tazjin / nixery

Container registry which transparently builds images using the Nix package manager. Canonical repository is https://cs.tvl.fyi/depot/-/tree/tools/nixery
https://nixery.dev/
Apache License 2.0
1.83k stars 69 forks source link

Consider support building nix-snapshotter images #160

Open elpdt852 opened 1 year ago

elpdt852 commented 1 year ago

Hi there, thanks for the awesome project! We just open sourced nix-snapshotter which brings native understanding of Nix packages to containerd, i.e. the image manifests become just metadata and we use the Nix protocols to pull the packages and bind mount them into the container rootfs.

We're also written in Golang, so I imagine it won't be too hard to hook up our public methods to generate nix-snapshotter images based on API requests. Note that although nix-snapshotter is backwards compatible with non-Nix and existing Nix images, Docker/containerd not configured with nix-snapshotter is unable to run nix-snapshotter images. So this probably needs to be behind a feature flag.

We also have a FAQ entry also to help explain the differences between nix-snapshotter and nixery.

tazjin commented 1 year ago

Your project is GREAT! Been waiting for something like this to come along for a while!

Yes, totally in favour. Can we discuss what would need to be done on some chat medium (IRC, Matrix for the official TVL chats, documented on https://tvl.fyi), or maybe in a call (I'm in UTC+3, and fairly available)?

By the way, there's a mistake in your FAQ entry:

but still uses the same layering strategy as upstream's pkgs.dockerTools.buildImage (see above)

Nixery does not actually do that. It uses a more sophisticated mechanism: https://tazj.in/blog/nixery-layers

However, of course, the whole problem doesn't exist if you don't have the Docker layer restriction :)

tazjin commented 1 year ago

Notes from the catchup with @elpdt852 just now:

tazjin commented 1 year ago

Reopening, that PR above is only related to this issue, it doesn't close it.

elpdt852 commented 1 year ago

Sorry, looks like that was automatic!