oleks/angie-arm64
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bf960f4eed1f02bb21de9726a24dc6b1459a254d
angie-arm64/flake.nix
T
Oleks bf960f4eed
ci/woodpecker/push/woodpecker Pipeline was successful
Details
image: run as root + use compiled-in /var/log/nginx + explicit -c 
The nixpkgs angie build hardcodes /var/log/nginx for error_log and
defaults its worker group to 'nogroup' (which fakeNss doesn't ship).
Run as root in the container, mkdir the compiled-in log dir, and pass
-c /etc/angie/angie.conf explicitly so our custom main config wins
over whatever default ships in /etc/angie/.
2026-05-09 23:21:59 +03:00

85 lines
2.5 KiB
Nix
Raw Blame History

{
description = "Angie web server (aarch64) OCI image for Gitea registry";
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
outputs =
{ self, nixpkgs }:
let
system = "aarch64-linux";
pkgs = import nixpkgs { inherit system; };
# nixpkgs ships angie compiled against `--prefix=/etc/angie` and
# `--http-log-path=/var/log/angie/access.log`; the package's `bin/angie`
# already knows where to look for its main config (/etc/angie/angie.conf).
inherit (pkgs) angie;
# Stock main config: turns on http and includes whatever drop-ins the
# chart mounts at /etc/angie/http.d/*.conf — same idiom as the alpine
# nginx image's /etc/nginx/conf.d/.
mainConf = pkgs.writeText "angie.conf" ''
# Run as root in the container fakeNss doesn't ship a "nogroup"
# group, which is the compiled-in default group for this angie build,
# and the worker would refuse to start otherwise.
user root;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /run/angie.pid;
events { worker_connections 1024; }
http {
include ${angie}/conf/mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
access_log /var/log/angie/access.log;
include /etc/angie/http.d/*.conf;
}
'';
image = pkgs.dockerTools.streamLayeredImage {
name = "angie";
tag = angie.version;
contents = with pkgs; [
angie
cacert
dockerTools.fakeNss
coreutils
bash
];
# Writable runtime dirs. /var/log/nginx is the compiled-in path for
# angie (matches nixpkgs' nginx build flags); the chart's main config
# also writes pid to /run.
extraCommands = ''
mkdir -p var/log/nginx var/cache/angie var/lib/angie run tmp etc/angie/http.d
chmod 1777 tmp run
cp ${mainConf} etc/angie/angie.conf
'';
config = {
Entrypoint = [ "${angie}/bin/angie" ];
Cmd = [
"-c"
"/etc/angie/angie.conf"
"-g"
"daemon off;"
];
ExposedPorts = {
"80/tcp" = { };
};
WorkingDir = "/etc/angie";
};
};
in
{
packages.${system} = {
default = image;
};
# Plain string — read by CI via `nix eval --raw .#angieVersion`.
angieVersion = angie.version;
};
}
Reference in New Issue View Git Blame Copy Permalink