blob: cc6f495b6728acc59ef8d5dc9f901f14c4c7158f [file] [log] [blame]
{ system ? builtins.currentSystem }:
let
pkgs = import <nixpkgs> { inherit system; };
in
let
img = spec: {
streamed = pkgs.dockerTools.streamLayeredImage spec;
layered = pkgs.dockerTools.buildLayeredImage spec;
image = pkgs.dockerTools.buildImage spec;
};
in
{
# ejabberd = pkgs.dockerTools.buildImage {
# name = "docker.benkard.de/mulk/ejabberd";
# tag = "latest";
# contents = [
# pkgs.ejabberd
# pkgs.bash
# pkgs.nano
# ];
# config = {
# Env = [ ];
# ExposedPorts = { };
# WorkingDir = "/";
# Volumes = {
# "/data" = { };
# };
# };
# };
prosody = img {
name = "docker.benkard.de/mulk/prosody";
#tag = "latest";
contents = with pkgs; [
prosody
bash
coreutils
nano
];
config = {
Entrypoint = [ "/bin/bash" ];
Cmd = [ ];
Env = [ ];
ExposedPorts = { };
WorkingDir = "/";
Volumes = {
"/data" = { };
};
};
};
mailcow = pkgs.callPackage ./mailcow/default.nix { };
nextcloud = img {
name = "docker.benkard.de/mulk/nextcloud";
contents =
let
baseDependencies = with pkgs; [
# Service dependencies.
apacheHttpd
apacheHttpdPackages.php
# Optional dependencies.
ffmpeg
# Maintenance and manual upgrades.
bash
coreutils
php
unzip
];
phpModules = with pkgs.php74Extensions; [
# Required dependencies.
ctype
curl
dom
gd
iconv
json
mbstring
openssl
pdo_pgsql
posix
session
simplexml
xml
xmlreader
xmlwriter
zip
zlib
# Recommended dependencies.
bz2
intl
fileinfo
# Optional dependencies.
apcu
bcmath
ftp
gmp
imagick
memcached
pcntl
redis
#smbclient
];
in
baseDependencies ++ phpModules;
config = {
WorkingDir = "/var/www/html";
Volumes = {
"/var/www/html" = { };
};
};
};
webcron = img {
name = "docker.benkard.de/mulk/webcron";
contents =
with pkgs; [
# Entry points.
curl
];
config = {
Entrypoint = [ "curl" "-fsS" ];
Cmd = [ ];
Volumes = { };
};
};
samba =
let
runner =
pkgs.stdenv.mkDerivation {
name = "mulk-samba-runner";
buildInputs = with pkgs; [ bash ];
src = ./samba;
builder = builtins.toFile "builder.sh" ''
source $stdenv/setup
set -euo pipefail
set -x
install -Dm755 $src/init $out/init
for svc in avahi dbus nmbd smbd sshd; do
install -Dm755 $src/service/$svc/run $out/service/$svc/run
done
set +x
'';
};
in
img {
name = "docker.benkard.de/mulk/samba";
contents = with pkgs; [
# Services.
avahi
(callPackage ./samba/bupstash.nix { })
dbus
openssh
#samba4Full
(samba.override { enableMDNS = true; enableProfiling = false; enableRegedit = false; })
scponly
# Control.
execline
gnused
runner
s6
# Maintenance.
busybox
];
extraCommands =
let
dbusSystemConf =
builtins.toFile "dbus-1-system.conf" ''
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<type>system</type>
<auth>ANONYMOUS</auth>
<!-- <auth>EXTERNAL</auth> -->
<allow_anonymous/>
<listen>unix:path=/run/dbus/system_bus_socket</listen>
<standard_system_servicedirs/>
<policy context="default">
<allow user="*"/>
<deny own="*"/>
<deny send_type="method_call"/>
<allow send_type="signal"/>
<allow send_requested_reply="true" send_type="method_return"/>
<allow send_requested_reply="true" send_type="error"/>
<allow receive_type="method_call"/>
<allow receive_type="method_return"/>
<allow receive_type="error"/>
<allow receive_type="signal"/>
<allow send_destination="org.freedesktop.DBus"
send_interface="org.freedesktop.DBus" />
<allow send_destination="org.freedesktop.DBus"
send_interface="org.freedesktop.DBus.Introspectable"/>
<allow send_destination="org.freedesktop.DBus"
send_interface="org.freedesktop.DBus.Properties"/>
<deny send_destination="org.freedesktop.DBus"
send_interface="org.freedesktop.DBus"
send_member="UpdateActivationEnvironment"/>
<deny send_destination="org.freedesktop.DBus"
send_interface="org.freedesktop.DBus.Debug.Stats"/>
<deny send_destination="org.freedesktop.DBus"
send_interface="org.freedesktop.systemd1.Activator"/>
</policy>
<policy context="default">
<allow own="org.freedesktop.Avahi"/>
</policy>
<includedir>/share/dbus-1/system.d</includedir>
</busconfig>
'';
avahiDaemonConf =
builtins.toFile "avahi-daemon.conf" ''
[server]
use-ipv4=yes
use-ipv6=yes
enable-dbus=yes
ratelimit-interval-usec=1000000
ratelimit-burst=1000
[wide-area]
enable-wide-area=no
[publish]
add-service-cookie=no
publish-addresses=no
publish-hinfo=no
publish-workstation=no
publish-domain=no
publish-aaaa-on-ipv4=yes
publish-a-on-ipv6=no
[reflector]
[rlimits]
'';
group =
builtins.toFile "group" ''
root::0:
sshd::996:
dbus::997:
avahi::998:
'';
passwd =
builtins.toFile "passwd" ''
root::0:0::/tmp:/nonexistent
sshd::996:996::/tmp:/nonexistent
dbus::997:997::/tmp:/nonexistent
avahi::998:998::/tmp:/nonexistent
nobody::999:999::/tmp:/nonexistent
'';
in
''
#!${pkgs.runtimeShell}
rm -rf -- etc/avahi/services/*
install -dm755 tmp run run/dbus var/run/samba var/log/samba var/lock/samba var/locks/samba var/lib/samba/private var/cache/samba
touch var/lib/samba/registry.tdb var/lib/samba/account_policy.tdb
install -Dm644 ${dbusSystemConf} etc/dbus-1/system.conf
install -Dm644 ${avahiDaemonConf} etc/avahi/avahi-daemon.conf
install -Dm644 ${group} etc/group
install -Dm644 ${passwd} etc/passwd
'';
config = {
Entrypoint = [ "/init" ];
Cmd = [ ];
Volumes = {
"/vol/shares" = { };
};
};
};
# nano = img {
# name = "docker.benkard.de/mulk/nano";
# tag = "latest";
# contents = [
# pkgs.nano
# ];
# };
#
# vim = img {
# name = "docker.benkard.de/mulk/vim";
# tag = "latest";
# contents = [
# pkgs.vim
# ];
# };
}