{ description = "Angie web server (aarch64) — OCI image for Gitea registry"; inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; outputs = { self, nixpkgs }: let system = "aarch64-linux"; pkgs = import nixpkgs { inherit system; }; # nixpkgs ships angie compiled against `--prefix=/etc/angie` and # `--http-log-path=/var/log/angie/access.log`; the package's `bin/angie` # already knows where to look for its main config (/etc/angie/angie.conf). angie = pkgs.angie; # Stock main config: turns on http and includes whatever drop-ins the # chart mounts at /etc/angie/http.d/*.conf — same idiom as the alpine # nginx image's /etc/nginx/conf.d/. mainConf = pkgs.writeText "angie.conf" '' worker_processes auto; error_log /var/log/angie/error.log notice; pid /run/angie.pid; events { worker_connections 1024; } http { include ${angie}/conf/mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; access_log /var/log/angie/access.log; include /etc/angie/http.d/*.conf; } ''; image = pkgs.dockerTools.streamLayeredImage { name = "angie"; tag = angie.version; contents = with pkgs; [ angie cacert dockerTools.fakeNss coreutils bash ]; # Writable runtime dirs — image filesystem is otherwise read-only. extraCommands = '' mkdir -p var/log/angie var/cache/angie var/lib/angie run tmp etc/angie/http.d chmod 1777 tmp cp ${mainConf} etc/angie/angie.conf ''; config = { Entrypoint = [ "${angie}/bin/angie" ]; Cmd = [ "-g" "daemon off;" ]; ExposedPorts = { "80/tcp" = { }; }; WorkingDir = "/etc/angie"; }; }; in { packages.${system} = { default = image; # Plain text file containing just the version string — read by CI to # produce the registry tag without re-evaluating the flake. version = pkgs.writeText "angie-version" angie.version; }; }; }