nix -> Dockerfile

gigamonster256 · gigamonster256 · commit a79807f18e79 · 2025-02-03T13:33:32.000-06:00
diff --git a/.github/workflows/build-and-deploy.yaml b/.github/workflows/build-and-deploy.yaml
@@ -13,10 +13,8 @@ jobs:
     - uses: actions/checkout@v4
       with:
         fetch-depth: 0
-    - uses: DeterminateSystems/nix-installer-action@main
-    - uses: DeterminateSystems/flakehub-cache-action@main
-    - name: Build and load image
-      run: docker load <$(nix build --extra-experimental-features "nix-command flakes" --print-out-paths --no-link .#packages.x86_64-linux.docker)
+    - name: Build docker image
+      run: docker build -t $IMAGE_NAME .
     - name: Log in to registry
       run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
     - name: Push image
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,31 @@
+# Nix builder
+FROM nixos/nix:latest AS builder
+
+# Copy our source and setup our working dir.
+COPY . /tmp/build
+WORKDIR /tmp/build
+
+# Build our Nix environment
+RUN nix \
+    --extra-experimental-features "nix-command flakes" \
+    --option filter-syscalls false \
+    build
+
+# Copy the Nix store closure into a directory. The Nix store closure is the
+# entire set of Nix store values that we need for our build.
+RUN mkdir /tmp/nix-store-closure
+RUN cp -R $(nix-store -qR result/) /tmp/nix-store-closure
+
+# we also need davfs2 and I'm struggling to get it to work in a pure nix environment
+# this step means we likely have 2 versions (nix store and debian) versions of lots of things
+FROM debian:bullseye-slim
+
+RUN apt-get update && apt-get install -y davfs2
+RUN ln -s /proc/mounts /etc/mtab
+
+WORKDIR /app
+
+# Copy /nix/store
+COPY --from=builder /tmp/nix-store-closure /nix/store
+COPY --from=builder /tmp/build/result /app
+ENTRYPOINT ["/app/bin/webdav"]
diff --git a/flake.nix b/flake.nix
@@ -28,28 +28,6 @@
         webdavplugin = callPackage ./. {
           inherit (gomod2nix.legacyPackages.${system}) buildGoApplication;
         };
-
-        docker = pkgs.dockerTools.buildImage {
-          name = "webdavplugin";
-          tag = "latest";
-          contents = pkgs.buildEnv {
-            name = "image-root";
-            paths = with pkgs; [
-              mount
-              davfs2
-            ];
-          };
-          # https://nixos.org/manual/nixpkgs/stable/#ssec-pkgs-dockerTools-shadowSetup
-          runAsRoot = ''
-            ${pkgs.dockerTools.shadowSetup}
-            groupadd -r davfs2
-            useradd -r -g davfs2 davfs2
-            ln -s /proc/mounts /etc/mtab # davfs2 needs this
-            mkdir -p /var/cache/davfs2
-            chmod 0600 /etc/davfs2/secrets # reset permissions
-          '';
-          config.Entrypoint = ["${webdavplugin}/bin/webdav"];
-        };
       };
       devShells.default = callPackage ./shell.nix {
         inherit (gomod2nix.legacyPackages.${system}) mkGoEnv gomod2nix;
