-
-
Notifications
You must be signed in to change notification settings - Fork 37
/
Copy pathdefault.nix
139 lines (120 loc) · 3.33 KB
/
default.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
# A fat and modifiable Nix image
{ dockerTools
, bashInteractive
, cacert
, closureInfo
, coreutils
, curl
, direnv
, gcc-unwrapped
, gitReallyMinimal
, glibc
, gnugrep
, gnused
, gnutar
, gzip
, iana-etc
, iproute2
, less
, lib
, nix
, openssh
, procps
, shadow
, xz
, mkUserEnvironment
}:
let
channel = builtins.getEnv ("NIXPKGS_CHANNEL");
# generate a user profile for the image
profile = mkUserEnvironment {
derivations = [
# core utils
coreutils
procps
gnugrep
gnused
less
# add /bin/sh
bashInteractive
nix
# runtime dependencies of nix
cacert
gitReallyMinimal
gnutar
gzip
xz
# for haskell binaries
iana-etc
# for user management
shadow
# for the vscode extension
# HACK: don't include the "libgcc" output. It has overlapping files with
# the "lib" output, and that breaks the build.
(gcc-unwrapped // {
outputs = builtins.filter (x: x != "libgcc") gcc-unwrapped.outputs;
})
iproute2
];
};
image = dockerTools.buildImage {
name = "devcontainer";
contents = [ ];
extraCommands = ''
# create the Nix DB
export NIX_REMOTE=local?root=$PWD
export USER=nobody
${nix}/bin/nix-store --load-db < ${closureInfo { rootPaths = [ profile ]; }}/registration
# set the user profile
${profile}/bin/nix-env --profile nix/var/nix/profiles/default --set ${profile}
# minimal
mkdir -p bin usr/bin
ln -s /nix/var/nix/profiles/default/bin/sh bin/sh
ln -s /nix/var/nix/profiles/default/bin/env usr/bin/env
# might as well...
ln -s /nix/var/nix/profiles/default/bin/bash bin/bash
# setup shadow, bashrc
mkdir home
cp -r ${./root/etc} etc
chmod +w etc etc/group etc/passwd etc/shadow
# setup iana-etc for haskell binaries
ln -s /nix/var/nix/profiles/default/etc/protocols etc/protocols
ln -s /nix/var/nix/profiles/default/etc/services etc/services
# make sure /tmp exists
mkdir -m 0777 tmp
# allow ubuntu ELF binaries to run. VSCode copies it's own.
mkdir -p lib64
ln -s ${glibc}/lib64/ld-linux-x86-64.so.2 lib64/ld-linux-x86-64.so.2
# VSCode assumes that /sbin/ip exists
mkdir sbin
ln -s /nix/var/nix/profiles/default/bin/ip sbin/ip
'';
config = {
Cmd = [ "/nix/var/nix/profiles/default/bin/bash" ];
Env = [
"ENV=/nix/var/nix/profiles/default/etc/profile.d/nix.sh"
"GIT_SSL_CAINFO=/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"
"LD_LIBRARY_PATH=/nix/var/nix/profiles/default/lib"
"PAGER=less"
"PATH=/nix/var/nix/profiles/default/bin"
"SSL_CERT_FILE=/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"
(
if channel != "" then
"NIX_PATH=nixpkgs=channel:${channel}"
else
"NIX_PATH=nixpkgs=${../nix/fake_nixpkgs}"
)
];
Labels = {
# https://github.com/microscaling/microscaling/blob/55a2d7b91ce7513e07f8b1fd91bbed8df59aed5a/Dockerfile#L22-L33
"org.label-schema.vcs-ref" = "master";
"org.label-schema.vcs-url" = "https://github.com/nix-community/docker-nixpkgs";
};
};
};
in
image // {
meta = image.meta // {
description = "Nix devcontainer for VSCode";
};
}