about summary refs log tree commit diff
diff options
context:
space:
mode:
authorVincent Ambo <tazjin@tvl.su>2024-02-28T12·55+0300
committerclbot <clbot@tvl.fyi>2024-02-28T20·21+0000
commita412791752805a1c3226f5b8008ecf16f2be2bfb (patch)
tree49f6e0887c96f6b1f5b0b95ea11a587f2dcb8e58
parentbc06e4d99c87f6cbe00690c487917a2106477414 (diff)
refactor(nixery): expose launch script derivation r/7620
Simplifies reusing the launch script in other use-cases than the
"official" Nixery image.

Relates to nixery#166

Change-Id: Iaf1dff385ce270792253551081c1b2fca6400037
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11046
Autosubmit: tazjin <tazjin@tvl.su>
Reviewed-by: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
-rw-r--r--tools/nixery/default.nix104
1 files changed, 51 insertions, 53 deletions
diff --git a/tools/nixery/default.nix b/tools/nixery/default.nix
index 6a0c19d9a72e..91eabca9602d 100644
--- a/tools/nixery/default.nix
+++ b/tools/nixery/default.nix
@@ -72,60 +72,58 @@ depot.nix.readTree.drvTargets rec {
     };
   };
 
+  # Wrapper script for the wrapper script (meta!) which configures
+  # the container environment appropriately.
+  #
+  # Most importantly, sandboxing is disabled to avoid privilege
+  # issues in containers.
+  nixery-launch-script = writeShellScriptBin "nixery" ''
+    set -e
+    export PATH=${coreutils}/bin:$PATH
+    export NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt
+    mkdir -p /tmp
+
+    # Create the build user/group required by Nix
+    echo 'nixbld:x:30000:nixbld' >> /etc/group
+    echo 'nixbld:x:30000:30000:nixbld:/tmp:/bin/bash' >> /etc/passwd
+    echo 'root:x:0:0:root:/root:/bin/bash' >> /etc/passwd
+    echo 'root:x:0:' >> /etc/group
+
+    # Disable sandboxing to avoid running into privilege issues
+    mkdir -p /etc/nix
+    echo 'sandbox = false' >> /etc/nix/nix.conf
+
+    # In some cases users building their own image might want to
+    # customise something on the inside (e.g. set up an environment
+    # for keys or whatever).
+    #
+    # This can be achieved by setting a 'preLaunch' script.
+    ${preLaunch}
+
+    exec ${nixery}/bin/server
+  '';
+
   # Container image containing Nixery and Nix itself. This image can
   # be run on Kubernetes, published on AppEngine or whatever else is
   # desired.
-  nixery-image =
-    let
-      # Wrapper script for the wrapper script (meta!) which configures
-      # the container environment appropriately.
-      #
-      # Most importantly, sandboxing is disabled to avoid privilege
-      # issues in containers.
-      nixery-launch-script = writeShellScriptBin "nixery" ''
-        set -e
-        export PATH=${coreutils}/bin:$PATH
-        export NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt
-        mkdir -p /tmp
-
-        # Create the build user/group required by Nix
-        echo 'nixbld:x:30000:nixbld' >> /etc/group
-        echo 'nixbld:x:30000:30000:nixbld:/tmp:/bin/bash' >> /etc/passwd
-        echo 'root:x:0:0:root:/root:/bin/bash' >> /etc/passwd
-        echo 'root:x:0:' >> /etc/group
-
-        # Disable sandboxing to avoid running into privilege issues
-        mkdir -p /etc/nix
-        echo 'sandbox = false' >> /etc/nix/nix.conf
-
-        # In some cases users building their own image might want to
-        # customise something on the inside (e.g. set up an environment
-        # for keys or whatever).
-        #
-        # This can be achieved by setting a 'preLaunch' script.
-        ${preLaunch}
-
-        exec ${nixery}/bin/server
-      '';
-    in
-    dockerTools.buildLayeredImage {
-      name = "nixery";
-      config.Cmd = [ "${nixery-launch-script}/bin/nixery" ];
-
-      inherit maxLayers;
-      contents = [
-        bashInteractive
-        cacert
-        coreutils
-        git
-        gnutar
-        gzip
-        iana-etc
-        nix
-        nixery-prepare-image
-        nixery-launch-script
-        openssh
-        zlib
-      ] ++ extraPackages;
-    };
+  nixery-image = dockerTools.buildLayeredImage {
+    name = "nixery";
+    config.Cmd = [ "${nixery-launch-script}/bin/nixery" ];
+
+    inherit maxLayers;
+    contents = [
+      bashInteractive
+      cacert
+      coreutils
+      git
+      gnutar
+      gzip
+      iana-etc
+      nix
+      nixery-prepare-image
+      nixery-launch-script
+      openssh
+      zlib
+    ] ++ extraPackages;
+  };
 }