|
13 | 13 | runCommand,
|
14 | 14 | writeShellScriptBin,
|
15 | 15 | writeText,
|
| 16 | + writeTextFile, |
16 | 17 | cacert,
|
17 | 18 | storeDir ? builtins.storeDir,
|
18 | 19 | pigz,
|
|
157 | 158 | chmod 644 $out/etc/pam.d/sudo
|
158 | 159 | '';
|
159 | 160 |
|
| 161 | + # Add our Docker init script |
| 162 | + dockerInit = writeTextFile { |
| 163 | + name = "initd-docker"; |
| 164 | + destination = "/etc/init.d/docker"; |
| 165 | + executable = true; |
| 166 | + |
| 167 | + text = '' |
| 168 | + #!/usr/bin/env sh |
| 169 | + ### BEGIN INIT INFO |
| 170 | + # Provides: docker |
| 171 | + # Required-Start: $remote_fs $syslog |
| 172 | + # Required-Stop: $remote_fs $syslog |
| 173 | + # Default-Start: 2 3 4 5 |
| 174 | + # Default-Stop: 0 1 6 |
| 175 | + # Short-Description: Start and stop Docker daemon |
| 176 | + # Description: This script starts and stops the Docker daemon. |
| 177 | + ### END INIT INFO |
| 178 | +
|
| 179 | + case "$1" in |
| 180 | + start) |
| 181 | + echo "Starting dockerd" |
| 182 | + SSL_CERT_FILE="${cacert}/etc/ssl/certs/ca-bundle.crt" dockerd --group=${toString gid} & |
| 183 | + ;; |
| 184 | + stop) |
| 185 | + echo "Stopping dockerd" |
| 186 | + killall dockerd |
| 187 | + ;; |
| 188 | + restart) |
| 189 | + $0 stop |
| 190 | + $0 start |
| 191 | + ;; |
| 192 | + *) |
| 193 | + echo "Usage: $0 {start|stop|restart}" |
| 194 | + exit 1 |
| 195 | + ;; |
| 196 | + esac |
| 197 | + exit 0 |
| 198 | + ''; |
| 199 | + }; |
| 200 | + |
160 | 201 | # https://github.com/NixOS/nix/blob/2.8.0/src/libstore/globals.hh#L464-L465
|
161 | 202 | sandboxBuildDir = "/build";
|
162 | 203 |
|
@@ -194,16 +235,15 @@ let
|
194 | 235 | LD_LIBRARY_PATH = lib.makeLibraryPath [ stdenv.cc.cc ];
|
195 | 236 | }
|
196 | 237 | // drvEnv
|
197 |
| - // { |
198 |
| - |
| 238 | + // rec { |
199 | 239 | # https://github.com/NixOS/nix/blob/2.8.0/src/libstore/build/local-derivation-goal.cc#L1008-L1010
|
200 | 240 | NIX_BUILD_TOP = sandboxBuildDir;
|
201 | 241 |
|
202 | 242 | # https://github.com/NixOS/nix/blob/2.8.0/src/libstore/build/local-derivation-goal.cc#L1012-L1013
|
203 |
| - TMPDIR = sandboxBuildDir; |
204 |
| - TEMPDIR = sandboxBuildDir; |
205 |
| - TMP = sandboxBuildDir; |
206 |
| - TEMP = "/tmp"; |
| 243 | + TMPDIR = TMP; |
| 244 | + TEMPDIR = TMP; |
| 245 | + TMP = "/tmp"; |
| 246 | + TEMP = TMP; |
207 | 247 |
|
208 | 248 | # https://github.com/NixOS/nix/blob/2.8.0/src/libstore/build/local-derivation-goal.cc#L1015-L1019
|
209 | 249 | PWD = homeDirectory;
|
|
235 | 275 | ];
|
236 | 276 | extraGroupLines = [
|
237 | 277 | "${toString uname}:!:${toString gid}:"
|
| 278 | + "docker:!:${toString (builtins.sub gid 1)}:${toString uname}" |
238 | 279 | ];
|
239 | 280 | })
|
| 281 | + dockerInit |
240 | 282 | ];
|
241 | 283 |
|
242 | 284 | fakeRootCommands = ''
|
|
283 | 325 |
|
284 | 326 | chown root:root ./etc/pam.d/sudo
|
285 | 327 | chown root:root ./etc/sudoers
|
| 328 | +
|
| 329 | + # Create /var/run and chown it so docker command |
| 330 | + # doesnt encounter permission issues. |
| 331 | + mkdir -p ./var/run/ |
| 332 | + chown -R ${toString uid}:${toString gid} ./var/run/ |
286 | 333 | '';
|
287 | 334 |
|
288 | 335 | # Run this image as the given uid/gid
|
|
0 commit comments