containers: start with base, s3ql, syncthing

container-images/build.sh

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+set -xe
+[ ! -z "$NAME" ]
+
+nix-build . --show-trace -A "$NAME"
+docker image rm "$NAME":latest --force 
+docker load -i result

container-images/default.nix

@@ -0,0 +1,157 @@
+{ pkgs ? import <nixpkgs> {}
+}:
+
+let
+  baseEnv = [
+    "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
+  ];
+
+
+in rec {
+
+  base = let
+    minimalDocker =
+      {
+        imports = [ <nixpkgs/nixos/modules/profiles/minimal.nix> ];
+        boot.isContainer = true;
+        environment.etc.machine-id.text = "00000000000000000000000000000000";
+      };
+    eval =
+      import <nixpkgs/nixos/lib/eval-config.nix> {
+        modules = [
+          minimalDocker
+        ];
+      };
+    system =
+      eval.config.system;
+
+  in pkgs.dockerTools.buildImage rec {
+    name = "base";
+
+#    contents = pkgs.symlinkJoin {
+#      name = "${name}-contents";
+#      paths = [
+#        system.build.etc
+#        system.path
+#      ];
+#    };
+    
+    # Requires a VM to boot
+    runAsRoot = ''
+      #!${pkgs.stdenv.shell}
+      ${pkgs.dockerTools.shadowSetup}
+      groupadd users --gid 100
+      useradd -g users -d /home/user -M --uid 1000 user
+    '';
+
+    config = {
+      Env = baseEnv;
+      WorkingDir = "/";
+    };
+  };
+
+  interactiveBase = pkgs.dockerTools.buildImage {
+    name = "interactiveBase";
+    fromImage = base;
+    contents = with pkgs; [
+      procps
+      zsh
+      coreutils
+      vim
+    ];
+
+    config = {
+      Cmd = [ "/bin/zsh" ];
+    };
+  };
+
+  s3ql = let 
+    entrypoint = pkgs.writeScript "entrypoint" ''
+      #!${pkgs.stdenv.shell}
+
+      if [ -z "$S3QL_BUCKET" ]; then
+        echo S3QL_BUCKET not set
+        exit 1
+      fi
+
+      mkdir -p /buckets/"$S3QL_BUCKET"
+
+      set -x
+      exec mount.s3ql \
+        --cachedir "$S3QL_CACHE_DIR" \
+        --authfile "$S3QL_AUTHINFO2" \
+        --cachesize "$S3QL_CACHESIZE" \
+        --fg \
+        --log none \
+        --allow-root \
+        s3c://e24files.com/steveej-backup \
+        /buckets/"$S3QL_BUCKET"
+
+      # FIXME: touch .isbucket after mount 
+    '';
+    in pkgs.dockerTools.buildImage {
+      name = "s3ql";
+      fromImage = interactiveBase;
+      contents = [
+        pkgs.s3ql
+        pkgs.fuse
+      ];
+
+      runAsRoot = ''
+        #!${pkgs.stdenv.shell}
+        mkdir -p /usr/bin
+        cp -a ${pkgs.fuse}/bin/fusermount /usr/bin 
+        chmod +s /usr/bin/fusermount
+        echo user_allow_other >> /etc/fuse.conf
+      '';
+      
+      config = {
+        Env = baseEnv ++ [
+          "HOME=/home/s3ql"
+          "S3QL_CACHE_DIR=/var/cache/s3ql"
+          "S3QL_AUTHINFO2=/etc/s3ql/authinfo2"
+          "S3QL_CACHESIZE=0"
+          "CONTAINER_ENTRYPOINT=${entrypoint}"
+        ];
+        Cmd = [ entrypoint ];
+        Volumes = {
+          "/var/cache/s3ql" = {};
+          "/etc/s3ql/authinfo2" = {};
+          "/buckets" = {};
+          "/tmp" = {};
+      };
+    };
+  };
+
+  syncthing = let 
+    entrypoint = pkgs.writeScript "entrypoint" ''
+      #!${pkgs.stdenv.shell}
+      set -x
+      if [ ! -e /data/.isbucket ]; then
+        echo ERROR: Bucket not mounted at /data
+        exit 1
+      fi
+
+      exec syncthing \
+        -home $SYNCTHING_HOME \
+        -gui-address=$SYNCTHING_GUI_ADDRESS \
+        -no-browser
+    '';
+    in pkgs.dockerTools.buildImage {
+      name = "syncthing";
+      fromImage = interactiveBase;
+      contents = pkgs.syncthing;
+      
+      config = {
+        Env = baseEnv ++ [
+          "SYNCTHING_HOME=/home/syncthing"
+          "SYNCTHING_GUI_ADDRESS=0.0.0.0:8384"
+        ];
+        Cmd = [ entrypoint ];
+        Volumes = {
+          "/home/syncthing" = {};
+          "/data" = {};
+        };
+      };
+    };
+}