From 10d015bb63692dd48785796a28d5c10fc35648ea Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Sun, 18 Feb 2018 21:33:49 +0100 Subject: [PATCH] containers: start with base, s3ql, syncthing --- container-images/build.sh | 7 ++ container-images/default.nix | 157 +++++++++++++++++++++++++++++++++++ 2 files changed, 164 insertions(+) create mode 100755 container-images/build.sh create mode 100644 container-images/default.nix diff --git a/container-images/build.sh b/container-images/build.sh new file mode 100755 index 0000000..6cfab1a --- /dev/null +++ b/container-images/build.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash +set -xe +[ ! -z "$NAME" ] + +nix-build . --show-trace -A "$NAME" +docker image rm "$NAME":latest --force +docker load -i result diff --git a/container-images/default.nix b/container-images/default.nix new file mode 100644 index 0000000..b2984c2 --- /dev/null +++ b/container-images/default.nix @@ -0,0 +1,157 @@ +{ pkgs ? import {} +}: + +let + baseEnv = [ + "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" + ]; + + +in rec { + + base = let + minimalDocker = + { + imports = [ ]; + boot.isContainer = true; + environment.etc.machine-id.text = "00000000000000000000000000000000"; + }; + eval = + import { + modules = [ + minimalDocker + ]; + }; + system = + eval.config.system; + + in pkgs.dockerTools.buildImage rec { + name = "base"; + +# contents = pkgs.symlinkJoin { +# name = "${name}-contents"; +# paths = [ +# system.build.etc +# system.path +# ]; +# }; + + # Requires a VM to boot + runAsRoot = '' + #!${pkgs.stdenv.shell} + ${pkgs.dockerTools.shadowSetup} + groupadd users --gid 100 + useradd -g users -d /home/user -M --uid 1000 user + ''; + + config = { + Env = baseEnv; + WorkingDir = "/"; + }; + }; + + interactiveBase = pkgs.dockerTools.buildImage { + name = "interactiveBase"; + fromImage = base; + contents = with pkgs; [ + procps + zsh + coreutils + vim + ]; + + config = { + Cmd = [ "/bin/zsh" ]; + }; + }; + + s3ql = let + entrypoint = pkgs.writeScript "entrypoint" '' + #!${pkgs.stdenv.shell} + + if [ -z "$S3QL_BUCKET" ]; then + echo S3QL_BUCKET not set + exit 1 + fi + + mkdir -p /buckets/"$S3QL_BUCKET" + + set -x + exec mount.s3ql \ + --cachedir "$S3QL_CACHE_DIR" \ + --authfile "$S3QL_AUTHINFO2" \ + --cachesize "$S3QL_CACHESIZE" \ + --fg \ + --log none \ + --allow-root \ + s3c://e24files.com/steveej-backup \ + /buckets/"$S3QL_BUCKET" + + # FIXME: touch .isbucket after mount + ''; + in pkgs.dockerTools.buildImage { + name = "s3ql"; + fromImage = interactiveBase; + contents = [ + pkgs.s3ql + pkgs.fuse + ]; + + runAsRoot = '' + #!${pkgs.stdenv.shell} + mkdir -p /usr/bin + cp -a ${pkgs.fuse}/bin/fusermount /usr/bin + chmod +s /usr/bin/fusermount + echo user_allow_other >> /etc/fuse.conf + ''; + + config = { + Env = baseEnv ++ [ + "HOME=/home/s3ql" + "S3QL_CACHE_DIR=/var/cache/s3ql" + "S3QL_AUTHINFO2=/etc/s3ql/authinfo2" + "S3QL_CACHESIZE=0" + "CONTAINER_ENTRYPOINT=${entrypoint}" + ]; + Cmd = [ entrypoint ]; + Volumes = { + "/var/cache/s3ql" = {}; + "/etc/s3ql/authinfo2" = {}; + "/buckets" = {}; + "/tmp" = {}; + }; + }; + }; + + syncthing = let + entrypoint = pkgs.writeScript "entrypoint" '' + #!${pkgs.stdenv.shell} + set -x + if [ ! -e /data/.isbucket ]; then + echo ERROR: Bucket not mounted at /data + exit 1 + fi + + exec syncthing \ + -home $SYNCTHING_HOME \ + -gui-address=$SYNCTHING_GUI_ADDRESS \ + -no-browser + ''; + in pkgs.dockerTools.buildImage { + name = "syncthing"; + fromImage = interactiveBase; + contents = pkgs.syncthing; + + config = { + Env = baseEnv ++ [ + "SYNCTHING_HOME=/home/syncthing" + "SYNCTHING_GUI_ADDRESS=0.0.0.0:8384" + ]; + Cmd = [ entrypoint ]; + Volumes = { + "/home/syncthing" = {}; + "/data" = {}; + }; + }; + }; +}