Gitiles
Code Review Sign In
gerrit.benkard.de / kubeia / 12de101f1ddf35eed2f074f77fe6d779510f1e35 / . / images.nix
blob: 186dcf15821ce07175a29d1f977c16ada9fab883 [file] [log] [blame]
Matthias Andreas Benkardc55bfae2021-01-02 07:35:21 +0100[diff] [blame]1{ system ? builtins.currentSystem }:
2let
3 pkgs = import <nixpkgs> { inherit system; };
4
5in
6let
7 img = spec: {
8 streamed = pkgs.dockerTools.streamLayeredImage spec;
9 layered = pkgs.dockerTools.buildLayeredImage spec;
10 image = pkgs.dockerTools.buildImage spec;
11 };
12
13in
14{
15
16 # ejabberd = pkgs.dockerTools.buildImage {
17 # name = "docker.benkard.de/mulk/ejabberd";
18 # tag = "latest";
19 # contents = [
20 # pkgs.ejabberd
21 # pkgs.bash
22 # pkgs.nano
23 # ];
24 # config = {
25 # Env = [ ];
26 # ExposedPorts = { };
27 # WorkingDir = "/";
28 # Volumes = {
29 # "/data" = { };
30 # };
31 # };
32 # };
33
34 prosody = img {
35 name = "docker.benkard.de/mulk/prosody";
36 #tag = "latest";
37 contents = with pkgs; [
38 prosody
39 bash
40 coreutils
41 nano
42 ];
43 config = {
44 Entrypoint = [ "/bin/bash" ];
45 Cmd = [ ];
46 Env = [ ];
47 ExposedPorts = { };
48 WorkingDir = "/";
49 Volumes = {
50 "/data" = { };
51 };
52 };
53 };
54
55 mailcow =
56 let
57 dockerComposeOverrideYaml =
58 pkgs.writeTextDir "docker-compose.override.yml" ''
59 services:
60 mysql-mailcow:
61 image: alpine/socat:1.0.3
62 command:
63 - UNIX-LISTEN:/var/run/mysqld/mysqld.sock,reuseaddr,fork,unlink-early,mode=0777
64 - TCP-CONNECT:mysql.system.svc.cluster.local.:3306
65 volumes:
66 - mysql-socket-vol-1:/var/run/mysqld/:Z
67 restart: always
68
69 volumes:
70 vmail-vol-1: {driver: local, driver_opts: {o: bind, type: none, device: "/vol/vmail"}}
71 vmail-index-vol-1: {driver: local, driver_opts: {o: bind, type: none, device: "/vol/vmail-index"}}
72 mysql-vol-1: {driver: local, driver_opts: {o: bind, type: none, device: "/run/mysql"}}
73 mysql-socket-vol-1: {driver: local, driver_opts: {o: bind, type: none, device: "/run/mysql-socket"}}
74 redis-vol-1: {driver: local, driver_opts: {o: bind, type: none, device: "/vol/redis-data"}}
75 rspamd-vol-1: {driver: local, driver_opts: {o: bind, type: none, device: "/vol/rspamd-data"}}
76 solr-vol-1: {driver: local, driver_opts: {o: bind, type: none, device: "/vol/solr-data"}}
77 postfix-vol-1: {driver: local, driver_opts: {o: bind, type: none, device: "/vol/postfix-data"}}
78 crypt-vol-1: {driver: local, driver_opts: {o: bind, type: none, device: "/vol/crypt-data"}}
79 sogo-web-vol-1: {driver: local, driver_opts: {o: bind, type: none, device: "/vol/sogo-web"}}
80 sogo-userdata-backup-vol-1: {driver: local, driver_opts: {o: bind, type: none, device: "/vol/sogo-userdata-backup"}}
81 '';
82
83 init =
84 pkgs.writeShellScriptBin "init" ''
85 set -xeuo pipefail
86
87 if ! [ -e /vol/docker-data/docker.ext4 ]; then
88 ${pkgs.busybox}/bin/dd if=/dev/zero of=/vol/docker-data/docker.ext4 bs=1G count=0 seek=30
89 ${pkgs.e2fsprogs}/bin/mkfs.ext4 /vol/docker-data/docker.ext4
90 fi
91 ${pkgs.e2fsprogs}/bin/e2fsck -y /vol/docker-data/docker.ext4
92 ${pkgs.busybox}/bin/mkdir -p /var/lib/docker
93 ${pkgs.busybox}/bin/mount -o loop,rw /vol/docker-data/docker.ext4 /var/lib/docker
94
95 ${pkgs.docker}/bin/dockerd --storage-driver=overlay2 &
96 sleep 10s
97
98 ${pkgs.docker}/bin/docker kill $(${pkgs.docker}/bin/docker ps -a -q) || :
99 ${pkgs.docker}/bin/docker system prune --volumes --force || :
100
101 ${pkgs.busybox}/bin/mkdir -p /tmp /run/{mysql,mysql-socket}
102 exec ${pkgs.docker-compose}/bin/docker-compose --env-file /mailcow-dockerized/mailcow.conf -f /mailcow-dockerized/docker-compose.yml -f ${dockerComposeOverrideYaml}/docker-compose.override.yml up --remove-orphans
103 '';
104
105 src = ./mailcow/src;
106
107 extraDeps = with pkgs; [
108 # for Docker
109 cacert
110
111 # for update.sh
112 bash
113 coreutils
114 curl
115 docker
116 docker-compose
117 findutils
118 gawk
119 gitMinimal
120 ];
121
122 maintenanceDeps = with pkgs; [
123 bash
124 busybox
125 coreutils
126 findutils
127 pxattr
128 strace
129 ];
130 in
131 img {
132 name = "docker.benkard.de/mulk/mailcow";
133 tag = "latest";
134 maxLayers = 125;
135 contents = extraDeps ++ maintenanceDeps;
136 extraCommands =
137 ''
138 #!${pkgs.runtimeShell}
139
140 install -dm755 vol/{crypt-data,postfix-data,redis-data,rspamd-data,sogo-web,sogo-userdata-backup,solr-data,vmail,vmail-index,web-data}
141
142 cp -a ${src}/* .
143 '';
144 config = {
145 Entrypoint = [ "${init}/bin/init" ];
146 Cmd = [ ];
147 Workdir = "/mailcow-dockerized";
148 Volumes = {
149 "/mailcow-dockerized/data/conf" = { };
150 "/mailcow-dockerized/data/assets/ssl" = { };
151 "/vol/crypt-data" = { };
152 "/vol/docker-data" = { };
153 "/vol/postfix-data" = { };
154 "/vol/redis-data" = { };
155 "/vol/rspamd-data" = { };
156 "/vol/sogo-web" = { };
157 "/vol/sogo-userdata-backup" = { };
158 "/vol/solr-data" = { };
159 "/vol/vmail" = { };
160 "/vol/vmail-index" = { };
161 "/vol/web-data" = { };
162 };
163 };
164 };
165
166 nextcloud = img {
167 name = "docker.benkard.de/mulk/nextcloud";
168 contents =
169 let
170 baseDependencies = with pkgs; [
171 # Service dependencies.
172 apacheHttpd
173 apacheHttpdPackages.php
174
175 # Optional dependencies.
176 ffmpeg
177
178 # Maintenance and manual upgrades.
179 bash
180 coreutils
181 php
182 unzip
183 ];
184
185 phpModules = with pkgs.php74Extensions; [
186 # Required dependencies.
187 ctype
188 curl
189 dom
190 gd
191 iconv
192 json
193 mbstring
194 openssl
195 pdo_pgsql
196 posix
197 session
198 simplexml
199 xml
200 xmlreader
201 xmlwriter
202 zip
203 zlib
204
205 # Recommended dependencies.
206 bz2
207 intl
208 fileinfo
209
210 # Optional dependencies.
211 apcu
212 bcmath
213 ftp
214 gmp
215 imagick
216 memcached
217 pcntl
218 redis
219 #smbclient
220 ];
221 in
222 baseDependencies ++ phpModules;
223 config = {
224 WorkingDir = "/var/www/html";
225 Volumes = {
226 "/var/www/html" = { };
227 };
228 };
229 };
230
231 webcron = img {
232 name = "docker.benkard.de/mulk/webcron";
233 contents =
234 with pkgs; [
235 # Entry points.
236 curl
237 ];
238 config = {
239 Entrypoint = [ "curl" "-fsS" ];
240 Cmd = [ ];
241 Volumes = { };
242 };
243 };
244
245 samba =
246 let
247 runner =
248 pkgs.stdenv.mkDerivation {
249 name = "mulk-samba-runner";
250 buildInputs = with pkgs; [ bash ];
251 src = ./samba;
252 builder = builtins.toFile "builder.sh" ''
253 source $stdenv/setup
254 set -euo pipefail
255 set -x
256
257 install -Dm755 $src/init $out/init
258
259 for svc in avahi dbus nmbd smbd; do
260 install -Dm755 $src/service/$svc/run $out/service/$svc/run
261 done
262
263 set +x
264 '';
265 };
266
267 in
268 img {
269 name = "docker.benkard.de/mulk/samba";
270 contents = with pkgs; [
271 # Services.
272 avahi
273 dbus
274 #samba4Full
275 (samba.override { enableMDNS = true; enableProfiling = false; enableRegedit = false; })
276
277 # Control.
278 execline
279 gnused
280 runner
281 s6
282
283 # Maintenance.
284 busybox
285 ];
286 extraCommands =
287 let
288 dbusSystemConf =
289 builtins.toFile "dbus-1-system.conf" ''
290 <!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
291 "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
292 <busconfig>
293 <type>system</type>
294 <auth>ANONYMOUS</auth>
295 <!-- <auth>EXTERNAL</auth> -->
296 <allow_anonymous/>
297 <listen>unix:path=/run/dbus/system_bus_socket</listen>
298 <standard_system_servicedirs/>
299
300 <policy context="default">
301 <allow user="*"/>
302
303 <deny own="*"/>
304 <deny send_type="method_call"/>
305
306 <allow send_type="signal"/>
307 <allow send_requested_reply="true" send_type="method_return"/>
308 <allow send_requested_reply="true" send_type="error"/>
309
310 <allow receive_type="method_call"/>
311 <allow receive_type="method_return"/>
312 <allow receive_type="error"/>
313 <allow receive_type="signal"/>
314
315 <allow send_destination="org.freedesktop.DBus"
316 send_interface="org.freedesktop.DBus" />
317 <allow send_destination="org.freedesktop.DBus"
318 send_interface="org.freedesktop.DBus.Introspectable"/>
319 <allow send_destination="org.freedesktop.DBus"
320 send_interface="org.freedesktop.DBus.Properties"/>
321
322 <deny send_destination="org.freedesktop.DBus"
323 send_interface="org.freedesktop.DBus"
324 send_member="UpdateActivationEnvironment"/>
325 <deny send_destination="org.freedesktop.DBus"
326 send_interface="org.freedesktop.DBus.Debug.Stats"/>
327 <deny send_destination="org.freedesktop.DBus"
328 send_interface="org.freedesktop.systemd1.Activator"/>
329 </policy>
330
331 <policy context="default">
332 <allow own="org.freedesktop.Avahi"/>
333 </policy>
334
335 <includedir>/share/dbus-1/system.d</includedir>
336 </busconfig>
337 '';
338
339 avahiDaemonConf =
340 builtins.toFile "avahi-daemon.conf" ''
341 [server]
342 use-ipv4=yes
343 use-ipv6=yes
344 enable-dbus=yes
345 ratelimit-interval-usec=1000000
346 ratelimit-burst=1000
347
348 [wide-area]
349 enable-wide-area=no
350
351 [publish]
352 add-service-cookie=no
353 publish-addresses=no
354 publish-hinfo=no
355 publish-workstation=no
356 publish-domain=no
357 publish-aaaa-on-ipv4=yes
358 publish-a-on-ipv6=no
359
360 [reflector]
361
362 [rlimits]
363 '';
364
365 group =
366 builtins.toFile "group" ''
367 dbus::997:
368 avahi::998:
369 '';
370
371 passwd =
372 builtins.toFile "passwd" ''
373 dbus::997:997::/tmp:/nonexistent
374 avahi::998:998::/tmp:/nonexistent
375 nobody::999:999::/tmp:/nonexistent
376 '';
377 in
378 ''
379 #!${pkgs.runtimeShell}
380
381 rm -rf -- etc/avahi/services/*
382
383 install -dm755 tmp run run/dbus var/run/samba var/log/samba var/lock/samba var/locks/samba var/lib/samba/private var/cache/samba
384
385 touch var/lib/samba/registry.tdb var/lib/samba/account_policy.tdb
386
387 install -Dm644 ${dbusSystemConf} etc/dbus-1/system.conf
388 install -Dm644 ${avahiDaemonConf} etc/avahi/avahi-daemon.conf
389 install -Dm644 ${group} etc/group
390 install -Dm644 ${passwd} etc/passwd
391 '';
392 config = {
393 Entrypoint = [ "/init" ];
394 Cmd = [ ];
395 Volumes = {
396 "/vol/shares" = { };
397 };
398 };
399 };
400
401 # nano = img {
402 # name = "docker.benkard.de/mulk/nano";
403 # tag = "latest";
404 # contents = [
405 # pkgs.nano
406 # ];
407 # };
408 #
409 # vim = img {
410 # name = "docker.benkard.de/mulk/vim";
411 # tag = "latest";
412 # contents = [
413 # pkgs.vim
414 # ];
415 # };
416
417}