diff --git a/nix/default.nix b/nix/default.nix index 6c4bec3ced..19fa6313ef 100644 --- a/nix/default.nix +++ b/nix/default.nix @@ -4,5 +4,6 @@ args: { pkgs = import ./pkgs args; + docker = import ./docker args; gitlab-ci = import ./gitlab-ci args; } diff --git a/nix/docker/default.nix b/nix/docker/default.nix new file mode 100644 index 0000000000..ae9b7a73e2 --- /dev/null +++ b/nix/docker/default.nix @@ -0,0 +1,7 @@ +# SPDX-FileCopyrightText: 2020 Luke Granger-Brown +# +# SPDX-License-Identifier: Apache-2.0 + +args: { + heptapod = import ./heptapod args; +} diff --git a/nix/docker/heptapod/default.nix b/nix/docker/heptapod/default.nix new file mode 100644 index 0000000000..357cb14fc9 --- /dev/null +++ b/nix/docker/heptapod/default.nix @@ -0,0 +1,37 @@ +# SPDX-FileCopyrightText: 2020 Luke Granger-Brown +# +# SPDX-License-Identifier: Apache-2.0 + +{ pkgs, ... }: +let + origImageArgs = { + imageName = "octobus/heptapod"; + imageDigest = "sha256:d8c9aea815b1d8a44737eccb97f0c771e20205b1c4b98fdcfc2edcb8106967fd"; + sha256 = "0r1cfmf9fwfq944k72mcr6gp86595sgd00qm4aij5v99xgpd5axl"; + finalImageName = "octobus/heptapod"; + finalImageTag = "0.20.3"; + }; + origImage = pkgs.dockerTools.pullImage origImageArgs; + + name = origImageArgs.imageName; + tag = "${origImageArgs.finalImageTag}-lukegb"; +in pkgs.dockerTools.buildImage rec { + inherit name tag; + fromImage = origImage; + fromImageName = origImageArgs.finalImageName; + fromImageTag = origImageArgs.finalImageTag; + diskSize = 8192; + runAsRoot = '' + #!{pkgs.runtimeShell} + cat <<"EOF" >/assets/wrapper_wrapper + #!/bin/bash + /usr/bin/id hg || /usr/sbin/useradd -g $(id -u git) -u $(id -g git) -o -d /var/opt/gitlab -p "*" hg + /usr/bin/grep "AllowUsers git hg" /assets/sshd_config || /bin/sed -i "s/AllowUsers git/AllowUsers git hg/" /assets/sshd_config + exec /assets/wrapper "$@" + EOF + chmod ugo=rx /assets/wrapper_wrapper + ''; + config.Cmd = ["/assets/wrapper_wrapper"]; +} // { + meta = { inherit name tag; }; +} diff --git a/ops/nixos/marukuru/default.nix b/ops/nixos/marukuru/default.nix index fbd102c091..5be3573f18 100644 --- a/ops/nixos/marukuru/default.nix +++ b/ops/nixos/marukuru/default.nix @@ -121,9 +121,9 @@ in { "/var/run/docker.sock:/var/run/docker.sock" ]; }; - heptapod = { - #image = "octobus/heptapod:0.13.0-py3"; - image = "heptapod:latest"; + heptapod = let img = depot.nix.docker.heptapod; in { + image = "${img.meta.name}:${img.meta.tag}"; + imageFile = img; ports = [ # host:container "22:22"