Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Nimi library functions

nimi.evalNimiModule

Evaluate a nimi module and return its config. This runs the module set through lib.evalModules with the nimi module included so you get the fully merged, validated configuration output.

Example

evalNimiModule {
  settings.binName = "my-nimi";
}

Type

evalNimiModule :: AttrSet -> AttrSet

Arguments

module
A nimi module attrset.

nimi.toNimiJson

Render an evaluated config to validated JSON. The config is serialized, formatted with jq, then validated by running nimi --config ... validate so the resulting file is both pretty-printed and schema-checked.

Example

let cfg = evalNimiModule { settings.binName = "my-nimi"; };
in toNimiJson cfg

Type

toNimiJson :: AttrSet -> Path

Arguments

evaluatedConfig
The evaluated nimi config.

nimi.mkNimiBinWithConfig

Build a wrapper binary from an already-evaluated nimi config. This writes a validated JSON config and emits a shell wrapper that runs nimi with that config so consumers can execute it like a normal binary.

Use this when you already have an evaluated config (e.g., from evalNimiModule) and want to avoid re-evaluating the module.

Example

let cfg = evalNimiModule { settings.binName = "my-nimi"; };
in mkNimiBinWithConfig cfg

Type

mkNimiBinWithConfig :: AttrSet -> Derivation

Arguments

evaluatedConfig
An already-evaluated nimi config (output of evalNimiModule).

nimi.mkNimiBin

Build a wrapper binary for a given nimi module. This evaluates the module, writes a validated JSON config, and emits a shell wrapper that runs nimi with that config so consumers can execute it like a normal binary.

This is a convenience wrapper around mkNimiBinWithConfig that handles module evaluation for you.

Example

mkNimiBin { settings.binName = "my-nimi"; }

Type

mkNimiBin :: AttrSet -> Derivation

Arguments

module
A nimi module attrset.

nimi.mkContainerImageWithConfig

Build a container image from an already-evaluated nimi config. This wires the container entrypoint to the wrapper binary and uses nix2container.buildImage when available (otherwise dockerTools.buildImage).

Use this when you already have an evaluated config (e.g., from evalNimiModule) and want to avoid re-evaluating the module.

Example

let cfg = evalNimiModule { settings.binName = "my-nimi"; };
in mkContainerImageWithConfig cfg

Type

mkContainerImageWithConfig :: AttrSet -> Derivation

Arguments

evaluatedConfig
An already-evaluated nimi config (output of evalNimiModule).

nimi.mkContainerImage

Build a container image for a given nimi module. This evaluates the module, wires the container entrypoint to the wrapper binary, and uses nix2container.buildImage when available (otherwise dockerTools.buildImage).

This is a convenience wrapper around mkContainerImageWithConfig that handles module evaluation for you.

Example

mkContainerImage { settings.binName = "my-nimi"; }

Type

mkContainerImage :: AttrSet -> Derivation

Arguments

module
A nimi module attrset.

nimi.mkBwrapWithConfig

Build a sandboxed wrapper using bubblewrap from an already-evaluated nimi config. This creates a nimi binary and wraps it in a bubblewrap sandbox configured via settings.bubblewrap options.

Use this when you already have an evaluated config (e.g., from evalNimiModule) and want to avoid re-evaluating the module.

The sandbox is configured through the module system with sensible defaults:

  • /nix/store and /sys are read-only bound
  • /etc/resolv.conf is bound with --ro-bind-try (skipped if missing)
  • /nix, /tmp, /run, /var, /etc are tmpfs mounts
  • /dev and /proc are bound
  • Network is shared but user/pid/uts/ipc/cgroup namespaces are unshared

Example

let cfg = evalNimiModule {
  settings.binName = "my-sandboxed-app";
  settings.bubblewrap.unshare.pid = true;
};
in mkBwrapWithConfig cfg

Type

mkBwrapWithConfig :: AttrSet -> Derivation

Arguments

evaluatedConfig
An already-evaluated nimi config (output of evalNimiModule).

nimi.mkBwrap

Build a sandboxed wrapper using bubblewrap for a given nimi module. This evaluates the module, creates a nimi binary, and wraps it in a bubblewrap sandbox configured via settings.bubblewrap options.

This is a convenience wrapper around mkBwrapWithConfig that handles module evaluation for you.

The sandbox is configured through the module system with sensible defaults:

  • /nix/store and /sys are read-only bound
  • /etc/resolv.conf is bound with --ro-bind-try (skipped if missing)
  • /nix, /tmp, /run, /var, /etc are tmpfs mounts
  • /dev and /proc are bound
  • Network is shared but user/pid/uts/ipc/cgroup namespaces are unshared

Example

mkBwrap {
  settings.binName = "my-sandboxed-app";
  settings.bubblewrap = {
    environment.MY_VAR = "value";
    roBinds = [
      { src = "/nix/store"; dest = "/nix/store"; }
      { src = "/data"; dest = "/data"; }
    ];
    tmpfs = [ "/tmp" "/run" ];
    chdir = "/app";
    unshare.pid = true;
  };
}

Type

mkBwrap :: AttrSet -> Derivation

Arguments

module
A nimi module attrset. Configure the sandbox via settings.bubblewrap.