diff --git a/.gitea/workflows/build-images.yml b/.gitea/workflows/build-images.yml index c5eae6f..6eff152 100644 --- a/.gitea/workflows/build-images.yml +++ b/.gitea/workflows/build-images.yml @@ -14,9 +14,6 @@ jobs: - name: Checkout uses: actions/checkout@v6 - - name: Install Skopeo - run: nix shell nixpkgs#skopeo -c echo "skopeo installed" - - name: Build aarch64 Image run: nix build .#dockerImages.aarch64-linux.node --out-link ./image-aarch64.tar.gz diff --git a/flake.nix b/flake.nix index 750c4a6..8f284fd 100644 --- a/flake.nix +++ b/flake.nix @@ -136,38 +136,50 @@ withSystem system ( { pkgs, ... }: { - node = pkgs.dockerTools.buildImage { - name = "node"; - tag = "latest"; - runAsRoot = '' - #!${pkgs.runtimeShell} - set -e - ${pkgs.dockerTools.shadowSetup} - groupadd -r node - useradd -r -g node -m -d /home/node node - mkdir -p /nix - chown node:node /nix - ''; - copyToRoot = pkgs.buildEnv { - name = "image-root"; - pathsToLink = [ "/" ]; - paths = with pkgs; [ + node = + let + homeDir = pkgs.runCommand "home-node" { } '' + mkdir -p $out/home/node + ''; + nixDir = pkgs.runCommand "nix-dir" { } '' + mkdir -p $out/nix + ''; + in + pkgs.dockerTools.buildLayeredImage { + name = "node"; + tag = "latest"; + contents = with pkgs; [ nodejs nix busybox bash skopeo + cacert + homeDir + nixDir + (writeTextFile { + name = "etc-passwd"; + destination = "/etc/passwd"; + text = "node:x:1000:1000:node:/home/node:/bin/sh\n"; + }) + (writeTextFile { + name = "etc-group"; + destination = "/etc/group"; + text = "node:x:1000:\n"; + }) ]; + enableFakechroot = true; + fakeRootCommands = '' + chown -R 1000:1000 /home/node /nix + ''; + config = { + User = "1000"; + Env = [ + "NIX_CONFIG=experimental-features = nix-command flakes" + "HOME=/home/node" + ]; + }; }; - config = { - User = "node"; - Env = [ - "NIX_CONFIG=experimental-features = nix-command flakes" - "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" - "NODE_EXTRA_CA_CERTS=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" - ]; - }; - }; } ) );