From 9baba96f8931f39ffef6f0f762a7c420d6d7bd4c Mon Sep 17 00:00:00 2001 From: zimbatm Date: Fri, 8 Feb 2019 21:15:38 +0100 Subject: [PATCH] abstract CLI image generation and add busybox in all the images --- curl/default.nix | 20 +++----------------- docker-compose/default.nix | 20 +++----------------- kubectl/default.nix | 20 +++----------------- kubernetes-helm/default.nix | 21 ++++----------------- lib/buildCLIImage.nix | 27 +++++++++++++++++++++++++++ overlay.nix | 3 +++ 6 files changed, 43 insertions(+), 68 deletions(-) create mode 100644 lib/buildCLIImage.nix diff --git a/curl/default.nix b/curl/default.nix index 379ab51..ff98b29 100644 --- a/curl/default.nix +++ b/curl/default.nix @@ -1,20 +1,6 @@ -{ dockerTools -, cacert +{ buildCLIImage , curl }: -dockerTools.buildLayeredImage { - inherit (curl) name; - - contents = [ - cacert - curl - ]; - - config = { - Entrypoint = [ "/bin/curl" ]; - Env = [ - "PATH=/bin" - "SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt" - ]; - }; +buildCLIImage { + drv = curl; } diff --git a/docker-compose/default.nix b/docker-compose/default.nix index 76577c0..6751321 100644 --- a/docker-compose/default.nix +++ b/docker-compose/default.nix @@ -1,20 +1,6 @@ -{ dockerTools -, cacert +{ buildCLIImage , docker-compose }: -dockerTools.buildLayeredImage { - inherit (docker-compose) name; - - contents = [ - cacert - docker-compose - ]; - - config = { - Entrypoint = [ "/bin/docker-compose" ]; - Env = [ - "PATH=/bin" - "SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt" - ]; - }; +buildCLIImage { + drv = docker-compose; } diff --git a/kubectl/default.nix b/kubectl/default.nix index 6619fac..4e5fec0 100644 --- a/kubectl/default.nix +++ b/kubectl/default.nix @@ -1,20 +1,6 @@ -{ dockerTools -, cacert +{ buildCLIImage , kubectl }: -dockerTools.buildLayeredImage { - inherit (kubectl) name; - - contents = [ - cacert - kubectl - ]; - - config = { - Entrypoint = [ "/bin/kubectl" ]; - Env = [ - "PATH=/bin" - "SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt" - ]; - }; +buildCLIImage { + drv = kubectl; } diff --git a/kubernetes-helm/default.nix b/kubernetes-helm/default.nix index 9c90114..c994f4f 100644 --- a/kubernetes-helm/default.nix +++ b/kubernetes-helm/default.nix @@ -1,20 +1,7 @@ -{ dockerTools -, cacert +{ buildCLIImage , kubernetes-helm }: -dockerTools.buildLayeredImage { - inherit (kubernetes-helm) name; - - contents = [ - cacert - kubernetes-helm - ]; - - config = { - Entrypoint = [ "/bin/helm" ]; - Env = [ - "PATH=/bin" - "SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt" - ]; - }; +buildCLIImage { + drv = kubernetes-helm; + binName = "helm"; } diff --git a/lib/buildCLIImage.nix b/lib/buildCLIImage.nix new file mode 100644 index 0000000..24c8515 --- /dev/null +++ b/lib/buildCLIImage.nix @@ -0,0 +1,27 @@ +{ dockerTools +, busybox +, cacert +}: +{ drv # derivation to build the image for +# Name of the binary to run by default +, binName ? (builtins.parseDrvName drv.name).name +}: +dockerTools.buildLayeredImage { + name = drv.name; + + contents = [ + # add a /bin/sh on all images + busybox + # most program need TLS certs + cacert + drv + ]; + + config = { + Cmd = [ "/bin/${binName}" ]; + Env = [ + "PATH=/bin" + "SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt" + ]; + }; +} diff --git a/overlay.nix b/overlay.nix index e7a64f4..abd6e0c 100644 --- a/overlay.nix +++ b/overlay.nix @@ -1,4 +1,7 @@ _: pkgs: { + # lib stuff can be in the top-level + buildCLIImage = pkgs.callPackage ./lib/buildCLIImage.nix {}; + # docker images must be lower-cased docker-nixpkgs = rec {