Skip to content

Commit 3bcc415

Browse files
committed
fix(nix/docker.nix): add init.d and docker cli
Change-Id: I530de9066ea94ab54488de6e83ed64e7d44a1d72 Signed-off-by: Thomas Kosiewski <tk@coder.com>
1 parent 11cccb3 commit 3bcc415

File tree

2 files changed

+158
-87
lines changed

2 files changed

+158
-87
lines changed

flake.nix

Lines changed: 95 additions & 80 deletions
Original file line numberDiff line numberDiff line change
@@ -71,70 +71,91 @@
7171
vendorHash = null;
7272
};
7373

74+
# Packages required to build the frontend
75+
frontendPackages =
76+
with pkgs;
77+
[
78+
cairo
79+
pango
80+
pixman
81+
libpng
82+
libjpeg
83+
giflib
84+
librsvg
85+
python312Packages.setuptools # Needed for node-gyp
86+
]
87+
++ (lib.optionals stdenv.targetPlatform.isDarwin [
88+
darwin.apple_sdk.frameworks.Foundation
89+
xcbuild
90+
]);
91+
7492
# The minimal set of packages to build Coder.
75-
devShellPackages = with pkgs; [
76-
# google-chrome is not available on aarch64 linux
77-
(lib.optionalDrvAttr (!stdenv.isLinux || !stdenv.isAarch64) google-chrome)
78-
# strace is not available on OSX
79-
(lib.optionalDrvAttr (!pkgs.stdenv.isDarwin) strace)
80-
bat
81-
cairo
82-
curl
83-
delve
84-
dive
85-
drpc.defaultPackage.${system}
86-
formatter
87-
fzf
88-
gcc13
89-
gdk
90-
getopt
91-
gh
92-
git
93-
(lib.optionalDrvAttr stdenv.isLinux glibcLocales)
94-
gnumake
95-
gnused
96-
go_1_22
97-
go-migrate
98-
(pinnedPkgs.golangci-lint)
99-
gopls
100-
gotestsum
101-
jq
102-
kubectl
103-
kubectx
104-
kubernetes-helm
105-
lazygit
106-
less
107-
mockgen
108-
moreutils
109-
neovim
110-
nfpm
111-
nix-prefetch-git
112-
nodejs
113-
openssh
114-
openssl
115-
pango
116-
pixman
117-
pkg-config
118-
playwright-driver.browsers
119-
pnpm
120-
postgresql_16
121-
proto_gen_go_1_30
122-
protobuf_23
123-
ripgrep
124-
shellcheck
125-
(pinnedPkgs.shfmt)
126-
sqlc
127-
terraform
128-
typos
129-
# Needed for many LD system libs!
130-
(lib.optional stdenv.isLinux util-linux)
131-
vim
132-
wget
133-
yq-go
134-
zip
135-
zsh
136-
zstd
137-
];
93+
devShellPackages =
94+
with pkgs;
95+
[
96+
# google-chrome is not available on aarch64 linux
97+
(lib.optionalDrvAttr (!stdenv.isLinux || !stdenv.isAarch64) google-chrome)
98+
# strace is not available on OSX
99+
(lib.optionalDrvAttr (!pkgs.stdenv.isDarwin) strace)
100+
bat
101+
cairo
102+
curl
103+
delve
104+
dive
105+
drpc.defaultPackage.${system}
106+
formatter
107+
fzf
108+
gcc13
109+
gdk
110+
getopt
111+
gh
112+
git
113+
(lib.optionalDrvAttr stdenv.isLinux glibcLocales)
114+
gnumake
115+
gnused
116+
go_1_22
117+
go-migrate
118+
(pinnedPkgs.golangci-lint)
119+
gopls
120+
gotestsum
121+
jq
122+
kubectl
123+
kubectx
124+
kubernetes-helm
125+
lazygit
126+
less
127+
mockgen
128+
moreutils
129+
neovim
130+
nfpm
131+
nix-prefetch-git
132+
nodejs
133+
openssh
134+
openssl
135+
pango
136+
pixman
137+
pkg-config
138+
playwright-driver.browsers
139+
pnpm
140+
postgresql_16
141+
proto_gen_go_1_30
142+
protobuf_23
143+
ripgrep
144+
shellcheck
145+
(pinnedPkgs.shfmt)
146+
sqlc
147+
terraform
148+
typos
149+
# Needed for many LD system libs!
150+
(lib.optional stdenv.isLinux util-linux)
151+
vim
152+
wget
153+
yq-go
154+
zip
155+
zsh
156+
zstd
157+
]
158+
++ frontendPackages;
138159

139160
docker = pkgs.callPackage ./nix/docker.nix { };
140161

@@ -144,22 +165,7 @@
144165

145166
src = ./site/.;
146167
# Required for the `canvas` package!
147-
extraBuildInputs =
148-
with pkgs;
149-
[
150-
cairo
151-
pango
152-
pixman
153-
libpng
154-
libjpeg
155-
giflib
156-
librsvg
157-
python312Packages.setuptools
158-
]
159-
++ (lib.optionals stdenv.targetPlatform.isDarwin [
160-
darwin.apple_sdk.frameworks.Foundation
161-
xcbuild
162-
]);
168+
extraBuildInputs = frontendPackages;
163169
installInPlace = true;
164170
distDir = "out";
165171
};
@@ -219,6 +225,9 @@
219225
LOCALE_ARCHIVE =
220226
with pkgs;
221227
lib.optionalDrvAttr stdenv.isLinux "${glibcLocales}/lib/locale/locale-archive";
228+
229+
NODE_OPTIONS = "--max-old-space-size=8192";
230+
GOPRIVATE = "coder.com,cdr.dev,go.coder.com,github.com/cdr,github.com/coder";
222231
};
223232
};
224233

@@ -252,14 +261,20 @@
252261
drv = devShells.default.overrideAttrs (oldAttrs: {
253262
buildInputs =
254263
(with pkgs; [
255-
busybox
256264
coreutils
257265
nix
258266
curl.bin # Ensure the actual curl binary is included in the PATH
259267
glibc.bin # Ensure the glibc binaries are included in the PATH
260268
jq.bin
261269
binutils # ld and strings
262270
filebrowser # Ensure that we're not redownloading filebrowser on each launch
271+
systemd.out
272+
service-wrapper
273+
docker_26
274+
shadow.out
275+
su
276+
ncurses # clear
277+
unzip
263278
])
264279
++ oldAttrs.buildInputs;
265280
});

nix/docker.nix

Lines changed: 63 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@
1313
runCommand,
1414
writeShellScriptBin,
1515
writeText,
16+
writeTextFile,
1617
cacert,
1718
storeDir ? builtins.storeDir,
1819
pigz,
@@ -32,10 +33,18 @@ let
3233

3334
inherit (dockerTools)
3435
streamLayeredImage
35-
binSh
3636
usrBinEnv
37+
caCertificates
3738
;
3839

40+
# This provides /bin/sh, pointing to bashInteractive.
41+
# The use of bashInteractive here is intentional to support cases like `docker run -it <image_name>`, so keep these use cases in mind if making any changes to how this works.
42+
binSh = runCommand "bin-sh" { } ''
43+
mkdir -p $out/bin
44+
ln -s ${bashInteractive}/bin/bash $out/bin/sh
45+
ln -s ${bashInteractive}/bin/bash $out/bin/bash
46+
'';
47+
3948
compressors = {
4049
none = {
4150
ext = "";
@@ -157,6 +166,46 @@ let
157166
chmod 644 $out/etc/pam.d/sudo
158167
'';
159168

169+
# Add our Docker init script
170+
dockerInit = writeTextFile {
171+
name = "initd-docker";
172+
destination = "/etc/init.d/docker";
173+
executable = true;
174+
175+
text = ''
176+
#!/usr/bin/env sh
177+
### BEGIN INIT INFO
178+
# Provides: docker
179+
# Required-Start: $remote_fs $syslog
180+
# Required-Stop: $remote_fs $syslog
181+
# Default-Start: 2 3 4 5
182+
# Default-Stop: 0 1 6
183+
# Short-Description: Start and stop Docker daemon
184+
# Description: This script starts and stops the Docker daemon.
185+
### END INIT INFO
186+
187+
case "$1" in
188+
start)
189+
echo "Starting dockerd"
190+
SSL_CERT_FILE="${cacert}/etc/ssl/certs/ca-bundle.crt" dockerd --group=${toString gid} &
191+
;;
192+
stop)
193+
echo "Stopping dockerd"
194+
killall dockerd
195+
;;
196+
restart)
197+
$0 stop
198+
$0 start
199+
;;
200+
*)
201+
echo "Usage: $0 {start|stop|restart}"
202+
exit 1
203+
;;
204+
esac
205+
exit 0
206+
'';
207+
};
208+
160209
# https://github.com/NixOS/nix/blob/2.8.0/src/libstore/globals.hh#L464-L465
161210
sandboxBuildDir = "/build";
162211

@@ -194,16 +243,15 @@ let
194243
LD_LIBRARY_PATH = lib.makeLibraryPath [ stdenv.cc.cc ];
195244
}
196245
// drvEnv
197-
// {
198-
246+
// rec {
199247
# https://github.com/NixOS/nix/blob/2.8.0/src/libstore/build/local-derivation-goal.cc#L1008-L1010
200248
NIX_BUILD_TOP = sandboxBuildDir;
201249

202250
# https://github.com/NixOS/nix/blob/2.8.0/src/libstore/build/local-derivation-goal.cc#L1012-L1013
203-
TMPDIR = sandboxBuildDir;
204-
TEMPDIR = sandboxBuildDir;
205-
TMP = sandboxBuildDir;
206-
TEMP = "/tmp";
251+
TMPDIR = TMP;
252+
TEMPDIR = TMP;
253+
TMP = "/tmp";
254+
TEMP = TMP;
207255

208256
# https://github.com/NixOS/nix/blob/2.8.0/src/libstore/build/local-derivation-goal.cc#L1015-L1019
209257
PWD = homeDirectory;
@@ -222,6 +270,7 @@ let
222270
contents = [
223271
binSh
224272
usrBinEnv
273+
caCertificates
225274
etcNixConf
226275
etcSudoers
227276
etcPamSudo
@@ -235,8 +284,10 @@ let
235284
];
236285
extraGroupLines = [
237286
"${toString uname}:!:${toString gid}:"
287+
"docker:!:${toString (builtins.sub gid 1)}:${toString uname}"
238288
];
239289
})
290+
dockerInit
240291
];
241292

242293
fakeRootCommands = ''
@@ -283,6 +334,11 @@ let
283334
284335
chown root:root ./etc/pam.d/sudo
285336
chown root:root ./etc/sudoers
337+
338+
# Create /var/run and chown it so docker command
339+
# doesnt encounter permission issues.
340+
mkdir -p ./var/run/
341+
chown -R ${toString uid}:${toString gid} ./var/run/
286342
'';
287343

288344
# Run this image as the given uid/gid

0 commit comments

Comments
 (0)