Docker images for the Nix package manager
Switch branches/tags
Nothing to show
Clone or download
Latest commit 2f499c7 Oct 31, 2018

README.md

nix-docker

Docker images for the Nix package manager

This repository contains nix expressions to build a minimal docker image for the nix package manager. The current official docker image for nix is based on alpine, this image that is build from scratch and looks a lot more like nixos.

  • nix, bash and coreutils are installed in a system profile that is linked to /run/current-system/sw, the only global paths are /bin/sh and /usr/bin/env

  • it's easy to build a new custom baseimage using a specific version of nixpkgs, this makes it a lot easier to create an image with a custom version of nix or nixpkgs.

  • the lnl7/nix:ssh image can be used to setup an image that can be used as a remote builder, this allows you to build expressions for x86_64-linux on other platforms (ex. building a new baseimage on a darwin machine)

Base Images

All the images are based on the latest baseimage, previous versions are available in my repository https://hub.docker.com/r/lnl7/nix/tags.

  • lnl7/nix:2018-09-21 (2.1.2)
  • lnl7/nix:2018-07-17 (2.0.4)
  • lnl7/nix:2018-04-17 (2.0)
  • lnl7/nix:2018-03-13-patch1
  • lnl7/nix:2018-01-13 (1.11.16)
  • lnl7/nix:2017-10-07 (1.11.15)
  • lnl7/nix:2017-06-17 (1.11.10)
  • lnl7/nix:2017-06-09 (1.11.9)
  • lnl7/nix:2017-01-21 (1.11.6)
  • lnl7/nix:124f25b (1.11.4)
  • lnl7/nix:ea9d390 (1.11.2)
  • lnl7/nix:272cf5c

Default Image

The default image is intended for interactive use and includes some common and useful packages:

docker run --rm -it lnl7/nix nix repl '<nixpkgs>'
nix-repl> 

Building an Image

FROM lnl7/nix:2.1.2

RUN nix-env -iA \
 nixpkgs.curl \
 nixpkgs.jq

Building a new Base Image

nix-shell -A env --run './result/bin/run-docker-build'

The src can also can be overridden to use a custom nixpkgs for the image.

nix-shell -A env --argstr src ./srcs/2018-03-13.nix

Running as a remote builder

docker run --restart always --name nix-docker -d -p 3022:22 lnl7/nix:ssh

If you have not setup a remote builder before you can follow these steps.

Configure ssh

mkdir -p /etc/nix
chmod 600 ssh/insecure_rsa
cp ssh/insecure_rsa /etc/nix/docker_rsa

Add an entry for the container in your ~/.ssh/config, at this point you should be able to ssh to the container.

Note: If you use docker-machine you'll have to use docker-machine ip as the host instead of localhost.

Host nix-docker
  User root
  HostName 127.0.0.1
  Port 3022
  IdentityFile /etc/nix/docker_rsa

Optionally you can setup your own ssh key, instead of using the insecure key.

ssh-keygen -t rsa -b 2048 -N "" -f docker_rsa
scp docker_rsa.pub nix-docker:/root/.ssh/authorized_keys
cp docker_rsa /etc/nix/

Create a signing keypair

openssl genrsa -out /etc/nix/signing-key.sec 2048
openssl rsa -in /etc/nix/signing-key.sec -pubout > /etc/nix/signing-key.pub
chmod 600 /etc/nix/signing-key.sec
ssh nix-docker mkdir -p /etc/nix
scp /etc/nix/signing-key.sec nix-docker:/etc/nix/signing-key.sec

Setup the container as a remote builder

cp ssh/remote-build-env /etc/nix/
cp ssh/remote-systems.conf /etc/nix/

Build a linux derivation

source /etc/nix/remote-build-env
nix-build '<nixpkgs>' -A hello --argstr system x86_64-linux