diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 140efbb..21d6951 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -20,7 +20,7 @@ jobs: skopeo login --username ${{ secrets.DOCKER_USER }} --password ${{ secrets.DOCKER_PASSWORD }} "$REGISTRY" MAINTAG="sha-$(echo "$GITHUB_SHA" | cut -c 1-8)" - nix run .#upload-image "docker://$REGISTRY/$PACKAGE:$MAINTAG" + nix run --show-trace .#upload-image "docker://$REGISTRY/$PACKAGE:$MAINTAG" for TAG in \ "$GITHUB_REF_NAME" \ "$GITHUB_REF_NAME-$(date +%Y%m%d-%H%M%S)" \ diff --git a/docker.nix b/docker.nix index a79ea5e..acd8435 100644 --- a/docker.nix +++ b/docker.nix @@ -1,20 +1,59 @@ -{ config, pkgs, ...}: - +{ config, pkgs, lib, ...}: let name = "node-red"; +packages = + with pkgs; +[ + nodejs + nodePackages.npm + nodePackages.node-red + #ungoogled-chromium +]; entrypoint = pkgs.writeShellApplication { name = "entrypoint"; - runtimeInputs = with pkgs; with nodePackages; [ - node-red - #ungoogled-chromium - ]; + runtimeInputs = packages; text = '' - node-red -u "''${DATA-/data}" -s "''${SETTINGS-/data/settings.js}" + DATA="''${DATA-/data}" + cd "$DATA" + node-red -u "$DATA" -s "''${SETTINGS-/data/settings.js}" ''; }; in pkgs.dockerTools.streamLayeredImage { inherit name; + contents = pkgs.buildEnv { + name = "imgroot"; + paths = (with pkgs; [ + shadow + less + bashInteractive + coreutils + findutils + dockerTools.usrBinEnv + dockerTools.binSh + dockerTools.caCertificates + #dockerTools.fakeNss + ] ++ packages); + }; config.Cmd = [ "${entrypoint}/bin/entrypoint" ]; + config.WorkingDir = "/data"; + config.Env = with pkgs; [ "HOME=/data" ]; + + enableFakechroot = true; + fakeRootCommands = '' + # ${pkgs.runtimeShell} + mkdir -p tmp + chmod 1777 tmp + ${pkgs.dockerTools.shadowSetup} + groupadd -r node-red + useradd -r -g node-red node-red + id node-red 2>&1 > node-red.id + mkdir -p data + chown -R node-red:node-red data + chmod -R 750 data + date > build-date.txt + ''; + extraCommands = '' + ''; }