| { system ? builtins.currentSystem }: |
| let |
| pkgs = import <nixpkgs> { inherit system; }; |
| |
| in |
| let |
| img = spec: { |
| streamed = pkgs.dockerTools.streamLayeredImage spec; |
| layered = pkgs.dockerTools.buildLayeredImage spec; |
| image = pkgs.dockerTools.buildImage spec; |
| }; |
| |
| in |
| { |
| |
| # ejabberd = pkgs.dockerTools.buildImage { |
| # name = "docker.benkard.de/mulk/ejabberd"; |
| # tag = "latest"; |
| # contents = [ |
| # pkgs.ejabberd |
| # pkgs.bash |
| # pkgs.nano |
| # ]; |
| # config = { |
| # Env = [ ]; |
| # ExposedPorts = { }; |
| # WorkingDir = "/"; |
| # Volumes = { |
| # "/data" = { }; |
| # }; |
| # }; |
| # }; |
| |
| prosody = img { |
| name = "docker.benkard.de/mulk/prosody"; |
| #tag = "latest"; |
| contents = with pkgs; [ |
| prosody |
| bash |
| coreutils |
| nano |
| ]; |
| config = { |
| Entrypoint = [ "/bin/bash" ]; |
| Cmd = [ ]; |
| Env = [ ]; |
| ExposedPorts = { }; |
| WorkingDir = "/"; |
| Volumes = { |
| "/data" = { }; |
| }; |
| }; |
| }; |
| |
| mailcow = pkgs.callPackage ./mailcow/default.nix { }; |
| |
| gitlab-runner = pkgs.callPackage ./gitlab-system/gitlab-runner/default.nix { }; |
| |
| nextcloud = img { |
| name = "docker.benkard.de/mulk/nextcloud"; |
| contents = |
| let |
| baseDependencies = with pkgs; [ |
| # Service dependencies. |
| apacheHttpd |
| apacheHttpdPackages.php |
| |
| # Optional dependencies. |
| ffmpeg |
| |
| # Maintenance and manual upgrades. |
| bash |
| coreutils |
| php |
| unzip |
| ]; |
| |
| phpModules = with pkgs.php74Extensions; [ |
| # Required dependencies. |
| ctype |
| curl |
| dom |
| gd |
| iconv |
| json |
| mbstring |
| openssl |
| pdo_pgsql |
| posix |
| session |
| simplexml |
| xml |
| xmlreader |
| xmlwriter |
| zip |
| zlib |
| |
| # Recommended dependencies. |
| bz2 |
| intl |
| fileinfo |
| |
| # Optional dependencies. |
| apcu |
| bcmath |
| ftp |
| gmp |
| imagick |
| memcached |
| pcntl |
| redis |
| #smbclient |
| ]; |
| in |
| baseDependencies ++ phpModules; |
| config = { |
| WorkingDir = "/var/www/html"; |
| Volumes = { |
| "/var/www/html" = { }; |
| }; |
| }; |
| }; |
| |
| webcron = img { |
| name = "docker.benkard.de/mulk/webcron"; |
| contents = |
| with pkgs; [ |
| # Entry points. |
| curl |
| ]; |
| config = { |
| Entrypoint = [ "curl" "-fsS" ]; |
| Cmd = [ ]; |
| Volumes = { }; |
| }; |
| }; |
| |
| samba = |
| let |
| runner = |
| pkgs.stdenv.mkDerivation { |
| name = "mulk-samba-runner"; |
| buildInputs = with pkgs; [ bash ]; |
| src = ./samba; |
| builder = builtins.toFile "builder.sh" '' |
| source $stdenv/setup |
| set -euo pipefail |
| set -x |
| |
| install -Dm755 $src/init $out/init |
| |
| for svc in avahi dbus nmbd smbd sshd; do |
| install -Dm755 $src/service/$svc/run $out/service/$svc/run |
| done |
| |
| set +x |
| ''; |
| }; |
| |
| in |
| img { |
| name = "docker.benkard.de/mulk/samba"; |
| contents = with pkgs; [ |
| # Services. |
| avahi |
| (callPackage ./samba/bupstash.nix { }) |
| dbus |
| openssh |
| #samba4Full |
| (samba.override { enableMDNS = true; enableProfiling = false; enableRegedit = false; }) |
| scponly |
| |
| # Control. |
| execline |
| gnused |
| runner |
| s6 |
| |
| # Maintenance. |
| busybox |
| ]; |
| extraCommands = |
| let |
| dbusSystemConf = |
| builtins.toFile "dbus-1-system.conf" '' |
| <!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN" |
| "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> |
| <busconfig> |
| <type>system</type> |
| <auth>ANONYMOUS</auth> |
| <!-- <auth>EXTERNAL</auth> --> |
| <allow_anonymous/> |
| <listen>unix:path=/run/dbus/system_bus_socket</listen> |
| <standard_system_servicedirs/> |
| |
| <policy context="default"> |
| <allow user="*"/> |
| |
| <deny own="*"/> |
| <deny send_type="method_call"/> |
| |
| <allow send_type="signal"/> |
| <allow send_requested_reply="true" send_type="method_return"/> |
| <allow send_requested_reply="true" send_type="error"/> |
| |
| <allow receive_type="method_call"/> |
| <allow receive_type="method_return"/> |
| <allow receive_type="error"/> |
| <allow receive_type="signal"/> |
| |
| <allow send_destination="org.freedesktop.DBus" |
| send_interface="org.freedesktop.DBus" /> |
| <allow send_destination="org.freedesktop.DBus" |
| send_interface="org.freedesktop.DBus.Introspectable"/> |
| <allow send_destination="org.freedesktop.DBus" |
| send_interface="org.freedesktop.DBus.Properties"/> |
| |
| <deny send_destination="org.freedesktop.DBus" |
| send_interface="org.freedesktop.DBus" |
| send_member="UpdateActivationEnvironment"/> |
| <deny send_destination="org.freedesktop.DBus" |
| send_interface="org.freedesktop.DBus.Debug.Stats"/> |
| <deny send_destination="org.freedesktop.DBus" |
| send_interface="org.freedesktop.systemd1.Activator"/> |
| </policy> |
| |
| <policy context="default"> |
| <allow own="org.freedesktop.Avahi"/> |
| </policy> |
| |
| <includedir>/share/dbus-1/system.d</includedir> |
| </busconfig> |
| ''; |
| |
| avahiDaemonConf = |
| builtins.toFile "avahi-daemon.conf" '' |
| [server] |
| use-ipv4=yes |
| use-ipv6=yes |
| enable-dbus=yes |
| ratelimit-interval-usec=1000000 |
| ratelimit-burst=1000 |
| |
| [wide-area] |
| enable-wide-area=no |
| |
| [publish] |
| add-service-cookie=no |
| publish-addresses=no |
| publish-hinfo=no |
| publish-workstation=no |
| publish-domain=no |
| publish-aaaa-on-ipv4=yes |
| publish-a-on-ipv6=no |
| |
| [reflector] |
| |
| [rlimits] |
| ''; |
| |
| group = |
| builtins.toFile "group" '' |
| root::0: |
| sshd::996: |
| dbus::997: |
| avahi::998: |
| ''; |
| |
| passwd = |
| builtins.toFile "passwd" '' |
| root::0:0::/tmp:/nonexistent |
| sshd::996:996::/tmp:/nonexistent |
| dbus::997:997::/tmp:/nonexistent |
| avahi::998:998::/tmp:/nonexistent |
| nobody::999:999::/tmp:/nonexistent |
| ''; |
| in |
| '' |
| #!${pkgs.runtimeShell} |
| |
| rm -rf -- etc/avahi/services/* |
| |
| install -dm755 tmp run run/dbus var/run/samba var/log/samba var/lock/samba var/locks/samba var/lib/samba/private var/cache/samba |
| |
| touch var/lib/samba/registry.tdb var/lib/samba/account_policy.tdb |
| |
| install -Dm644 ${dbusSystemConf} etc/dbus-1/system.conf |
| install -Dm644 ${avahiDaemonConf} etc/avahi/avahi-daemon.conf |
| install -Dm644 ${group} etc/group |
| install -Dm644 ${passwd} etc/passwd |
| ''; |
| config = { |
| Entrypoint = [ "/init" ]; |
| Cmd = [ ]; |
| Volumes = { |
| "/vol/shares" = { }; |
| }; |
| }; |
| }; |
| |
| # nano = img { |
| # name = "docker.benkard.de/mulk/nano"; |
| # tag = "latest"; |
| # contents = [ |
| # pkgs.nano |
| # ]; |
| # }; |
| # |
| # vim = img { |
| # name = "docker.benkard.de/mulk/vim"; |
| # tag = "latest"; |
| # contents = [ |
| # pkgs.vim |
| # ]; |
| # }; |
| |
| } |