malpercio.dev / ezpds
An easy-to-host PDS on the ATProtocol, MacOS. Grandma-approved.
fork atom

feat(MM-66): add Docker image derived from Nix build #4

merged opened by malpercio.dev targeting main from malpercio/mm-66-docker-image-derived-from-nix-build

Summary#

  • Adds nix/docker.nix — a standalone buildLayeredImage derivation for the relay binary, including sqlite runtime, CA certificates, and timezone data
  • Extends flake.nix to expose packages.{aarch64,x86_64}-linux.docker-image using pkgs.lib.optionalAttrs pkgs.stdenv.isLinux; the Darwin package outputs are unchanged
  • Updates CLAUDE.md with the nix build .#docker-image command (Linux-only caveat) and documents the new nix/ directory in the project structure
  • Adds tests/verify-mm66.sh — automated verification script for AC1.3 (docker-image absent on Darwin) and AC3.4 (nix/docker.nix tracked by git)

Test Plan#

  • nix eval confirms docker-image present for aarch64-linux and x86_64-linux
  • nix eval confirms docker-image absent for aarch64-darwin and x86_64-darwin (AC1.3)
  • git ls-files nix/docker.nix returns the file (AC3.4)
  • bash tests/verify-mm66.sh passes
  • Linux verification required: see docs/test-plans/2026-03-08-MM-66.md for the full human test plan (AC2.1–AC5.1 require a Linux system with Docker)
Labels

None yet.

assignee

None yet.

Participants 1
AT URI
at://did:web:malpercio.dev/sh.tangled.repo.pull/3mgl4gjdehj22
+1 -1
Interdiff #2 #3
unified split
.gitignore

This file has not been changed.

CLAUDE.md

This file has not been changed.

docs/design-plans/2026-03-08-MM-66.md

This file has not been changed.

docs/implementation-plans/2026-03-08-MM-66/phase_01.md

This file has not been changed.

docs/implementation-plans/2026-03-08-MM-66/phase_02.md

This file has not been changed.

docs/implementation-plans/2026-03-08-MM-66/test-requirements.md

This file has not been changed.

+1 -1
docs/test-plans/2026-03-08-MM-66.md
··· 39 40 | Step | Action | Expected | 41 |------|--------|----------| 42 - | 4.1 | Run `docker run --rm relay:latest` | Container exits. There must be NO errors like `no such file or directory` or `error while loading shared libraries: libsqlite3.so`. A non-zero exit code is acceptable because the relay binary is a stub with no configuration to connect to | 43 | 4.2 | Run `docker inspect relay:latest \| grep -E 'SSL_CERT_FILE'` | Output shows an environment variable line containing `SSL_CERT_FILE=/nix/store/...-nss-cacert-.../etc/ssl/certs/ca-bundle.crt` (the exact Nix store hash will vary) | 44 | 4.3 | Run `docker inspect relay:latest \| grep -E 'TZDIR'` | Output shows an environment variable line containing `TZDIR=/nix/store/...-tzdata-.../share/zoneinfo` (the exact Nix store hash will vary) | 45
··· 39 40 | Step | Action | Expected | 41 |------|--------|----------| 42 + | 4.1 | Run `docker run --rm relay:latest` | Container exits. There must be NO errors like `no such file or directory` or `error while loading shared libraries: libsqlite3.so`. A non-zero exit code is acceptable because the relay binary is a stub with no configuration to connect to. **NixOS note:** Docker on NixOS may fail with a sysctl permission error (`open sysctl net.ipv4.ip_unprivileged_port_start file: permission denied`) during container init — this is a Docker/kernel namespace issue specific to NixOS, not a defect in the image. If this occurs, confirm AC3.1 via `docker inspect` (steps 4.2–4.3): correct env vars and a successful `docker load` are sufficient evidence that the relay binary and its dependencies are present in the closure. | 43 | 4.2 | Run `docker inspect relay:latest \| grep -E 'SSL_CERT_FILE'` | Output shows an environment variable line containing `SSL_CERT_FILE=/nix/store/...-nss-cacert-.../etc/ssl/certs/ca-bundle.crt` (the exact Nix store hash will vary) | 44 | 4.3 | Run `docker inspect relay:latest \| grep -E 'TZDIR'` | Output shows an environment variable line containing `TZDIR=/nix/store/...-tzdata-.../share/zoneinfo` (the exact Nix store hash will vary) | 45
flake.nix

This file has not been changed.

nix/docker.nix

This file has not been changed.

tests/verify-mm66.sh

This file has not been changed.

History

4 rounds 0 comments
sign up or login to add to the discussion
malpercio.dev submitted #3
diff
9 commits
expand
a7f42d6f
docs: add MM-66 Docker image design plan
759125b0
feat(MM-66): add nix/docker.nix and expose docker-image on Linux
41ffa57d
docs(MM-66): note docker-image is Linux-only in CLAUDE.md
05533f44
docs(MM-66): add nix/ directory to project structure in CLAUDE.md
7bb5376f
test(MM-66): add automated verification script for AC1.3 and AC3.4
a87f1ee7
docs: add test plan for MM-66 Docker image
3a65e423
docs(MM-66): commit implementation plans and ignore nix result symlink
92c0603a
fix(MM-66): address PR review — verify-mm66.sh silent failures, comments, CLAUDE.md
c59a5fa3
docs(MM-66): note NixOS Docker sysctl issue in test plan step 4.1
expand 0 comments
pull request successfully merged
malpercio.dev submitted #2
diff interdiff
8 commits
expand
a7f42d6f
docs: add MM-66 Docker image design plan
759125b0
feat(MM-66): add nix/docker.nix and expose docker-image on Linux
41ffa57d
docs(MM-66): note docker-image is Linux-only in CLAUDE.md
05533f44
docs(MM-66): add nix/ directory to project structure in CLAUDE.md
7bb5376f
test(MM-66): add automated verification script for AC1.3 and AC3.4
a87f1ee7
docs: add test plan for MM-66 Docker image
3a65e423
docs(MM-66): commit implementation plans and ignore nix result symlink
92c0603a
fix(MM-66): address PR review — verify-mm66.sh silent failures, comments, CLAUDE.md
expand 0 comments
malpercio.dev submitted #1
diff interdiff
7 commits
expand
a7f42d6f
docs: add MM-66 Docker image design plan
759125b0
feat(MM-66): add nix/docker.nix and expose docker-image on Linux
41ffa57d
docs(MM-66): note docker-image is Linux-only in CLAUDE.md
05533f44
docs(MM-66): add nix/ directory to project structure in CLAUDE.md
7bb5376f
test(MM-66): add automated verification script for AC1.3 and AC3.4
a87f1ee7
docs: add test plan for MM-66 Docker image
3a65e423
docs(MM-66): commit implementation plans and ignore nix result symlink
expand 0 comments
malpercio.dev submitted #0
diff
6 commits
expand
a7f42d6f
docs: add MM-66 Docker image design plan
759125b0
feat(MM-66): add nix/docker.nix and expose docker-image on Linux
41ffa57d
docs(MM-66): note docker-image is Linux-only in CLAUDE.md
05533f44
docs(MM-66): add nix/ directory to project structure in CLAUDE.md
7bb5376f
test(MM-66): add automated verification script for AC1.3 and AC3.4
a87f1ee7
docs: add test plan for MM-66 Docker image
expand 0 comments