blob: 8db4d03c7021b26f617c4816e856f2e26ef4d072 [file] [log] [blame]
Matthias Andreas Benkardc55bfae2021-01-02 07:35:21 +01001{ system ? builtins.currentSystem }:
2let
3 pkgs = import <nixpkgs> { inherit system; };
4
5in
6let
7 img = spec: {
8 streamed = pkgs.dockerTools.streamLayeredImage spec;
9 layered = pkgs.dockerTools.buildLayeredImage spec;
10 image = pkgs.dockerTools.buildImage spec;
11 };
12
13in
14{
15
16 # ejabberd = pkgs.dockerTools.buildImage {
17 # name = "docker.benkard.de/mulk/ejabberd";
18 # tag = "latest";
19 # contents = [
20 # pkgs.ejabberd
21 # pkgs.bash
22 # pkgs.nano
23 # ];
24 # config = {
25 # Env = [ ];
26 # ExposedPorts = { };
27 # WorkingDir = "/";
28 # Volumes = {
29 # "/data" = { };
30 # };
31 # };
32 # };
33
34 prosody = img {
35 name = "docker.benkard.de/mulk/prosody";
36 #tag = "latest";
37 contents = with pkgs; [
38 prosody
39 bash
40 coreutils
41 nano
42 ];
43 config = {
44 Entrypoint = [ "/bin/bash" ];
45 Cmd = [ ];
46 Env = [ ];
47 ExposedPorts = { };
48 WorkingDir = "/";
49 Volumes = {
50 "/data" = { };
51 };
52 };
53 };
54
Matthias Andreas Benkardad50c362021-01-02 12:36:02 +010055 mailcow = pkgs.callPackage ./mailcow/default.nix { };
Matthias Andreas Benkardc55bfae2021-01-02 07:35:21 +010056
57 nextcloud = img {
58 name = "docker.benkard.de/mulk/nextcloud";
59 contents =
60 let
61 baseDependencies = with pkgs; [
62 # Service dependencies.
63 apacheHttpd
64 apacheHttpdPackages.php
65
66 # Optional dependencies.
67 ffmpeg
68
69 # Maintenance and manual upgrades.
70 bash
71 coreutils
72 php
73 unzip
74 ];
75
76 phpModules = with pkgs.php74Extensions; [
77 # Required dependencies.
78 ctype
79 curl
80 dom
81 gd
82 iconv
83 json
84 mbstring
85 openssl
86 pdo_pgsql
87 posix
88 session
89 simplexml
90 xml
91 xmlreader
92 xmlwriter
93 zip
94 zlib
95
96 # Recommended dependencies.
97 bz2
98 intl
99 fileinfo
100
101 # Optional dependencies.
102 apcu
103 bcmath
104 ftp
105 gmp
106 imagick
107 memcached
108 pcntl
109 redis
110 #smbclient
111 ];
112 in
113 baseDependencies ++ phpModules;
114 config = {
115 WorkingDir = "/var/www/html";
116 Volumes = {
117 "/var/www/html" = { };
118 };
119 };
120 };
121
122 webcron = img {
123 name = "docker.benkard.de/mulk/webcron";
124 contents =
125 with pkgs; [
126 # Entry points.
127 curl
128 ];
129 config = {
130 Entrypoint = [ "curl" "-fsS" ];
131 Cmd = [ ];
132 Volumes = { };
133 };
134 };
135
136 samba =
137 let
138 runner =
139 pkgs.stdenv.mkDerivation {
140 name = "mulk-samba-runner";
141 buildInputs = with pkgs; [ bash ];
142 src = ./samba;
143 builder = builtins.toFile "builder.sh" ''
144 source $stdenv/setup
145 set -euo pipefail
146 set -x
147
148 install -Dm755 $src/init $out/init
149
Matthias Andreas Benkard12397aa2021-08-17 21:02:00 +0200150 for svc in avahi dbus nmbd smbd sshd; do
Matthias Andreas Benkardc55bfae2021-01-02 07:35:21 +0100151 install -Dm755 $src/service/$svc/run $out/service/$svc/run
152 done
153
154 set +x
155 '';
156 };
157
158 in
159 img {
160 name = "docker.benkard.de/mulk/samba";
161 contents = with pkgs; [
162 # Services.
163 avahi
Matthias Andreas Benkard12397aa2021-08-17 21:02:00 +0200164 bupstash
Matthias Andreas Benkardc55bfae2021-01-02 07:35:21 +0100165 dbus
Matthias Andreas Benkard12397aa2021-08-17 21:02:00 +0200166 openssh
Matthias Andreas Benkardc55bfae2021-01-02 07:35:21 +0100167 #samba4Full
168 (samba.override { enableMDNS = true; enableProfiling = false; enableRegedit = false; })
Matthias Andreas Benkard12397aa2021-08-17 21:02:00 +0200169 scponly
Matthias Andreas Benkardc55bfae2021-01-02 07:35:21 +0100170
171 # Control.
172 execline
173 gnused
174 runner
175 s6
176
177 # Maintenance.
178 busybox
179 ];
180 extraCommands =
181 let
182 dbusSystemConf =
183 builtins.toFile "dbus-1-system.conf" ''
184 <!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
185 "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
186 <busconfig>
187 <type>system</type>
188 <auth>ANONYMOUS</auth>
189 <!-- <auth>EXTERNAL</auth> -->
190 <allow_anonymous/>
191 <listen>unix:path=/run/dbus/system_bus_socket</listen>
192 <standard_system_servicedirs/>
193
194 <policy context="default">
195 <allow user="*"/>
196
197 <deny own="*"/>
198 <deny send_type="method_call"/>
199
200 <allow send_type="signal"/>
201 <allow send_requested_reply="true" send_type="method_return"/>
202 <allow send_requested_reply="true" send_type="error"/>
203
204 <allow receive_type="method_call"/>
205 <allow receive_type="method_return"/>
206 <allow receive_type="error"/>
207 <allow receive_type="signal"/>
208
209 <allow send_destination="org.freedesktop.DBus"
210 send_interface="org.freedesktop.DBus" />
211 <allow send_destination="org.freedesktop.DBus"
212 send_interface="org.freedesktop.DBus.Introspectable"/>
213 <allow send_destination="org.freedesktop.DBus"
214 send_interface="org.freedesktop.DBus.Properties"/>
215
216 <deny send_destination="org.freedesktop.DBus"
217 send_interface="org.freedesktop.DBus"
218 send_member="UpdateActivationEnvironment"/>
219 <deny send_destination="org.freedesktop.DBus"
220 send_interface="org.freedesktop.DBus.Debug.Stats"/>
221 <deny send_destination="org.freedesktop.DBus"
222 send_interface="org.freedesktop.systemd1.Activator"/>
223 </policy>
224
225 <policy context="default">
226 <allow own="org.freedesktop.Avahi"/>
227 </policy>
228
229 <includedir>/share/dbus-1/system.d</includedir>
230 </busconfig>
231 '';
232
233 avahiDaemonConf =
234 builtins.toFile "avahi-daemon.conf" ''
235 [server]
236 use-ipv4=yes
237 use-ipv6=yes
238 enable-dbus=yes
239 ratelimit-interval-usec=1000000
240 ratelimit-burst=1000
241
242 [wide-area]
243 enable-wide-area=no
244
245 [publish]
246 add-service-cookie=no
247 publish-addresses=no
248 publish-hinfo=no
249 publish-workstation=no
250 publish-domain=no
251 publish-aaaa-on-ipv4=yes
252 publish-a-on-ipv6=no
253
254 [reflector]
255
256 [rlimits]
257 '';
258
259 group =
260 builtins.toFile "group" ''
Matthias Andreas Benkard12397aa2021-08-17 21:02:00 +0200261 root::0:
262 sshd::996:
Matthias Andreas Benkardc55bfae2021-01-02 07:35:21 +0100263 dbus::997:
264 avahi::998:
265 '';
266
267 passwd =
268 builtins.toFile "passwd" ''
Matthias Andreas Benkard12397aa2021-08-17 21:02:00 +0200269 root::0:0::/tmp:/nonexistent
270 sshd::996:996::/tmp:/nonexistent
Matthias Andreas Benkardc55bfae2021-01-02 07:35:21 +0100271 dbus::997:997::/tmp:/nonexistent
272 avahi::998:998::/tmp:/nonexistent
273 nobody::999:999::/tmp:/nonexistent
274 '';
275 in
276 ''
277 #!${pkgs.runtimeShell}
278
279 rm -rf -- etc/avahi/services/*
280
281 install -dm755 tmp run run/dbus var/run/samba var/log/samba var/lock/samba var/locks/samba var/lib/samba/private var/cache/samba
282
283 touch var/lib/samba/registry.tdb var/lib/samba/account_policy.tdb
284
285 install -Dm644 ${dbusSystemConf} etc/dbus-1/system.conf
286 install -Dm644 ${avahiDaemonConf} etc/avahi/avahi-daemon.conf
287 install -Dm644 ${group} etc/group
288 install -Dm644 ${passwd} etc/passwd
289 '';
290 config = {
291 Entrypoint = [ "/init" ];
292 Cmd = [ ];
293 Volumes = {
294 "/vol/shares" = { };
295 };
296 };
297 };
298
299 # nano = img {
300 # name = "docker.benkard.de/mulk/nano";
301 # tag = "latest";
302 # contents = [
303 # pkgs.nano
304 # ];
305 # };
306 #
307 # vim = img {
308 # name = "docker.benkard.de/mulk/vim";
309 # tag = "latest";
310 # contents = [
311 # pkgs.vim
312 # ];
313 # };
314
315}