abstract CLI image generation

and add busybox in all the images
2019-02-08 21:15:38 +01:00 · 2019-02-08 21:15:38 +01:00 · 9baba96f89
commit 9baba96f89
parent 10e9882705
6 changed files with 43 additions and 68 deletions
--- a/curl/default.nix
+++ b/curl/default.nix
@ -1,20 +1,6 @@
-{ dockerTools
-, cacert
+{ buildCLIImage
 , curl
 }:
-dockerTools.buildLayeredImage {
-  inherit (curl) name;
-
-  contents = [
-    cacert
-    curl
-  ];
-
-  config = {
-    Entrypoint = [ "/bin/curl" ];
-    Env = [
-      "PATH=/bin"
-      "SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt"
-    ];
-  };
+buildCLIImage {
+  drv = curl;
 }
--- a/docker-compose/default.nix
+++ b/docker-compose/default.nix
@ -1,20 +1,6 @@
-{ dockerTools
-, cacert
+{ buildCLIImage
 , docker-compose
 }:
-dockerTools.buildLayeredImage {
-  inherit (docker-compose) name;
-
-  contents = [
-    cacert
-    docker-compose
-  ];
-
-  config = {
-    Entrypoint = [ "/bin/docker-compose" ];
-    Env = [
-      "PATH=/bin"
-      "SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt"
-    ];
-  };
+buildCLIImage {
+  drv = docker-compose;
 }
--- a/kubectl/default.nix
+++ b/kubectl/default.nix
@ -1,20 +1,6 @@
-{ dockerTools
-, cacert
+{ buildCLIImage
 , kubectl
 }:
-dockerTools.buildLayeredImage {
-  inherit (kubectl) name;
-
-  contents = [
-    cacert
-    kubectl
-  ];
-
-  config = {
-    Entrypoint = [ "/bin/kubectl" ];
-    Env = [
-      "PATH=/bin"
-      "SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt"
-    ];
-  };
+buildCLIImage {
+  drv = kubectl;
 }
--- a/kubernetes-helm/default.nix
+++ b/kubernetes-helm/default.nix
@ -1,20 +1,7 @@
-{ dockerTools
-, cacert
+{ buildCLIImage
 , kubernetes-helm
 }:
-dockerTools.buildLayeredImage {
-  inherit (kubernetes-helm) name;
-
-  contents = [
-    cacert
-    kubernetes-helm
-  ];
-
-  config = {
-    Entrypoint = [ "/bin/helm" ];
-    Env = [
-      "PATH=/bin"
-      "SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt"
-    ];
-  };
+buildCLIImage {
+  drv = kubernetes-helm;
+  binName = "helm";
 }
--- a/lib/buildCLIImage.nix
+++ b/lib/buildCLIImage.nix
@ -0,0 +1,27 @@
+{ dockerTools
+, busybox
+, cacert
+}:
+{ drv # derivation to build the image for
+# Name of the binary to run by default
+, binName ? (builtins.parseDrvName drv.name).name
+}:
+dockerTools.buildLayeredImage {
+  name = drv.name;
+
+  contents = [
+    # add a /bin/sh on all images
+    busybox
+    # most program need TLS certs
+    cacert
+    drv
+  ];
+
+  config = {
+    Cmd = [ "/bin/${binName}" ];
+    Env = [
+      "PATH=/bin"
+      "SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt"
+    ];
+  };
+}
--- a/overlay.nix
+++ b/overlay.nix
@ -1,4 +1,7 @@
 _: pkgs: {
+  # lib stuff can be in the top-level
+  buildCLIImage = pkgs.callPackage ./lib/buildCLIImage.nix {};
+
  # docker images must be lower-cased
  docker-nixpkgs = rec {