Hi, I'm using this nix docker to build other dockers in gitlab CI, but it's failing to run the servant test suite because of errors like the following:

(ConnectionFailure Network.Socket.getAddrInfo (called with preferred socket type/protocol: 
AddrInfo {addrFlags = [AI_ADDRCONFIG], addrFamily = AF_UNSPEC, addrSocketType = Stream, 
addrProtocol = 0, addrAddress = <assumed to be undefined>, addrCanonName = <assumed to be undefined>},
host name: Just "localhost", service name: Just "34263"): does not exist (Name or service not known)))

Here is the full log: https://gitlab.com/zenhaskell/infra-dockers/-/jobs/173325822

/etc/hosts looks fine to me but here it is in full

$ cat /etc/hostname
runner-ed2dce3a-project-7321855-concurrent-0
$ cat /etc/hosts
127.0.0.1        localhost
::1        localhost ip6-localhost ip6-loopback
fe00::0        ip6-localnet
ff00::0        ip6-mcastprefix
ff02::1        ip6-allnodes
ff02::2        ip6-allrouters
172.17.0.3        docker 41ed789b04a5 runner-ed2dce3a-project-7321855-concurrent-0-docker-0
172.17.0.4        runner-ed2dce3a-project-7321855-concurrent-0

2.3.10 doesn't include git in the image, seem odd given the nix-build might assume it's ready to use.

Hi!
I get the error in the title when using nix-build, but I'm already root and the file belongs to me.
Any ideas?

the latest nix version is 2.3.15. it was also updated in df2cbd1 but is not available at https://hub.docker.com/r/nixos/nix/tags?page=1&ordering=last_updated

I am experiencing this error on circleci:

#!/bin/sh -eo pipefail
nix-channel --add https://nixos.org/channels/nixpkgs-unstable
nix-channel --update

Fatal error: glibc detected an invalid stdio handle
Aborted (core dumped)
Exited with code 134

Newb to NixOS here - is there supposed to be a default configuration.nix file somewhere ? If so, I can't find it.

I'm trying to run nix-shell for a project that's setup for nix, and need to add configurations for binaryCaches and binaryCachePublicKeys, like so:

nix = {
  binaryCaches          = [ "..." "..." ];
  binaryCachePublicKeys = [ "..." "...." ];
};

Any pointes to where I should add this ? Using this Docker image, I can't seem to find the recommended configuration.nix file. Should I add it to the project's shell.nix file ? Appreciate any and all help 🙏

The line

The ubuntu image contains this file, but with the hosts: files dns line instead of the other way round, which is what I'd expect as default as well. In our case the different order led to some names being resolved to "wrong" IP addresses.

See also https://gitlab.com/gitlab-org/gitlab/-/issues/215471, where the external lookup via DNS with higher priority led to localhost being resolved to something other than 127.0.0.1.

I'd simply open a PR for this but would like to get some feedback first as I'm not 100% sure of the consequences to existing pipelines.

I am not able to install any jdk using nix-env inside the docker container, other packages works.

FROM nixos/nix

RUN nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgs
RUN nix-channel --update

RUN nix-env --install jdk8

I also posted a more detailed description here:
NixOS/nixpkgs#133786

Example, installing vim works, jdk8 does not work:

+ nix-env -i vim
installing 'vim-8.2.2567'
these paths will be fetched (7.61 MiB download, 35.88 MiB unpacked):
  /nix/store/0dcf13hhk1kl9i0gcq7yjp8p9cp166n4-vim-8.2.2567
  /nix/store/1838raw4b33pbry9m3c4mwrfigzbkf6r-gawk-5.1.0
copying path '/nix/store/1838raw4b33pbry9m3c4mwrfigzbkf6r-gawk-5.1.0' from 'https://cache.nixos.org'...
copying path '/nix/store/0dcf13hhk1kl9i0gcq7yjp8p9cp166n4-vim-8.2.2567' from 'https://cache.nixos.org'...
building '/nix/store/ra3vm69w7x99a3mzi0phpag8ib2877xd-user-environment.drv'...
created 430 symlinks in user environment
+ nix-env -i jdk8
error: selector 'jdk8' matches no derivations
FATAL:   While performing build: while running engine: exit status 1

There's no 21.11 image yet.

For reproducibility I'm using tagged versions of the nixos/nix image in my CI setup. The latest tagged version that's available on Docker Hub is 2.3.6. Since the Dockerfile has already been updated to 2.3.10, could you please push a tagged version of that to Docker Hub?

$ docker run -i -t nixos/nix /bin/sh -c "du -sh /nix/store/*nixpkgs*"
4.0K	/nix/store/735n9x9w78d97l8y77f71xch3g05iaak-nixpkgs-20.09pre224255.e23f5308583.drv
282.2M	/nix/store/d0zmpyvyhjrq3h2zigjlvcq73x361jdi-nixpkgs-20.09pre224255.e23f5308583

I personally use the image to create the latest stable (20.03) environment, so I find it surprising that the base image already contains nixpkgs-unstable.

This makes the image around 4 times bigger than necessary (the image is around ~90 MB without the channel, adding the channel increases it to ~390 MB).

Is this the original intention?

Hello,

The nix image seems a bit broken, any idea?

~$ docker run -it --rm nixos/nix
29aa83922fc7:/# nix verify
error: opening file '/default.nix': No such file or directory

This also happens with a Dockerfile that does FROM nixos/nix.

nix verify is just one of other commands that fails using the same pattern (e.g nix copy)

Hi,

I would like to use nix-emacs-ci but my CI environment only has arm/v7 slaves. Would you mind adding support for arm/v7 builds?

The recent nixos/nix:2.3.4 removed the postgres user that was present on nixos/nix:2.3.

Is that intentional?

I am not too familiar with Docker but from what I understand, the nixos/nix:2.3 dockerfile does not contain any reference to postgres. So I imagine that it has to do with the base image alpine. Is that right?

It looks like only amd64 flavor of images is available on Docker hub. It would be nice to have an arm64 equivalent as well.

Good day everyone,

I use the nixos/nix image in my ci pipeline and am currently trying to build a derivation which was created by node2nix. The derivation works fine on my machine and any other I could try, but stops working when used inside the nixos/nix docker image. The derivation "succeeds" and creates an output both locally and inside the docker, but all of my unittests are failing in the docker container as all binary dependencies are missing from the environment.

After a long session of trial and error, I created a graph of the dependencies of the derivation both locally and in the docker, using nix-store -q --graph ... | dot.

A comparison of these graphs can be found below. The graph generated inside docker is missing most of the dependencies:

Graph created inside the docker image:

Graph created locally:

Things I have tried to locate the source of the problem:

• Spawned a fresh Ubuntu 20 VM, installed nix and executed nix-build. The derivation works.
• Spawned a fresh NixOS 20.03 VM and executed nix-build. The derivation works.
• Tried the derivation on two other physical machines. It derivation works.
• I executed nix-build -vvvvv on my machine and in the docker, and git diffed the ouput. They are equal (except for the paths of the mountpoint and runner ids).
• I added a printenv in the build step and, again, git diffed the output. Same results as above.
• I have updated the version of nix inside the container to 2.3.7 (the same version I use locally). Same results.

I have created a small repository containing the necessary code to reproduce my problem. This repository is missing my failing unit-tests, but the store graph is reproducible this way.

I have to admit that I am totally at loss here, as this behaviour goes against my understanding of how nix works. If I have made any noobie mistakes, please feel free to point them out.

Best regards:
Sebastian

I'm trying to build an application that uses the nix-env during the buildPhase. The build process is being executed from the user nixbld1 who does not have permission to write to the directory /nix/var/nix/profiles/, thus every call to thenix-env during the buildPhase returns the following error:

error: could not set permissions on '/nix/var/nix/profiles/per-user' to 755: Operation not permitted

I understand Alpine is a great base image due to its size, but could you provide a glibc variant?
There are a lot of native applications that rely on glibc and don't work on musl that could benefit from it. I can say for example the rust compiler, that has as lot of limitations when running on alpine.

In the latest update of hub.docker.com/r/nixos/nix (Updated 13 hours ago as of 2021-12-15 12:29:01 UTC) the Nix version changed from 2.3.x to 2.5. This is a breaking change for some deployments.

docker pull nixos/nix
docker run nixos/nix nix --version
# nix (Nix) 2.5.0

There doesn't seem to be a corresponding commit in this repo, so what has caused this change?

Hello,

An image with a 2.5.0 tag has been published to Docker Hub 8 hours ago but the sources does not seem to be present in this repository.

Is the image generated from another repository?

cc @garbas since it looks like the new images has been pushed with your account on the Docker Hub.

The default container ships busybox shell instead of bash, which is quite annoying. Since bash is already installed in the closure, it would be no change in size to use it.

I'm using this image for executing Docker-based CI flows [in my particular case using Drone Cloud, but I think this applies to all Docker-based CIs]. I have my nixpkgs pinned for the project in the following way:

let
  nixpkgs = builtins.fetchGit {
    name = "...";
    url = "https://github.com/nixos/nixpkgs-channels/";
    ref = "refs/heads/nixos-unstable";
    rev = "...";
  };

However when I try to execute any command via nix-shell --run ... it fails due to missing git. I've clumsily added git on top of this image as a hotfix. Not happy about this solution and I'd much rather just use the official images and not maintain my "fork".

Would it be sensible to accommodate this use case in the official images? From what I see you're big on the image size [pun intended], but I think that making nix interoperable with existing tooling is important for adoption. I'd happily provide a PR.

I haven't tried the fetchTarball method, it's less preferable as it requires getting the hash on every version change, will have a swing at it if extending the image is a no-go.

I noticed that nixos/nix:2.5.0 was added a day ago (15th December) and it seems there are some breaking changes (i.e /bin/sh is missing). Reading the Dockerfile in this repository, it appears that it doesn't correspond to the one built and uploaded to Docker Hub.

See NixOS/nix#2636

Hi, I use the nixos/nix docker image in a gitlab-ci pipeline but the latest image does not work anymore.

• build status (https://gitlab.com/juliendehos/cppythonix/-/jobs/76635260):

$ nix-build
/bin/sh: eval: line 59: nix-build: not found
ERROR: Job failed: exit code 127

• .gitlab-ci.yml (working perfectly 2 days ago, https://gitlab.com/juliendehos/cppythonix/-/jobs/76372045):

image: nixos/nix
build:
    script:
        - nix-build
    only:
        - master

Any idea ?

With the latest update to Nix 2.5, Nix channel updates fail.
See the following case:

leon@artiq-mblab:~$ docker run -i -t nixos/nix:latest
bash-4.4# nix-channel --list
nixpkgs https://nixos.org/channels/nixpkgs-unstable
bash-4.4# nix-channel --update
unexpected error in download thread: error: unsharing filesystem state in download thread: Operation not permitted
error: download of 'https://nixos.org/channels/nixpkgs-unstable' was interrupted

This problem does not occur when using the older Nix 2.3.x image using docker run -i -t nixos/nix:2.3.12

Am I overseeing something with the change to Nix 2.5, or is this an actual bug? @garbas

Hi, It seems there is a problem with the SSL config of the new image:

error: unable to download 'https://github.com/NixOS/nixpkgs/archive/0e0df31.tar.gz': Problem with the SSL CA cert (path? access rights?) (77)

(see this gitlab-ci pipeline: https://gitlab.com/juliendehos/nixpkgs-tests/-/jobs/587075339)