-
Notifications
You must be signed in to change notification settings - Fork 17
/
package.nix
135 lines (117 loc) · 4.16 KB
/
package.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
{ lib
, buildGoModule
, closureInfo
, globset
, runCommand
, writeShellScriptBin
, writeText
}:
let
nix-snapshotter = buildGoModule {
pname = "nix-snapshotter";
version = "0.2.1";
src = lib.fileset.toSource {
root = ./.;
fileset = globset.lib.globs ./. [
"**/*.go"
"**/*.tar"
"go.mod"
"go.sum"
];
};
vendorHash = "sha256-QBLePOnfsr6I19ddyZNSFDih6mCaZ/NV2Qz1B1pSHxs=";
passthru = { inherit buildImage; };
};
# buildImage is analogous to the `docker build` command, in that it can be
# used to build an OCI image archive that can be loaded into containerd. Note
# Note that nix-snapshotter is a containerd plugin, so nix-snapshotter images
# will only work with containerd.
buildImage = args@{
# The image name when exported. When resolvedByNix is enabled, this is
# treated as just the package name to help identify the nix store path.
name,
# The image tag when exported. By default, this mutable "latest" tag.
tag ? "latest",
# If enabled, the OCI archive will be generated with a special image
# reference in the format of "nix:0/nix/store/*.tar", which is resolvable
# by nix-snapshotter if configured as the CRI image-service without a
# Docker Registry.
resolvedByNix ? false,
# An image that is used as base image of this image. Any image can be used
# as a fromImage, including non-nix images and images built with
# pkgs.dockerTools.buildImage.
fromImage ? null,
# A derivation (or list of derivation) to include in the layer
# root. The store path prefix /nix/store/hash-path is removed. The
# store path content is then located at the image /.
copyToRoot ? null,
# An attribute set describing an image configuration as defined in:
# https://github.com/opencontainers/image-spec/blob/8b9d41f48198a7d6d0a5c1a12dc2d1f7f47fc97f/specs-go/v1/config.go#L23
config ? {},
}:
let
baseName = baseNameOf name;
configFile = writeText "config-${baseName}.json" (builtins.toJSON config);
copyToRootList = lib.toList (args.copyToRoot or []);
runtimeClosureInfo = closureInfo {
rootPaths = [ configFile ] ++ copyToRootList;
};
copyToRootFile =
writeText
"copy-to-root-${baseName}.json"
(builtins.toJSON copyToRootList);
fromImageFlag = lib.optionalString (fromImage != null) ''--from-image "${fromImage}"'';
image =
let
imageName = lib.toLower name;
imageRef = if resolvedByNix then "nix:0${image.outPath}" else "${imageName}:${tag}";
refFlag = lib.optionalString (!resolvedByNix) ''--ref "${imageRef}"'';
in runCommand "nix-image-${baseName}.tar" {
passthru = {
inherit name tag;
# For kubernetes pod spec.
image = imageRef;
copyToRegistry = copyToRegistry image;
copyToContainerd = copyToContainerd image;
};
} ''
${nix-snapshotter}/bin/nix2container build \
--config "${configFile}" \
--closure "${runtimeClosureInfo}/store-paths" \
--copy-to-root "${copyToRootFile}" \
${refFlag} \
${fromImageFlag} \
$out
'';
in image;
# Copies an OCI archive to an OCI registry.
copyToRegistry = image: {
imageName ? image.name,
imageTag ? image.tag,
plainHTTP ? false,
}:
let
plainHTTPFlag = if plainHTTP then "--plain-http" else "";
in writeShellScriptBin "copy-to-registry" ''
${nix-snapshotter}/bin/nix2container push \
--ref "${imageName}:${imageTag}" \
${plainHTTPFlag} \
${image}
'';
# Copies an OCI archive into containerd's image store.
copyToContainerd = image: args@{
address ? null,
namespace ? null,
}:
let
addressFlag =
if args?address then "--address ${address}" else "";
namespaceFlag =
if args?namespace then "--namespace ${namespace}" else "";
in writeShellScriptBin "copy-to-containerd" ''
${nix-snapshotter}/bin/nix2container \
${addressFlag} \
${namespaceFlag} \
load ${image}
'';
in nix-snapshotter