Nix container build for nettest (#214)

## Summary - Add `containers/nettest/default.nix` using `dockerTools.buildLayeredImage` with curl, jq, dnsutils, cacert, and bash — equivalent to the existing Dockerfile - Update `container-tag-and-release` to require `--nix` or `--dockerfile` flag when both build types exist for a container - Update `container-list` to show `[dockerfile+nix]` label when both exist ## Deployment and Testing - [ ] SSH to ringtail, run `nix build -f containers/nettest/default.nix -o result` to verify the nix expression builds - [ ] Tag `nettest-nix-v1.0.0`, confirm `build-container-nix` workflow runs on `nix-container-builder` runner and pushes to registry - [ ] Smoke test on ringtail k3s: `kubectl run nettest --image=registry.ops.eblu.me/blumeops/nettest:v1.0.0 --restart=Never && kubectl logs nettest` - [ ] Verify `mise run container-list` shows `[dockerfile+nix]` for nettest - [ ] Verify `mise run container-tag-and-release nettest v1.1.0` prompts for build type Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/214
2026-02-19 08:42:58 -08:00 · 2026-02-19 08:42:58 -08:00 · 695089499e
commit 695089499e
parent b475a1fcd7
10 changed files with 244 additions and 130 deletions
--- a/nixos/ringtail/configuration.nix
+++ b/nixos/ringtail/configuration.nix
@ -446,6 +446,15 @@ in
    "d /mnt/storage2 0755 eblume users -"
  ];

+  # Container config for skopeo (used by the forgejo runner to push images)
+  # and for unqualified image pulls via Zot pull-through cache
+  environment.etc."containers/policy.json".text = builtins.toJSON {
+    default = [{ type = "insecureAcceptAnything"; }];
+  };
+  environment.etc."containers/registries.conf".text = ''
+    unqualified-search-registries = ["registry.ops.eblu.me", "docker.io", "ghcr.io", "quay.io"]
+  '';
+
  # Forgejo Actions runner (nix container builder)
  services.gitea-actions-runner = {
    package = pkgs.forgejo-runner;
@ -456,7 +465,7 @@ in
      tokenFile = "/etc/forgejo-runner/token.env";
      labels = [ "nix-container-builder:host" ];
      hostPackages = with pkgs; [
-        bash coreutils curl gawk gitMinimal gnused nodejs wget
+        bash coreutils curl gawk gitMinimal gnused jq nodejs wget
        nix skopeo
      ];
      settings = {