-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathbase.nix
101 lines (90 loc) · 2.33 KB
/
base.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
{ buildEnv
, bashInteractive
, cacert
, coreutils
, dockerTools
, lib
, nix
, pathsFromGraph
, perl
, pinnedPkgs
, stdenv
, writeTextDir
}:
let
path =
buildEnv {
name = "system-path";
paths = [
bashInteractive
coreutils
nix
];
};
nixconf =
''
build-users-group = nixbld
sandbox = false
'';
passwd =
''
root:x:0:0::/root:/run/current-system/sw/bin/bash
user:x:1000:1000::/home/user:/run/current-system/sw/bin/bash
${lib.concatStringsSep "\n" (lib.genList (i: "nixbld${toString (i+1)}:x:${toString (i+30001)}:30000::/var/empty:/run/current-system/sw/bin/nologin") 32)}
'';
group =
''
root:x:0:
user:x:1000:user
nogroup:x:65534:
nixbld:x:30000:${lib.concatStringsSep "," (lib.genList (i: "nixbld${toString (i+1)}") 32)}
'';
nsswitch =
''
hosts: files dns myhostname mymachines
'';
contents =
stdenv.mkDerivation {
name = "user-environment";
phases = [ "installPhase" "fixupPhase" ];
installPhase = ''
mkdir -p \
$out/tmp \
$out/bin \
$out/etc/nix \
$out/etc/ssl \
$out/root/.nix-defexpr \
$out/run/current-system \
$out/sbin \
$out/usr/bin \
$out/var \
$out/var/empty
ln -s /run $out/var/run
ln -s ${path} $out/run/current-system/sw
ln -s ${stdenv.shell} $out/bin/sh
ln -s ${coreutils}/bin/env $out/usr/bin/env
ln -s ${cacert}/etc/ssl/certs $out/etc/ssl/certs
ln -s ${pinnedPkgs} $out/root/.nix-defexpr/nixos
ln -s ${pinnedPkgs} $out/root/.nix-defexpr/nixpkgs
echo '${nixconf}' > $out/etc/nix/nix.conf
echo '${passwd}' > $out/etc/passwd
echo '${group}' > $out/etc/group
echo '${nsswitch}' > $out/etc/nsswitch.conf
'';
};
in
dockerTools.buildImage {
inherit contents;
name = "nix-docker-base";
tag = "latest";
config.Cmd = [ "${bashInteractive}/bin/bash" ];
config.Env =
[
"PATH=/root/.nix-profile/bin:/run/current-system/sw/bin"
"MANPATH=/root/.nix-profile/share/man:/run/current-system/sw/share/man"
"NIX_PAGER=cat"
"NIX_PATH=nixpkgs=${pinnedPkgs}"
"NIX_SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt"
];
config.WorkingDir = "/root";
}