From c10af0f1c5a932e17adf92305a5f0576683193bb Mon Sep 17 00:00:00 2001 From: Joshua Gilman Date: Thu, 6 Oct 2022 17:54:37 -0700 Subject: [PATCH 01/17] feat: adds mkDevOCI for generating devcontainers --- cells/lib/ops.nix | 5 + cells/lib/ops/mkDevOCI.nix | 219 +++++++++++++++++++++++++++++++++++++ 2 files changed, 224 insertions(+) create mode 100644 cells/lib/ops/mkDevOCI.nix diff --git a/cells/lib/ops.nix b/cells/lib/ops.nix index 00236962..2f8d87ed 100644 --- a/cells/lib/ops.nix +++ b/cells/lib/ops.nix @@ -23,6 +23,11 @@ in { inputs = requireInput "n2c" "github:nlewo/nix2container" "std.lib.ops.mkOCI"; }; + mkDevOCI = import ./ops/mkDevOCI.nix { + inherit cell; + inputs = requireInput "n2c" "github:nlewo/nix2container" "std.lib.ops.mkDevOCI"; + }; + mkStandardOCI = import ./ops/mkStandardOCI.nix { inherit cell; inputs = requireInput "n2c" "github:nlewo/nix2container" "std.lib.ops.mkStandardOCI"; diff --git a/cells/lib/ops/mkDevOCI.nix b/cells/lib/ops/mkDevOCI.nix new file mode 100644 index 00000000..1fe79702 --- /dev/null +++ b/cells/lib/ops/mkDevOCI.nix @@ -0,0 +1,219 @@ +{ + inputs, + cell, +}: let + inherit (inputs) nixpkgs std; + l = nixpkgs.lib // builtins; + n2c = inputs.n2c.packages.nix2container; +in + { + name, + devshell, + runtimeShell ? nixpkgs.bashInteractive, + user ? "vscode", + tag ? "", + setup ? [], + perms ? [], + labels ? {}, + options ? {}, + }: let + # Apply the correct hook based on the given runtime shell + # Only bash/zsh are supported currently + shellName = builtins.unsafeDiscardStringContext (l.baseNameOf (l.getExe runtimeShell)); + shellConfigs = { + bash = '' + mkdir -p $out/home/${user} + cat >$out/home/${user}/.bashrc << EOF + eval "\$(direnv hook bash)" + EOF + ''; + zsh = '' + mkdir -p $out/home/${user} + cat >$out/home/${user}/.zshrc << EOF + eval "\$(direnv hook zsh)" + EOF + ''; + }; + + # Configure local user + setupUser = cell.ops.mkUser { + inherit user; + group = user; + uid = "1000"; + gid = "1000"; + withHome = true; + withRoot = true; + }; + + # Configure direnv, git, and nix. Additionally, perform some setup for + # vscode which makes some basic assumptions about the environment. + setupEnv = + cell.ops.mkSetup "container" + [ + { + regex = "/vscode"; + mode = "0744"; + uid = 1000; + gid = 1000; + } + { + regex = "/tmp"; + mode = "0777"; + } + { + regex = "/home/${user}"; + mode = "0744"; + uid = 1000; + gid = 1000; + } + ] + '' + # Setup tmp folder + mkdir -p $out/tmp + + # Setup vscode directory + mkdir -p $out/vscode + + # Enable nix flakes + mkdir -p $out/etc + echo "sandbox = false" > $out/etc/nix.conf + echo "experimental-features = nix-command flakes" >> $out/etc/nix.conf + + # Increase warn timeout and whitelist all paths + cat >$out/etc/direnv.toml << EOF + [global] + warn_timeout = "10m" + [whitelist] + prefix = [ "/" ] + EOF + + # Add direnv shim + ${shellConfigs.${shellName}} + + # Disable git safe directory + cat >$out/etc/gitconfig < Date: Thu, 6 Oct 2022 19:16:45 -0700 Subject: [PATCH 02/17] feat: adds devcontainer for dogfooding --- cells/_automation/containers.nix | 23 +++++++++++++++++++++++ dogfood.nix | 1 + 2 files changed, 24 insertions(+) create mode 100644 cells/_automation/containers.nix diff --git a/cells/_automation/containers.nix b/cells/_automation/containers.nix new file mode 100644 index 00000000..1ab816f9 --- /dev/null +++ b/cells/_automation/containers.nix @@ -0,0 +1,23 @@ +{ inputs +, cell +}: +let + inherit (inputs.cells) nixpkgs lib; + l = nixpkgs.lib // builtins; +in +{ + dev = lib.ops.mkDevOCI { + name = "docker.io/std-dev"; + tag = "latest"; + devshell = inputs.cells._automation.devshells.default; + labels = { + title = "std-dev"; + version = "0.1.0"; + url = "https://github.com/divnix"; + source = "https://github.com/divnix"; + description = '' + A prepackaged devcontainer for hacking on std + ''; + }; + }; +} diff --git a/dogfood.nix b/dogfood.nix index 11013502..5c38fca3 100644 --- a/dogfood.nix +++ b/dogfood.nix @@ -31,6 +31,7 @@ growOn { # _automation (blockTypes.devshells "devshells") (blockTypes.nixago "nixago") + (blockTypes.containers "containers") # (blockTypes.tasks "tasks") # TODO: implement properly # _tests From 725b4d84f16a60dadf67bdb8a39da0284eb3a843 Mon Sep 17 00:00:00 2001 From: Joshua Gilman Date: Fri, 7 Oct 2022 08:55:07 -0700 Subject: [PATCH 03/17] fix: adds nix2container as global input --- cells/lib/ops.nix | 17 ++----- cells/lib/ops/mkOperable.nix | 2 +- cells/lib/ops/mkSetup.nix | 2 +- cells/lib/ops/writeShellEntrypoint.nix | 2 +- flake.lock | 64 ++++++++++++++++++++------ flake.nix | 3 +- 6 files changed, 57 insertions(+), 33 deletions(-) diff --git a/cells/lib/ops.nix b/cells/lib/ops.nix index 2f8d87ed..01d22f85 100644 --- a/cells/lib/ops.nix +++ b/cells/lib/ops.nix @@ -18,18 +18,7 @@ in { mkUser = import ./ops/mkUser.nix {inherit inputs cell;}; writeScript = import ./ops/writeScript.nix {inherit inputs cell;}; - mkOCI = import ./ops/mkOCI.nix { - inherit cell; - inputs = requireInput "n2c" "github:nlewo/nix2container" "std.lib.ops.mkOCI"; - }; - - mkDevOCI = import ./ops/mkDevOCI.nix { - inherit cell; - inputs = requireInput "n2c" "github:nlewo/nix2container" "std.lib.ops.mkDevOCI"; - }; - - mkStandardOCI = import ./ops/mkStandardOCI.nix { - inherit cell; - inputs = requireInput "n2c" "github:nlewo/nix2container" "std.lib.ops.mkStandardOCI"; - }; + mkOCI = import ./ops/mkOCI.nix {inherit inputs cell;}; + mkDevOCI = import ./ops/mkDevOCI.nix {inherit inputs cell;}; + mkStandardOCI = import ./ops/mkStandardOCI.nix {inherit inputs cell;}; } diff --git a/cells/lib/ops/mkOperable.nix b/cells/lib/ops/mkOperable.nix index 1591a0ed..77286c21 100644 --- a/cells/lib/ops/mkOperable.nix +++ b/cells/lib/ops/mkOperable.nix @@ -45,7 +45,7 @@ in }; # Configure debug environment - banner = nixpkgs.runCommandNoCC "debug-banner" {} '' + banner = nixpkgs.runCommand "debug-banner" {} '' ${nixpkgs.figlet}/bin/figlet -f banner "STD Debug" > $out ''; debug = cell.ops.writeScript { diff --git a/cells/lib/ops/mkSetup.nix b/cells/lib/ops/mkSetup.nix index 4a4c950b..877c79fc 100644 --- a/cells/lib/ops/mkSetup.nix +++ b/cells/lib/ops/mkSetup.nix @@ -17,7 +17,7 @@ in A setup task. */ name: perms: contents: let - setup = nixpkgs.runCommandNoCC "oci-setup-${name}" {} contents; + setup = nixpkgs.runCommand "oci-setup-${name}" {} contents; perms' = l.map (p: p // { path = setup; }) perms; in setup diff --git a/cells/lib/ops/writeShellEntrypoint.nix b/cells/lib/ops/writeShellEntrypoint.nix index 7136500e..78d3b4d7 100644 --- a/cells/lib/ops/writeShellEntrypoint.nix +++ b/cells/lib/ops/writeShellEntrypoint.nix @@ -44,7 +44,7 @@ }; mkDebugOCI = entrypoint: name: let - debug-banner = nixpkgs.runCommandNoCC "debug-banner" {} '' + debug-banner = nixpkgs.runCommand "debug-banner" {} '' ${nixpkgs.figlet}/bin/figlet -f banner "STD Debug" > $out ''; debug-tools = with nixpkgs.pkgsStatic; [busybox]; diff --git a/flake.lock b/flake.lock index bfd21a85..858760d1 100644 --- a/flake.lock +++ b/flake.lock @@ -63,11 +63,26 @@ }, "flake-utils": { "locked": { - "lastModified": 1656928814, - "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", "owner": "numtide", "repo": "flake-utils", - "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "locked": { + "lastModified": 1653893745, + "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1", "type": "github" }, "original": { @@ -79,11 +94,11 @@ "mdbook-kroki-preprocessor": { "flake": false, "locked": { - "lastModified": 1655670640, - "narHash": "sha256-JjqdxftHBjABTkOpFl3cWUJtc/KGwkQ3NRWGLjH2oUs=", + "lastModified": 1661755005, + "narHash": "sha256-1TJuUzfyMycWlOQH67LR63/ll2GDZz25I3JfScy/Jnw=", "owner": "JoelCourtney", "repo": "mdbook-kroki-preprocessor", - "rev": "bb6e607437ecc3f22fd9036acee6b797a5b45dbc", + "rev": "93adb5716d035829efed27f65f2f0833a7d3e76f", "type": "github" }, "original": { @@ -92,6 +107,27 @@ "type": "github" } }, + "n2c": { + "inputs": { + "flake-utils": "flake-utils_2", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1665039323, + "narHash": "sha256-SAh3ZjFGsaCI8FRzXQyp56qcGdAqgKEfJWPCQ0Sr7tQ=", + "owner": "nlewo", + "repo": "nix2container", + "rev": "b008fe329ffb59b67bf9e7b08ede6ee792f2741a", + "type": "github" + }, + "original": { + "owner": "nlewo", + "repo": "nix2container", + "type": "github" + } + }, "nixago": { "inputs": { "flake-utils": [ @@ -120,11 +156,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1658311025, - "narHash": "sha256-GqagY5YmaZB3YaO41kKcQhe5RcpS83wnsW8iCu5Znqo=", + "lastModified": 1665087388, + "narHash": "sha256-FZFPuW9NWHJteATOf79rZfwfRn5fE0wi9kRzvGfDHPA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "cd8d1784506a7c7eb0796772b73437e0b82fad57", + "rev": "95fda953f6db2e9496d2682c4fc7b82f959878f7", "type": "github" }, "original": { @@ -147,9 +183,7 @@ "microvm": [ "blank" ], - "n2c": [ - "blank" - ], + "n2c": "n2c", "nixago": "nixago", "nixpkgs": "nixpkgs", "yants": "yants" @@ -162,11 +196,11 @@ ] }, "locked": { - "lastModified": 1645126146, - "narHash": "sha256-XQ1eg4gzXoc7Tl8iXak1uCt3KnsTyxqPtLE+vOoDnrQ=", + "lastModified": 1660507851, + "narHash": "sha256-BKjq7JnVuUR/xDtcv6Vm9GYGKAblisXrAgybor9hT/s=", "owner": "divnix", "repo": "yants", - "rev": "77df2be1b3cce9f571c6cf451f786b266a6869cc", + "rev": "0b895ca02a8fa72bad50b454cb3e7d8a66407c96", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index ad378829..0e525025 100644 --- a/flake.nix +++ b/flake.nix @@ -11,6 +11,8 @@ inputs.dmerge.url = "github:divnix/data-merge"; inputs.dmerge.inputs.nixlib.follows = "nixpkgs"; inputs.dmerge.inputs.yants.follows = "yants"; + inputs.n2c.url = "github:nlewo/nix2container"; + inputs.n2c.inputs.nixpkgs.follows = "nixpkgs"; inputs.blank.url = "github:divnix/blank"; /* Auxiliar inputs used in builtin libraries or for the dev environment. @@ -31,7 +33,6 @@ # Placeholder inputs that can be overloaded via follows microvm.follows = "blank"; - n2c.follows = "blank"; makes.follows = "blank"; }; outputs = inputs: let From ebd60d90ff1306f1afd37008d518b0b9bb2700c9 Mon Sep 17 00:00:00 2001 From: Joshua Gilman Date: Fri, 7 Oct 2022 09:06:10 -0700 Subject: [PATCH 04/17] feat: adds devcontainer config for dogfooding --- .devcontainer.json | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 .devcontainer.json diff --git a/.devcontainer.json b/.devcontainer.json new file mode 100644 index 00000000..40ba50db --- /dev/null +++ b/.devcontainer.json @@ -0,0 +1,6 @@ +{ + "image": "std-dev", + "settings": { + "terminal.integrated.shell.linux": "/bin/bash" + } +} \ No newline at end of file From 64f85ec2f253365825c3ce3a5d7f2136011df48f Mon Sep 17 00:00:00 2001 From: Joshua Gilman Date: Fri, 7 Oct 2022 10:08:42 -0700 Subject: [PATCH 05/17] fix: add missing cmp binary --- cells/lib/ops/mkDevOCI.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/cells/lib/ops/mkDevOCI.nix b/cells/lib/ops/mkDevOCI.nix index 1fe79702..c5e73317 100644 --- a/cells/lib/ops/mkDevOCI.nix +++ b/cells/lib/ops/mkDevOCI.nix @@ -116,6 +116,7 @@ in nixpkgs.gawk nixpkgs.gnugrep nixpkgs.gnused + nixpkgs.diffutils ]; # These packages are required by vscode From 0a0ba3a4da4b05a6186969efc30d744f445c0c6a Mon Sep 17 00:00:00 2001 From: Joshua Gilman Date: Fri, 7 Oct 2022 10:42:20 -0700 Subject: [PATCH 06/17] fix: configure direnv globally --- cells/lib/ops/mkDevOCI.nix | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/cells/lib/ops/mkDevOCI.nix b/cells/lib/ops/mkDevOCI.nix index c5e73317..1fdfe01b 100644 --- a/cells/lib/ops/mkDevOCI.nix +++ b/cells/lib/ops/mkDevOCI.nix @@ -22,14 +22,12 @@ in shellName = builtins.unsafeDiscardStringContext (l.baseNameOf (l.getExe runtimeShell)); shellConfigs = { bash = '' - mkdir -p $out/home/${user} - cat >$out/home/${user}/.bashrc << EOF + cat >$out/etc/bashrc << EOF eval "\$(direnv hook bash)" EOF ''; zsh = '' - mkdir -p $out/home/${user} - cat >$out/home/${user}/.zshrc << EOF + cat >$out/etc/zshrc << EOF eval "\$(direnv hook zsh)" EOF ''; @@ -60,12 +58,6 @@ in regex = "/tmp"; mode = "0777"; } - { - regex = "/home/${user}"; - mode = "0744"; - uid = 1000; - gid = 1000; - } ] '' # Setup tmp folder From 94a08f99cdca4ff2309f93893a220aa52b28b007 Mon Sep 17 00:00:00 2001 From: Joshua Gilman Date: Fri, 7 Oct 2022 12:08:38 -0700 Subject: [PATCH 07/17] feat: fixes nixpkgs and adds support for nix profile install --- cells/lib/ops/mkDevOCI.nix | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/cells/lib/ops/mkDevOCI.nix b/cells/lib/ops/mkDevOCI.nix index 1fdfe01b..3d90a97e 100644 --- a/cells/lib/ops/mkDevOCI.nix +++ b/cells/lib/ops/mkDevOCI.nix @@ -21,16 +21,8 @@ in # Only bash/zsh are supported currently shellName = builtins.unsafeDiscardStringContext (l.baseNameOf (l.getExe runtimeShell)); shellConfigs = { - bash = '' - cat >$out/etc/bashrc << EOF - eval "\$(direnv hook bash)" - EOF - ''; - zsh = '' - cat >$out/etc/zshrc << EOF - eval "\$(direnv hook zsh)" - EOF - ''; + bash = "bashrc"; + zsh = "zshrc"; }; # Configure local user @@ -80,7 +72,12 @@ in EOF # Add direnv shim - ${shellConfigs.${shellName}} + cat >$out/etc/${shellConfigs.${shellName}} << EOF + eval "\$(direnv hook ${shellName})" + EOF + + # Put local profile in path + echo 'export PATH="$HOME/.nix-profile/bin:/nix/var/nix/profiles/default/bin:$PATH"' >> $out/etc/${shellConfigs.${shellName}} # Disable git safe directory cat >$out/etc/gitconfig < to the version used to build the container + "NIX_PATH=nixpkgs=${nixpkgs.path}" # Nix expects a user to be set "USER=${user}" # vscode ships with its own nodejs binary that it uploads when the From 2b4863688da39faadf2787aa6d6b7d8afeb8c585 Mon Sep 17 00:00:00 2001 From: Joshua Gilman Date: Fri, 7 Oct 2022 19:16:29 +0000 Subject: [PATCH 08/17] feat: adds gnupg for commit signing --- cells/lib/ops/mkDevOCI.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/cells/lib/ops/mkDevOCI.nix b/cells/lib/ops/mkDevOCI.nix index 3d90a97e..b4ab3897 100644 --- a/cells/lib/ops/mkDevOCI.nix +++ b/cells/lib/ops/mkDevOCI.nix @@ -117,6 +117,7 @@ in # These are common packages that are useful for development commonDeps = [ nixpkgs.nano + nixpkgs.gnupg ]; # The entrypoint should be long-running by default From d5792145aa828f6bb1de0d6b0ebec17d4a99df09 Mon Sep 17 00:00:00 2001 From: Joshua Gilman Date: Fri, 7 Oct 2022 20:21:16 +0000 Subject: [PATCH 09/17] feat: adds ssh for pushing commits --- cells/lib/ops/mkDevOCI.nix | 2 ++ cells/lib/ops/mkUser.nix | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/cells/lib/ops/mkDevOCI.nix b/cells/lib/ops/mkDevOCI.nix index b4ab3897..480d75da 100644 --- a/cells/lib/ops/mkDevOCI.nix +++ b/cells/lib/ops/mkDevOCI.nix @@ -31,6 +31,7 @@ in group = user; uid = "1000"; gid = "1000"; + shell = l.getExe runtimeShell; withHome = true; withRoot = true; }; @@ -118,6 +119,7 @@ in commonDeps = [ nixpkgs.nano nixpkgs.gnupg + nixpkgs.openssh ]; # The entrypoint should be long-running by default diff --git a/cells/lib/ops/mkUser.nix b/cells/lib/ops/mkUser.nix index 069ca941..a41afe64 100644 --- a/cells/lib/ops/mkUser.nix +++ b/cells/lib/ops/mkUser.nix @@ -23,6 +23,7 @@ in uid, group, gid, + shell ? "", withHome ? false, withRoot ? false, }: let @@ -48,7 +49,7 @@ in cell.ops.mkSetup "users" perms '' mkdir -p $out/etc/pam.d - echo "${user}:x:${uid}:${gid}::" > $out/etc/passwd + echo "${user}:x:${uid}:${gid}::${l.optionalString withHome "/home/${user}"}:${shell}" > $out/etc/passwd echo "${user}:!x:::::::" > $out/etc/shadow echo "${group}:x:${gid}:" > $out/etc/group From be21a5b033db4123e6bb9ac5432151279cd637dc Mon Sep 17 00:00:00 2001 From: Joshua Gilman Date: Fri, 7 Oct 2022 14:06:00 -0700 Subject: [PATCH 10/17] feat: makes vscode dependencies optional --- cells/_automation/containers.nix | 17 +- cells/lib/ops/mkDevOCI.nix | 329 ++++++++++++++++--------------- 2 files changed, 185 insertions(+), 161 deletions(-) diff --git a/cells/_automation/containers.nix b/cells/_automation/containers.nix index 1ab816f9..178caed0 100644 --- a/cells/_automation/containers.nix +++ b/cells/_automation/containers.nix @@ -16,7 +16,22 @@ in url = "https://github.com/divnix"; source = "https://github.com/divnix"; description = '' - A prepackaged devcontainer for hacking on std + A prepackaged container for hacking on std + ''; + }; + }; + vscode = lib.ops.mkDevOCI { + name = "docker.io/std-vscode"; + tag = "latest"; + devshell = inputs.cells._automation.devshells.default; + vscode = true; + labels = { + title = "std-dev"; + version = "0.1.0"; + url = "https://github.com/divnix"; + source = "https://github.com/divnix"; + description = '' + A prepackaged vscode devcontainer for hacking on std ''; }; }; diff --git a/cells/lib/ops/mkDevOCI.nix b/cells/lib/ops/mkDevOCI.nix index 480d75da..4900972c 100644 --- a/cells/lib/ops/mkDevOCI.nix +++ b/cells/lib/ops/mkDevOCI.nix @@ -1,52 +1,51 @@ -{ - inputs, - cell, -}: let +{ inputs +, cell +, +}: +let inherit (inputs) nixpkgs std; l = nixpkgs.lib // builtins; n2c = inputs.n2c.packages.nix2container; in - { - name, - devshell, - runtimeShell ? nixpkgs.bashInteractive, - user ? "vscode", - tag ? "", - setup ? [], - perms ? [], - labels ? {}, - options ? {}, - }: let - # Apply the correct hook based on the given runtime shell - # Only bash/zsh are supported currently - shellName = builtins.unsafeDiscardStringContext (l.baseNameOf (l.getExe runtimeShell)); - shellConfigs = { - bash = "bashrc"; - zsh = "zshrc"; - }; - - # Configure local user - setupUser = cell.ops.mkUser { - inherit user; - group = user; - uid = "1000"; - gid = "1000"; - shell = l.getExe runtimeShell; - withHome = true; - withRoot = true; - }; - - # Configure direnv, git, and nix. Additionally, perform some setup for - # vscode which makes some basic assumptions about the environment. - setupEnv = - cell.ops.mkSetup "container" +{ name +, devshell +, runtimeShell ? nixpkgs.bashInteractive +, user ? "user" +, vscode ? false +, tag ? "" +, setup ? [ ] +, perms ? [ ] +, labels ? { } +, options ? { } +, +}: +let + # vscode defaults to "vscode" as the user + user' = if vscode then "vscode" else user; + + # Apply the correct hook based on the given runtime shell + # Only bash/zsh are supported currently + shellName = builtins.unsafeDiscardStringContext (l.baseNameOf (l.getExe runtimeShell)); + shellConfigs = { + bash = "bashrc"; + zsh = "zshrc"; + }; + + # Configure local user + setupUser = cell.ops.mkUser { + user = user'; + group = user'; + uid = "1000"; + gid = "1000"; + shell = l.getExe runtimeShell; + withHome = true; + withRoot = true; + }; + + # Configure direnv, git, and nix + setupEnv = + cell.ops.mkSetup "container" [ - { - regex = "/vscode"; - mode = "0744"; - uid = 1000; - gid = 1000; - } { regex = "/tmp"; mode = "0777"; @@ -56,9 +55,6 @@ in # Setup tmp folder mkdir -p $out/tmp - # Setup vscode directory - mkdir -p $out/vscode - # Enable nix flakes mkdir -p $out/etc echo "sandbox = false" > $out/etc/nix.conf @@ -85,6 +81,23 @@ in [safe] directory = * EOF + ''; + + # Setup the environment in such a way to make it compatible with what a + # vscode devcontainer expects + setupVSCode = + cell.ops.mkSetup "vscode" + [ + { + regex = "/vscode"; + mode = "0744"; + uid = 1000; + gid = 1000; + } + ] + '' + # Setup vscode directory + mkdir -p $out/vscode # vscode uses /bin/sh for running commands mkdir -p $out/bin @@ -98,117 +111,113 @@ in ln -s ${nixpkgs.coreutils}/bin/env $out/usr/bin/env ''; - # These packages are required by nix and its direnv integration test - nixDeps = [ - nixpkgs.direnv - nixpkgs.git - nixpkgs.nix - nixpkgs.gawk - nixpkgs.gnugrep - nixpkgs.gnused - nixpkgs.diffutils - ]; - - # These packages are required by vscode - vscodeDeps = [ - nixpkgs.gnutar - nixpkgs.gzip - ]; - - # These are common packages that are useful for development - commonDeps = [ - nixpkgs.nano - nixpkgs.gnupg - nixpkgs.openssh - ]; - - # The entrypoint should be long-running by default - entrypoint = cell.ops.writeScript { - name = "entrypoint"; - text = '' - #!${l.getExe runtimeShell} - - if [ $# -eq 0 ]; then - while :; do sleep 2073600; done - else - "$@" & - fi - - wait -n - ''; - }; - in - cell.ops.mkOCI { - inherit entrypoint name tag labels perms; - - # No particular reason for using 1000 here other than it's idiomatic - uid = "1000"; - gid = "1000"; - - setup = - [ - setupEnv - setupUser - ] - ++ setup; - - layers = [ - (n2c.buildLayer { - copyToRoot = [ - (nixpkgs.buildEnv - { - name = "devshell"; - paths = - [ - nixpkgs.coreutils - devshell - runtimeShell - ] - ++ commonDeps - ++ nixDeps - ++ vscodeDeps; - - pathsToLink = ["/bin"]; - }) - # Required for fetching additional packages - nixpkgs.cacert - ]; - maxLayers = 100; - }) + # These packages are required by nix and its direnv integration test + nixDeps = [ + nixpkgs.direnv + nixpkgs.git + nixpkgs.nix + nixpkgs.gawk + nixpkgs.gnugrep + nixpkgs.gnused + nixpkgs.diffutils + ]; + + # These are common packages that are useful for development + commonDeps = [ + nixpkgs.nano + nixpkgs.gnupg + nixpkgs.openssh + ]; + + # These packages are required by vscode + vscodeDeps = [ + nixpkgs.gnutar + nixpkgs.gzip + ]; + + # The entrypoint should be long-running by default + entrypoint = cell.ops.writeScript { + name = "entrypoint"; + text = '' + #!${l.getExe runtimeShell} + + if [ $# -eq 0 ]; then + while :; do sleep 2073600; done + else + "$@" & + fi + + wait -n + ''; + }; +in +cell.ops.mkOCI { + inherit entrypoint name tag labels perms; + + # No particular reason for using 1000 here other than it's idiomatic + uid = "1000"; + gid = "1000"; + + setup = [ setupEnv setupUser ] + ++ setup + ++ (l.optionals vscode [ setupVSCode ]); + + layers = [ + (n2c.buildLayer { + copyToRoot = [ + (nixpkgs.buildEnv + { + name = "devshell"; + paths = + [ + nixpkgs.coreutils + devshell + runtimeShell + ] + ++ commonDeps + ++ nixDeps + ++ (l.optionals vscode vscodeDeps); + + pathsToLink = [ "/bin" ]; + }) + # Required for fetching additional packages + nixpkgs.cacert ]; - - options = l.recursiveUpdate options { - # Initialize the nix database so we can use the nix CLI - initializeNixDatabase = true; - - # This configures a single-user environment where the container user - # owns all of /nix - nixUid = 1000; - nixGid = 1000; - - config = { - Env = [ - # Tell direnv to find it's config in /etc - "DIRENV_CONFIG=/etc" - # Required by many tools - "HOME=/home/${user}" - # Nix related environment variables - "NIX_CONF_DIR=/etc" - "NIX_PAGER=cat" - # This file is created when nixpkgs.cacert is copied to the root - "NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt" - # Pin to the version used to build the container - "NIX_PATH=nixpkgs=${nixpkgs.path}" - # Nix expects a user to be set - "USER=${user}" - # vscode ships with its own nodejs binary that it uploads when the - # container is started. It is, unfortunately, dynamically linked and - # we need to resort to some hackery to get it to run. - "LD_LIBRARY_PATH=${nixpkgs.stdenv.cc.cc.lib}/lib" - ]; - Volumes = { - "/vscode" = {}; - }; - }; - }; - } + maxLayers = 100; + }) + ]; + + options = l.recursiveUpdate options { + # Initialize the nix database so we can use the nix CLI + initializeNixDatabase = true; + + # This configures a single-user environment where the container user + # owns all of /nix + nixUid = 1000; + nixGid = 1000; + + config = { + Env = [ + # Tell direnv to find it's config in /etc + "DIRENV_CONFIG=/etc" + # Required by many tools + "HOME=/home/${user'}" + # Nix related environment variables + "NIX_CONF_DIR=/etc" + "NIX_PAGER=cat" + # This file is created when nixpkgs.cacert is copied to the root + "NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt" + # Pin to the version used to build the container + "NIX_PATH=nixpkgs=${nixpkgs.path}" + # Nix expects a user to be set + "USER=${user'}" + ] ++ (l.optionals vscode [ + # vscode ships with its own nodejs binary that it uploads when the + # container is started. It is, unfortunately, dynamically linked and + # we need to resort to some hackery to get it to run. + "LD_LIBRARY_PATH=${nixpkgs.stdenv.cc.cc.lib}/lib" + ]); + Volumes = (l.optionalAttrs vscode { "/vscode" = { }; }); + }; + }; +} From 3486c7572b30e26d0f9a49331e280849d8d4333e Mon Sep 17 00:00:00 2001 From: Joshua Gilman Date: Fri, 7 Oct 2022 14:15:30 -0700 Subject: [PATCH 11/17] feat: makes /work default for non-vscode containers --- cells/lib/ops/mkDevOCI.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cells/lib/ops/mkDevOCI.nix b/cells/lib/ops/mkDevOCI.nix index 4900972c..0e436f74 100644 --- a/cells/lib/ops/mkDevOCI.nix +++ b/cells/lib/ops/mkDevOCI.nix @@ -218,6 +218,7 @@ cell.ops.mkOCI { "LD_LIBRARY_PATH=${nixpkgs.stdenv.cc.cc.lib}/lib" ]); Volumes = (l.optionalAttrs vscode { "/vscode" = { }; }); - }; + } + // (l.optionalAttrs (! vscode) { WorkingDir = "/work"; }); }; } From 751da26878fba5c5c77d3312a9000cca2903e4e0 Mon Sep 17 00:00:00 2001 From: Joshua Gilman Date: Fri, 7 Oct 2022 14:34:36 -0700 Subject: [PATCH 12/17] feat: adds slim option --- cells/lib/ops/mkDevOCI.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cells/lib/ops/mkDevOCI.nix b/cells/lib/ops/mkDevOCI.nix index 0e436f74..7d9373cf 100644 --- a/cells/lib/ops/mkDevOCI.nix +++ b/cells/lib/ops/mkDevOCI.nix @@ -12,6 +12,7 @@ in , runtimeShell ? nixpkgs.bashInteractive , user ? "user" , vscode ? false +, slim ? false , tag ? "" , setup ? [ ] , perms ? [ ] @@ -174,8 +175,8 @@ cell.ops.mkOCI { devshell runtimeShell ] - ++ commonDeps ++ nixDeps + ++ (l.optionals (! slim) commonDeps) ++ (l.optionals vscode vscodeDeps); pathsToLink = [ "/bin" ]; From 93d602d9efefb8604e0aedfd30d15ea25b6a566c Mon Sep 17 00:00:00 2001 From: Joshua Gilman Date: Fri, 7 Oct 2022 14:34:53 -0700 Subject: [PATCH 13/17] feat: adds starship prompt --- cells/lib/ops/mkDevOCI.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/cells/lib/ops/mkDevOCI.nix b/cells/lib/ops/mkDevOCI.nix index 7d9373cf..f7792466 100644 --- a/cells/lib/ops/mkDevOCI.nix +++ b/cells/lib/ops/mkDevOCI.nix @@ -77,6 +77,11 @@ let # Put local profile in path echo 'export PATH="$HOME/.nix-profile/bin:/nix/var/nix/profiles/default/bin:$PATH"' >> $out/etc/${shellConfigs.${shellName}} + # Optionally configure starship + cat >>$out/etc/${shellConfigs.${shellName}} << EOF + ${l.optionalString (! slim) ''eval "\$(starship init ${shellName})"''} + EOF + # Disable git safe directory cat >$out/etc/gitconfig < Date: Fri, 7 Oct 2022 15:14:37 -0700 Subject: [PATCH 14/17] refactor: image size optimizations --- cells/lib/ops/mkDevOCI.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/cells/lib/ops/mkDevOCI.nix b/cells/lib/ops/mkDevOCI.nix index f7792466..23866386 100644 --- a/cells/lib/ops/mkDevOCI.nix +++ b/cells/lib/ops/mkDevOCI.nix @@ -120,7 +120,7 @@ let # These packages are required by nix and its direnv integration test nixDeps = [ nixpkgs.direnv - nixpkgs.git + nixpkgs.gitMinimal nixpkgs.nix nixpkgs.gawk nixpkgs.gnugrep @@ -214,8 +214,6 @@ cell.ops.mkOCI { "NIX_PAGER=cat" # This file is created when nixpkgs.cacert is copied to the root "NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt" - # Pin to the version used to build the container - "NIX_PATH=nixpkgs=${nixpkgs.path}" # Nix expects a user to be set "USER=${user'}" ] ++ (l.optionals vscode [ @@ -223,6 +221,9 @@ cell.ops.mkOCI { # container is started. It is, unfortunately, dynamically linked and # we need to resort to some hackery to get it to run. "LD_LIBRARY_PATH=${nixpkgs.stdenv.cc.cc.lib}/lib" + ]) ++ (l.optionals (! slim) [ + # Include to support installing additional packages + "NIX_PATH=nixpkgs=${nixpkgs.path}" ]); Volumes = (l.optionalAttrs vscode { "/vscode" = { }; }); } From 51ead243d3cad006a15e23de6c33dbc8ac02c45f Mon Sep 17 00:00:00 2001 From: Joshua Gilman Date: Fri, 7 Oct 2022 15:22:35 -0700 Subject: [PATCH 15/17] style: formats files and adds comment header --- .devcontainer.json | 2 +- cells/_automation/containers.nix | 11 +- cells/lib/ops/mkDevOCI.nix | 334 +++++++++++++++++-------------- 3 files changed, 186 insertions(+), 161 deletions(-) diff --git a/.devcontainer.json b/.devcontainer.json index 40ba50db..7ffa9fd5 100644 --- a/.devcontainer.json +++ b/.devcontainer.json @@ -1,5 +1,5 @@ { - "image": "std-dev", + "image": "std-vscode", "settings": { "terminal.integrated.shell.linux": "/bin/bash" } diff --git a/cells/_automation/containers.nix b/cells/_automation/containers.nix index 178caed0..60f23cf8 100644 --- a/cells/_automation/containers.nix +++ b/cells/_automation/containers.nix @@ -1,11 +1,10 @@ -{ inputs -, cell -}: -let +{ + inputs, + cell, +}: let inherit (inputs.cells) nixpkgs lib; l = nixpkgs.lib // builtins; -in -{ +in { dev = lib.ops.mkDevOCI { name = "docker.io/std-dev"; tag = "latest"; diff --git a/cells/lib/ops/mkDevOCI.nix b/cells/lib/ops/mkDevOCI.nix index 23866386..20389190 100644 --- a/cells/lib/ops/mkDevOCI.nix +++ b/cells/lib/ops/mkDevOCI.nix @@ -1,51 +1,72 @@ -{ inputs -, cell -, -}: -let +{ + inputs, + cell, +}: let inherit (inputs) nixpkgs std; l = nixpkgs.lib // builtins; n2c = inputs.n2c.packages.nix2container; in -{ name -, devshell -, runtimeShell ? nixpkgs.bashInteractive -, user ? "user" -, vscode ? false -, slim ? false -, tag ? "" -, setup ? [ ] -, perms ? [ ] -, labels ? { } -, options ? { } -, -}: -let - # vscode defaults to "vscode" as the user - user' = if vscode then "vscode" else user; - - # Apply the correct hook based on the given runtime shell - # Only bash/zsh are supported currently - shellName = builtins.unsafeDiscardStringContext (l.baseNameOf (l.getExe runtimeShell)); - shellConfigs = { - bash = "bashrc"; - zsh = "zshrc"; - }; - - # Configure local user - setupUser = cell.ops.mkUser { - user = user'; - group = user'; - uid = "1000"; - gid = "1000"; - shell = l.getExe runtimeShell; - withHome = true; - withRoot = true; - }; - - # Configure direnv, git, and nix - setupEnv = - cell.ops.mkSetup "container" + /* + Creates a "development" OCI image from a devshell + + Args: + name: The name of the image. + devshell: The devshell derivation used to populate /nix/store + runtimeShell: The default shell to use in the container + user: The name to use for the container user + vscode: If true, makes this image compatible with vscode devcontainers + slim: If true, omits including nixpkgs and some common development tools + tag: Optional tag of the image (defaults to output hash) + setup: A list of additional setup tasks to run to configure the container. + perms: A list of permissions to set for the container. + labels: An attribute set of labels to set for the container. The keys are + automatically prefixed with "org.opencontainers.image". + options: Additional options to pass to nix2container.buildImage. + + Returns: + An OCI container image (created with nix2container). + */ + { + name, + devshell, + runtimeShell ? nixpkgs.bashInteractive, + user ? "user", + vscode ? false, + slim ? false, + tag ? "", + setup ? [], + perms ? [], + labels ? {}, + options ? {}, + }: let + # vscode defaults to "vscode" as the user + user' = + if vscode + then "vscode" + else user; + + # Apply the correct hook based on the given runtime shell + # Only bash/zsh are supported currently + shellName = builtins.unsafeDiscardStringContext (l.baseNameOf (l.getExe runtimeShell)); + shellConfigs = { + bash = "bashrc"; + zsh = "zshrc"; + }; + + # Configure local user + setupUser = cell.ops.mkUser { + user = user'; + group = user'; + uid = "1000"; + gid = "1000"; + shell = l.getExe runtimeShell; + withHome = true; + withRoot = true; + }; + + # Configure direnv, git, and nix + setupEnv = + cell.ops.mkSetup "container" [ { regex = "/tmp"; @@ -89,10 +110,10 @@ let EOF ''; - # Setup the environment in such a way to make it compatible with what a - # vscode devcontainer expects - setupVSCode = - cell.ops.mkSetup "vscode" + # Setup the environment in such a way to make it compatible with what a + # vscode devcontainer expects + setupVSCode = + cell.ops.mkSetup "vscode" [ { regex = "/vscode"; @@ -117,116 +138,121 @@ let ln -s ${nixpkgs.coreutils}/bin/env $out/usr/bin/env ''; - # These packages are required by nix and its direnv integration test - nixDeps = [ - nixpkgs.direnv - nixpkgs.gitMinimal - nixpkgs.nix - nixpkgs.gawk - nixpkgs.gnugrep - nixpkgs.gnused - nixpkgs.diffutils - ]; - - # These are common packages that are useful for development - commonDeps = [ - nixpkgs.nano - nixpkgs.gnupg - nixpkgs.openssh - nixpkgs.starship - ]; - - # These packages are required by vscode - vscodeDeps = [ - nixpkgs.gnutar - nixpkgs.gzip - ]; - - # The entrypoint should be long-running by default - entrypoint = cell.ops.writeScript { - name = "entrypoint"; - text = '' - #!${l.getExe runtimeShell} - - if [ $# -eq 0 ]; then - while :; do sleep 2073600; done - else - "$@" & - fi - - wait -n - ''; - }; -in -cell.ops.mkOCI { - inherit entrypoint name tag labels perms; + # These packages are required by nix and its direnv integration test + nixDeps = [ + nixpkgs.direnv + nixpkgs.gitMinimal + nixpkgs.nix + nixpkgs.gawk + nixpkgs.gnugrep + nixpkgs.gnused + nixpkgs.diffutils + ]; + + # These are common packages that are useful for development + commonDeps = [ + nixpkgs.nano + nixpkgs.gnupg + nixpkgs.openssh + nixpkgs.starship + ]; + + # These packages are required by vscode + vscodeDeps = [ + nixpkgs.gnutar + nixpkgs.gzip + ]; + + # The entrypoint should be long-running by default + entrypoint = cell.ops.writeScript { + name = "entrypoint"; + text = '' + #!${l.getExe runtimeShell} - # No particular reason for using 1000 here other than it's idiomatic - uid = "1000"; - gid = "1000"; + if [ $# -eq 0 ]; then + while :; do sleep 2073600; done + else + "$@" & + fi - setup = [ setupEnv setupUser ] - ++ setup - ++ (l.optionals vscode [ setupVSCode ]); + wait -n + ''; + }; + in + cell.ops.mkOCI { + inherit entrypoint name tag labels perms; + + # No particular reason for using 1000 here other than it's idiomatic + uid = "1000"; + gid = "1000"; + + setup = + [setupEnv setupUser] + ++ setup + ++ (l.optionals vscode [setupVSCode]); - layers = [ - (n2c.buildLayer { - copyToRoot = [ - (nixpkgs.buildEnv + layers = [ + (n2c.buildLayer { + copyToRoot = [ + (nixpkgs.buildEnv + { + name = "devshell"; + paths = + [ + nixpkgs.coreutils + devshell + runtimeShell + ] + ++ nixDeps + ++ (l.optionals (! slim) commonDeps) + ++ (l.optionals vscode vscodeDeps); + + pathsToLink = ["/bin"]; + }) + # Required for fetching additional packages + nixpkgs.cacert + ]; + maxLayers = 100; + }) + ]; + + options = l.recursiveUpdate options { + # Initialize the nix database so we can use the nix CLI + initializeNixDatabase = true; + + # This configures a single-user environment where the container user + # owns all of /nix + nixUid = 1000; + nixGid = 1000; + + config = { - name = "devshell"; - paths = + Env = [ - nixpkgs.coreutils - devshell - runtimeShell + # Tell direnv to find it's config in /etc + "DIRENV_CONFIG=/etc" + # Required by many tools + "HOME=/home/${user'}" + # Nix related environment variables + "NIX_CONF_DIR=/etc" + "NIX_PAGER=cat" + # This file is created when nixpkgs.cacert is copied to the root + "NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt" + # Nix expects a user to be set + "USER=${user'}" ] - ++ nixDeps - ++ (l.optionals (! slim) commonDeps) - ++ (l.optionals vscode vscodeDeps); - - pathsToLink = [ "/bin" ]; - }) - # Required for fetching additional packages - nixpkgs.cacert - ]; - maxLayers = 100; - }) - ]; - - options = l.recursiveUpdate options { - # Initialize the nix database so we can use the nix CLI - initializeNixDatabase = true; - - # This configures a single-user environment where the container user - # owns all of /nix - nixUid = 1000; - nixGid = 1000; - - config = { - Env = [ - # Tell direnv to find it's config in /etc - "DIRENV_CONFIG=/etc" - # Required by many tools - "HOME=/home/${user'}" - # Nix related environment variables - "NIX_CONF_DIR=/etc" - "NIX_PAGER=cat" - # This file is created when nixpkgs.cacert is copied to the root - "NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt" - # Nix expects a user to be set - "USER=${user'}" - ] ++ (l.optionals vscode [ - # vscode ships with its own nodejs binary that it uploads when the - # container is started. It is, unfortunately, dynamically linked and - # we need to resort to some hackery to get it to run. - "LD_LIBRARY_PATH=${nixpkgs.stdenv.cc.cc.lib}/lib" - ]) ++ (l.optionals (! slim) [ - # Include to support installing additional packages - "NIX_PATH=nixpkgs=${nixpkgs.path}" - ]); - Volumes = (l.optionalAttrs vscode { "/vscode" = { }; }); + ++ (l.optionals vscode [ + # vscode ships with its own nodejs binary that it uploads when the + # container is started. It is, unfortunately, dynamically linked and + # we need to resort to some hackery to get it to run. + "LD_LIBRARY_PATH=${nixpkgs.stdenv.cc.cc.lib}/lib" + ]) + ++ (l.optionals (! slim) [ + # Include to support installing additional packages + "NIX_PATH=nixpkgs=${nixpkgs.path}" + ]); + Volumes = l.optionalAttrs vscode {"/vscode" = {};}; + } + // (l.optionalAttrs (! vscode) {WorkingDir = "/work";}); + }; } - // (l.optionalAttrs (! vscode) { WorkingDir = "/work"; }); - }; -} From 018bee340fd63e8f37df1a64c5f32edca6576a51 Mon Sep 17 00:00:00 2001 From: Joshua Gilman Date: Sat, 8 Oct 2022 08:12:57 -0700 Subject: [PATCH 16/17] feat: adds support for adding additional pkgs --- cells/lib/ops/mkDevOCI.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cells/lib/ops/mkDevOCI.nix b/cells/lib/ops/mkDevOCI.nix index 20389190..8e515497 100644 --- a/cells/lib/ops/mkDevOCI.nix +++ b/cells/lib/ops/mkDevOCI.nix @@ -17,6 +17,7 @@ in vscode: If true, makes this image compatible with vscode devcontainers slim: If true, omits including nixpkgs and some common development tools tag: Optional tag of the image (defaults to output hash) + pkgs: Additional pkgs to include in the image (symlinked to /bin) setup: A list of additional setup tasks to run to configure the container. perms: A list of permissions to set for the container. labels: An attribute set of labels to set for the container. The keys are @@ -30,10 +31,11 @@ in name, devshell, runtimeShell ? nixpkgs.bashInteractive, - user ? "user", vscode ? false, slim ? false, + user ? "user", tag ? "", + pkgs ? [], setup ? [], perms ? [], labels ? {}, @@ -204,6 +206,7 @@ in runtimeShell ] ++ nixDeps + ++ pkgs ++ (l.optionals (! slim) commonDeps) ++ (l.optionals vscode vscodeDeps); From d5fb8e3ed00a3523de47185747886c020944943e Mon Sep 17 00:00:00 2001 From: Joshua Gilman Date: Sat, 8 Oct 2022 11:03:43 -0700 Subject: [PATCH 17/17] fix: minor fixups --- cells/_automation/containers.nix | 4 ++-- cells/lib/ops/mkDevOCI.nix | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cells/_automation/containers.nix b/cells/_automation/containers.nix index 60f23cf8..ac55571d 100644 --- a/cells/_automation/containers.nix +++ b/cells/_automation/containers.nix @@ -8,7 +8,7 @@ in { dev = lib.ops.mkDevOCI { name = "docker.io/std-dev"; tag = "latest"; - devshell = inputs.cells._automation.devshells.default; + devshell = cell.devshells.default; labels = { title = "std-dev"; version = "0.1.0"; @@ -22,7 +22,7 @@ in { vscode = lib.ops.mkDevOCI { name = "docker.io/std-vscode"; tag = "latest"; - devshell = inputs.cells._automation.devshells.default; + devshell = cell.devshells.default; vscode = true; labels = { title = "std-dev"; diff --git a/cells/lib/ops/mkDevOCI.nix b/cells/lib/ops/mkDevOCI.nix index 8e515497..c45ce563 100644 --- a/cells/lib/ops/mkDevOCI.nix +++ b/cells/lib/ops/mkDevOCI.nix @@ -47,7 +47,7 @@ in then "vscode" else user; - # Apply the correct hook based on the given runtime shell + # Determine proper shell configuration file based on runtime shell # Only bash/zsh are supported currently shellName = builtins.unsafeDiscardStringContext (l.baseNameOf (l.getExe runtimeShell)); shellConfigs = { @@ -140,7 +140,7 @@ in ln -s ${nixpkgs.coreutils}/bin/env $out/usr/bin/env ''; - # These packages are required by nix and its direnv integration test + # These packages are required by nix and its direnv integration nixDeps = [ nixpkgs.direnv nixpkgs.gitMinimal