devcontainer: init

2019-12-15 15:54:10 +01:00 · 2019-12-15 15:54:10 +01:00 · 751d7a6714
commit 751d7a6714
parent f90912f967
12 changed files with 322 additions and 16 deletions
--- a/images/devcontainer/default.nix
+++ b/images/devcontainer/default.nix
@ -0,0 +1,126 @@
+# A fat and modifiable Nix image
+#
+# TODO: create a suid wrapper for sudo.
+
+# sudo: setrlimit(RLIMIT_CORE): Operation not permitted
+{ dockerTools
+, closureInfo
+, bashInteractive
+, cacert
+, coreutils
+, curl
+, gcc-unwrapped
+, gitReallyMinimal
+, glibc
+, gnutar
+, gzip
+, iana-etc
+, iproute
+, nix
+, openssh
+, shadow
+, sudo
+, xz
+, mkUserEnvironment
+}:
+let
+  # generate a user profile for the image
+  profile = mkUserEnvironment {
+    derivations = [
+      coreutils
+      # add /bin/sh
+      bashInteractive
+      nix
+
+      # runtime dependencies of nix
+      cacert
+      gitReallyMinimal
+      gnutar
+      gzip
+      xz
+
+      # for haskell binaries
+      iana-etc
+
+      # for user management
+      shadow
+      sudo
+
+      # for the vscode extension
+      gcc-unwrapped
+      iproute
+    ];
+  };
+
+  image = dockerTools.buildImage {
+    name = "devcontainer";
+
+    contents = [ ];
+
+    extraCommands = ''
+      # create the Nix DB
+      export NIX_REMOTE=local?root=$PWD
+      export USER=nobody
+      ${nix}/bin/nix-store --load-db < ${closureInfo { rootPaths = [ profile ]; }}/registration
+
+      # set the user profile
+      ${profile}/bin/nix-env --profile nix/var/nix/profiles/default --set ${profile}
+
+      # minimal
+      mkdir -p bin usr/bin
+      ln -s /nix/var/nix/profiles/default/bin/sh bin/sh
+      ln -s /nix/var/nix/profiles/default/bin/env usr/bin/env
+
+      # might as well...
+      ln -s /nix/var/nix/profiles/default/bin/bash bin/bash
+
+      # setup iana-etc for haskell binaries
+      mkdir etc
+      ln -s /nix/var/nix/profiles/default/etc/protocols etc/protocols
+      ln -s /nix/var/nix/profiles/default/etc/services etc/services
+
+      # setup shadow
+      mkdir etc/pam.d
+      cp ${./root/etc/bashrc} etc/bashrc
+      cp ${./root/etc/group} etc/group
+      cp ${./root/etc/passwd} etc/passwd
+      cp ${./root/etc/shadow} etc/shadow
+      cp ${./root/etc/nsswitch.conf} etc/nsswitch.conf
+      cp ${./root/etc/pam.d/other} etc/pam.d/other
+
+      # make sure /tmp exists
+      mkdir -m 0777 tmp
+
+      # allow ubuntu ELF binaries to run. VSCode copies it's own.
+      mkdir -p lib64
+      ln -s ${glibc}/lib64/ld-linux-x86-64.so.2 lib64/ld-linux-x86-64.so.2
+
+      # VSCode assumes that /sbin/ip exists
+      mkdir sbin
+      ln -s /nix/var/nix/profiles/default/bin/ip sbin/ip
+    '';
+
+    config = {
+      Cmd = [ "/nix/var/nix/profiles/default/bin/bash" ];
+      Env = [
+        "ENV=/nix/var/nix/profiles/default/etc/profile.d/nix.sh"
+        "GIT_SSL_CAINFO=/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"
+        "LD_LIBRARY_PATH=/nix/var/nix/profiles/default/lib"
+        "NIX_PATH=nixpkgs=${toString <nixpkgs>}"
+        "PAGER=cat"
+        "PATH=/nix/var/nix/profiles/default/bin"
+        "SSL_CERT_FILE=/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"
+      ];
+      Labels = {
+        # https://github.com/microscaling/microscaling/blob/55a2d7b91ce7513e07f8b1fd91bbed8df59aed5a/Dockerfile#L22-L33
+        "org.label-schema.vcs-ref" = "master";
+        "org.label-schema.vcs-url" = "https://github.com/nix-community/docker-nixpkgs";
+      };
+    };
+  };
+in
+image // {
+  meta = image.meta // {
+    description = "Nix devcontainer for VSCode";
+  };
+}