Matthias Andreas Benkard | c55bfae | 2021-01-02 07:35:21 +0100 | [diff] [blame] | 1 | { system ? builtins.currentSystem }: |
| 2 | let |
| 3 | pkgs = import <nixpkgs> { inherit system; }; |
| 4 | |
| 5 | in |
| 6 | let |
| 7 | img = spec: { |
| 8 | streamed = pkgs.dockerTools.streamLayeredImage spec; |
| 9 | layered = pkgs.dockerTools.buildLayeredImage spec; |
| 10 | image = pkgs.dockerTools.buildImage spec; |
| 11 | }; |
| 12 | |
| 13 | in |
| 14 | { |
| 15 | |
| 16 | # ejabberd = pkgs.dockerTools.buildImage { |
| 17 | # name = "docker.benkard.de/mulk/ejabberd"; |
| 18 | # tag = "latest"; |
| 19 | # contents = [ |
| 20 | # pkgs.ejabberd |
| 21 | # pkgs.bash |
| 22 | # pkgs.nano |
| 23 | # ]; |
| 24 | # config = { |
| 25 | # Env = [ ]; |
| 26 | # ExposedPorts = { }; |
| 27 | # WorkingDir = "/"; |
| 28 | # Volumes = { |
| 29 | # "/data" = { }; |
| 30 | # }; |
| 31 | # }; |
| 32 | # }; |
| 33 | |
| 34 | prosody = img { |
| 35 | name = "docker.benkard.de/mulk/prosody"; |
| 36 | #tag = "latest"; |
| 37 | contents = with pkgs; [ |
| 38 | prosody |
| 39 | bash |
| 40 | coreutils |
| 41 | nano |
| 42 | ]; |
| 43 | config = { |
| 44 | Entrypoint = [ "/bin/bash" ]; |
| 45 | Cmd = [ ]; |
| 46 | Env = [ ]; |
| 47 | ExposedPorts = { }; |
| 48 | WorkingDir = "/"; |
| 49 | Volumes = { |
| 50 | "/data" = { }; |
| 51 | }; |
| 52 | }; |
| 53 | }; |
| 54 | |
Matthias Andreas Benkard | ad50c36 | 2021-01-02 12:36:02 +0100 | [diff] [blame] | 55 | mailcow = pkgs.callPackage ./mailcow/default.nix { }; |
Matthias Andreas Benkard | c55bfae | 2021-01-02 07:35:21 +0100 | [diff] [blame] | 56 | |
| 57 | nextcloud = img { |
| 58 | name = "docker.benkard.de/mulk/nextcloud"; |
| 59 | contents = |
| 60 | let |
| 61 | baseDependencies = with pkgs; [ |
| 62 | # Service dependencies. |
| 63 | apacheHttpd |
| 64 | apacheHttpdPackages.php |
| 65 | |
| 66 | # Optional dependencies. |
| 67 | ffmpeg |
| 68 | |
| 69 | # Maintenance and manual upgrades. |
| 70 | bash |
| 71 | coreutils |
| 72 | php |
| 73 | unzip |
| 74 | ]; |
| 75 | |
| 76 | phpModules = with pkgs.php74Extensions; [ |
| 77 | # Required dependencies. |
| 78 | ctype |
| 79 | curl |
| 80 | dom |
| 81 | gd |
| 82 | iconv |
| 83 | json |
| 84 | mbstring |
| 85 | openssl |
| 86 | pdo_pgsql |
| 87 | posix |
| 88 | session |
| 89 | simplexml |
| 90 | xml |
| 91 | xmlreader |
| 92 | xmlwriter |
| 93 | zip |
| 94 | zlib |
| 95 | |
| 96 | # Recommended dependencies. |
| 97 | bz2 |
| 98 | intl |
| 99 | fileinfo |
| 100 | |
| 101 | # Optional dependencies. |
| 102 | apcu |
| 103 | bcmath |
| 104 | ftp |
| 105 | gmp |
| 106 | imagick |
| 107 | memcached |
| 108 | pcntl |
| 109 | redis |
| 110 | #smbclient |
| 111 | ]; |
| 112 | in |
| 113 | baseDependencies ++ phpModules; |
| 114 | config = { |
| 115 | WorkingDir = "/var/www/html"; |
| 116 | Volumes = { |
| 117 | "/var/www/html" = { }; |
| 118 | }; |
| 119 | }; |
| 120 | }; |
| 121 | |
| 122 | webcron = img { |
| 123 | name = "docker.benkard.de/mulk/webcron"; |
| 124 | contents = |
| 125 | with pkgs; [ |
| 126 | # Entry points. |
| 127 | curl |
| 128 | ]; |
| 129 | config = { |
| 130 | Entrypoint = [ "curl" "-fsS" ]; |
| 131 | Cmd = [ ]; |
| 132 | Volumes = { }; |
| 133 | }; |
| 134 | }; |
| 135 | |
| 136 | samba = |
| 137 | let |
| 138 | runner = |
| 139 | pkgs.stdenv.mkDerivation { |
| 140 | name = "mulk-samba-runner"; |
| 141 | buildInputs = with pkgs; [ bash ]; |
| 142 | src = ./samba; |
| 143 | builder = builtins.toFile "builder.sh" '' |
| 144 | source $stdenv/setup |
| 145 | set -euo pipefail |
| 146 | set -x |
| 147 | |
| 148 | install -Dm755 $src/init $out/init |
| 149 | |
| 150 | for svc in avahi dbus nmbd smbd; do |
| 151 | install -Dm755 $src/service/$svc/run $out/service/$svc/run |
| 152 | done |
| 153 | |
| 154 | set +x |
| 155 | ''; |
| 156 | }; |
| 157 | |
| 158 | in |
| 159 | img { |
| 160 | name = "docker.benkard.de/mulk/samba"; |
| 161 | contents = with pkgs; [ |
| 162 | # Services. |
| 163 | avahi |
| 164 | dbus |
| 165 | #samba4Full |
| 166 | (samba.override { enableMDNS = true; enableProfiling = false; enableRegedit = false; }) |
| 167 | |
| 168 | # Control. |
| 169 | execline |
| 170 | gnused |
| 171 | runner |
| 172 | s6 |
| 173 | |
| 174 | # Maintenance. |
| 175 | busybox |
| 176 | ]; |
| 177 | extraCommands = |
| 178 | let |
| 179 | dbusSystemConf = |
| 180 | builtins.toFile "dbus-1-system.conf" '' |
| 181 | <!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN" |
| 182 | "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> |
| 183 | <busconfig> |
| 184 | <type>system</type> |
| 185 | <auth>ANONYMOUS</auth> |
| 186 | <!-- <auth>EXTERNAL</auth> --> |
| 187 | <allow_anonymous/> |
| 188 | <listen>unix:path=/run/dbus/system_bus_socket</listen> |
| 189 | <standard_system_servicedirs/> |
| 190 | |
| 191 | <policy context="default"> |
| 192 | <allow user="*"/> |
| 193 | |
| 194 | <deny own="*"/> |
| 195 | <deny send_type="method_call"/> |
| 196 | |
| 197 | <allow send_type="signal"/> |
| 198 | <allow send_requested_reply="true" send_type="method_return"/> |
| 199 | <allow send_requested_reply="true" send_type="error"/> |
| 200 | |
| 201 | <allow receive_type="method_call"/> |
| 202 | <allow receive_type="method_return"/> |
| 203 | <allow receive_type="error"/> |
| 204 | <allow receive_type="signal"/> |
| 205 | |
| 206 | <allow send_destination="org.freedesktop.DBus" |
| 207 | send_interface="org.freedesktop.DBus" /> |
| 208 | <allow send_destination="org.freedesktop.DBus" |
| 209 | send_interface="org.freedesktop.DBus.Introspectable"/> |
| 210 | <allow send_destination="org.freedesktop.DBus" |
| 211 | send_interface="org.freedesktop.DBus.Properties"/> |
| 212 | |
| 213 | <deny send_destination="org.freedesktop.DBus" |
| 214 | send_interface="org.freedesktop.DBus" |
| 215 | send_member="UpdateActivationEnvironment"/> |
| 216 | <deny send_destination="org.freedesktop.DBus" |
| 217 | send_interface="org.freedesktop.DBus.Debug.Stats"/> |
| 218 | <deny send_destination="org.freedesktop.DBus" |
| 219 | send_interface="org.freedesktop.systemd1.Activator"/> |
| 220 | </policy> |
| 221 | |
| 222 | <policy context="default"> |
| 223 | <allow own="org.freedesktop.Avahi"/> |
| 224 | </policy> |
| 225 | |
| 226 | <includedir>/share/dbus-1/system.d</includedir> |
| 227 | </busconfig> |
| 228 | ''; |
| 229 | |
| 230 | avahiDaemonConf = |
| 231 | builtins.toFile "avahi-daemon.conf" '' |
| 232 | [server] |
| 233 | use-ipv4=yes |
| 234 | use-ipv6=yes |
| 235 | enable-dbus=yes |
| 236 | ratelimit-interval-usec=1000000 |
| 237 | ratelimit-burst=1000 |
| 238 | |
| 239 | [wide-area] |
| 240 | enable-wide-area=no |
| 241 | |
| 242 | [publish] |
| 243 | add-service-cookie=no |
| 244 | publish-addresses=no |
| 245 | publish-hinfo=no |
| 246 | publish-workstation=no |
| 247 | publish-domain=no |
| 248 | publish-aaaa-on-ipv4=yes |
| 249 | publish-a-on-ipv6=no |
| 250 | |
| 251 | [reflector] |
| 252 | |
| 253 | [rlimits] |
| 254 | ''; |
| 255 | |
| 256 | group = |
| 257 | builtins.toFile "group" '' |
| 258 | dbus::997: |
| 259 | avahi::998: |
| 260 | ''; |
| 261 | |
| 262 | passwd = |
| 263 | builtins.toFile "passwd" '' |
| 264 | dbus::997:997::/tmp:/nonexistent |
| 265 | avahi::998:998::/tmp:/nonexistent |
| 266 | nobody::999:999::/tmp:/nonexistent |
| 267 | ''; |
| 268 | in |
| 269 | '' |
| 270 | #!${pkgs.runtimeShell} |
| 271 | |
| 272 | rm -rf -- etc/avahi/services/* |
| 273 | |
| 274 | install -dm755 tmp run run/dbus var/run/samba var/log/samba var/lock/samba var/locks/samba var/lib/samba/private var/cache/samba |
| 275 | |
| 276 | touch var/lib/samba/registry.tdb var/lib/samba/account_policy.tdb |
| 277 | |
| 278 | install -Dm644 ${dbusSystemConf} etc/dbus-1/system.conf |
| 279 | install -Dm644 ${avahiDaemonConf} etc/avahi/avahi-daemon.conf |
| 280 | install -Dm644 ${group} etc/group |
| 281 | install -Dm644 ${passwd} etc/passwd |
| 282 | ''; |
| 283 | config = { |
| 284 | Entrypoint = [ "/init" ]; |
| 285 | Cmd = [ ]; |
| 286 | Volumes = { |
| 287 | "/vol/shares" = { }; |
| 288 | }; |
| 289 | }; |
| 290 | }; |
| 291 | |
| 292 | # nano = img { |
| 293 | # name = "docker.benkard.de/mulk/nano"; |
| 294 | # tag = "latest"; |
| 295 | # contents = [ |
| 296 | # pkgs.nano |
| 297 | # ]; |
| 298 | # }; |
| 299 | # |
| 300 | # vim = img { |
| 301 | # name = "docker.benkard.de/mulk/vim"; |
| 302 | # tag = "latest"; |
| 303 | # contents = [ |
| 304 | # pkgs.vim |
| 305 | # ]; |
| 306 | # }; |
| 307 | |
| 308 | } |