blob: 137b4e8b32979afc367834622f9f3e13a1c3b77b [file] [log] [blame]
Matthias Andreas Benkardc55bfae2021-01-02 07:35:21 +01001{ system ? builtins.currentSystem }:
2let
3 pkgs = import <nixpkgs> { inherit system; };
4
5in
6let
7 img = spec: {
8 streamed = pkgs.dockerTools.streamLayeredImage spec;
9 layered = pkgs.dockerTools.buildLayeredImage spec;
10 image = pkgs.dockerTools.buildImage spec;
11 };
12
13in
14{
15
16 # ejabberd = pkgs.dockerTools.buildImage {
17 # name = "docker.benkard.de/mulk/ejabberd";
18 # tag = "latest";
19 # contents = [
20 # pkgs.ejabberd
21 # pkgs.bash
22 # pkgs.nano
23 # ];
24 # config = {
25 # Env = [ ];
26 # ExposedPorts = { };
27 # WorkingDir = "/";
28 # Volumes = {
29 # "/data" = { };
30 # };
31 # };
32 # };
33
34 prosody = img {
35 name = "docker.benkard.de/mulk/prosody";
36 #tag = "latest";
37 contents = with pkgs; [
38 prosody
39 bash
40 coreutils
41 nano
42 ];
43 config = {
44 Entrypoint = [ "/bin/bash" ];
45 Cmd = [ ];
46 Env = [ ];
47 ExposedPorts = { };
48 WorkingDir = "/";
49 Volumes = {
50 "/data" = { };
51 };
52 };
53 };
54
Matthias Andreas Benkardad50c362021-01-02 12:36:02 +010055 mailcow = pkgs.callPackage ./mailcow/default.nix { };
Matthias Andreas Benkardc55bfae2021-01-02 07:35:21 +010056
Matthias Andreas Benkardc058c562023-01-08 19:04:34 +010057 gitlab-runner = pkgs.callPackage ./gitlab-system/gitlab-runner/default.nix { };
58
Matthias Andreas Benkardc55bfae2021-01-02 07:35:21 +010059 nextcloud = img {
60 name = "docker.benkard.de/mulk/nextcloud";
61 contents =
62 let
63 baseDependencies = with pkgs; [
64 # Service dependencies.
65 apacheHttpd
66 apacheHttpdPackages.php
67
68 # Optional dependencies.
69 ffmpeg
70
71 # Maintenance and manual upgrades.
72 bash
73 coreutils
74 php
75 unzip
76 ];
77
78 phpModules = with pkgs.php74Extensions; [
79 # Required dependencies.
80 ctype
81 curl
82 dom
83 gd
84 iconv
85 json
86 mbstring
87 openssl
88 pdo_pgsql
89 posix
90 session
91 simplexml
92 xml
93 xmlreader
94 xmlwriter
95 zip
96 zlib
97
98 # Recommended dependencies.
99 bz2
100 intl
101 fileinfo
102
103 # Optional dependencies.
104 apcu
105 bcmath
106 ftp
107 gmp
108 imagick
109 memcached
110 pcntl
111 redis
112 #smbclient
113 ];
114 in
115 baseDependencies ++ phpModules;
116 config = {
117 WorkingDir = "/var/www/html";
118 Volumes = {
119 "/var/www/html" = { };
120 };
121 };
122 };
123
124 webcron = img {
125 name = "docker.benkard.de/mulk/webcron";
126 contents =
127 with pkgs; [
128 # Entry points.
129 curl
130 ];
131 config = {
132 Entrypoint = [ "curl" "-fsS" ];
133 Cmd = [ ];
134 Volumes = { };
135 };
136 };
137
138 samba =
139 let
140 runner =
141 pkgs.stdenv.mkDerivation {
142 name = "mulk-samba-runner";
143 buildInputs = with pkgs; [ bash ];
144 src = ./samba;
145 builder = builtins.toFile "builder.sh" ''
146 source $stdenv/setup
147 set -euo pipefail
148 set -x
149
150 install -Dm755 $src/init $out/init
151
Matthias Andreas Benkard12397aa2021-08-17 21:02:00 +0200152 for svc in avahi dbus nmbd smbd sshd; do
Matthias Andreas Benkardc55bfae2021-01-02 07:35:21 +0100153 install -Dm755 $src/service/$svc/run $out/service/$svc/run
154 done
155
156 set +x
157 '';
158 };
159
160 in
161 img {
162 name = "docker.benkard.de/mulk/samba";
163 contents = with pkgs; [
164 # Services.
165 avahi
Matthias Andreas Benkard40d598d2021-08-17 21:13:57 +0200166 (callPackage ./samba/bupstash.nix { })
Matthias Andreas Benkardc55bfae2021-01-02 07:35:21 +0100167 dbus
Matthias Andreas Benkard12397aa2021-08-17 21:02:00 +0200168 openssh
Matthias Andreas Benkardc55bfae2021-01-02 07:35:21 +0100169 #samba4Full
170 (samba.override { enableMDNS = true; enableProfiling = false; enableRegedit = false; })
Matthias Andreas Benkard12397aa2021-08-17 21:02:00 +0200171 scponly
Matthias Andreas Benkardc55bfae2021-01-02 07:35:21 +0100172
173 # Control.
174 execline
175 gnused
176 runner
177 s6
178
179 # Maintenance.
180 busybox
181 ];
182 extraCommands =
183 let
184 dbusSystemConf =
185 builtins.toFile "dbus-1-system.conf" ''
186 <!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
187 "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
188 <busconfig>
189 <type>system</type>
190 <auth>ANONYMOUS</auth>
191 <!-- <auth>EXTERNAL</auth> -->
192 <allow_anonymous/>
193 <listen>unix:path=/run/dbus/system_bus_socket</listen>
194 <standard_system_servicedirs/>
195
196 <policy context="default">
197 <allow user="*"/>
198
199 <deny own="*"/>
200 <deny send_type="method_call"/>
201
202 <allow send_type="signal"/>
203 <allow send_requested_reply="true" send_type="method_return"/>
204 <allow send_requested_reply="true" send_type="error"/>
205
206 <allow receive_type="method_call"/>
207 <allow receive_type="method_return"/>
208 <allow receive_type="error"/>
209 <allow receive_type="signal"/>
210
211 <allow send_destination="org.freedesktop.DBus"
212 send_interface="org.freedesktop.DBus" />
213 <allow send_destination="org.freedesktop.DBus"
214 send_interface="org.freedesktop.DBus.Introspectable"/>
215 <allow send_destination="org.freedesktop.DBus"
216 send_interface="org.freedesktop.DBus.Properties"/>
217
218 <deny send_destination="org.freedesktop.DBus"
219 send_interface="org.freedesktop.DBus"
220 send_member="UpdateActivationEnvironment"/>
221 <deny send_destination="org.freedesktop.DBus"
222 send_interface="org.freedesktop.DBus.Debug.Stats"/>
223 <deny send_destination="org.freedesktop.DBus"
224 send_interface="org.freedesktop.systemd1.Activator"/>
225 </policy>
226
227 <policy context="default">
228 <allow own="org.freedesktop.Avahi"/>
229 </policy>
230
231 <includedir>/share/dbus-1/system.d</includedir>
232 </busconfig>
233 '';
234
235 avahiDaemonConf =
236 builtins.toFile "avahi-daemon.conf" ''
237 [server]
238 use-ipv4=yes
239 use-ipv6=yes
240 enable-dbus=yes
241 ratelimit-interval-usec=1000000
242 ratelimit-burst=1000
243
244 [wide-area]
245 enable-wide-area=no
246
247 [publish]
248 add-service-cookie=no
249 publish-addresses=no
250 publish-hinfo=no
251 publish-workstation=no
252 publish-domain=no
253 publish-aaaa-on-ipv4=yes
254 publish-a-on-ipv6=no
255
256 [reflector]
257
258 [rlimits]
259 '';
260
261 group =
262 builtins.toFile "group" ''
Matthias Andreas Benkard12397aa2021-08-17 21:02:00 +0200263 root::0:
264 sshd::996:
Matthias Andreas Benkardc55bfae2021-01-02 07:35:21 +0100265 dbus::997:
266 avahi::998:
267 '';
268
269 passwd =
270 builtins.toFile "passwd" ''
Matthias Andreas Benkard12397aa2021-08-17 21:02:00 +0200271 root::0:0::/tmp:/nonexistent
272 sshd::996:996::/tmp:/nonexistent
Matthias Andreas Benkardc55bfae2021-01-02 07:35:21 +0100273 dbus::997:997::/tmp:/nonexistent
274 avahi::998:998::/tmp:/nonexistent
275 nobody::999:999::/tmp:/nonexistent
276 '';
277 in
278 ''
279 #!${pkgs.runtimeShell}
280
281 rm -rf -- etc/avahi/services/*
282
283 install -dm755 tmp run run/dbus var/run/samba var/log/samba var/lock/samba var/locks/samba var/lib/samba/private var/cache/samba
284
285 touch var/lib/samba/registry.tdb var/lib/samba/account_policy.tdb
286
287 install -Dm644 ${dbusSystemConf} etc/dbus-1/system.conf
288 install -Dm644 ${avahiDaemonConf} etc/avahi/avahi-daemon.conf
289 install -Dm644 ${group} etc/group
290 install -Dm644 ${passwd} etc/passwd
291 '';
292 config = {
293 Entrypoint = [ "/init" ];
294 Cmd = [ ];
295 Volumes = {
296 "/vol/shares" = { };
297 };
298 };
299 };
300
301 # nano = img {
302 # name = "docker.benkard.de/mulk/nano";
303 # tag = "latest";
304 # contents = [
305 # pkgs.nano
306 # ];
307 # };
308 #
309 # vim = img {
310 # name = "docker.benkard.de/mulk/vim";
311 # tag = "latest";
312 # contents = [
313 # pkgs.vim
314 # ];
315 # };
316
317}