diff --git a/docker.nix b/docker.nix index a79ea5e..81f1ad3 100644 --- a/docker.nix +++ b/docker.nix @@ -1,20 +1,67 @@ -{ config, pkgs, ...}: - +{ config, pkgs, lib, ...}: let name = "node-red"; +packages = + with pkgs; +[ + less + bashInteractive + coreutils + nodejs + findutils + nodePackages.npm + nodePackages.node-red + dockerTools.usrBinEnv + dockerTools.binSh + dockerTools.caCertificates + dockerTools.fakeNss + #ungoogled-chromium +]; entrypoint = pkgs.writeShellApplication { name = "entrypoint"; - runtimeInputs = with pkgs; with nodePackages; [ - node-red - #ungoogled-chromium - ]; + runtimeInputs = packages; text = '' - node-red -u "''${DATA-/data}" -s "''${SETTINGS-/data/settings.js}" + DATA="''${DATA-/data}" + cd "$DATA" + node-red -u "$DATA" -s "''${SETTINGS-/data/settings.js}" ''; }; +linkPackageToRoot = p: '' + for wbin in bin sbin;do + for f in ${p}/$wbin/*;do + if [ -x "$f" ];then + ln -sf "$f" "$wbin"/ + fi + done + done +''; in pkgs.dockerTools.streamLayeredImage { inherit name; + contents = pkgs.buildEnv { + name = "imgroot"; + paths = packages; + }; config.Cmd = [ "${entrypoint}/bin/entrypoint" ]; + config.Workdir = "/data"; + config.Env = with pkgs; [ "HOME=/data" ]; + + enableFakechroot = true; + fakeRootCommands = '' + # ${pkgs.runtimeShell} + mkdir -p tmp + chmod 1777 tmp + ${pkgs.dockerTools.shadowSetup} + groupadd -r node-red + useradd -r -g node-red node-red + mkdir -p data + chown -R node-red:node-red data + chmod -R 750 data + date > build-date.txt + ''; + extraCommands = '' + #find / > files-that-existed-at-extraCommands-time.txt || true + ${pkgs.lib.strings.concatStringsSep "\n" (map linkPackageToRoot packages)} + ''; }