feat!: add daemon to build & especially cache

.gitignore

@@ -0,0 +1,2 @@
+.idea/
+gitlab-runner.toml

Dockerfile

@@ -1,10 +0,0 @@
-ARG NIX_TAG="latest"
-
-FROM nixos/nix:$NIX_TAG
-
-COPY entrypoint.sh /usr/local/bin/
-
-RUN mkdir -p ~/.config/nix && \
-    echo -e "experimental-features = nix-command flakes\naccept-flake-config = true" > ~/.config/nix/nix.conf
-
-ENTRYPOINT ["/bin/sh", "/usr/local/bin/entrypoint.sh"]

README.md

@@ -12,3 +12,6 @@ rec {
 };
 ...
 ```
+
+## Daemon
+For caching this uses a separate docker container where a nix-daemon runs in

ci-image/Dockerfile

@@ -0,0 +1,12 @@
+ARG NIX_TAG="latest"
+
+FROM nixos/nix:$NIX_TAG
+
+COPY entrypoint.sh /usr/local/bin/
+COPY nix.conf /etc/nix/nix.conf
+COPY nix.conf /root/.config/nix/nix.conf
+
+VOLUME "/mnt/nix/daemon-socket"
+VOLUME "/mnt/nix/store"
+
+ENTRYPOINT ["/bin/sh", "/usr/local/bin/entrypoint.sh"]

ci-image/entrypoint.sh

@@ -0,0 +1,7 @@
+#!/bin/sh
+set -e
+
+cd "$CI_PROJECT_DIR"
+
+echo "Activating flake's CI shell..."
+nix develop .#ci --impure --command "bash"

ci-image/nix.conf

@@ -0,0 +1,4 @@
+experimental-features = nix-command flakes
+accept-flake-config = true
+store = unix:///mnt/nix/daemon-socket/socket?real=/mnt/nix/store
+sandbox = true

daemon/Dockerfile

@@ -0,0 +1,10 @@
+FROM nixos/nix:latest
+
+RUN nix-env -iA nixpkgs.mount
+
+VOLUME "/mnt/nix/store"
+
+COPY entrypoint.sh /usr/local/bin/
+COPY nix.conf /etc/nix/nix.conf
+
+ENTRYPOINT ["/bin/sh", "/usr/local/bin/entrypoint.sh"]

daemon/entrypoint.sh

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+#   this needs elevated permissions, as long as docker mounts a volume and not a hostpath the contents get kept without
+#   needing an overlay mount
+
+# mount -t overlay overlay -o \
+#  lowerdir=/nix/store,upperdir=/mnt/nix/store/upper,workdir=/mnt/nix/store/workdir \
+#  /nix/store
+
+nix-daemon

daemon/nix.conf

@@ -0,0 +1,2 @@
+experimental-features = nix-command flakes
+sandbox = true

docker-compose.yml

@@ -0,0 +1,22 @@
+services:
+  gitlab-runner:
+    image: gitlab/gitlab-runner:latest
+    restart: unless-stopped
+    container_name: Gitlab-Runner
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ./gitlab-runner.toml:/etc/gitlab-runner/config.toml
+
+  nix-ci-daemon:
+    # comment out build to use the dockerhub image
+    build: ./daemon
+    image: technofab/nix-ci-daemon
+    restart: unless-stopped
+    container_name: Nix-CI-Daemon
+    volumes:
+      - nix-daemon-socket:/nix/var/nix/daemon-socket
+      - nix-shared-store:/nix/store
+
+volumes:
+  nix-shared-store:
+  nix-daemon-socket:

entrypoint.sh

@@ -1,7 +0,0 @@
-#!/bin/sh
-set -e
-
-cd "$CI_PROJECT_DIR"
-
-echo "Activating flake's CI shell..."
-nix --extra-experimental-features "flakes nix-command" develop .#ci --accept-flake-config --impure --command "bash"

gitlab-runner-example.toml

@@ -0,0 +1,21 @@
+[[runners]]
+    name = "Nix CI Runner"
+    url = "https://gitlab.com"
+    token = ""
+    executor = "docker"
+    [runners.custom_build_dir]
+    [runners.docker]
+        tls_verify = false
+        image = "technofab/nix-gitlab-ci"
+        privileged = true
+        # we cant specify a json file here, so we need privileged for now
+        #security_opt = [ "seccomp=/usr/share/containers/seccomp.json" ]
+        disable_entrypoint_overwrite = false
+        oom_kill_disable = false
+        disable_cache = false
+        volumes = [
+            # prefixed with the docker-compose name
+            "nix-gitlab-ci_nix-shared-store:/mnt/nix/store:ro",
+            "nix-gitlab-ci_nix-daemon-socket:/mnt/nix/daemon-socket:ro"
+        ]
+        shm_size = 0