Make the base image compatible with common network services #24
Conversation
My use case here to make cachix (https://cachix.org/) works out of the box. I've done small changes to make complexe network services works: - Add in /etc the iana files services + protocoles - Add in /etc the the ssl directory from cacert - Set the USER variable to ROOT - Make bash available at standard locations (/bin,/usr/bin)
|
Any review on this? |
|
This seems a bit out of scope for this project, I made it as a bare minimum image to run nix-build in a completely isolated environment. If you also want to run other software in this container I would suggest using eg. nixos/nix instead. Unlike this project it uses an actual linux distribution as the base image which should provide these kind of things you'd expect to be available on a normal system. |
|
Thanks for the feedback. Since it seems to not fit with your project goal I understand that it would not be merged as-is. Maybe, when I find some time to do this, I can provide you some kind of Cachix enabled image flavor (like the SSH one) that can be added to the images provided in default.nix. |
|
Yeah, a separate cachix image sounds good. |
| @@ -46,11 +46,16 @@ let | |||
| mkdir -p $out/bin $out/usr/bin $out/sbin | |||
| ln -s ${stdenv.shell} $out/bin/sh | |||
| ln -s ${coreutils}/bin/env $out/usr/bin/env | |||
| ln -s ${bashInteractive}/bin/bash $out/bin/bash | |||
| ln -s ${bashInteractive}/bin/bash $out/usr/bin/bash | |||
There was a problem hiding this comment.
These don't exist on a nixos system either.
|
|
||
| mkdir -p $out/etc | ||
| echo '${passwd}' > $out/etc/passwd | ||
| echo '${group}' > $out/etc/group | ||
| echo '${nsswitch}' > $out/etc/nsswitch.conf | ||
| ln -s ${iana-etc}/etc/protocols $out/etc/ | ||
| ln -s ${iana-etc}/etc/services $out/etc/ | ||
| ln -s ${cacert}/etc/ssl $out/etc/ |
There was a problem hiding this comment.
libraries like openssl honor NIX_SSL_CERT_FILE which is set, this should't be necessary.
Please add this quote or something along its lines to the top of the README to explain the different purposes of [nixos/nix] and this image. Now that this is clear to me, I will no longer attempt to use it for more than a remote builder. |
My use case here to make cachix (https://cachix.org/) works out of the
box, in a gitlab runner, but all those changes are standard.
I've done small changes to make complex network services works: