diff --git a/container-images/build.sh b/container-images/build.sh new file mode 100755 index 0000000..6cfab1a --- /dev/null +++ b/container-images/build.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash +set -xe +[ ! -z "$NAME" ] + +nix-build . --show-trace -A "$NAME" +docker image rm "$NAME":latest --force +docker load -i result diff --git a/container-images/default.nix b/container-images/default.nix new file mode 100644 index 0000000..c85ba1a --- /dev/null +++ b/container-images/default.nix @@ -0,0 +1,158 @@ +{ pkgs ? import {} +}: + +let + baseEnv = [ + "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" + ]; + + +in rec { + + base = pkgs.dockerTools.buildImage rec { + name = "base"; + + # Requires a VM to boot + runAsRoot = '' + #!${pkgs.stdenv.shell} + ${pkgs.dockerTools.shadowSetup} + groupadd users --gid 100 + useradd -g users -d /home/user -M --uid 1000 user + ''; + + config = { + Env = baseEnv; + WorkingDir = "/"; + }; + }; + + interactive_base = pkgs.dockerTools.buildImage { + name = "interactive_base"; + fromImage = base; + contents = with pkgs; [ + procps + zsh + coreutils + vim + ]; + + config = { + Cmd = [ "/bin/zsh" ]; + }; + }; + + s3ql = let + entrypoint = pkgs.writeScript "entrypoint" '' + #!${pkgs.stdenv.shell} + + if [ -z "$S3QL_BUCKET" ]; then + echo S3QL_BUCKET not set + exit 1 + fi + + if [ -z "$S3QL_STORAGE_URL" ]; then + echo S3QL_STORAGE_URL not set + exit 1 + fi + + if [ -z "$S3QL_CACHESIZE" ]; then + echo S3QL_CACHESIZE not set + exit 1 + fi + + set -x + + if [ "$S3QL_SKIP_FSCK" != "1" ]; then + fsck.s3ql \ + --authfile $S3QL_AUTHINFO2 \ + --log none \ + --cachedir $S3QL_CACHE_DIR \ + $S3QL_STORAGE_URL + fi + + exec mount.s3ql \ + --cachedir "$S3QL_CACHE_DIR" \ + --authfile "$S3QL_AUTHINFO2" \ + --cachesize "$S3QL_CACHESIZE" \ + --fg \ + --compress lzma-6 \ + --threads 4 \ + --log none \ + --allow-root \ + "$S3QL_STORAGE_URL" \ + /bucket + + # FIXME: touch .isbucket after mount + ''; + in pkgs.dockerTools.buildImage { + name = "s3ql"; + fromImage = interactive_base; + contents = [ + pkgs.s3ql + pkgs.fuse + ]; + + runAsRoot = '' + #!${pkgs.stdenv.shell} + mkdir -p /usr/bin + cp -a ${pkgs.fuse}/bin/fusermount /usr/bin + chmod +s /usr/bin/fusermount + echo user_allow_other >> /etc/fuse.conf + ''; + + config = { + Env = baseEnv ++ [ + "HOME=/home/s3ql" + "S3QL_CACHE_DIR=/var/cache/s3ql" + "S3QL_AUTHINFO2=/etc/s3ql/authinfo2" + "CONTAINER_ENTRYPOINT=${entrypoint}" + ]; + Cmd = [ entrypoint ]; + Volumes = { + "/var/cache/s3ql" = {}; + "/etc/s3ql/authinfo2" = {}; + "/buckets" = {}; + "/tmp" = {}; + }; + }; + }; + + syncthing = let + entrypoint = pkgs.writeScript "entrypoint" '' + #!${pkgs.stdenv.shell} + set -x + if [ ! -e /data/.isbucket ]; then + echo ERROR: Bucket not mounted at /data + exit 1 + fi + + if [ -z "$SYNCTHING_GUI_ADDRESS" ]; then + echo ERROR: SYNCTHING_GUI_ADDRESS is not set + exit 1 + fi + + if [ ! -w "$SYNCTHING_HOME" ]; then + echo ERROR : SYNCTHING_HOME is not writable + fi + + exec syncthing \ + -home $SYNCTHING_HOME \ + -gui-address=$SYNCTHING_GUI_ADDRESS \ + -no-browser + ''; + in pkgs.dockerTools.buildImage { + name = "syncthing"; + fromImage = interactive_base; + contents = pkgs.syncthing; + + config = { + Env = baseEnv ++ [ + "SYNCTHING_HOME=/home/syncthing" + ]; + Cmd = [ entrypoint ]; + Volumes = { + "/data" = {}; + }; + }; + }; +}