Blame - images.nix - kubeia

blob: dfa228d00c6a2d63bf64387bff409fc4ff45682e [file] [log] [blame]

Matthias Andreas Benkard	c55bfae	2021-01-02 07:35:21 +0100	[diff] [blame]	1	{ system ? builtins.currentSystem }:
				2	let
				3	pkgs = import <nixpkgs> { inherit system; };
				4
				5	in
				6	let
				7	img = spec: {
				8	streamed = pkgs.dockerTools.streamLayeredImage spec;
				9	layered = pkgs.dockerTools.buildLayeredImage spec;
				10	image = pkgs.dockerTools.buildImage spec;
				11	};
				12
				13	in
				14	{
				15
				16	# ejabberd = pkgs.dockerTools.buildImage {
				17	# name = "docker.benkard.de/mulk/ejabberd";
				18	# tag = "latest";
				19	# contents = [
				20	# pkgs.ejabberd
				21	# pkgs.bash
				22	# pkgs.nano
				23	# ];
				24	# config = {
				25	# Env = [ ];
				26	# ExposedPorts = { };
				27	# WorkingDir = "/";
				28	# Volumes = {
				29	# "/data" = { };
				30	# };
				31	# };
				32	# };
				33
				34	prosody = img {
				35	name = "docker.benkard.de/mulk/prosody";
				36	#tag = "latest";
				37	contents = with pkgs; [
				38	prosody
				39	bash
				40	coreutils
				41	nano
				42	];
				43	config = {
				44	Entrypoint = [ "/bin/bash" ];
				45	Cmd = [ ];
				46	Env = [ ];
				47	ExposedPorts = { };
				48	WorkingDir = "/";
				49	Volumes = {
				50	"/data" = { };
				51	};
				52	};
				53	};
				54
Matthias Andreas Benkard	ad50c36	2021-01-02 12:36:02 +0100	[diff] [blame]	55	mailcow = pkgs.callPackage ./mailcow/default.nix { };
Matthias Andreas Benkard	c55bfae	2021-01-02 07:35:21 +0100	[diff] [blame]	56
				57	nextcloud = img {
				58	name = "docker.benkard.de/mulk/nextcloud";
				59	contents =
				60	let
				61	baseDependencies = with pkgs; [
				62	# Service dependencies.
				63	apacheHttpd
				64	apacheHttpdPackages.php
				65
				66	# Optional dependencies.
				67	ffmpeg
				68
				69	# Maintenance and manual upgrades.
				70	bash
				71	coreutils
				72	php
				73	unzip
				74	];
				75
				76	phpModules = with pkgs.php74Extensions; [
				77	# Required dependencies.
				78	ctype
				79	curl
				80	dom
				81	gd
				82	iconv
				83	json
				84	mbstring
				85	openssl
				86	pdo_pgsql
				87	posix
				88	session
				89	simplexml
				90	xml
				91	xmlreader
				92	xmlwriter
				93	zip
				94	zlib
				95
				96	# Recommended dependencies.
				97	bz2
				98	intl
				99	fileinfo
				100
				101	# Optional dependencies.
				102	apcu
				103	bcmath
				104	ftp
				105	gmp
				106	imagick
				107	memcached
				108	pcntl
				109	redis
				110	#smbclient
				111	];
				112	in
				113	baseDependencies ++ phpModules;
				114	config = {
				115	WorkingDir = "/var/www/html";
				116	Volumes = {
				117	"/var/www/html" = { };
				118	};
				119	};
				120	};
				121
				122	webcron = img {
				123	name = "docker.benkard.de/mulk/webcron";
				124	contents =
				125	with pkgs; [
				126	# Entry points.
				127	curl
				128	];
				129	config = {
				130	Entrypoint = [ "curl" "-fsS" ];
				131	Cmd = [ ];
				132	Volumes = { };
				133	};
				134	};
				135
				136	samba =
				137	let
				138	runner =
				139	pkgs.stdenv.mkDerivation {
				140	name = "mulk-samba-runner";
				141	buildInputs = with pkgs; [ bash ];
				142	src = ./samba;
				143	builder = builtins.toFile "builder.sh" ''
				144	source $stdenv/setup
				145	set -euo pipefail
				146	set -x
				147
				148	install -Dm755 $src/init $out/init
				149
				150	for svc in avahi dbus nmbd smbd; do
				151	install -Dm755 $src/service/$svc/run $out/service/$svc/run
				152	done
				153
				154	set +x
				155	'';
				156	};
				157
				158	in
				159	img {
				160	name = "docker.benkard.de/mulk/samba";
				161	contents = with pkgs; [
				162	# Services.
				163	avahi
				164	dbus
				165	#samba4Full
				166	(samba.override { enableMDNS = true; enableProfiling = false; enableRegedit = false; })
				167
				168	# Control.
				169	execline
				170	gnused
				171	runner
				172	s6
				173
				174	# Maintenance.
				175	busybox
				176	];
				177	extraCommands =
				178	let
				179	dbusSystemConf =
				180	builtins.toFile "dbus-1-system.conf" ''
				181	<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
				182	"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
				183	<busconfig>
				184	<type>system</type>
				185	<auth>ANONYMOUS</auth>
				186	<!-- <auth>EXTERNAL</auth> -->
				187	<allow_anonymous/>
				188	<listen>unix:path=/run/dbus/system_bus_socket</listen>
				189	<standard_system_servicedirs/>
				190
				191	<policy context="default">
				192	<allow user="*"/>
				193
				194	<deny own="*"/>
				195	<deny send_type="method_call"/>
				196
				197	<allow send_type="signal"/>
				198	<allow send_requested_reply="true" send_type="method_return"/>
				199	<allow send_requested_reply="true" send_type="error"/>
				200
				201	<allow receive_type="method_call"/>
				202	<allow receive_type="method_return"/>
				203	<allow receive_type="error"/>
				204	<allow receive_type="signal"/>
				205
				206	<allow send_destination="org.freedesktop.DBus"
				207	send_interface="org.freedesktop.DBus" />
				208	<allow send_destination="org.freedesktop.DBus"
				209	send_interface="org.freedesktop.DBus.Introspectable"/>
				210	<allow send_destination="org.freedesktop.DBus"
				211	send_interface="org.freedesktop.DBus.Properties"/>
				212
				213	<deny send_destination="org.freedesktop.DBus"
				214	send_interface="org.freedesktop.DBus"
				215	send_member="UpdateActivationEnvironment"/>
				216	<deny send_destination="org.freedesktop.DBus"
				217	send_interface="org.freedesktop.DBus.Debug.Stats"/>
				218	<deny send_destination="org.freedesktop.DBus"
				219	send_interface="org.freedesktop.systemd1.Activator"/>
				220	</policy>
				221
				222	<policy context="default">
				223	<allow own="org.freedesktop.Avahi"/>
				224	</policy>
				225
				226	<includedir>/share/dbus-1/system.d</includedir>
				227	</busconfig>
				228	'';
				229
				230	avahiDaemonConf =
				231	builtins.toFile "avahi-daemon.conf" ''
				232	[server]
				233	use-ipv4=yes
				234	use-ipv6=yes
				235	enable-dbus=yes
				236	ratelimit-interval-usec=1000000
				237	ratelimit-burst=1000
				238
				239	[wide-area]
				240	enable-wide-area=no
				241
				242	[publish]
				243	add-service-cookie=no
				244	publish-addresses=no
				245	publish-hinfo=no
				246	publish-workstation=no
				247	publish-domain=no
				248	publish-aaaa-on-ipv4=yes
				249	publish-a-on-ipv6=no
				250
				251	[reflector]
				252
				253	[rlimits]
				254	'';
				255
				256	group =
				257	builtins.toFile "group" ''
				258	dbus::997:
				259	avahi::998:
				260	'';
				261
				262	passwd =
				263	builtins.toFile "passwd" ''
				264	dbus::997:997::/tmp:/nonexistent
				265	avahi::998:998::/tmp:/nonexistent
				266	nobody::999:999::/tmp:/nonexistent
				267	'';
				268	in
				269	''
				270	#!${pkgs.runtimeShell}
				271
				272	rm -rf -- etc/avahi/services/*
				273
				274	install -dm755 tmp run run/dbus var/run/samba var/log/samba var/lock/samba var/locks/samba var/lib/samba/private var/cache/samba
				275
				276	touch var/lib/samba/registry.tdb var/lib/samba/account_policy.tdb
				277
				278	install -Dm644 ${dbusSystemConf} etc/dbus-1/system.conf
				279	install -Dm644 ${avahiDaemonConf} etc/avahi/avahi-daemon.conf
				280	install -Dm644 ${group} etc/group
				281	install -Dm644 ${passwd} etc/passwd
				282	'';
				283	config = {
				284	Entrypoint = [ "/init" ];
				285	Cmd = [ ];
				286	Volumes = {
				287	"/vol/shares" = { };
				288	};
				289	};
				290	};
				291
				292	# nano = img {
				293	# name = "docker.benkard.de/mulk/nano";
				294	# tag = "latest";
				295	# contents = [
				296	# pkgs.nano
				297	# ];
				298	# };
				299	#
				300	# vim = img {
				301	# name = "docker.benkard.de/mulk/vim";
				302	# tag = "latest";
				303	# contents = [
				304	# pkgs.vim
				305	# ];
				306	# };
				307
				308	}