nix: mv container-images from archive

nix/container-images/build.sh

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+set -xe
+[ ! -z "$NAME" ]
+
+nix-build . --show-trace -A "$NAME"
+docker image rm "$NAME":latest --force 
+docker load -i result

nix/container-images/default.nix

@@ -0,0 +1,158 @@
+{ pkgs ? import <nixpkgs> {}
+}:
+
+let
+  baseEnv = [
+    "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
+  ];
+
+
+in rec {
+
+  base = pkgs.dockerTools.buildImage rec {
+    name = "base";
+
+    # Requires a VM to boot
+    runAsRoot = ''
+      #!${pkgs.stdenv.shell}
+      ${pkgs.dockerTools.shadowSetup}
+      groupadd users --gid 100
+      useradd -g users -d /home/user -M --uid 1000 user
+    '';
+
+    config = {
+      Env = baseEnv;
+      WorkingDir = "/";
+    };
+  };
+
+  interactive_base = pkgs.dockerTools.buildImage {
+    name = "interactive_base";
+    fromImage = base;
+    contents = with pkgs; [
+      procps
+      zsh
+      coreutils
+      neovim
+    ];
+
+    config = {
+      Cmd = [ "/bin/zsh" ];
+    };
+  };
+
+  s3ql = let 
+    entrypoint = pkgs.writeScript "entrypoint" ''
+      #!${pkgs.stdenv.shell}
+
+      if [ -z "$S3QL_BUCKET" ]; then
+        echo S3QL_BUCKET not set
+        exit 1
+      fi
+
+      if [ -z "$S3QL_STORAGE_URL" ]; then
+        echo S3QL_STORAGE_URL not set
+        exit 1
+      fi
+
+      if [ -z "$S3QL_CACHESIZE" ]; then
+        echo S3QL_CACHESIZE not set
+        exit 1
+      fi
+
+      set -x
+
+      if [ "$S3QL_SKIP_FSCK" != "1" ]; then 
+        fsck.s3ql \
+          --authfile $S3QL_AUTHINFO2 \
+          --log none \
+          --cachedir $S3QL_CACHE_DIR \
+          $S3QL_STORAGE_URL
+      fi
+
+      exec mount.s3ql \
+        --cachedir "$S3QL_CACHE_DIR" \
+        --authfile "$S3QL_AUTHINFO2" \
+        --cachesize "$S3QL_CACHESIZE" \
+        --fg \
+        --compress lzma-6 \
+        --threads 4 \
+        --log none \
+        --allow-root \
+        "$S3QL_STORAGE_URL" \
+        /bucket
+
+      # FIXME: touch .isbucket after mount 
+    '';
+    in pkgs.dockerTools.buildImage {
+      name = "s3ql";
+      fromImage = interactive_base;
+      contents = [
+        pkgs.s3ql
+        pkgs.fuse
+      ];
+
+      runAsRoot = ''
+        #!${pkgs.stdenv.shell}
+        mkdir -p /usr/bin
+        cp -a ${pkgs.fuse}/bin/fusermount /usr/bin 
+        chmod +s /usr/bin/fusermount
+        echo user_allow_other >> /etc/fuse.conf
+      '';
+      
+      config = {
+        Env = baseEnv ++ [
+          "HOME=/home/s3ql"
+          "S3QL_CACHE_DIR=/var/cache/s3ql"
+          "S3QL_AUTHINFO2=/etc/s3ql/authinfo2"
+          "CONTAINER_ENTRYPOINT=${entrypoint}"
+        ];
+        Cmd = [ entrypoint ];
+        Volumes = {
+          "/var/cache/s3ql" = {};
+          "/etc/s3ql/authinfo2" = {};
+          "/buckets" = {};
+          "/tmp" = {};
+      };
+    };
+  };
+
+  syncthing = let 
+    entrypoint = pkgs.writeScript "entrypoint" ''
+      #!${pkgs.stdenv.shell}
+      set -x
+      if [ ! -e /data/.isbucket ]; then
+        echo ERROR: Bucket not mounted at /data
+        exit 1
+      fi
+
+      if [ -z "$SYNCTHING_GUI_ADDRESS" ]; then
+        echo ERROR: SYNCTHING_GUI_ADDRESS is not set
+        exit 1
+      fi
+
+      if [ ! -w "$SYNCTHING_HOME" ]; then
+        echo ERROR : SYNCTHING_HOME is not writable
+      fi
+
+      exec syncthing \
+        -home $SYNCTHING_HOME \
+        -gui-address=$SYNCTHING_GUI_ADDRESS \
+        -no-browser
+    '';
+    in pkgs.dockerTools.buildImage {
+      name = "syncthing";
+      fromImage = interactive_base;
+      contents = pkgs.syncthing;
+      
+      config = {
+        Env = baseEnv ++ [
+          "SYNCTHING_HOME=/home/syncthing"
+        ];
+        Cmd = [ entrypoint ];
+        Volumes = {
+          "/data" = {};
+        };
+      };
+    };
+}