Commit 075fdb5

HPCesia <me@hpcesia.com>
2026-03-19 09:08:38
Refactor with nixpkgs built-in dockerTools
1 parent aef80de
Changed files (1)
flake.nix
@@ -22,23 +22,26 @@
         ...
       }: let
         nix2container = inputs'.nix2container.packages.nix2container;
-        mkEtc = pkgs.runCommand "nix-act-image-etc" {} ''
-          mkdir -p $out/etc
-          echo "root:x:0:0:System administrator:/root:/bin/bash" > $out/etc/passwd
-          echo "nixbld1:!:999:999:Nix build user 1:/var/empty:/sbin/nologin" >> $out/etc/passwd
-          echo "nixbld2:!:999:999:Nix build user 1:/var/empty:/sbin/nologin" >> $out/etc/passwd
-          echo "nixbld3:!:999:999:Nix build user 1:/var/empty:/sbin/nologin" >> $out/etc/passwd
-          echo "nixbld4:!:999:999:Nix build user 1:/var/empty:/sbin/nologin" >> $out/etc/passwd
-          echo "nixbld5:!:999:999:Nix build user 1:/var/empty:/sbin/nologin" >> $out/etc/passwd
-          echo "nixbld6:!:999:999:Nix build user 1:/var/empty:/sbin/nologin" >> $out/etc/passwd
-          echo "nixbld7:!:999:999:Nix build user 1:/var/empty:/sbin/nologin" >> $out/etc/passwd
-          echo "nixbld8:!:999:999:Nix build user 1:/var/empty:/sbin/nologin" >> $out/etc/passwd
-          echo "nixbld9:!:999:999:Nix build user 1:/var/empty:/sbin/nologin" >> $out/etc/passwd
-          echo "nixbld10:!:999:999:Nix build user 1:/var/empty:/sbin/nologin" >> $out/etc/passwd
 
-          echo "root:x:0:" > $out/etc/group
-          echo "nixbld:x:999:nixbld1,nixbld2,nixbld3,nixbld4,nixbld5,nixbld6,nixbld7,nixbld8,nixbld9,nixbld10" >> $out/etc/group
+        fakeNss = pkgs.dockerTools.fakeNss.override {
+          extraPasswdLines = [
+            "nixbld1:!:999:999:Nix build user 1:/var/empty:/sbin/nologin"
+            "nixbld2:!:999:999:Nix build user 1:/var/empty:/sbin/nologin"
+            "nixbld3:!:999:999:Nix build user 1:/var/empty:/sbin/nologin"
+            "nixbld4:!:999:999:Nix build user 1:/var/empty:/sbin/nologin"
+            "nixbld5:!:999:999:Nix build user 1:/var/empty:/sbin/nologin"
+            "nixbld6:!:999:999:Nix build user 1:/var/empty:/sbin/nologin"
+            "nixbld7:!:999:999:Nix build user 1:/var/empty:/sbin/nologin"
+            "nixbld8:!:999:999:Nix build user 1:/var/empty:/sbin/nologin"
+            "nixbld9:!:999:999:Nix build user 1:/var/empty:/sbin/nologin"
+            "nixbld10:!:999:999:Nix build user 1:/var/empty:/sbin/nologin"
+          ];
+          extraGroupLines = [
+            "nixbld:x:999:nixbld1,nixbld2,nixbld3,nixbld4,nixbld5,nixbld6,nixbld7,nixbld8,nixbld9,nixbld10"
+          ];
+        };
 
+        mkNixConf = pkgs.runCommand "nix-act-image-etc" {} ''
           mkdir -p $out/etc/nix
           echo "experimental-features = nix-command flakes" > $out/etc/nix/nix.conf
         '';
@@ -51,6 +54,7 @@
           name = "repo.hpcesia.com/HPCesia/nix-act-image";
           tag = "latest-${lib.removeSuffix "-linux" system}";
           initializeNixDatabase = true;
+
           copyToRoot = [
             (pkgs.buildEnv {
               name = "root";
@@ -59,7 +63,11 @@
                 bash
                 coreutils
                 docker-client
-                mkEtc
+                pkgs.dockerTools.caCertificates
+                pkgs.dockerTools.usrBinEnv
+                fakeNss
+                mkNixConf
+                mkTmp
                 nix
                 nodejs_24
 
@@ -109,9 +117,7 @@
                 tree
                 yq
               ];
-              pathsToLink = ["/bin" "/etc"];
             })
-            mkTmp
           ];
           perms = [
             {