Commit f1d4b72

HPCesia <me@hpcesia.com>
2026-07-02 10:57:24
Split package into seperate file
1 parent 8ddffab
Changed files (2)
flake.nix
@@ -15,233 +15,13 @@
       ];
 
       perSystem = {
-        inputs',
         pkgs,
+        inputs',
         ...
-      }: let
-        nix2container = inputs'.nix2container.packages.nix2container;
-
-        fakeNss = pkgs.dockerTools.fakeNss.override {
-          extraPasswdLines = [
-            "podman:x:1000:1000:Podman user:/home/podman:/bin/bash"
-            "nixbld1:!:999:999:Nix build user 1:/var/empty:/sbin/nologin"
-            "nixbld2:!:999:999:Nix build user 1:/var/empty:/sbin/nologin"
-            "nixbld3:!:999:999:Nix build user 1:/var/empty:/sbin/nologin"
-            "nixbld4:!:999:999:Nix build user 1:/var/empty:/sbin/nologin"
-            "nixbld5:!:999:999:Nix build user 1:/var/empty:/sbin/nologin"
-            "nixbld6:!:999:999:Nix build user 1:/var/empty:/sbin/nologin"
-            "nixbld7:!:999:999:Nix build user 1:/var/empty:/sbin/nologin"
-            "nixbld8:!:999:999:Nix build user 1:/var/empty:/sbin/nologin"
-            "nixbld9:!:999:999:Nix build user 1:/var/empty:/sbin/nologin"
-            "nixbld10:!:999:999:Nix build user 1:/var/empty:/sbin/nologin"
-          ];
-          extraGroupLines = [
-            "podman:x:1000:podman"
-            "nixbld:x:999:nixbld1,nixbld2,nixbld3,nixbld4,nixbld5,nixbld6,nixbld7,nixbld8,nixbld9,nixbld10"
-          ];
-        };
-
-        mkNixConf = pkgs.runCommand "nix-act-image-etc" {} ''
-          mkdir -p $out/etc/nix
-          echo "experimental-features = nix-command flakes" > $out/etc/nix/nix.conf
-        '';
-        mkTmp = pkgs.runCommand "nix-act-image-tmp" {} ''
-          mkdir -p $out/tmp
-          mkdir -p $out/var/tmp
-        '';
-
-        mkPodmanConfig = pkgs.runCommand "podman-config" {} ''
-          mkdir -p $out/etc/containers
-          mkdir -p $out/home/podman
-          mkdir -p $out/var/lib/containers
-          mkdir -p $out/var/lib/shared/overlay-images
-          mkdir -p $out/var/lib/shared/overlay-layers
-          mkdir -p $out/var/lib/shared/vfs-images
-          mkdir -p $out/var/lib/shared/vfs-layers
-          mkdir -p $out/run
-
-          touch $out/var/lib/shared/overlay-images/images.lock
-          touch $out/var/lib/shared/overlay-layers/layers.lock
-          touch $out/var/lib/shared/vfs-images/images.lock
-          touch $out/var/lib/shared/vfs-layers/layers.lock
-
-          cat > $out/etc/containers/containers.conf << 'EOF'
-          [containers]
-          netns="host"
-          userns="host"
-          ipcns="host"
-          utsns="host"
-          cgroupns="host"
-          cgroups="disabled"
-          log_driver = "k8s-file"
-          [engine]
-          cgroup_manager = "cgroupfs"
-          events_logger="file"
-          runtime="crun"
-          EOF
-
-          cat > $out/etc/containers/containers.conf.rootless << 'EOF'
-          [containers]
-          volumes = [
-            "/proc:/proc",
-          ]
-          default_sysctls = []
-          EOF
-
-          cat > $out/etc/containers/storage.conf << 'EOF'
-          [storage]
-          driver = "overlay"
-          runroot = "/run/containers/storage"
-          graphroot = "/var/lib/containers/storage"
-          [storage.options]
-          mount_program = "${pkgs.fuse-overlayfs}/bin/fuse-overlayfs"
-          mountopt = "nodev,fsync=0"
-          additionalimagestores = [
-            "/var/lib/shared",
-          ]
-          [storage.options.overlay]
-          ignore_chown_errors = "true"
-          EOF
-
-          cat > $out/etc/containers/mounts.conf << 'EOF'
-          /run/secrets/etc-pki-entitlement:/run/secrets/etc-pki-entitlement
-          /run/secrets/rhsm:/run/secrets/rhsm
-          EOF
-
-          cat > $out/etc/containers/policy.json << 'EOF'
-          {"default":[{"type":"insecureAcceptAnything"}]}
-          EOF
-        '';
-
-        mkSubugid = pkgs.runCommand "subugid" {} ''
-          mkdir -p $out/etc
-          cat > $out/etc/subuid << 'EOF'
-          root:1:999
-          root:1001:64535
-          podman:1:999
-          podman:1001:64535
-          EOF
-          cat > $out/etc/subgid << 'EOF'
-          root:1:999
-          root:1001:64535
-          podman:1:999
-          podman:1001:64535
-          EOF
-        '';
-      in {
-        packages.default = nix2container.buildImage {
+      }: {
+        packages.default = pkgs.callPackage ./package.nix {
+          nix2container = inputs'.nix2container.packages.nix2container;
           name = "repo.hpcesia.com/HPCesia/nix-act-image";
-          tag = "latest";
-          initializeNixDatabase = true;
-          maxLayers = 42;
-
-          copyToRoot = [
-            (pkgs.buildEnv {
-              name = "root";
-              paths = with pkgs; [
-                # Basic
-                bash
-                coreutils
-                docker-client
-                pkgs.dockerTools.caCertificates
-                pkgs.dockerTools.usrBinEnv
-                fakeNss
-                mkNixConf
-                mkTmp
-                nix
-                nodejs_24
-
-                # Network
-                aria2
-                cacert
-                curl
-                dnsutils
-                openssh
-                wget
-
-                # Git
-                gitMinimal
-                git-lfs
-
-                # Archive
-                gnutar
-                gzip
-                p7zip
-                unzip
-                xz
-                zip
-                zstd
-
-                # Build
-                autoconf
-                automake
-                gcc
-                gnumake
-                m4
-                patchelf
-
-                # Misc
-                binutils
-                file
-                findutils
-                gawk
-                gnugrep
-                gnupg
-                gnused
-                jq
-                parallel
-                python3
-                rsync
-                sqlite
-                sudo
-                tree
-                yq
-
-                # Podman in Podman
-                fuse-overlayfs
-                mkPodmanConfig
-                podman
-                shadow
-              ];
-            })
-            mkSubugid
-          ];
-          perms = [
-            {
-              path = mkTmp;
-              regex = ".*";
-              mode = "1777";
-            }
-            {
-              path = mkPodmanConfig;
-              regex = "home/podman";
-              mode = "0777";
-            }
-            {
-              path = pkgs.shadow;
-              regex = "bin/new[ug]idmap";
-              mode = "4555";
-            }
-          ];
-          config = {
-            Entrypoint = ["/bin/bash"];
-            Env = [
-              "USER=root"
-              "HOME=/"
-              "PATH=/bin"
-              "NIX_PAGER=cat"
-              "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
-              "DOCKER_HOST=unix:///run/user/1000/podman/podman.sock"
-              "CONTAINERS_STORAGE=/var/lib/containers/storage"
-              "_CONTAINERS_USERNS_CONFIGURED="
-              "BUILDAH_ISOLATION=chroot"
-            ];
-            Labels = {
-              "org.opencontainers.image.source" = "https://codeberg.org/HPCesia/nix-act-image";
-              "org.opencontainers.image.description" = "A Nix based container for Forgejo Actions";
-              "org.opencontainers.image.licenses" = pkgs.lib.licenses.mit.spdxId;
-            };
-          };
         };
       };
     });
package.nix
@@ -0,0 +1,221 @@
+{
+  pkgs,
+  nix2container,
+  name,
+}: let
+  fakeNss = pkgs.dockerTools.fakeNss.override {
+    extraPasswdLines = [
+      "podman:x:1000:1000:Podman user:/home/podman:/bin/bash"
+      "nixbld1:!:999:999:Nix build user 1:/var/empty:/sbin/nologin"
+      "nixbld2:!:999:999:Nix build user 1:/var/empty:/sbin/nologin"
+      "nixbld3:!:999:999:Nix build user 1:/var/empty:/sbin/nologin"
+      "nixbld4:!:999:999:Nix build user 1:/var/empty:/sbin/nologin"
+      "nixbld5:!:999:999:Nix build user 1:/var/empty:/sbin/nologin"
+      "nixbld6:!:999:999:Nix build user 1:/var/empty:/sbin/nologin"
+      "nixbld7:!:999:999:Nix build user 1:/var/empty:/sbin/nologin"
+      "nixbld8:!:999:999:Nix build user 1:/var/empty:/sbin/nologin"
+      "nixbld9:!:999:999:Nix build user 1:/var/empty:/sbin/nologin"
+      "nixbld10:!:999:999:Nix build user 1:/var/empty:/sbin/nologin"
+    ];
+    extraGroupLines = [
+      "podman:x:1000:podman"
+      "nixbld:x:999:nixbld1,nixbld2,nixbld3,nixbld4,nixbld5,nixbld6,nixbld7,nixbld8,nixbld9,nixbld10"
+    ];
+  };
+
+  mkNixConf = pkgs.runCommand "nix-act-image-etc" {} ''
+    mkdir -p $out/etc/nix
+    echo "experimental-features = nix-command flakes" > $out/etc/nix/nix.conf
+  '';
+
+  mkTmp = pkgs.runCommand "nix-act-image-tmp" {} ''
+    mkdir -p $out/tmp
+    mkdir -p $out/var/tmp
+  '';
+
+  mkPodmanConfig = pkgs.runCommand "podman-config" {} ''
+    mkdir -p $out/etc/containers
+    mkdir -p $out/home/podman
+    mkdir -p $out/var/lib/containers
+    mkdir -p $out/var/lib/shared/overlay-images
+    mkdir -p $out/var/lib/shared/overlay-layers
+    mkdir -p $out/var/lib/shared/vfs-images
+    mkdir -p $out/var/lib/shared/vfs-layers
+    mkdir -p $out/run
+
+    touch $out/var/lib/shared/overlay-images/images.lock
+    touch $out/var/lib/shared/overlay-layers/layers.lock
+    touch $out/var/lib/shared/vfs-images/images.lock
+    touch $out/var/lib/shared/vfs-layers/layers.lock
+
+    cat > $out/etc/containers/containers.conf << 'EOF'
+    [containers]
+    netns="host"
+    userns="host"
+    ipcns="host"
+    utsns="host"
+    cgroupns="host"
+    cgroups="disabled"
+    log_driver = "k8s-file"
+    [engine]
+    cgroup_manager = "cgroupfs"
+    events_logger="file"
+    runtime="crun"
+    EOF
+
+    cat > $out/etc/containers/containers.conf.rootless << 'EOF'
+    [containers]
+    volumes = [
+      "/proc:/proc",
+    ]
+    default_sysctls = []
+    EOF
+
+    cat > $out/etc/containers/storage.conf << 'EOF'
+    [storage]
+    driver = "overlay"
+    runroot = "/run/containers/storage"
+    graphroot = "/var/lib/containers/storage"
+    [storage.options]
+    mount_program = "${pkgs.fuse-overlayfs}/bin/fuse-overlayfs"
+    mountopt = "nodev,fsync=0"
+    additionalimagestores = [
+      "/var/lib/shared",
+    ]
+    [storage.options.overlay]
+    ignore_chown_errors = "true"
+    EOF
+
+    cat > $out/etc/containers/mounts.conf << 'EOF'
+    /run/secrets/etc-pki-entitlement:/run/secrets/etc-pki-entitlement
+    /run/secrets/rhsm:/run/secrets/rhsm
+    EOF
+
+    cat > $out/etc/containers/policy.json << 'EOF'
+    {"default":[{"type":"insecureAcceptAnything"}]}
+    EOF
+  '';
+
+  mkSubugid = pkgs.runCommand "subugid" {} ''
+    mkdir -p $out/etc
+    cat > $out/etc/subuid << 'EOF'
+    root:1:999
+    root:1001:64535
+    podman:1:999
+    podman:1001:64535
+    EOF
+    cat > $out/etc/subgid << 'EOF'
+    root:1:999
+    root:1001:64535
+    podman:1:999
+    podman:1001:64535
+    EOF
+  '';
+in
+  nix2container.buildImage {
+    inherit name;
+    tag = "latest";
+    initializeNixDatabase = true;
+    maxLayers = 42;
+
+    copyToRoot = [
+      (pkgs.buildEnv {
+        name = "root";
+        paths = with pkgs; [
+          bash
+          coreutils
+          docker-client
+          dockerTools.caCertificates
+          dockerTools.usrBinEnv
+          fakeNss
+          mkNixConf
+          mkTmp
+          nix
+          nodejs_24
+
+          aria2
+          cacert
+          curl
+          dnsutils
+          openssh
+          wget
+
+          gitMinimal
+          git-lfs
+
+          gnutar
+          gzip
+          p7zip
+          unzip
+          xz
+          zip
+          zstd
+
+          autoconf
+          automake
+          gcc
+          gnumake
+          m4
+          patchelf
+
+          binutils
+          file
+          findutils
+          gawk
+          gnugrep
+          gnupg
+          gnused
+          jq
+          parallel
+          python3
+          rsync
+          sqlite
+          sudo
+          tree
+          yq
+
+          fuse-overlayfs
+          mkPodmanConfig
+          podman
+          shadow
+        ];
+      })
+      mkSubugid
+    ];
+    perms = [
+      {
+        path = mkTmp;
+        regex = ".*";
+        mode = "1777";
+      }
+      {
+        path = mkPodmanConfig;
+        regex = "home/podman";
+        mode = "0777";
+      }
+      {
+        path = pkgs.shadow;
+        regex = "bin/new[ug]idmap";
+        mode = "4555";
+      }
+    ];
+    config = {
+      Entrypoint = ["/bin/bash"];
+      Env = [
+        "USER=root"
+        "HOME=/"
+        "PATH=/bin"
+        "NIX_PAGER=cat"
+        "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
+        "DOCKER_HOST=unix:///run/user/1000/podman/podman.sock"
+        "CONTAINERS_STORAGE=/var/lib/containers/storage"
+        "_CONTAINERS_USERNS_CONFIGURED="
+        "BUILDAH_ISOLATION=chroot"
+      ];
+      Labels = {
+        "org.opencontainers.image.source" = "https://codeberg.org/HPCesia/nix-act-image";
+        "org.opencontainers.image.description" = "A Nix based container for Forgejo Actions";
+        "org.opencontainers.image.licenses" = pkgs.lib.licenses.mit.spdxId;
+      };
+    };
+  }