oci-images/nixos-runner
1
0
Fork 0
Code Issues 1 Pull requests Packages 1 Wiki Activity Actions

Container: add containers/policy.json
Some checks failed
build and publish containers / build (nixos, 24.11) (push) Failing after 5m10s
Details
build and publish containers / build (nixos, unstable) (push) Failing after 5m56s
Details

Browse source
This commit is contained in:
Julian Stiller 2025-02-07 13:28:35 +01:00
parent 3211d3e2be
commit 1332534734
1 changed files with 31 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
flake.nix
View file

@ -60,7 +60,29 @@
with pkgs;
(imagePackages pkgs)
++ [
(pkgs.writeTextFile {
(writeTextFile {
name = "containerPolicy";
destination = "/etc/containers/policy.json";
text = ''
{
"default": [
{
"type": "insecureAcceptAnything"
}
],
"transports":
{
"docker-daemon":
{
"": [{"type":"insecureAcceptAnything"}]
}
}
}
'';
})
(writeTextFile {
name = "passwd";
destination = "/etc/passwd";
text = builtins.concatStringsSep "\n" [
@ -100,7 +122,8 @@
"nobody:x:65534:65534:Unprivileged account (don't use!):/var/empty:/run/current-system/sw/bin/nologin"
];
})
(pkgs.writeTextFile {
(writeTextFile {
name = "group";
destination = "/etc/group";
text = builtins.concatStringsSep "\n" [
@ -127,7 +150,8 @@
"nogroup:x:65534:"
];
})
(pkgs.writeTextFile {
(writeTextFile {
name = "nsswitch.conf";
destination = "/etc/nsswitch.conf";
text = builtins.concatStringsSep "\n" [
@ -142,7 +166,8 @@
"rpc: files"
];
})
(pkgs.writeTextFile {
(writeTextFile {
name = "nix.conf";
destination = "/etc/nix/nix.conf";
text = builtins.concatStringsSep "\n" [
@ -153,6 +178,7 @@
];
})
];
extraCommands = builtins.concatStringsSep "\n" [
# /usr/bin/env
"mkdir usr"
@ -162,6 +188,7 @@
# root needs a home
"mkdir -vp root"
];
config = {
Cmd = [ "/bin/bash" ];
Env = [