Matthias Andreas Benkard | c55bfae | 2021-01-02 07:35:21 +0100 | [diff] [blame] | 1 | { system ? builtins.currentSystem }: |
| 2 | let |
| 3 | pkgs = import <nixpkgs> { inherit system; }; |
| 4 | |
| 5 | in |
| 6 | let |
| 7 | img = spec: { |
| 8 | streamed = pkgs.dockerTools.streamLayeredImage spec; |
| 9 | layered = pkgs.dockerTools.buildLayeredImage spec; |
| 10 | image = pkgs.dockerTools.buildImage spec; |
| 11 | }; |
| 12 | |
| 13 | in |
| 14 | { |
| 15 | |
| 16 | # ejabberd = pkgs.dockerTools.buildImage { |
| 17 | # name = "docker.benkard.de/mulk/ejabberd"; |
| 18 | # tag = "latest"; |
| 19 | # contents = [ |
| 20 | # pkgs.ejabberd |
| 21 | # pkgs.bash |
| 22 | # pkgs.nano |
| 23 | # ]; |
| 24 | # config = { |
| 25 | # Env = [ ]; |
| 26 | # ExposedPorts = { }; |
| 27 | # WorkingDir = "/"; |
| 28 | # Volumes = { |
| 29 | # "/data" = { }; |
| 30 | # }; |
| 31 | # }; |
| 32 | # }; |
| 33 | |
| 34 | prosody = img { |
| 35 | name = "docker.benkard.de/mulk/prosody"; |
| 36 | #tag = "latest"; |
| 37 | contents = with pkgs; [ |
| 38 | prosody |
| 39 | bash |
| 40 | coreutils |
| 41 | nano |
| 42 | ]; |
| 43 | config = { |
| 44 | Entrypoint = [ "/bin/bash" ]; |
| 45 | Cmd = [ ]; |
| 46 | Env = [ ]; |
| 47 | ExposedPorts = { }; |
| 48 | WorkingDir = "/"; |
| 49 | Volumes = { |
| 50 | "/data" = { }; |
| 51 | }; |
| 52 | }; |
| 53 | }; |
| 54 | |
Matthias Andreas Benkard | ad50c36 | 2021-01-02 12:36:02 +0100 | [diff] [blame] | 55 | mailcow = pkgs.callPackage ./mailcow/default.nix { }; |
Matthias Andreas Benkard | c55bfae | 2021-01-02 07:35:21 +0100 | [diff] [blame] | 56 | |
Matthias Andreas Benkard | c058c56 | 2023-01-08 19:04:34 +0100 | [diff] [blame] | 57 | gitlab-runner = pkgs.callPackage ./gitlab-system/gitlab-runner/default.nix { }; |
| 58 | |
Matthias Andreas Benkard | c55bfae | 2021-01-02 07:35:21 +0100 | [diff] [blame] | 59 | nextcloud = img { |
| 60 | name = "docker.benkard.de/mulk/nextcloud"; |
| 61 | contents = |
| 62 | let |
| 63 | baseDependencies = with pkgs; [ |
| 64 | # Service dependencies. |
| 65 | apacheHttpd |
| 66 | apacheHttpdPackages.php |
| 67 | |
| 68 | # Optional dependencies. |
| 69 | ffmpeg |
| 70 | |
| 71 | # Maintenance and manual upgrades. |
| 72 | bash |
| 73 | coreutils |
| 74 | php |
| 75 | unzip |
| 76 | ]; |
| 77 | |
| 78 | phpModules = with pkgs.php74Extensions; [ |
| 79 | # Required dependencies. |
| 80 | ctype |
| 81 | curl |
| 82 | dom |
| 83 | gd |
| 84 | iconv |
| 85 | json |
| 86 | mbstring |
| 87 | openssl |
| 88 | pdo_pgsql |
| 89 | posix |
| 90 | session |
| 91 | simplexml |
| 92 | xml |
| 93 | xmlreader |
| 94 | xmlwriter |
| 95 | zip |
| 96 | zlib |
| 97 | |
| 98 | # Recommended dependencies. |
| 99 | bz2 |
| 100 | intl |
| 101 | fileinfo |
| 102 | |
| 103 | # Optional dependencies. |
| 104 | apcu |
| 105 | bcmath |
| 106 | ftp |
| 107 | gmp |
| 108 | imagick |
| 109 | memcached |
| 110 | pcntl |
| 111 | redis |
| 112 | #smbclient |
| 113 | ]; |
| 114 | in |
| 115 | baseDependencies ++ phpModules; |
| 116 | config = { |
| 117 | WorkingDir = "/var/www/html"; |
| 118 | Volumes = { |
| 119 | "/var/www/html" = { }; |
| 120 | }; |
| 121 | }; |
| 122 | }; |
| 123 | |
| 124 | webcron = img { |
| 125 | name = "docker.benkard.de/mulk/webcron"; |
| 126 | contents = |
| 127 | with pkgs; [ |
| 128 | # Entry points. |
| 129 | curl |
| 130 | ]; |
| 131 | config = { |
| 132 | Entrypoint = [ "curl" "-fsS" ]; |
| 133 | Cmd = [ ]; |
| 134 | Volumes = { }; |
| 135 | }; |
| 136 | }; |
| 137 | |
| 138 | samba = |
| 139 | let |
| 140 | runner = |
| 141 | pkgs.stdenv.mkDerivation { |
| 142 | name = "mulk-samba-runner"; |
| 143 | buildInputs = with pkgs; [ bash ]; |
| 144 | src = ./samba; |
| 145 | builder = builtins.toFile "builder.sh" '' |
| 146 | source $stdenv/setup |
| 147 | set -euo pipefail |
| 148 | set -x |
| 149 | |
| 150 | install -Dm755 $src/init $out/init |
| 151 | |
Matthias Andreas Benkard | 12397aa | 2021-08-17 21:02:00 +0200 | [diff] [blame] | 152 | for svc in avahi dbus nmbd smbd sshd; do |
Matthias Andreas Benkard | c55bfae | 2021-01-02 07:35:21 +0100 | [diff] [blame] | 153 | install -Dm755 $src/service/$svc/run $out/service/$svc/run |
| 154 | done |
| 155 | |
| 156 | set +x |
| 157 | ''; |
| 158 | }; |
| 159 | |
| 160 | in |
| 161 | img { |
| 162 | name = "docker.benkard.de/mulk/samba"; |
| 163 | contents = with pkgs; [ |
| 164 | # Services. |
| 165 | avahi |
Matthias Andreas Benkard | 40d598d | 2021-08-17 21:13:57 +0200 | [diff] [blame] | 166 | (callPackage ./samba/bupstash.nix { }) |
Matthias Andreas Benkard | c55bfae | 2021-01-02 07:35:21 +0100 | [diff] [blame] | 167 | dbus |
Matthias Andreas Benkard | 12397aa | 2021-08-17 21:02:00 +0200 | [diff] [blame] | 168 | openssh |
Matthias Andreas Benkard | c55bfae | 2021-01-02 07:35:21 +0100 | [diff] [blame] | 169 | #samba4Full |
| 170 | (samba.override { enableMDNS = true; enableProfiling = false; enableRegedit = false; }) |
Matthias Andreas Benkard | 12397aa | 2021-08-17 21:02:00 +0200 | [diff] [blame] | 171 | scponly |
Matthias Andreas Benkard | c55bfae | 2021-01-02 07:35:21 +0100 | [diff] [blame] | 172 | |
| 173 | # Control. |
| 174 | execline |
| 175 | gnused |
| 176 | runner |
| 177 | s6 |
| 178 | |
| 179 | # Maintenance. |
| 180 | busybox |
| 181 | ]; |
| 182 | extraCommands = |
| 183 | let |
| 184 | dbusSystemConf = |
| 185 | builtins.toFile "dbus-1-system.conf" '' |
| 186 | <!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN" |
| 187 | "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> |
| 188 | <busconfig> |
| 189 | <type>system</type> |
| 190 | <auth>ANONYMOUS</auth> |
| 191 | <!-- <auth>EXTERNAL</auth> --> |
| 192 | <allow_anonymous/> |
| 193 | <listen>unix:path=/run/dbus/system_bus_socket</listen> |
| 194 | <standard_system_servicedirs/> |
| 195 | |
| 196 | <policy context="default"> |
| 197 | <allow user="*"/> |
| 198 | |
| 199 | <deny own="*"/> |
| 200 | <deny send_type="method_call"/> |
| 201 | |
| 202 | <allow send_type="signal"/> |
| 203 | <allow send_requested_reply="true" send_type="method_return"/> |
| 204 | <allow send_requested_reply="true" send_type="error"/> |
| 205 | |
| 206 | <allow receive_type="method_call"/> |
| 207 | <allow receive_type="method_return"/> |
| 208 | <allow receive_type="error"/> |
| 209 | <allow receive_type="signal"/> |
| 210 | |
| 211 | <allow send_destination="org.freedesktop.DBus" |
| 212 | send_interface="org.freedesktop.DBus" /> |
| 213 | <allow send_destination="org.freedesktop.DBus" |
| 214 | send_interface="org.freedesktop.DBus.Introspectable"/> |
| 215 | <allow send_destination="org.freedesktop.DBus" |
| 216 | send_interface="org.freedesktop.DBus.Properties"/> |
| 217 | |
| 218 | <deny send_destination="org.freedesktop.DBus" |
| 219 | send_interface="org.freedesktop.DBus" |
| 220 | send_member="UpdateActivationEnvironment"/> |
| 221 | <deny send_destination="org.freedesktop.DBus" |
| 222 | send_interface="org.freedesktop.DBus.Debug.Stats"/> |
| 223 | <deny send_destination="org.freedesktop.DBus" |
| 224 | send_interface="org.freedesktop.systemd1.Activator"/> |
| 225 | </policy> |
| 226 | |
| 227 | <policy context="default"> |
| 228 | <allow own="org.freedesktop.Avahi"/> |
| 229 | </policy> |
| 230 | |
| 231 | <includedir>/share/dbus-1/system.d</includedir> |
| 232 | </busconfig> |
| 233 | ''; |
| 234 | |
| 235 | avahiDaemonConf = |
| 236 | builtins.toFile "avahi-daemon.conf" '' |
| 237 | [server] |
| 238 | use-ipv4=yes |
| 239 | use-ipv6=yes |
| 240 | enable-dbus=yes |
| 241 | ratelimit-interval-usec=1000000 |
| 242 | ratelimit-burst=1000 |
| 243 | |
| 244 | [wide-area] |
| 245 | enable-wide-area=no |
| 246 | |
| 247 | [publish] |
| 248 | add-service-cookie=no |
| 249 | publish-addresses=no |
| 250 | publish-hinfo=no |
| 251 | publish-workstation=no |
| 252 | publish-domain=no |
| 253 | publish-aaaa-on-ipv4=yes |
| 254 | publish-a-on-ipv6=no |
| 255 | |
| 256 | [reflector] |
| 257 | |
| 258 | [rlimits] |
| 259 | ''; |
| 260 | |
| 261 | group = |
| 262 | builtins.toFile "group" '' |
Matthias Andreas Benkard | 12397aa | 2021-08-17 21:02:00 +0200 | [diff] [blame] | 263 | root::0: |
| 264 | sshd::996: |
Matthias Andreas Benkard | c55bfae | 2021-01-02 07:35:21 +0100 | [diff] [blame] | 265 | dbus::997: |
| 266 | avahi::998: |
| 267 | ''; |
| 268 | |
| 269 | passwd = |
| 270 | builtins.toFile "passwd" '' |
Matthias Andreas Benkard | 12397aa | 2021-08-17 21:02:00 +0200 | [diff] [blame] | 271 | root::0:0::/tmp:/nonexistent |
| 272 | sshd::996:996::/tmp:/nonexistent |
Matthias Andreas Benkard | c55bfae | 2021-01-02 07:35:21 +0100 | [diff] [blame] | 273 | dbus::997:997::/tmp:/nonexistent |
| 274 | avahi::998:998::/tmp:/nonexistent |
| 275 | nobody::999:999::/tmp:/nonexistent |
| 276 | ''; |
| 277 | in |
| 278 | '' |
| 279 | #!${pkgs.runtimeShell} |
| 280 | |
| 281 | rm -rf -- etc/avahi/services/* |
| 282 | |
| 283 | install -dm755 tmp run run/dbus var/run/samba var/log/samba var/lock/samba var/locks/samba var/lib/samba/private var/cache/samba |
| 284 | |
| 285 | touch var/lib/samba/registry.tdb var/lib/samba/account_policy.tdb |
| 286 | |
| 287 | install -Dm644 ${dbusSystemConf} etc/dbus-1/system.conf |
| 288 | install -Dm644 ${avahiDaemonConf} etc/avahi/avahi-daemon.conf |
| 289 | install -Dm644 ${group} etc/group |
| 290 | install -Dm644 ${passwd} etc/passwd |
| 291 | ''; |
| 292 | config = { |
| 293 | Entrypoint = [ "/init" ]; |
| 294 | Cmd = [ ]; |
| 295 | Volumes = { |
| 296 | "/vol/shares" = { }; |
| 297 | }; |
| 298 | }; |
| 299 | }; |
| 300 | |
| 301 | # nano = img { |
| 302 | # name = "docker.benkard.de/mulk/nano"; |
| 303 | # tag = "latest"; |
| 304 | # contents = [ |
| 305 | # pkgs.nano |
| 306 | # ]; |
| 307 | # }; |
| 308 | # |
| 309 | # vim = img { |
| 310 | # name = "docker.benkard.de/mulk/vim"; |
| 311 | # tag = "latest"; |
| 312 | # contents = [ |
| 313 | # pkgs.vim |
| 314 | # ]; |
| 315 | # }; |
| 316 | |
| 317 | } |