diff --git a/flake.nix b/flake.nix index f07964e..7a27ea3 100644 --- a/flake.nix +++ b/flake.nix @@ -16,6 +16,7 @@ pkgs, inputs', config, + system, ... }: rec { treefmt = { @@ -174,17 +175,25 @@ finalize-script = finalizeScript; image = pkgs.dockerTools.buildImage { name = "nix-ci"; - fromImage = pkgs.dockerTools.pullImage { - imageName = "nixpkgs/nix-flakes"; - # nix run nixpkgs#nix-prefetch-docker -- --image-name nixpkgs/nix-flakes --image-tag latest --arch --os linux - imageDigest = "sha256:95bce4317c15dfab3babac5a6d19d3ed41e31a02a8aaf3d4f6639778cb763b0a"; - sha256 = - if pkgs.stdenv.hostPlatform.isAarch64 - then "DMlSaP+ZVqxd9NxdFydGyfkuJdmOW5jt5iM/7cDyTEM=" - else "mfTNlGOpThanLlLQ2lL1RTcHqZJWdqUafYDZMeZPWEk="; - finalImageName = "nixpkgs/nix-flakes"; - finalImageTag = "latest"; - }; + fromImage = let + hashes = { + "aarch64-linux" = "sha256-mfTNlGOpThanLlLQ2lL1RTcHqZJWdqUafYDZMeZPWEk="; + "x86_64-linux" = "sha256-DMlSaP+ZVqxd9NxdFydGyfkuJdmOW5jt5iM/7cDyTEM="; + }; + # skopeo inspect --raw docker://nixpkgs/nix-flakes + digests = { + "aarch64-linux" = "sha256:5113a4d10dda16c30bf2e517f29a56890233d2660115003155aab1f7d279d8db"; + "x86_64-linux" = "sha256:be07ecf4b5c19be83f63b6f5c7f21bcaf19cf722d339c99cfe2b2ad09f81a7fa"; + }; + sha256 = hashes.${system} or (throw "Unsupported system"); + imageDigest = digests.${system} or (throw "Unsupported system"); + in + pkgs.dockerTools.pullImage { + imageName = "nixpkgs/nix-flakes"; + inherit sha256 imageDigest; + finalImageName = "nixpkgs/nix-flakes"; + finalImageTag = "latest"; + }; copyToRoot = pkgs.buildEnv { name = "image-root"; paths = [