Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make the base image compatible with common network services #24

Open
wants to merge 2 commits into
base: master
Choose a base branch
from

Conversation

mickours
Copy link

@mickours mickours commented Nov 7, 2018

My use case here to make cachix (https://cachix.org/) works out of the
box, in a gitlab runner, but all those changes are standard.

I've done small changes to make complex network services works:

  • Add in /etc the iana files services + protocoles
  • Add in /etc the the ssl directory from cacert
  • Set the USER variable to ROOT
  • Make bash available at standard locations (/bin,/usr/bin)

MERCIER Michael added 2 commits November 7, 2018 09:29
My use case here to make cachix (https://cachix.org/) works out of the
box.

I've done small changes to make complexe network services works:

- Add in /etc the iana files services + protocoles
- Add in /etc the the ssl directory from cacert
- Set the USER variable to ROOT
- Make bash available at standard locations (/bin,/usr/bin)
@mickours
Copy link
Author

Any review on this?

@LnL7
Copy link
Owner

LnL7 commented Apr 30, 2019

This seems a bit out of scope for this project, I made it as a bare minimum image to run nix-build in a completely isolated environment.

If you also want to run other software in this container I would suggest using eg. nixos/nix instead. Unlike this project it uses an actual linux distribution as the base image which should provide these kind of things you'd expect to be available on a normal system.

@mickours
Copy link
Author

mickours commented May 2, 2019

Thanks for the feedback. Since it seems to not fit with your project goal I understand that it would not be merged as-is. Maybe, when I find some time to do this, I can provide you some kind of Cachix enabled image flavor (like the SSH one) that can be added to the images provided in default.nix.

@LnL7
Copy link
Owner

LnL7 commented May 5, 2019

Yeah, a separate cachix image sounds good.

@@ -46,11 +46,16 @@ let
mkdir -p $out/bin $out/usr/bin $out/sbin
ln -s ${stdenv.shell} $out/bin/sh
ln -s ${coreutils}/bin/env $out/usr/bin/env
ln -s ${bashInteractive}/bin/bash $out/bin/bash
ln -s ${bashInteractive}/bin/bash $out/usr/bin/bash
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These don't exist on a nixos system either.


mkdir -p $out/etc
echo '${passwd}' > $out/etc/passwd
echo '${group}' > $out/etc/group
echo '${nsswitch}' > $out/etc/nsswitch.conf
ln -s ${iana-etc}/etc/protocols $out/etc/
ln -s ${iana-etc}/etc/services $out/etc/
ln -s ${cacert}/etc/ssl $out/etc/
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

libraries like openssl honor NIX_SSL_CERT_FILE which is set, this should't be necessary.

@bxrt
Copy link

bxrt commented Aug 16, 2020

I made it as a bare minimum image to run nix-build in a completely isolated environment.

If you also want to run other software in this container I would suggest using eg. nixos/nix instead. Unlike this project it uses an actual linux distribution as the base image which should provide these kind of things you'd expect to be available on a normal system.

Please add this quote or something along its lines to the top of the README to explain the different purposes of [nixos/nix] and this image. Now that this is clear to me, I will no longer attempt to use it for more than a remote builder.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants