From 25449234e620104c582e50d1275fdcd89ba4849f Mon Sep 17 00:00:00 2001 From: James Andariese Date: Sun, 4 Aug 2024 01:47:08 -0500 Subject: [PATCH] wip --- .github/workflows/build.yaml | 2 +- docker.nix | 57 +++++++++++++++++++++++++++++++----- flake.lock | 8 ++--- 3 files changed, 55 insertions(+), 12 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 140efbb..21d6951 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -20,7 +20,7 @@ jobs: skopeo login --username ${{ secrets.DOCKER_USER }} --password ${{ secrets.DOCKER_PASSWORD }} "$REGISTRY" MAINTAG="sha-$(echo "$GITHUB_SHA" | cut -c 1-8)" - nix run .#upload-image "docker://$REGISTRY/$PACKAGE:$MAINTAG" + nix run --show-trace .#upload-image "docker://$REGISTRY/$PACKAGE:$MAINTAG" for TAG in \ "$GITHUB_REF_NAME" \ "$GITHUB_REF_NAME-$(date +%Y%m%d-%H%M%S)" \ diff --git a/docker.nix b/docker.nix index a79ea5e..fc57230 100644 --- a/docker.nix +++ b/docker.nix @@ -1,20 +1,63 @@ -{ config, pkgs, ...}: - +{ config, pkgs, lib, ...}: let name = "node-red"; +packages = + with pkgs; +[ + neovim + nodejs + nodePackages.npm + nodePackages.node-red + #ungoogled-chromium +]; entrypoint = pkgs.writeShellApplication { name = "entrypoint"; - runtimeInputs = with pkgs; with nodePackages; [ - node-red - #ungoogled-chromium - ]; + runtimeInputs = packages; text = '' - node-red -u "''${DATA-/data}" -s "''${SETTINGS-/data/settings.js}" + DATA="''${DATA-/data}" + cd "$DATA" + node-red -u "$DATA" -s "''${SETTINGS-/data/settings.js}" ''; }; in pkgs.dockerTools.streamLayeredImage { inherit name; + contents = pkgs.buildEnv { + name = "imgroot"; + paths = (with pkgs; [ + shadow + less + bashInteractive + coreutils + findutils + dockerTools.usrBinEnv + dockerTools.binSh + dockerTools.caCertificates + #dockerTools.fakeNss + ] ++ packages); + }; config.Cmd = [ "${entrypoint}/bin/entrypoint" ]; + config.WorkingDir = "/data"; + config.Env = with pkgs; [ "HOME=/data" ]; + + enableFakechroot = true; + fakeRootCommands = '' + # ${pkgs.runtimeShell} + mkdir -p tmp + chmod 1777 tmp + ${pkgs.dockerTools.shadowSetup} + groupadd -r node-red + useradd -r -g node-red node-red + id node-red 2>&1 > node-red.id + mkdir -p data + chown -R node-red:node-red data + chmod -R 750 data + date > build-date.txt + ''; + extraCommands = '' + mkdir -p /data + #cd /data;${pkgs.nodejs}/bin/npm i passport-openidconnect + (cd /data;${pkgs.nodejs}/bin/npm i passport-openidconnect) + ''; } diff --git a/flake.lock b/flake.lock index f9a0884..b76b5e1 100644 --- a/flake.lock +++ b/flake.lock @@ -20,16 +20,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1722421184, - "narHash": "sha256-/DJBI6trCeVnasdjUo9pbnodCLZcFqnVZiLUfqLH4jA=", + "lastModified": 1722813957, + "narHash": "sha256-IAoYyYnED7P8zrBFMnmp7ydaJfwTnwcnqxUElC1I26Y=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9f918d616c5321ad374ae6cb5ea89c9e04bf3e58", + "rev": "cb9a96f23c491c081b38eab96d22fa958043c9fa", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-unstable-small", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" }