Skip to content

Commit 61d4348

Browse files
committed
fix(nix/docker.nix): add systemd and docker cli
Change-Id: I530de9066ea94ab54488de6e83ed64e7d44a1d72 Signed-off-by: Thomas Kosiewski <tk@coder.com>
1 parent 11cccb3 commit 61d4348

File tree

2 files changed

+57
-6
lines changed

2 files changed

+57
-6
lines changed

flake.nix

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -260,6 +260,10 @@
260260
jq.bin
261261
binutils # ld and strings
262262
filebrowser # Ensure that we're not redownloading filebrowser on each launch
263+
systemd.out
264+
service-wrapper
265+
docker_26
266+
shadow.out
263267
])
264268
++ oldAttrs.buildInputs;
265269
});

nix/docker.nix

Lines changed: 53 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@
1313
runCommand,
1414
writeShellScriptBin,
1515
writeText,
16+
writeTextFile,
1617
cacert,
1718
storeDir ? builtins.storeDir,
1819
pigz,
@@ -157,6 +158,46 @@ let
157158
chmod 644 $out/etc/pam.d/sudo
158159
'';
159160

161+
# Add our Docker init script
162+
dockerInit = writeTextFile {
163+
name = "initd-docker";
164+
destination = "/etc/init.d/docker";
165+
executable = true;
166+
167+
text = ''
168+
#!/usr/bin/env sh
169+
### BEGIN INIT INFO
170+
# Provides: docker
171+
# Required-Start: $remote_fs $syslog
172+
# Required-Stop: $remote_fs $syslog
173+
# Default-Start: 2 3 4 5
174+
# Default-Stop: 0 1 6
175+
# Short-Description: Start and stop Docker daemon
176+
# Description: This script starts and stops the Docker daemon.
177+
### END INIT INFO
178+
179+
case "$1" in
180+
start)
181+
echo "Starting dockerd"
182+
SSL_CERT_FILE="${cacert}/etc/ssl/certs/ca-bundle.crt" dockerd --group=${toString gid} &
183+
;;
184+
stop)
185+
echo "Stopping dockerd"
186+
killall dockerd
187+
;;
188+
restart)
189+
$0 stop
190+
$0 start
191+
;;
192+
*)
193+
echo "Usage: $0 {start|stop|restart}"
194+
exit 1
195+
;;
196+
esac
197+
exit 0
198+
'';
199+
};
200+
160201
# https://github.com/NixOS/nix/blob/2.8.0/src/libstore/globals.hh#L464-L465
161202
sandboxBuildDir = "/build";
162203

@@ -194,16 +235,15 @@ let
194235
LD_LIBRARY_PATH = lib.makeLibraryPath [ stdenv.cc.cc ];
195236
}
196237
// drvEnv
197-
// {
198-
238+
// rec {
199239
# https://github.com/NixOS/nix/blob/2.8.0/src/libstore/build/local-derivation-goal.cc#L1008-L1010
200240
NIX_BUILD_TOP = sandboxBuildDir;
201241

202242
# https://github.com/NixOS/nix/blob/2.8.0/src/libstore/build/local-derivation-goal.cc#L1012-L1013
203-
TMPDIR = sandboxBuildDir;
204-
TEMPDIR = sandboxBuildDir;
205-
TMP = sandboxBuildDir;
206-
TEMP = "/tmp";
243+
TMPDIR = TMP;
244+
TEMPDIR = TMP;
245+
TMP = "/tmp";
246+
TEMP = TMP;
207247

208248
# https://github.com/NixOS/nix/blob/2.8.0/src/libstore/build/local-derivation-goal.cc#L1015-L1019
209249
PWD = homeDirectory;
@@ -235,8 +275,10 @@ let
235275
];
236276
extraGroupLines = [
237277
"${toString uname}:!:${toString gid}:"
278+
"docker:!:${toString (builtins.sub gid 1)}:${toString uname}"
238279
];
239280
})
281+
dockerInit
240282
];
241283

242284
fakeRootCommands = ''
@@ -283,6 +325,11 @@ let
283325
284326
chown root:root ./etc/pam.d/sudo
285327
chown root:root ./etc/sudoers
328+
329+
# Create /var/run and chown it so docker command
330+
# doesnt encounter permission issues.
331+
mkdir -p ./var/run/
332+
chown -R ${toString uid}:${toString gid} ./var/run/
286333
'';
287334

288335
# Run this image as the given uid/gid

0 commit comments

Comments
 (0)