
NIX_SYSTEM_NAME: '${{ matrix.system }}'
- name: Push to GitHub Pages
run: nix-shell --run ./ci.sh
env:
CI_PROJECT_PATH: 'nix-community/docker-nixpkgs'
CI_REGISTRY: 'ghcr.io'
CI_REGISTRY_AUTH: '${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}'
NIXPKGS_CHANNEL: '${{ matrix.channel }}'
NIX_SYSTEM_NAME: '${{ matrix.system }}'
push-manifest:
needs: [build]
strategy:
fail-fast: false
matrix:
channel:
- nixos-unstable
- nixos-25.05
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: DeterminateSystems/nix-installer-action@main
with:
extra-conf: |
extra-platforms = aarch64-linux
- uses: DeterminateSystems/magic-nix-cache-action@main
- run: nix-shell --run ./ci-manifests.sh
env:
CI_REGISTRY_AUTH: '${{ secrets.REGISTRY_AUTH }}'
NIXPKGS_CHANNEL: '${{ matrix.channel }}'
NIX_SYSTEM_NAME: '${{ matrix.system }}'
================================================
FILE: .gitignore
================================================
# Nix
result
result-*
================================================
FILE: .gitlab-ci.yml
================================================
stages:
- build
build:
stage: build
image: nixpkgs/nix:nixos-25.05
script: nix-shell --run ./ci.sh
parallel:
matrix:
- NIXPKGS_CHANNEL: nixos-unstable
IMAGE_TAG: latest
- NIXPKGS_CHANNEL:
- nixos-25.05
- nixos-25.11
================================================
FILE: LICENSE
================================================
MIT License
Copyright (c) 2019 zimbatm and contributors
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
================================================
FILE: README.md
================================================
# docker-nixpkgs: docker images from nixpkgs
This project is a collection of docker images automatically produced with Nix
and the latest nixpkgs package set. All the images are refreshed daily with
the latest versions of nixpkgs.
It's also a good demonstration on how to build and publish Docker images with
Nix.
Always keep your docker images fresh!
## Why use Nix to build docker images?
Nix has a number of advantages over Dockerfile when producing docker images:
* builds are more likely to be repeatable and binary reproducible
* Nix will only rebuild the minimum set of changes with no manual intervention
* Nix produces optimised layers with no manual intervention
* nixpkgs provides automatic security updates
## Example usage
Here is an example of using one of the docker images. Usage will change from
image to image.
```
# run the curl image which has curl as an entry-point
$ docker run -ti --rm nixpkgs/curl curl http://ifconfig.co
180.52.248.114
```
## Channels
Each image is built with the following nixpkgs channels and map to the
following image tag.
The version of the packages included in each image depends on what version the
nixpkgs channel describes.
| Channel | Image Tag | Description |
| --- | --- | --- |
| nixos-25.05 | nixos-25.05 | only minor versions that include security updates |
| nixos-25.11 | nixos-25.11 | only minor versions that include security updates |
| nixos-unstable | latest | latest and greatest, major versions might change |
## List of images
Here is the current list of images that are provided. Missing one? Send an
[image request](#image-request).
All images are automatically built and published to Docker Hub, and served
on our custom domain, courtesy of [Scarf](https://scarf.sh).
`> ./readme-image-matrix`
<!-- BEGIN mdsh -->
| Image / Tag | Pull |
| --- | --- |
| [nixpkgs/attic](https://hub.docker.com/r/nixpkgs/attic)| `docker pull docker.nix-community.org/nixpkgs/attic` |
| [nixpkgs/bash](https://hub.docker.com/r/nixpkgs/bash)| `docker pull docker.nix-community.org/nixpkgs/bash` |
| [nixpkgs/busybox](https://hub.docker.com/r/nixpkgs/busybox)| `docker pull docker.nix-community.org/nixpkgs/busybox` |
| [nixpkgs/cachix](https://hub.docker.com/r/nixpkgs/cachix)| `docker pull docker.nix-community.org/nixpkgs/cachix` |
| [nixpkgs/cachix-flakes](https://hub.docker.com/r/nixpkgs/cachix-flakes)| `docker pull docker.nix-community.org/nixpkgs/cachix-flakes` |
| [nixpkgs/caddy](https://hub.docker.com/r/nixpkgs/caddy)| `docker pull docker.nix-community.org/nixpkgs/caddy` |
| [nixpkgs/curl](https://hub.docker.com/r/nixpkgs/curl)| `docker pull docker.nix-community.org/nixpkgs/curl` |
| [nixpkgs/devcontainer](https://hub.docker.com/r/nixpkgs/devcontainer)| `docker pull docker.nix-community.org/nixpkgs/devcontainer` |
| [nixpkgs/devenv](https://hub.docker.com/r/nixpkgs/devenv)| `docker pull docker.nix-community.org/nixpkgs/devenv` |
| [nixpkgs/docker-compose](https://hub.docker.com/r/nixpkgs/docker-compose)| `docker pull docker.nix-community.org/nixpkgs/docker-compose` |
| [nixpkgs/hugo](https://hub.docker.com/r/nixpkgs/hugo)| `docker pull docker.nix-community.org/nixpkgs/hugo` |
| [nixpkgs/kubectl](https://hub.docker.com/r/nixpkgs/kubectl)| `docker pull docker.nix-community.org/nixpkgs/kubectl` |
| [nixpkgs/kubernetes-helm](https://hub.docker.com/r/nixpkgs/kubernetes-helm)| `docker pull docker.nix-community.org/nixpkgs/kubernetes-helm` |
| [nixpkgs/maddy](https://hub.docker.com/r/nixpkgs/maddy)| `docker pull docker.nix-community.org/nixpkgs/maddy` |
| [nixpkgs/nginx](https://hub.docker.com/r/nixpkgs/nginx)| `docker pull docker.nix-community.org/nixpkgs/nginx` |
| [nixpkgs/nix](https://hub.docker.com/r/nixpkgs/nix)| `docker pull docker.nix-community.org/nixpkgs/nix` |
| [nixpkgs/nix-flakes](https://hub.docker.com/r/nixpkgs/nix-flakes)| `docker pull docker.nix-community.org/nixpkgs/nix-flakes` |
| [nixpkgs/nix-unstable](https://hub.docker.com/r/nixpkgs/nix-unstable)| `docker pull docker.nix-community.org/nixpkgs/nix-unstable` |
| [nixpkgs/nix-unstable-static](https://hub.docker.com/r/nixpkgs/nix-unstable-static)| `docker pull docker.nix-community.org/nixpkgs/nix-unstable-static` |
| [nixpkgs/pocket-id](https://hub.docker.com/r/nixpkgs/pocket-id)| `docker pull docker.nix-community.org/nixpkgs/pocket-id` |
| [nixpkgs/yarr](https://hub.docker.com/r/nixpkgs/yarr)| `docker pull docker.nix-community.org/nixpkgs/yarr` |
<!-- END mdsh -->
## Adding new images
To add a new image to the project, create a new folder under
`./images/<image-name>` with a default.nix that returns the docker image.
Then run `nix-build -A <image-name>` to test that it builds, and
then use
`docker load -i /nix/store/...<image-name>.tar.gz` to load and test the image.
## User Feedback
### Issues
If you have any problems with or questions about this project, please contact
us through a [GitHub issue](https://github.com/nix-community/docker-nixpkgs/issues/new)
### Image request
[Submit a request](https://github.com/nix-community/docker-nixpkgs/issues/new)
with an accompanying use-case for an image that you would like to see.
### Contributing
You are invited to contribute new features, fixes or updates, large or small;
we are always thrilled to receive pull requests, and do our best to process
them as fast as we can.
## Related projects
* The [docker-library](https://github.com/docker-library/official-images#readme)
is an image set maintained by the Docker Inc. team and contain
officially-supported images.
* [Nixery](https://nixery.dev/) is a pretty cool service that builds docker
images from nixpkgs attributes on the fly.
## License
Copyright (c) 2021 @zimbatm and contributors.
Licensed under the MIT.
================================================
FILE: ci-manifests.sh
================================================
#!/usr/bin/env bash
#
# CI specific build script.
#
set -euo pipefail
channel=${NIXPKGS_CHANNEL:-nixos-unstable}
registry=${CI_REGISTRY:-docker.io}
registry_auth=${CI_REGISTRY_AUTH:-}
image_prefix=${CI_PROJECT_PATH:-nixpkgs}
if [[ $channel == nixos-unstable ]]; then
image_tag=latest
else
image_tag=$channel
fi
export NIX_PATH=channel:$channel
banner() {
echo "========================================================"
echo " $*"
echo "========================================================"
}
cd "$(dirname "$0")"
if [[ $(git rev-parse --abbrev-ref HEAD) != main ]]; then
banner "Skipping push on non-main branch"
exit
fi
if [[ -n "${registry_auth}" ]]; then
banner "docker login"
./docker-login "$registry_auth" "$registry"
fi
banner "generate manifests"
./generate-manifests "$registry" "$image_prefix" "$image_tag"
================================================
FILE: ci.sh
================================================
#!/usr/bin/env bash
#
# CI specific build script.
#
set -euo pipefail
channel=${NIXPKGS_CHANNEL:-nixos-unstable}
registry=${CI_REGISTRY:-docker.io}
registry_auth=${CI_REGISTRY_AUTH:-}
image_prefix=${CI_PROJECT_PATH:-nixpkgs}
system_name=${NIX_SYSTEM_NAME:-x86_64-linux}
if [[ $channel == nixos-unstable ]]; then
image_tag=latest
else
image_tag=$channel
fi
export NIX_PATH=channel:$channel
banner() {
echo "========================================================"
echo " $*"
echo "========================================================"
}
cd "$(dirname "$0")"
banner "Building images"
# Build all the docker images
nix-build \
--no-out-link \
--option sandbox true \
--argstr system "$system_name"
if [[ $(git rev-parse --abbrev-ref HEAD) != main ]]; then
banner "Skipping push on non-main branch"
exit
fi
if [[ -n "${registry_auth}" ]]; then
banner "docker login"
./docker-login "$registry_auth" "$registry"
fi
banner "docker push"
./push-all "$registry" "$image_prefix" "$image_tag"
if [[ -n "${registry_auth}" && $registry = *docker.io ]]; then
banner "docker metadata update"
./dockerhub-metadata "$registry_auth" "$image_prefix"
fi
================================================
FILE: default.nix
================================================
{
system ? builtins.currentSystem
}: let
_parts = builtins.split "-" system;
arch = builtins.elemAt _parts 0;
os = builtins.elemAt _parts 2;
system' =
if os == "darwin"
then "${arch}-linux"
else system;
pkgs =
import ./pkgs.nix system';
in
pkgs.docker-nixpkgs
================================================
FILE: docker-login
================================================
#!/usr/bin/env bash
#
# A simplified docker login approach that doesn't depends on the docker binary
#
# Usage: ./docker-login <username> <password> [registry]
set -euo pipefail
auth=$1
registry=${2:-docker.io}
# Encode some funky docker heuristic
if [[ $registry = *docker.io ]]; then
# use the v2 registry so that skopeo can do noop layer copies
registry=https://index.docker.io/v2/
fi
mkdir -p ~/.docker
cat <<DOCKER_CONF > ~/.docker/config.json
{
"auths": {
"$registry": {
"auth": "$(echo -n "$auth" | base64)"
}
}
}
DOCKER_CONF
================================================
FILE: dockerhub-metadata
================================================
#!/usr/bin/env bash
#
# Update docker hub image descriptions. The API is not documented and might
# break in the future.
#
# Usage: ./dockerhub-metadata <user> <password> [org]
set -euo pipefail
user=$1
org=${2:-nixpkgs}
system_name=${NIX_SYSTEM_NAME:-x86_64-linux}
nix_eval() {
nix-instantiate --strict --eval --argstr system "$system_name" --json "$@"
}
releases_json=$(nix_eval)
to_json() {
local desc=$1 full_desc=$2
jq -n \
--arg desc "$desc" \
--arg full_desc "$full_desc" \
'.description=$desc | .full_description=$full_desc'
}
echo "=== Updating Docker Hub project descriptions"
for attr in $(echo "$releases_json" | jq -r "keys[]") ; do
echo "--- $attr"
desc=$(nix_eval -A "$attr.meta.description" | jq -r .)
if [[ -f "$attr/README.md" ]]; then
full_desc=$(< "$attr/README.md")
else
full_desc=$(< "README.md")
fi
data=$(to_json "$desc" "$full_desc")
echo "data: $data"
url=https://cloud.docker.com/v2/repositories/$org/$attr/
curl -XPATCH -H "Content-Type: application/json" --user "$user" --data "$data" "$url"
done
echo OK
================================================
FILE: generate-manifests
================================================
#!/usr/bin/env bash
#
# Usage: ./push-all <registry> <image-prefix> <image-tag>
set -euo pipefail
registry=${1:-docker.io}
image_prefix=${2:-nixpkgs}
image_tag=${3:-latest}
system_name=${NIX_SYSTEM_NAME:-x86_64-linux}
releases_json=$(nix-instantiate --strict --argstr system "$system_name" --eval --json)
echo "=== Generating manifests for $registry"
for attr in $(echo "$releases_json" | jq -r "keys[]") ; do
repository=$registry/$image_prefix/$attr
target_image=${repository}:${image_tag}
echo "--- attr=$attr target=$target_image"
podman manifest create "$target_image"
podman manifest add "$target_image" "docker://$repository:${image_tag}-x86_64-linux"
podman manifest add "$target_image" "docker://$repository:${image_tag}-aarch64-linux"
podman manifest push --all "$target_image" "docker://$target_image"
done
echo OK
================================================
FILE: images/attic/default.nix
================================================
{ docker-nixpkgs
, attic-client
}:
(docker-nixpkgs.nix.override {
extraContents = [ attic-client ];
}).overrideAttrs (prev: {
meta = (prev.meta or { }) // {
description = "Nix and Attic client image";
};
})
================================================
FILE: images/bash/default.nix
================================================
{ buildCLIImage
, bash
}:
buildCLIImage {
drv = bash;
}
================================================
FILE: images/busybox/default.nix
================================================
{ buildCLIImage
, busybox
}:
buildCLIImage {
drv = busybox;
}
================================================
FILE: images/cachix/default.nix
================================================
{ docker-nixpkgs
, cachix
}:
(docker-nixpkgs.nix.override {
extraContents = [ cachix ];
}).overrideAttrs (prev: {
meta = (prev.meta or { }) // {
description = "Nix and Cachix image";
};
})
================================================
FILE: images/cachix-flakes/default.nix
================================================
{ docker-nixpkgs
, cachix
}:
(docker-nixpkgs.nix-flakes.override {
extraContents = [ cachix ];
}).overrideAttrs (prev: {
meta = (prev.meta or { }) // {
description = "Nix and Cachix image";
};
})
================================================
FILE: images/caddy/default.nix
================================================
{ buildCLIImage
, caddy
}:
buildCLIImage {
drv = caddy;
}
================================================
FILE: images/curl/default.nix
================================================
{ buildCLIImage
, curl
}:
buildCLIImage {
drv = curl;
}
================================================
FILE: images/devcontainer/README.md
================================================
# Nix VSCode DevContainer
WIP
Related to https://github.com/zimbatm/vscode-devcontainer-nix
================================================
FILE: images/devcontainer/default.nix
================================================
# A fat and modifiable Nix image
{ dockerTools
, bashInteractive
, cacert
, closureInfo
, coreutils
, curl
, direnv
, gcc-unwrapped
, gitReallyMinimal
, glibc
, gnugrep
, gnused
, gnutar
, gzip
, iana-etc
, iproute2
, less
, lib
, nix
, openssh
, procps
, shadow
, xz
, mkUserEnvironment
}:
let
channel = builtins.getEnv ("NIXPKGS_CHANNEL");
# generate a user profile for the image
profile = mkUserEnvironment {
derivations = [
# core utils
coreutils
procps
gnugrep
gnused
less
# add /bin/sh
bashInteractive
nix
# runtime dependencies of nix
# HACK: don't include the "hashed" output. It has overlapping files with
# the "unbundled" output, and that breaks the build.
(cacert // {
outputs = builtins.filter (x: x != "hashed") cacert.outputs;
})
gitReallyMinimal
gnutar
gzip
xz
# for haskell binaries
iana-etc
# for user management
shadow
# for the vscode extension
# HACK: don't include the "libgcc" output. It has overlapping files with
# the "lib" output, and that breaks the build.
(gcc-unwrapped // {
outputs = builtins.filter (x: x != "libgcc") gcc-unwrapped.outputs;
})
iproute2
];
};
image = dockerTools.buildImage {
name = "devcontainer";
contents = [ ];
extraCommands = ''
# create the Nix DB
export NIX_REMOTE=local?root=$PWD
export USER=nobody
${nix}/bin/nix-store --load-db < ${closureInfo { rootPaths = [ profile ]; }}/registration
# set the user profile
${profile}/bin/nix-env --profile nix/var/nix/profiles/default --set ${profile}
# minimal
mkdir -p bin usr/bin
ln -s /nix/var/nix/profiles/default/bin/sh bin/sh
ln -s /nix/var/nix/profiles/default/bin/env usr/bin/env
# might as well...
ln -s /nix/var/nix/profiles/default/bin/bash bin/bash
# setup shadow, bashrc
mkdir home
cp -r ${./root/etc} etc
chmod +w etc etc/group etc/passwd etc/shadow
# setup iana-etc for haskell binaries
ln -s /nix/var/nix/profiles/default/etc/protocols etc/protocols
ln -s /nix/var/nix/profiles/default/etc/services etc/services
# make sure /tmp exists
mkdir -m 0777 tmp
# allow ubuntu ELF binaries to run. VSCode copies it's own.
mkdir -p lib64
ln -s ${glibc}/lib64/ld-linux-x86-64.so.2 lib64/ld-linux-x86-64.so.2
# VSCode assumes that /sbin/ip exists
mkdir sbin
ln -s /nix/var/nix/profiles/default/bin/ip sbin/ip
'';
config = {
Cmd = [ "/nix/var/nix/profiles/default/bin/bash" ];
Env = [
"ENV=/nix/var/nix/profiles/default/etc/profile.d/nix.sh"
"GIT_SSL_CAINFO=/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"
"LD_LIBRARY_PATH=/nix/var/nix/profiles/default/lib"
"PAGER=less"
"PATH=/nix/var/nix/profiles/default/bin"
"SSL_CERT_FILE=/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"
(
if channel != "" then
"NIX_PATH=nixpkgs=channel:${channel}"
else
"NIX_PATH=nixpkgs=${../nix/fake_nixpkgs}"
)
];
Labels = {
# https://github.com/microscaling/microscaling/blob/55a2d7b91ce7513e07f8b1fd91bbed8df59aed5a/Dockerfile#L22-L33
"org.label-schema.vcs-ref" = "main";
"org.label-schema.vcs-url" = "https://github.com/nix-community/docker-nixpkgs";
};
};
};
in
image // {
meta = image.meta // {
description = "Nix devcontainer for VSCode";
};
}
================================================
FILE: images/devcontainer/root/etc/bashrc
================================================
# interactive session
if [[ $- == *i* ]]; then
PS1='\[\033[0;32;40m\][nix]$\[\033[0m\] '
fi
================================================
FILE: images/devcontainer/root/etc/group
================================================
root:x:0:
wheel:x:1:
tty:x:3:
users:x:100:
nixbld:x:30000:nixbld1,nixbld2,nixbld3,nixbld4,nixbld5,nixbld6,nixbld7,nixbld8,nixbld9,nixbld10,nixbld11,nixbld12,nixbld13,nixbld14,nixbld15,nixbld16,nixbld17,nixbld18,nixbld19,nixbld20,nixbld21,nixbld22,nixbld23,nixbld24,nixbld25,nixbld26,nixbld27,nixbld28,nixbld29,nixbld30
nogroup:x:65534:
================================================
FILE: images/devcontainer/root/etc/nsswitch.conf
================================================
passwd: files mymachines systemd
group: files mymachines systemd
shadow: files
hosts: files mymachines dns myhostname
networks: files
ethers: files
services: files
protocols: files
rpc: files
================================================
FILE: images/devcontainer/root/etc/pam.d/other
================================================
account sufficient pam_unix.so
auth sufficient pam_rootok.so
password requisite pam_unix.so nullok sha512
session required pam_unix.so
================================================
FILE: images/devcontainer/root/etc/passwd
================================================
root:x:0:0:root:/root:/nix/var/nix/profiles/default/bin/bash
nixbld1:x:30001:30000:Nix build user 1:/var/empty:/sbin/nologin
nixbld2:x:30002:30000:Nix build user 2:/var/empty:/sbin/nologin
nixbld3:x:30003:30000:Nix build user 3:/var/empty:/sbin/nologin
nixbld4:x:30004:30000:Nix build user 4:/var/empty:/sbin/nologin
nixbld5:x:30005:30000:Nix build user 5:/var/empty:/sbin/nologin
nixbld6:x:30006:30000:Nix build user 6:/var/empty:/sbin/nologin
nixbld7:x:30007:30000:Nix build user 7:/var/empty:/sbin/nologin
nixbld8:x:30008:30000:Nix build user 8:/var/empty:/sbin/nologin
nixbld9:x:30009:30000:Nix build user 9:/var/empty:/sbin/nologin
nixbld10:x:30010:30000:Nix build user 10:/var/empty:/sbin/nologin
nixbld11:x:30011:30000:Nix build user 11:/var/empty:/sbin/nologin
nixbld12:x:30012:30000:Nix build user 12:/var/empty:/sbin/nologin
nixbld13:x:30013:30000:Nix build user 13:/var/empty:/sbin/nologin
nixbld14:x:30014:30000:Nix build user 14:/var/empty:/sbin/nologin
nixbld15:x:30015:30000:Nix build user 15:/var/empty:/sbin/nologin
nixbld16:x:30016:30000:Nix build user 16:/var/empty:/sbin/nologin
nixbld17:x:30017:30000:Nix build user 17:/var/empty:/sbin/nologin
nixbld18:x:30018:30000:Nix build user 18:/var/empty:/sbin/nologin
nixbld19:x:30019:30000:Nix build user 19:/var/empty:/sbin/nologin
nixbld20:x:30020:30000:Nix build user 20:/var/empty:/sbin/nologin
nixbld21:x:30021:30000:Nix build user 21:/var/empty:/sbin/nologin
nixbld22:x:30022:30000:Nix build user 22:/var/empty:/sbin/nologin
nixbld23:x:30023:30000:Nix build user 23:/var/empty:/sbin/nologin
nixbld24:x:30024:30000:Nix build user 24:/var/empty:/sbin/nologin
nixbld25:x:30025:30000:Nix build user 25:/var/empty:/sbin/nologin
nixbld26:x:30026:30000:Nix build user 26:/var/empty:/sbin/nologin
nixbld27:x:30027:30000:Nix build user 27:/var/empty:/sbin/nologin
nixbld28:x:30028:30000:Nix build user 28:/var/empty:/sbin/nologin
nixbld29:x:30029:30000:Nix build user 29:/var/empty:/sbin/nologin
nixbld30:x:30030:30000:Nix build user 30:/var/empty:/sbin/nologin
nobody:x:65534:65534:nobody:/:/sbin/nologin
================================================
FILE: images/devcontainer/root/etc/shadow
================================================
root:!::0:::::
nixbld1:!:18237:0:99999:7:::
nixbld2:!:18237:0:99999:7:::
nixbld3:!:18237:0:99999:7:::
nixbld4:!:18237:0:99999:7:::
nixbld5:!:18237:0:99999:7:::
nixbld6:!:18237:0:99999:7:::
nixbld7:!:18237:0:99999:7:::
nixbld8:!:18237:0:99999:7:::
nixbld9:!:18237:0:99999:7:::
nixbld10:!:18237:0:99999:7:::
nixbld11:!:18237:0:99999:7:::
nixbld12:!:18237:0:99999:7:::
nixbld13:!:18237:0:99999:7:::
nixbld14:!:18237:0:99999:7:::
nixbld15:!:18237:0:99999:7:::
nixbld16:!:18237:0:99999:7:::
nixbld17:!:18237:0:99999:7:::
nixbld18:!:18237:0:99999:7:::
nixbld19:!:18237:0:99999:7:::
nixbld20:!:18237:0:99999:7:::
nixbld21:!:18237:0:99999:7:::
nixbld22:!:18237:0:99999:7:::
nixbld23:!:18237:0:99999:7:::
nixbld24:!:18237:0:99999:7:::
nixbld25:!:18237:0:99999:7:::
nixbld26:!:18237:0:99999:7:::
nixbld27:!:18237:0:99999:7:::
nixbld28:!:18237:0:99999:7:::
nixbld29:!:18237:0:99999:7:::
nixbld30:!:18237:0:99999:7:::
nobody:!::0:::::
================================================
FILE: images/devenv/default.nix
================================================
{ docker-nixpkgs
, devenv ? null
}:
(docker-nixpkgs.nix.override {
# only available since 24.05
extraContents = [ devenv ];
}).overrideAttrs (prev: {
meta = (prev.meta or { }) // {
description = "Nix and devenv image";
};
})
================================================
FILE: images/docker-compose/default.nix
================================================
{ buildCLIImage
, docker-compose ? null
, python3Packages
}:
buildCLIImage {
drv =
if docker-compose == null
then python3Packages.docker_compose
else docker-compose # nixos 19.03+
;
}
================================================
FILE: images/hugo/default.nix
================================================
{ buildCLIImage
, hugo
, gitReallyMinimal
}:
buildCLIImage {
drv = hugo;
extraContents = [ gitReallyMinimal ];
}
================================================
FILE: images/kubectl/default.nix
================================================
{ buildCLIImage
, kubectl
}:
buildCLIImage {
drv = kubectl;
}
================================================
FILE: images/kubernetes-helm/default.nix
================================================
{ buildCLIImage
, kubernetes-helm
}:
buildCLIImage {
drv = kubernetes-helm;
binName = "helm";
}
================================================
FILE: images/maddy/default.nix
================================================
{ buildCLIImage
, maddy
}:
buildCLIImage {
drv = maddy;
}
================================================
FILE: images/nginx/default.nix
================================================
{ buildCLIImage
, nginx
}:
buildCLIImage {
drv = nginx;
}
================================================
FILE: images/nix/default.nix
================================================
{ dockerTools
, bashInteractive
, cacert
, coreutils
, curl
, gitReallyMinimal
, gnutar
, gzip
, iana-etc
, nix
, openssh
, xz
, extraContents ? [ ]
, extraEnv ? [ ]
}:
let
image = dockerTools.buildImageWithNixDb {
inherit (nix) name;
contents = [
./root
coreutils
# add /bin/sh
bashInteractive
nix
# runtime dependencies of nix
cacert
gitReallyMinimal
gnutar
gzip
openssh
xz
# for haskell binaries
iana-etc
] ++ extraContents;
extraCommands = ''
# for /usr/bin/env
mkdir usr
ln -s ../bin usr/bin
# make sure /tmp exists
mkdir -m 1777 tmp
# need a HOME
mkdir -vp root
'';
config = {
Cmd = [ "/bin/bash" ];
Env = [
"ENV=/etc/profile.d/nix.sh"
"BASH_ENV=/etc/profile.d/nix.sh"
"NIX_BUILD_SHELL=/bin/bash"
"NIX_PATH=nixpkgs=${./fake_nixpkgs}"
"PAGER=cat"
"PATH=/usr/bin:/bin"
"SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt"
"USER=root"
] ++ extraEnv;
};
};
in
image // { meta = nix.meta // image.meta; }
================================================
FILE: images/nix/fake_nixpkgs/default.nix
================================================
_:
throw ''
This container doesn't include nixpkgs.
The best way to work around that is to pin your dependencies. See
https://nix.dev/tutorials/first-steps/towards-reproducibility-pinning-nixpkgs.html
Or if you must, override the NIX_PATH environment variable with eg:
"NIX_PATH=nixpkgs=channel:nixos-unstable"
''
================================================
FILE: images/nix/root/etc/group
================================================
root:x:0:
wheel:x:1:
kmem:x:2:
tty:x:3:
messagebus:x:4:
disk:x:6:
audio:x:17:
floppy:x:18:
uucp:x:19:
lp:x:20:
cdrom:x:24:
tape:x:25:
video:x:26:
dialout:x:27:
utmp:x:29:
adm:x:55:
keys:x:96:
users:x:100:
input:x:174:
nixbld:x:30000:nixbld1,nixbld10,nixbld11,nixbld12,nixbld13,nixbld14,nixbld15,nixbld16,nixbld17,nixbld18,nixbld19,nixbld2,nixbld20,nixbld21,nixbld22,nixbld23,nixbld24,nixbld25,nixbld26,nixbld27,nixbld28,nixbld29,nixbld3,nixbld30,nixbld31,nixbld32,nixbld4,nixbld5,nixbld6,nixbld7,nixbld8,nixbld9
nogroup:x:65534:
================================================
FILE: images/nix/root/etc/nsswitch.conf
================================================
passwd: files mymachines systemd
group: files mymachines systemd
shadow: files
hosts: files mymachines dns myhostname
networks: files
ethers: files
services: files
protocols: files
rpc: files
================================================
FILE: images/nix/root/etc/passwd
================================================
root:x:0:0:System administrator:/root:/bin/bash
nixbld1:x:30001:30000:Nix build user 1:/var/empty:/run/current-system/sw/bin/nologin
nixbld2:x:30002:30000:Nix build user 2:/var/empty:/run/current-system/sw/bin/nologin
nixbld3:x:30003:30000:Nix build user 3:/var/empty:/run/current-system/sw/bin/nologin
nixbld4:x:30004:30000:Nix build user 4:/var/empty:/run/current-system/sw/bin/nologin
nixbld5:x:30005:30000:Nix build user 5:/var/empty:/run/current-system/sw/bin/nologin
nixbld6:x:30006:30000:Nix build user 6:/var/empty:/run/current-system/sw/bin/nologin
nixbld7:x:30007:30000:Nix build user 7:/var/empty:/run/current-system/sw/bin/nologin
nixbld8:x:30008:30000:Nix build user 8:/var/empty:/run/current-system/sw/bin/nologin
nixbld9:x:30009:30000:Nix build user 9:/var/empty:/run/current-system/sw/bin/nologin
nixbld10:x:30010:30000:Nix build user 10:/var/empty:/run/current-system/sw/bin/nologin
nixbld11:x:30011:30000:Nix build user 11:/var/empty:/run/current-system/sw/bin/nologin
nixbld12:x:30012:30000:Nix build user 12:/var/empty:/run/current-system/sw/bin/nologin
nixbld13:x:30013:30000:Nix build user 13:/var/empty:/run/current-system/sw/bin/nologin
nixbld14:x:30014:30000:Nix build user 14:/var/empty:/run/current-system/sw/bin/nologin
nixbld15:x:30015:30000:Nix build user 15:/var/empty:/run/current-system/sw/bin/nologin
nixbld16:x:30016:30000:Nix build user 16:/var/empty:/run/current-system/sw/bin/nologin
nixbld17:x:30017:30000:Nix build user 17:/var/empty:/run/current-system/sw/bin/nologin
nixbld18:x:30018:30000:Nix build user 18:/var/empty:/run/current-system/sw/bin/nologin
nixbld19:x:30019:30000:Nix build user 19:/var/empty:/run/current-system/sw/bin/nologin
nixbld20:x:30020:30000:Nix build user 20:/var/empty:/run/current-system/sw/bin/nologin
nixbld21:x:30021:30000:Nix build user 21:/var/empty:/run/current-system/sw/bin/nologin
nixbld22:x:30022:30000:Nix build user 22:/var/empty:/run/current-system/sw/bin/nologin
nixbld23:x:30023:30000:Nix build user 23:/var/empty:/run/current-system/sw/bin/nologin
nixbld24:x:30024:30000:Nix build user 24:/var/empty:/run/current-system/sw/bin/nologin
nixbld25:x:30025:30000:Nix build user 25:/var/empty:/run/current-system/sw/bin/nologin
nixbld26:x:30026:30000:Nix build user 26:/var/empty:/run/current-system/sw/bin/nologin
nixbld27:x:30027:30000:Nix build user 27:/var/empty:/run/current-system/sw/bin/nologin
nixbld28:x:30028:30000:Nix build user 28:/var/empty:/run/current-system/sw/bin/nologin
nixbld29:x:30029:30000:Nix build user 29:/var/empty:/run/current-system/sw/bin/nologin
nixbld30:x:30030:30000:Nix build user 30:/var/empty:/run/current-system/sw/bin/nologin
nixbld31:x:30031:30000:Nix build user 31:/var/empty:/run/current-system/sw/bin/nologin
nixbld32:x:30032:30000:Nix build user 32:/var/empty:/run/current-system/sw/bin/nologin
nobody:x:65534:65534:Unprivileged account (don't use!):/var/empty:/run/current-system/sw/bin/nologin
================================================
FILE: images/nix-flakes/default.nix
================================================
{ docker-nixpkgs
, nixVersions
, writeTextFile
, extraContents ? [ ]
}:
docker-nixpkgs.nix.override {
nix = nixVersions.stable;
extraContents = [
(writeTextFile {
name = "nix.conf";
destination = "/etc/nix/nix.conf";
text = ''
accept-flake-config = true
experimental-features = nix-command flakes
max-jobs = auto
'';
})
] ++ extraContents;
extraEnv = [
"PATH=/root/.nix-profile/bin:/usr/bin:/bin" # Not sure how to just prepend
];
}
================================================
FILE: images/nix-unstable/default.nix
================================================
{ docker-nixpkgs
, pkgs
}:
docker-nixpkgs.nix.override {
nix = pkgs.nixVersions.latest;
}
================================================
FILE: images/nix-unstable-static/README.md
================================================
# nix-unstable-static
This is a special variant of the nix image that contains no `/nix/store`.
Instead, nix and all the supporting binaries are statically built and copied
into /bin.
The main use-case is to be able to run nix in the container, but share the
`/nix/store` with the host.
## Using the container with the host store
This folder ships with a complementary script that you can use to run the
image as the current user and the host /nix/store.
Usage: `docker-nix-user.sh [<command> ...<args>]`
================================================
FILE: images/nix-unstable-static/default.nix
================================================
{ dockerTools
, lib
, fetchurl
, findutils
, pkgsStatic
, python3
, removeReferencesTo
, runCommand
}:
let
inherit (pkgsStatic)
bashInteractive
busybox
cacert
openssl
;
bash = bashInteractive;
# Get nix from Hydra because the nixpkgs one is not fully static
nixStaticBin = fetchurl {
url = "https://hydra.nixos.org/build/305222051/download/1/nix";
hash = "sha256-OahnvQ/OKnRhbXaIJ7iEQYu86ECGtUqwW8XrryVkXaM=";
};
nixSymlinks = [
"nix-build"
"nix-channel"
"nix-collect-garbage"
"nix-copy-closure"
"nix-daemon"
"nix-env"
"nix-hash"
"nix-instantiate"
"nix-prefetch-url"
"nix-shell"
"nix-store"
];
dirs = [
"bin"
"etc/ssl/certs"
"root"
"tmp"
"usr"
];
extraCommands = ''
rm_ref() {
${removeReferencesTo}/bin/remove-references-to "$@"
}
# Create a FHS-like file structure
cp -r ${../nix/root}/* .
chmod +w etc
mkdir -p ${toString dirs}
# For /usr/bin/env
ln -s ../bin usr/bin
# Make sure /tmp has the right permissions
chmod 1777 tmp
# Add user home folder
mkdir home
# Add SSL CA certs
cp -a "${cacert}/etc/ssl/certs/ca-bundle.crt" etc/ssl/certs/ca-bundle.crt
# Install base binaries
cp -a ${busybox}/bin/* bin/
rm_ref -t ${busybox} bin/busybox
# Install shell
cp -a ${bash}/bin/bash bin/
rm_ref -t ${bash} bin/bash
# Install nix
cp -a ${nixStaticBin} bin/nix
chmod +x bin/nix
for sym in ${toString nixSymlinks}; do
ln -sv /bin/nix bin/$sym
done
mkdir -p libexec/nix
ln -s /bin/nix libexec/nix/build-remote
# Enable flakes and parallel building
mkdir -p etc/nix
cat <<NIX_CONFIG > etc/nix/nix.conf
accept-flake-config = true
experimental-features = nix-command flakes
max-jobs = auto
NIX_CONFIG
# Add run-as-user script
cp -a ${./run_as_user.sh} run_as_user.sh
'';
# To debug
unpacked = runCommand
"unpacked"
{ buildInputs = [ python3 ]; }
''
mkdir layer
pushd layer
${extraCommands}
popd
mv layer $out
'';
image = dockerTools.buildImage {
name = "nix-static";
inherit extraCommands;
config = {
Cmd = [ "/bin/bash" ];
Env = [
"NIX_BUILD_SHELL=/bin/bash"
"PAGER=cat"
"PATH=/bin"
"SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt"
];
};
};
in
image // {
passthru = image.passthru // { inherit unpacked; };
meta = image.meta // {
description = "Nix but statically built";
};
}
================================================
FILE: images/nix-unstable-static/docker-nix-user.sh
================================================
#!/usr/bin/env bash
#
# Run nixpkgs/nix-unstable-static as the current user and the host /nix/store.
#
# Usage: docker-nix-user.sh [<command> ...<args>]
#
set -euo pipefail
image=nixpkgs/nix-unstable-static
options=(
-ti
# Remove the container on exit
--rm
-e NIX_PATH="nixpkgs=channel:nixos-22.05"
# Used by /run_as_user.sh
-e user_id="$(id -u)"
-e user_name="$(id -nu)"
-e group_id="$(id -g)"
-e group_name="$(id -ng)"
# Use the host store
-v /nix:/nix
# Mount the code into the container
-v "$PWD:/workspace"
-w /workspace
--entrypoint /run_as_user.sh
)
exec docker run "${options[@]}" "$image" "$@"
================================================
FILE: images/nix-unstable-static/run_as_user.sh
================================================
#!/bin/sh -eu
#
# This script can be used as an entrypoint. It's used to synchronize and run
# the container with the same user and group as the host user.
#
# Usage:
# user_id=$(id -u) user_name=$(id -un) \
# group_id=$(id -g) group_name=$(id -gn) \
# ./run_as_user.sh [<command> ...<args>]
#
# shellcheck disable=SC2154
# Install the host user and group into the container
delgroup "${group_name}" 2>/dev/null || true
deluser "${user_name}" 2>/dev/null || true
addgroup -g "${group_id}" "${group_name}"
adduser -D -G "${group_name}" -u "${user_id}" "${user_name}"
# Don't propagate those env vars
user=${user_name}
unset user_id user_name group_id group_name
# Change into the user
if [ $# = 0 ]; then
exec su "${user}"
else
exec su "${user}" -c /bin/sh /bin/sh -c "exec \"\$@\"" "$@"
fi
================================================
FILE: images/pocket-id/default.nix
================================================
{ buildCLIImage
, pocket-id
}:
buildCLIImage {
drv = pocket-id;
}
================================================
FILE: images/yarr/default.nix
================================================
{ buildCLIImage
, yarr
}:
buildCLIImage {
drv = yarr;
}
================================================
FILE: lib/buildCLIImage.nix
================================================
{ dockerTools
, busybox
, cacert
}:
{ drv # derivation to build the image for
# Name of the binary to run by default
, binName ? (builtins.parseDrvName drv.name).name
, extraContents ? [ ]
, meta ? drv.meta
}:
let
image = dockerTools.buildLayeredImage {
name = drv.name;
contents = [
# add a /bin/sh on all images
busybox
# most program need TLS certs
cacert
drv
] ++ extraContents;
config = {
Cmd = [ "/bin/${binName}" ];
Env = [
"PATH=/bin"
"SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt"
];
Labels = {
# https://github.com/microscaling/microscaling/blob/55a2d7b91ce7513e07f8b1fd91bbed8df59aed5a/Dockerfile#L22-L33
"org.label-schema.vcs-ref" = "main";
"org.label-schema.vcs-url" = "https://github.com/nix-community/docker-nixpkgs";
};
};
};
in
image // { meta = meta // image.meta; }
================================================
FILE: lib/importDir.nix
================================================
{ lib }:
importFn: baseDir:
let
dirEntries =
builtins.attrNames
(
lib.filterAttrs
(k: v: v == "directory")
(builtins.readDir baseDir)
);
absDirs =
builtins.map
(dir: "${toString baseDir}/${dir}")
dirEntries;
imports =
builtins.map
(dir: { name = builtins.baseNameOf dir; value = importFn dir; })
absDirs;
in
builtins.listToAttrs imports
================================================
FILE: lib/mkUserEnvironment.nix
================================================
{ writeText, lib }:
# Build a user environment purely with nix.
#
# The original implementation is a mix of C++ and nix code.
#
# See https://github.com/nixos/nix/blob/f4b94958543138671bc3641fc126589a5cffb24b/src/nix-env/user-env.cc
#
# TODO:
# * also add the drvPath if the keepDerivations nix settings is set
# * support "disabled" mode that breaks nix-env?
# * remove the use of writeText. builtins.toFile forbits the use of references
# to derivations, which makes it impossible to create exactly the same
# manifest file as `nix-env`.
#
# Arguments:
# * derivations: a list of derivations
{
# A list of derivations to install
derivations
}:
# Supporting code
with builtins;
let
# Copied from https://github.com/nixos/nix/blob/e02481ded216ffb5b06b413e3695d4e11e62e02f/corepkgs/buildenv.nix
#
# This was available at <nix/buildenv.nix>, until it got removed in Nix.
buildenv = { derivations, manifest }:
derivation {
name = "user-environment";
system = "builtin";
builder = "builtin:buildenv";
inherit manifest;
# !!! grmbl, need structured data for passing this in a clean way.
derivations =
map
(d:
[
(d.meta.active or "true")
(d.meta.priority or 5)
(builtins.length d.outputs)
] ++ map (output: builtins.getAttr output d) d.outputs)
derivations;
# Building user environments remotely just causes huge amounts of
# network traffic, so don't do that.
preferLocalBuild = true;
# Also don't bother substituting.
allowSubstitutes = false;
};
# back-compat
isPath = builtins.isPath or (x: builtins.typeOf x == "path");
# Escape Nix strings
stringEscape = str:
"\"" + (
replaceStrings
[ "\\" "\"" "\n" "\r" "\t" ]
[ "\\\\" "\\" "\\n" "\\r" "\\t" ]
str
)
+ "\"";
# Like builtins.JSON but to output Nix code
toNix = value:
if isString value then stringEscape value
else if isInt value then toString value
else if isPath value then toString value
else if true == value then "true"
else if false == value then "false"
else if null == value then "null"
else if isAttrs value then
"{ " + concatStringsSep " " (lib.mapAttrsToList (k: v: "${k} = ${toNix v};") value) + " }"
else if isList value then
"[ ${ concatStringsSep " " (map toNix value) } ]"
else throw "type ${typeOf value} not supported";
# Generate a nix-env compatible manifest.nix file
genManifest = drv:
let
outputs =
drv.meta.outputsToInstall or
# install the first output
[ (head drv.outputs) ];
base = {
inherit (drv) meta name outPath system type;
out = { inherit (drv) outPath; };
inherit outputs;
};
toOut = name: {
outPath = drv.${name}.outPath;
};
outs = lib.genAttrs outputs toOut;
in
base // outs;
writeManifest = derivations:
writeText "env-manifest.nix" (
toNix (map genManifest derivations)
);
in
buildenv {
inherit derivations;
manifest = writeManifest derivations;
}
================================================
FILE: overlay.nix
================================================
_: pkgs:
let
importDir = import ./lib/importDir.nix {
inherit (pkgs) lib;
};
in
{
# builder stuff can be in the top-level
buildCLIImage = pkgs.callPackage ./lib/buildCLIImage.nix { };
# docker images must be lower-cased
docker-nixpkgs = importDir (path: pkgs.callPackage path { }) ./images;
# used to build nix-env compatible user environments
mkUserEnvironment = pkgs.callPackage ./lib/mkUserEnvironment.nix { };
# gitMinimal still ships with perl and python
gitReallyMinimal = (
pkgs.git.override {
perlSupport = false;
pythonSupport = false;
withManual = false;
withpcre2 = false;
}
).overrideAttrs (
_: {
# installCheck is broken when perl is disabled
doInstallCheck = false;
}
);
}
================================================
FILE: pkgs.nix
================================================
system:
# docker images run on Linux
assert builtins.elem system ["x86_64-linux" "aarch64-linux"];
import <nixpkgs> {
config = { };
inherit system;
overlays = [
(import ./overlay.nix)
];
}
================================================
FILE: push-all
================================================
#!/usr/bin/env bash
#
# Usage: ./push-all <registry> <image-prefix> <image-tag>
set -euo pipefail
registry=${1:-docker.io}
image_prefix=${2:-nixpkgs}
image_tag=${3:-latest}
system_name=${NIX_SYSTEM_NAME:-x86_64-linux}
releases_json=$(nix-instantiate --strict --argstr system "$system_name" --eval --json)
echo "=== Pushing images to $registry"
for attr in $(echo "$releases_json" | jq -r "keys[]") ; do
file=$(echo "$releases_json" | jq -r ".\"$attr\"")
src=docker-archive://$file
dst=docker://$registry/$image_prefix/$attr:${image_tag}-${system_name}
echo "--- attr=$attr src=$src dst=$dst"
skopeo copy --insecure-policy "$src" "$dst"
done
echo OK
================================================
FILE: readme-image-matrix
================================================
#!/usr/bin/env bash
#
# Usage: ./dockerhub-image-matrix
set -euo pipefail
system_name=${NIX_SYSTEM_NAME:-x86_64-linux}
## Main ##
releases_json=$(nix-instantiate --strict --argstr system "$system_name" --eval --json)
echo "| Image / Tag | Pull |"
echo "| --- | --- |"
for attr in $(echo "$releases_json" | jq -r "keys[]") ; do
name=nixpkgs/$attr
echo -n "| [$name](https://hub.docker.com/r/$name)"
echo -n "| \`docker pull docker.nix-community.org/$name\` "
echo "|"
done
================================================
FILE: shell.nix
================================================
let
nixpkgs = builtins.fetchTarball "channel:nixos-23.11";
pkgs = import nixpkgs { config = { }; overlays = [ ]; };
in
with pkgs;
mkShell {
buildInputs = [
dive
jq
skopeo
podman
] ++ lib.optional (pkgs ? mdsh) pkgs.mdsh;
shellHook = ''
# try to work aroud build issues
unset TMPDIR
export NIX_PATH=nixpkgs=${toString nixpkgs}
'';
}
gitextract_p0b97sxe/ ├── .github/ │ ├── dependabot.yml │ └── workflows/ │ └── nix.yml ├── .gitignore ├── .gitlab-ci.yml ├── LICENSE ├── README.md ├── ci-manifests.sh ├── ci.sh ├── default.nix ├── docker-login ├── dockerhub-metadata ├── generate-manifests ├── images/ │ ├── attic/ │ │ └── default.nix │ ├── bash/ │ │ └── default.nix │ ├── busybox/ │ │ └── default.nix │ ├── cachix/ │ │ └── default.nix │ ├── cachix-flakes/ │ │ └── default.nix │ ├── caddy/ │ │ └── default.nix │ ├── curl/ │ │ └── default.nix │ ├── devcontainer/ │ │ ├── README.md │ │ ├── default.nix │ │ └── root/ │ │ └── etc/ │ │ ├── bashrc │ │ ├── group │ │ ├── nsswitch.conf │ │ ├── pam.d/ │ │ │ └── other │ │ ├── passwd │ │ └── shadow │ ├── devenv/ │ │ └── default.nix │ ├── docker-compose/ │ │ └── default.nix │ ├── hugo/ │ │ └── default.nix │ ├── kubectl/ │ │ └── default.nix │ ├── kubernetes-helm/ │ │ └── default.nix │ ├── maddy/ │ │ └── default.nix │ ├── nginx/ │ │ └── default.nix │ ├── nix/ │ │ ├── default.nix │ │ ├── fake_nixpkgs/ │ │ │ └── default.nix │ │ └── root/ │ │ └── etc/ │ │ ├── group │ │ ├── nsswitch.conf │ │ └── passwd │ ├── nix-flakes/ │ │ └── default.nix │ ├── nix-unstable/ │ │ └── default.nix │ ├── nix-unstable-static/ │ │ ├── README.md │ │ ├── default.nix │ │ ├── docker-nix-user.sh │ │ └── run_as_user.sh │ ├── pocket-id/ │ │ └── default.nix │ └── yarr/ │ └── default.nix ├── lib/ │ ├── buildCLIImage.nix │ ├── importDir.nix │ └── mkUserEnvironment.nix ├── overlay.nix ├── pkgs.nix ├── push-all ├── readme-image-matrix └── shell.nix
Condensed preview — 55 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (46K chars).
[
{
"path": ".github/dependabot.yml",
"chars": 118,
"preview": "version: 2\nupdates:\n - package-ecosystem: \"github-actions\"\n directory: \"/\"\n schedule:\n interval: \"weekly\"\n"
},
{
"path": ".github/workflows/nix.yml",
"chars": 2193,
"preview": "name: Nix\non:\n push:\n branches:\n - main\n pull_request:\n workflow_dispatch:\n schedule:\n # Run once per day"
},
{
"path": ".gitignore",
"chars": 22,
"preview": "# Nix\nresult\nresult-*\n"
},
{
"path": ".gitlab-ci.yml",
"chars": 271,
"preview": "stages:\n - build\n\nbuild:\n stage: build\n image: nixpkgs/nix:nixos-25.05\n script: nix-shell --run ./ci.sh\n parallel:\n"
},
{
"path": "LICENSE",
"chars": 1081,
"preview": "MIT License\n\nCopyright (c) 2019 zimbatm and contributors\n\nPermission is hereby granted, free of charge, to any person ob"
},
{
"path": "README.md",
"chars": 5856,
"preview": "# docker-nixpkgs: docker images from nixpkgs\n\nThis project is a collection of docker images automatically produced with "
},
{
"path": "ci-manifests.sh",
"chars": 848,
"preview": "#!/usr/bin/env bash\n#\n# CI specific build script.\n#\nset -euo pipefail\n\nchannel=${NIXPKGS_CHANNEL:-nixos-unstable}\nregist"
},
{
"path": "ci.sh",
"chars": 1178,
"preview": "#!/usr/bin/env bash\n#\n# CI specific build script.\n#\nset -euo pipefail\n\nchannel=${NIXPKGS_CHANNEL:-nixos-unstable}\nregist"
},
{
"path": "default.nix",
"chars": 288,
"preview": "{\n system ? builtins.currentSystem\n}: let\n _parts = builtins.split \"-\" system;\n arch = builtins.elemAt _parts 0;\n os"
},
{
"path": "docker-login",
"chars": 559,
"preview": "#!/usr/bin/env bash\n#\n# A simplified docker login approach that doesn't depends on the docker binary\n#\n# Usage: ./docker"
},
{
"path": "dockerhub-metadata",
"chars": 1088,
"preview": "#!/usr/bin/env bash\n#\n# Update docker hub image descriptions. The API is not documented and might\n# break in the future."
},
{
"path": "generate-manifests",
"chars": 844,
"preview": "#!/usr/bin/env bash\n#\n# Usage: ./push-all <registry> <image-prefix> <image-tag>\nset -euo pipefail\n\nregistry=${1:-docker."
},
{
"path": "images/attic/default.nix",
"chars": 217,
"preview": "{ docker-nixpkgs\n, attic-client\n}:\n(docker-nixpkgs.nix.override {\n extraContents = [ attic-client ];\n}).overrideAttrs ("
},
{
"path": "images/bash/default.nix",
"chars": 58,
"preview": "{ buildCLIImage\n, bash\n}:\nbuildCLIImage {\n drv = bash;\n}\n"
},
{
"path": "images/busybox/default.nix",
"chars": 64,
"preview": "{ buildCLIImage\n, busybox\n}:\nbuildCLIImage {\n drv = busybox;\n}\n"
},
{
"path": "images/cachix/default.nix",
"chars": 199,
"preview": "{ docker-nixpkgs\n, cachix\n}:\n(docker-nixpkgs.nix.override {\n extraContents = [ cachix ];\n}).overrideAttrs (prev: {\n me"
},
{
"path": "images/cachix-flakes/default.nix",
"chars": 206,
"preview": "{ docker-nixpkgs\n, cachix\n}:\n(docker-nixpkgs.nix-flakes.override {\n extraContents = [ cachix ];\n}).overrideAttrs (prev:"
},
{
"path": "images/caddy/default.nix",
"chars": 60,
"preview": "{ buildCLIImage\n, caddy\n}:\nbuildCLIImage {\n drv = caddy;\n}\n"
},
{
"path": "images/curl/default.nix",
"chars": 58,
"preview": "{ buildCLIImage\n, curl\n}:\nbuildCLIImage {\n drv = curl;\n}\n"
},
{
"path": "images/devcontainer/README.md",
"chars": 95,
"preview": "# Nix VSCode DevContainer\n\nWIP\n\nRelated to https://github.com/zimbatm/vscode-devcontainer-nix\n\n"
},
{
"path": "images/devcontainer/default.nix",
"chars": 3638,
"preview": "# A fat and modifiable Nix image\n{ dockerTools\n, bashInteractive\n, cacert\n, closureInfo\n, coreutils\n, curl\n, direnv\n, gc"
},
{
"path": "images/devcontainer/root/etc/bashrc",
"chars": 94,
"preview": "# interactive session\nif [[ $- == *i* ]]; then\n\nPS1='\\[\\033[0;32;40m\\][nix]$\\[\\033[0m\\] '\n\nfi\n"
},
{
"path": "images/devcontainer/root/etc/group",
"chars": 336,
"preview": "root:x:0:\nwheel:x:1:\ntty:x:3:\nusers:x:100:\nnixbld:x:30000:nixbld1,nixbld2,nixbld3,nixbld4,nixbld5,nixbld6,nixbld7,nixbld"
},
{
"path": "images/devcontainer/root/etc/nsswitch.conf",
"chars": 219,
"preview": "passwd: files mymachines systemd\ngroup: files mymachines systemd\nshadow: files\n\nhosts: files mymachines dn"
},
{
"path": "images/devcontainer/root/etc/pam.d/other",
"chars": 135,
"preview": "account sufficient pam_unix.so\nauth sufficient pam_rootok.so\npassword requisite pam_unix.so nullok sha512\nsession requir"
},
{
"path": "images/devcontainer/root/etc/passwd",
"chars": 2067,
"preview": "root:x:0:0:root:/root:/nix/var/nix/profiles/default/bin/bash\nnixbld1:x:30001:30000:Nix build user 1:/var/empty:/sbin/nol"
},
{
"path": "images/devcontainer/root/etc/shadow",
"chars": 923,
"preview": "root:!::0:::::\nnixbld1:!:18237:0:99999:7:::\nnixbld2:!:18237:0:99999:7:::\nnixbld3:!:18237:0:99999:7:::\nnixbld4:!:18237:0:"
},
{
"path": "images/devenv/default.nix",
"chars": 237,
"preview": "{ docker-nixpkgs\n, devenv ? null\n}:\n(docker-nixpkgs.nix.override {\n # only available since 24.05\n extraContents = [ de"
},
{
"path": "images/docker-compose/default.nix",
"chars": 200,
"preview": "{ buildCLIImage\n, docker-compose ? null\n, python3Packages\n}:\nbuildCLIImage {\n drv =\n if docker-compose == null\n t"
},
{
"path": "images/hugo/default.nix",
"chars": 117,
"preview": "{ buildCLIImage\n, hugo\n, gitReallyMinimal\n}:\nbuildCLIImage {\n drv = hugo;\n extraContents = [ gitReallyMinimal ];\n}\n"
},
{
"path": "images/kubectl/default.nix",
"chars": 64,
"preview": "{ buildCLIImage\n, kubectl\n}:\nbuildCLIImage {\n drv = kubectl;\n}\n"
},
{
"path": "images/kubernetes-helm/default.nix",
"chars": 100,
"preview": "{ buildCLIImage\n, kubernetes-helm\n}:\nbuildCLIImage {\n drv = kubernetes-helm;\n binName = \"helm\";\n}\n"
},
{
"path": "images/maddy/default.nix",
"chars": 60,
"preview": "{ buildCLIImage\n, maddy\n}:\nbuildCLIImage {\n drv = maddy;\n}\n"
},
{
"path": "images/nginx/default.nix",
"chars": 60,
"preview": "{ buildCLIImage\n, nginx\n}:\nbuildCLIImage {\n drv = nginx;\n}\n"
},
{
"path": "images/nix/default.nix",
"chars": 1154,
"preview": "{ dockerTools\n, bashInteractive\n, cacert\n, coreutils\n, curl\n, gitReallyMinimal\n, gnutar\n, gzip\n, iana-etc\n, nix\n, openss"
},
{
"path": "images/nix/fake_nixpkgs/default.nix",
"chars": 330,
"preview": "_:\nthrow ''\n This container doesn't include nixpkgs.\n\n The best way to work around that is to pin your dependencies. S"
},
{
"path": "images/nix/root/etc/group",
"chars": 529,
"preview": "root:x:0:\nwheel:x:1:\nkmem:x:2:\ntty:x:3:\nmessagebus:x:4:\ndisk:x:6:\naudio:x:17:\nfloppy:x:18:\nuucp:x:19:\nlp:x:20:\ncdrom:x:2"
},
{
"path": "images/nix/root/etc/nsswitch.conf",
"chars": 219,
"preview": "passwd: files mymachines systemd\ngroup: files mymachines systemd\nshadow: files\n\nhosts: files mymachines dn"
},
{
"path": "images/nix/root/etc/passwd",
"chars": 2915,
"preview": "root:x:0:0:System administrator:/root:/bin/bash\nnixbld1:x:30001:30000:Nix build user 1:/var/empty:/run/current-system/sw"
},
{
"path": "images/nix-flakes/default.nix",
"chars": 504,
"preview": "{ docker-nixpkgs\n, nixVersions\n, writeTextFile\n, extraContents ? [ ]\n}:\ndocker-nixpkgs.nix.override {\n nix = nixVersion"
},
{
"path": "images/nix-unstable/default.nix",
"chars": 92,
"preview": "{ docker-nixpkgs\n, pkgs\n}:\ndocker-nixpkgs.nix.override {\n nix = pkgs.nixVersions.latest;\n}\n"
},
{
"path": "images/nix-unstable-static/README.md",
"chars": 511,
"preview": "# nix-unstable-static\n\nThis is a special variant of the nix image that contains no `/nix/store`.\nInstead, nix and all th"
},
{
"path": "images/nix-unstable-static/default.nix",
"chars": 2582,
"preview": "{ dockerTools\n, lib\n, fetchurl\n, findutils\n, pkgsStatic\n, python3\n, removeReferencesTo\n, runCommand\n}:\nlet\n inherit (pk"
},
{
"path": "images/nix-unstable-static/docker-nix-user.sh",
"chars": 635,
"preview": "#!/usr/bin/env bash\n#\n# Run nixpkgs/nix-unstable-static as the current user and the host /nix/store.\n#\n# Usage: docker-n"
},
{
"path": "images/nix-unstable-static/run_as_user.sh",
"chars": 804,
"preview": "#!/bin/sh -eu\n#\n# This script can be used as an entrypoint. It's used to synchronize and run\n# the container with the sa"
},
{
"path": "images/pocket-id/default.nix",
"chars": 68,
"preview": "{ buildCLIImage\n, pocket-id\n}:\nbuildCLIImage {\n drv = pocket-id;\n}\n"
},
{
"path": "images/yarr/default.nix",
"chars": 58,
"preview": "{ buildCLIImage\n, yarr\n}:\nbuildCLIImage {\n drv = yarr;\n}\n"
},
{
"path": "lib/buildCLIImage.nix",
"chars": 920,
"preview": "{ dockerTools\n, busybox\n, cacert\n}:\n{ drv # derivation to build the image for\n # Name of the binary to run by default\n,"
},
{
"path": "lib/importDir.nix",
"chars": 422,
"preview": "{ lib }:\n\nimportFn: baseDir:\nlet\n dirEntries =\n builtins.attrNames\n (\n lib.filterAttrs\n (k: v: "
},
{
"path": "lib/mkUserEnvironment.nix",
"chars": 3167,
"preview": "{ writeText, lib }:\n# Build a user environment purely with nix.\n#\n# The original implementation is a mix of C++ and nix "
},
{
"path": "overlay.nix",
"chars": 771,
"preview": "_: pkgs:\nlet\n importDir = import ./lib/importDir.nix {\n inherit (pkgs) lib;\n };\nin\n{\n # builder stuff can be in th"
},
{
"path": "pkgs.nix",
"chars": 201,
"preview": "system:\n# docker images run on Linux\nassert builtins.elem system [\"x86_64-linux\" \"aarch64-linux\"];\nimport <nixpkgs> {\n "
},
{
"path": "push-all",
"chars": 664,
"preview": "#!/usr/bin/env bash\n#\n# Usage: ./push-all <registry> <image-prefix> <image-tag>\nset -euo pipefail\n\nregistry=${1:-docker."
},
{
"path": "readme-image-matrix",
"chars": 494,
"preview": "#!/usr/bin/env bash\n#\n# Usage: ./dockerhub-image-matrix\nset -euo pipefail\n\nsystem_name=${NIX_SYSTEM_NAME:-x86_64-linux}\n"
},
{
"path": "shell.nix",
"chars": 374,
"preview": "let\n nixpkgs = builtins.fetchTarball \"channel:nixos-23.11\";\n pkgs = import nixpkgs { config = { }; overlays = [ ]; };\n"
}
]
About this extraction
This page contains the full source code of the nix-community/docker-nixpkgs GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 55 files (40.0 KB), approximately 14.4k tokens. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.