From 47d99094cd43bd1bca60888fa83766968eb7ef16 Mon Sep 17 00:00:00 2001
From: tezlm <zestylemonade@celery.eu.org>
Date: Thu, 18 Jan 2024 19:04:14 -0800
Subject: [PATCH] initial commit

---
 .gitignore |  1 +
 README.md  | 27 +++++++++++++++++++++++++++
 flake.lock | 26 ++++++++++++++++++++++++++
 flake.nix  | 29 +++++++++++++++++++++++++++++
 4 files changed, 83 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 README.md
 create mode 100644 flake.lock
 create mode 100644 flake.nix

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..b2be92b
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+result
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..6c861fb
--- /dev/null
+++ b/README.md
@@ -0,0 +1,27 @@
+# nix builder
+
+A custom buider for forgejo, trying to use nix instead of actions idioms
+wherever possible. The provide nix flake builds the docker container.
+
+## example config
+
+This is the workflow I use and seems to work well.
+
+```yaml
+name: build
+on: [push]
+jobs:
+  check:
+    runs-on: nix
+    steps:
+      - name: clone
+        run: git clone https://username:${{secrets.TOKEN}}@git.celery.eu.org/username/repo .
+      - name: cache login
+        run: attic login central ${{vars.ATTIC_URL}} ${{secrets.ATTIC_TOKEN}}
+      - name: cache setup
+        run: attic use actions
+      - name: build
+        run: nix build
+      - name: cache push
+        run: attic push actions result
+```
diff --git a/flake.lock b/flake.lock
new file mode 100644
index 0000000..c0d81af
--- /dev/null
+++ b/flake.lock
@@ -0,0 +1,26 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1705619229,
+        "narHash": "sha256-fadsP3WWeCqkqFwo7p23GP3dGvhs7yFQKNlzA1hUvlE=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "4e68f8bdc9a8fa513acc12ab8f8d1f8ce023fae8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 0000000..e1e6b5b
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,29 @@
+{
+  description = "nix builder for ci";
+
+  inputs.nixpkgs.url = "github:NixOS/nixpkgs";
+
+  outputs = { self, nixpkgs }: let
+    pkgs = import nixpkgs { system = "x86_64-linux"; };
+  in {
+    packages.x86_64-linux.default = pkgs.dockerTools.buildImage {
+      name = "nix-builder";
+      tag = "latest";
+      copyToRoot = with pkgs; [coreutils cacert nix curl];
+      
+      runAsRoot = ''
+        #!${pkgs.runtimeShell}
+        mkdir -p /etc/nix
+        echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf
+        ln -s $NIX_SSL_CERT_FILE /etc/ssl/certs
+      '';
+      
+      config = {
+        Cmd = ["${pkgs.bash}/bin/bash"];
+        Env = with pkgs; [
+          "NIX_SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
+        ];
+      };
+    };
+  };
+}