/nix-docker-cljc

reproducible dev+test+production environments for java+javascript+clojure(script)

Primary LanguageNix

This repository contains examples how to package clojure(script) applications with nix.

Buildserver

docker image size docker pulls

In case your build-system doesn't have nix installed, you can use the docker-container defined in flake-docker.nix from hub.docker.com.

docker run -ti johannesloetzsch/nix-flake:latest bash

docker run -ti johannesloetzsch/nix-flake:latest nix run nixpkgs#hello

The last command downloads the latest version of hello from the flake-registry.

When reproducibility matters, you can use nixpkgs in the version provided by the flake used to build the container. This also helps keeping the /nix/store thin, by preventing the installation of packages in multiple versions.

docker run -ti johannesloetzsch/nix-flake:latest nix run /etc/nixos#pkgs.hello
docker run -ti johannesloetzsch/nix-flake:latest nix eval /etc/nixos#nixpkgs.lastModifiedDate
docker run -ti johannesloetzsch/nix-flake:latest nix eval /etc/nixos#nixpkgs.rev

Dockerfile is an example how to build local repositories, on a system without nix.

docker build -t buildserver-example .
docker run -ti -v nix:/nix/ buildserver-example

You can even use a configuration.nix (or flake.nix) to profit from config options provided by nixos: See Example

Caching

Using nix allows simple and efficient caching. To keep downloaded and built derivations between restarts of the docker-buildserver, define /nix to be a volume. For efficient usage of remote flakes, keep ~/.cache/nix/flake-registry.json. Further speedup is achieved, by memorization of nix-expressions in ~/.cache/nix/eval-cache*.

docker run -ti -v nix:/nix/ -v root:/root/ johannesloetzsch/nix-flake:latest nix run nixpkgs#hello

Circleci

circleci

The repository contains a .circleci/config.yml, showing an example of how to configure a ci build based on nix. Caching is done based on flake.lock and flake.nix. In case one of the files changed, it will fallback to the latest available cache.

The example also shows how a file from a derivation can be uploaded to an github release. For using it, in circleci set GITHUB_TOKEN as a valid personal access token with scope public_repo.

Troubleshooting

Circleci requires that nix builds run without sandboxing, otherwise it fails with „cannot set host name: Operation not permitted“. So we disable it by setting sandbox = false in ~/.config/nix/nix.conf.

Building a derivation with dockerTools.buildImage.runAsRoot might fail with „'x86_64-linux' with features {kvm} is required to build“. If you want use qemu without kvm, set system-features = kvm in ~/.config/nix/nix.conf.