commit bc596d806075cec2d9447a80e9ed71dae50d5cec parent b57343561db58026ec8237792c9cf7218de1c17e Author: Jan Pobříslo <ccx@te2000.cz> Date: Wed, 22 Jun 2022 23:47:02 +0200 Initial implementation for creating Nix containers Diffstat:
| M | zsh-functions/confz_containers_init | | | 112 | +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ |
1 file changed, 112 insertions(+), 0 deletions(-)
diff --git a/zsh-functions/confz_containers_init b/zsh-functions/confz_containers_init @@ -441,6 +441,22 @@ confz_container_template_file_do() { chmod $vars[mode] $vars[root]/$vars[target] || die } +confz_container_download_and_verify_check() { + checkvars containers_dir url checksum checksum_algo + defvar filename ${vars[url]:t} + + require fs_d filename=$vars[container_dir]/download-cache + + do_command=( + wget --no-clobber --unlink + -o $vars[container_dir]/download-cache/$vars[filename] + -- + $vars[url] + ) + (cd $vars[container_dir]/download-cache && + $vars[checksum_algo]sum -c <<<"$vars[checksum] $vars[filename]") +} + confz_container_generic_layout_check() { checkvars root defvar uid 0 @@ -873,3 +889,99 @@ confz_container_void_packages_installed_check() { (( $#missing == 0 )) } +# --- Nix / NixOS --- + +confz_container_nix_image_from_release_check() { + checkvars containers_dir image_name + defvar system x86_64-linux + defvar release 2.9.1 + defvar checksum_algo sha2 + defvar mirror https://releases.nixos.org/nix + + case $vars[release] in + (2.9.1) case $vars[system] in + (x86_64-linux) + defvar checksum ea7b94637b251cdaadf932cef41c681aa3d2a15928877d8319ae6f35a440977d + ;; + + (i686-linux) + defvar checksum 41e38706a26736aa42acd3dbd57db7e354e722e4bd5f6d9c8069d1c98b6081be + ;; + + (aarch64-linux) + defvar checksum d706c6b710548b9c3ed4a409df3a7293da14f726dcc59849abd709e574cabeed + ;; + + (armv6l-linux) + defvar checksum d8483f0747dce74685fcffa628908a96e6d0f7b1166a97f0eef231f5faa86c22 + ;; + + (armv7l-linux) + defvar checksum 6f7f285d5de8b8d7686b6925869e25c2ff40f16492190c0b773ebd357bd4c956 + ;; + esac + ;; + esac + + unify url $vars[mirror]/nix-$vars[release]/nix-$vars[release]-$vars[system].tar.xz + + (($+vars[checksum])) || die "No stored checksum for $url" + + require container_nix_image :containers_dir :image_name :url +} + +confz_container_nix_unpacked_check() { + checkvars containers_dir image_name filename + local root=$vars[containers_dir]/systems/$vars[image_name] + + do_command=( + s6-setuidgid container-$vars[image_name] + tar -xpC "$root" -f "$vars[filename]" + ) + + [[ -f $root/install ]] +} + +confz_container_nix_image_check() { + checkvars containers_dir image_name url checksum + defvar checksum_algo sha2 + + defvar hostname $vars[image_name] + defvar locale C.UTF-8 + + require download_and_verify :containers_dir :checksum :checksum_algo \ + %filename url=$vars[mirror]/$vars[image_name] + + require container_sysroot_user %uid %gid :containers_dir :image_name + require container_generic_layout :uid :gid :root + require container_nix_unpacked :containers_dir :image_name :filename +} + +confz_container_nix_packages_installed_check() { + checkvars containers_dir image_name packages svscan_dir + + require container_service_sysroot :containers_dir :svscan_dir \ + :image_name + + local root=$vars[containers_dir]/systems/$vars[image_name] + local -a world=( "${(@f)$( + grep -o 'outPath = "[^"]*"' \ + $root/var/lib/nix/profiles/default/manifest.nix \ + | uniq | sed 's|^outPath = "/nix/store/[^-]*-||;s|"$||' + )}" ) + local -a missing + local pkg + + for pkg in $=vars[packages]; do + (( $world[(I)${pkg}] )) || missing+=( $pkg ) + done + + do_command=( + $commands[cd] $vars[svscan_dir]/container.$vars[image_name].sysroot + container_sysroot_run + /var/lib/nix/profiles/default/bin/nix-env --install $missing + ) + + (( $#missing == 0 )) +} +