C1: nix-build homepage container for amd64 ringtail migration

Replace Dockerfile (arm64-only, indri-built) with a nix derivation adapted from nixpkgs pkgs/by-name/ho/homepage-dashboard. Built via the nix-container-builder runner on ringtail, producing an amd64 image suitable for k3s. Includes the upstream Next.js file-system-cache patch to avoid prerender cache write failures on a read-only nix store path (nixpkgs issues #328621 and #458494). Pinned to v1.11.0 (current production version).
2026-05-10 20:40:34 -07:00 · 2026-05-10 20:32:38 -07:00 · 2026-05-10 20:32:38 -07:00
commit b87f62e0f5
2 changed files with 119 additions and 47 deletions
--- a/containers/homepage/Dockerfile
+++ b/containers/homepage/Dockerfile
@ -1,47 +0,0 @@
-# Homepage - self-hosted services dashboard
-# Two-stage build: Node.js build, Alpine runtime
-
-ARG CONTAINER_APP_VERSION=v1.11.0
-ARG HOMEPAGE_VERSION=${CONTAINER_APP_VERSION}
-
-FROM node:24-slim AS builder
-
-ARG HOMEPAGE_VERSION
-RUN apt-get update && apt-get install -y --no-install-recommends git ca-certificates \
- && rm -rf /var/lib/apt/lists/*
-
-RUN git clone --depth 1 --branch ${HOMEPAGE_VERSION} \
-    https://forge.ops.eblu.me/mirrors/homepage.git /app
-
-WORKDIR /app
-RUN mkdir -p config \
- && corepack enable && corepack prepare pnpm@latest --activate \
- && pnpm install --frozen-lockfile \
- && NEXT_TELEMETRY_DISABLED=1 pnpm run build
-
-FROM node:24-alpine
-
-ARG CONTAINER_APP_VERSION
-LABEL org.opencontainers.image.title="Homepage"
-LABEL org.opencontainers.image.description="A self-hosted services landing page"
-LABEL org.opencontainers.image.version="${CONTAINER_APP_VERSION}"
-LABEL org.opencontainers.image.source="https://forge.eblu.me/eblume/blumeops"
-LABEL org.opencontainers.image.vendor="blumeops"
-
-WORKDIR /app
-
-COPY --from=builder --chown=1000:1000 /app/public ./public
-COPY --from=builder --chown=1000:1000 /app/.next/standalone/ ./
-COPY --from=builder --chown=1000:1000 /app/.next/static/ ./.next/static
-
-RUN mkdir -p /app/config && chown 1000:1000 /app/config
-
-ENV NODE_ENV=production
-ENV PORT=3000
-EXPOSE 3000
-
-HEALTHCHECK --interval=10s --timeout=3s --start-period=20s \
-  CMD wget --no-verbose --tries=1 --spider http://127.0.0.1:3000/api/healthcheck || exit 1
-
-USER 1000
-CMD ["node", "server.js"]
--- a/containers/homepage/default.nix
+++ b/containers/homepage/default.nix
@ -0,0 +1,119 @@
+# Nix-built gethomepage/homepage dashboard
+# Builds v1.11.0 from forge mirror.
+#
+# Adapted from nixpkgs pkgs/by-name/ho/homepage-dashboard (commit master),
+# changed to fetch from our forge mirror and wrap with dockerTools for an
+# amd64 image runnable on ringtail's k3s.
+#
+# The preBuild substitutions are not optional — without them Next.js writes
+# its file-system-cache to a read-only path and prerender state breaks after
+# restart (nixpkgs issues #328621 and #458494).
+{ pkgs ? import <nixpkgs> { } }:
+
+let
+  version = "1.11.0";
+
+  homepage = pkgs.stdenv.mkDerivation (finalAttrs: {
+    pname = "homepage-dashboard";
+    inherit version;
+
+    src = pkgs.fetchgit {
+      url = "https://forge.ops.eblu.me/mirrors/homepage.git";
+      rev = "v${version}";
+      hash = "sha256-jnv9PnClm/jIQ4uU6c4A1UiAmwoihG0l6k3fUbD47I4=";
+    };
+
+    pnpmDeps = pkgs.fetchPnpmDeps {
+      inherit (finalAttrs) pname version src;
+      pnpm = pkgs.pnpm_10;
+      fetcherVersion = 3;
+      hash = "sha256-X5j9XppbcasGuC7fUsj4XzbaQFM9WcRcXjgJHN/inR8=";
+    };
+
+    nativeBuildInputs = [
+      pkgs.makeBinaryWrapper
+      pkgs.nodejs_24
+      pkgs.pnpmConfigHook
+      pkgs.pnpm_10
+    ];
+
+    buildInputs = [
+      pkgs.nodePackages.node-gyp-build
+    ];
+
+    env.PYTHON = "${pkgs.python3}/bin/python";
+
+    preBuild = ''
+      substituteInPlace node_modules/next/dist/server/lib/incremental-cache/file-system-cache.js \
+        --replace-fail 'this.serverDistDir = ctx.serverDistDir;' \
+                       'this.serverDistDir = require("path").join((process.env.NIXPKGS_HOMEPAGE_CACHE_DIR || "/tmp/homepage-cache"), "homepage");'
+
+      for bundle in node_modules/next/dist/compiled/next-server/*.runtime.prod.js; do
+        substituteInPlace "$bundle" \
+          --replace-fail 'this.serverDistDir=e.serverDistDir' \
+                         'this.serverDistDir=(process.env.NIXPKGS_HOMEPAGE_CACHE_DIR||"/tmp/homepage-cache")+"/homepage"'
+      done
+    '';
+
+    buildPhase = ''
+      runHook preBuild
+      mkdir -p config
+      pnpm build
+      runHook postBuild
+    '';
+
+    installPhase = ''
+      runHook preInstall
+
+      mkdir -p $out/{bin,share}
+      cp -r .next/standalone $out/share/homepage/
+      cp -r public $out/share/homepage/public
+      chmod +x $out/share/homepage/server.js
+
+      mkdir -p $out/share/homepage/.next
+      cp -r .next/static $out/share/homepage/.next/static
+
+      makeWrapper "${pkgs.lib.getExe pkgs.nodejs_24}" $out/bin/homepage \
+        --set-default PORT 3000 \
+        --set-default HOMEPAGE_CONFIG_DIR /app/config \
+        --set-default NIXPKGS_HOMEPAGE_CACHE_DIR /tmp/homepage-cache \
+        --add-flags "$out/share/homepage/server.js" \
+        --prefix PATH : "${pkgs.lib.makeBinPath [ pkgs.unixtools.ping ]}"
+
+      runHook postInstall
+    '';
+
+    doDist = false;
+  });
+in
+
+pkgs.dockerTools.buildLayeredImage {
+  name = "blumeops/homepage";
+  contents = [
+    homepage
+    pkgs.cacert
+    pkgs.tzdata
+  ];
+
+  extraCommands = ''
+    mkdir -p tmp
+    chmod 1777 tmp
+  '';
+
+  config = {
+    Entrypoint = [ "${homepage}/bin/homepage" ];
+    Env = [
+      "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
+      "TZDIR=${pkgs.tzdata}/share/zoneinfo"
+      "TMPDIR=/tmp"
+      "NIXPKGS_HOMEPAGE_CACHE_DIR=/tmp/homepage-cache"
+      "HOMEPAGE_CONFIG_DIR=/app/config"
+      "NEXT_TELEMETRY_DISABLED=1"
+      "PORT=3000"
+    ];
+    ExposedPorts = {
+      "3000/tcp" = { };
+    };
+    User = "1000";
+  };
+}