From 74ee32126a64f0064d1dee63ba1be7a24f878dbd Mon Sep 17 00:00:00 2001 From: James Andariese Date: Sun, 4 Aug 2024 01:47:08 -0500 Subject: [PATCH] wip --- docker.nix | 63 ++++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 56 insertions(+), 7 deletions(-) diff --git a/docker.nix b/docker.nix index a79ea5e..7b961d8 100644 --- a/docker.nix +++ b/docker.nix @@ -1,20 +1,69 @@ -{ config, pkgs, ...}: - +{ config, pkgs, lib, ...}: let name = "node-red"; +packages = + with pkgs; +[ + less + bashInteractive + coreutils + nodejs + findutils + nodePackages.npm + nodePackages.node-red + dockerTools.usrBinEnv + dockerTools.binSh + dockerTools.caCertificates + dockerTools.fakeNss + #ungoogled-chromium +]; entrypoint = pkgs.writeShellApplication { name = "entrypoint"; - runtimeInputs = with pkgs; with nodePackages; [ - node-red - #ungoogled-chromium - ]; + runtimeInputs = packages; text = '' - node-red -u "''${DATA-/data}" -s "''${SETTINGS-/data/settings.js}" + DATA="''${DATA-/data}" + cd "$DATA" + node-red -u "$DATA" -s "''${SETTINGS-/data/settings.js}" ''; }; +linkPackageToRoot = p: '' + for wbin in bin sbin;do + for f in ${p}/$wbin/*;do + if [ -x "$f" ];then + ln -sf "$f" "$wbin"/ + fi + done + done +''; in pkgs.dockerTools.streamLayeredImage { inherit name; + contents = pkgs.buildEnv { + name = "imgroot"; + paths = packages; + }; config.Cmd = [ "${entrypoint}/bin/entrypoint" ]; + config.Workdir = "/data"; + config.Env = with pkgs; [ "HOME=/data" ]; + + enableFakechroot = true; + fakeRootCommands = '' + # ${pkgs.runtimeShell} + mkdir -p tmp + chmod 1777 tmp + ${pkgs.dockerTools.shadowSetup} + PATH=${pkgs.shadow}/sbin:${pkgs.shadow}/bin:$PATH + groupadd -r node-red + useradd -r -g node-red node-red + id node-red 2>&1 > node-red.id + mkdir -p data + chown -R node-red:node-red data + chmod -R 750 data + date > build-date.txt + ''; + extraCommands = '' + #find / > files-that-existed-at-extraCommands-time.txt || true + ${pkgs.lib.strings.concatStringsSep "\n" (map linkPackageToRoot packages)} + ''; }