fix(nix/docker.nix): add systemd and docker cli

ThomasK33 · ThomasK33 · commit 61d43487ea46 · 2025-02-03T21:45:14.000+01:00
Change-Id: I530de9066ea94ab54488de6e83ed64e7d44a1d72
Signed-off-by: Thomas Kosiewski &lt;tk@coder.com&gt;
diff --git a/flake.nix b/flake.nix
@@ -260,6 +260,10 @@
                     jq.bin
                     binutils # ld and strings
                     filebrowser # Ensure that we're not redownloading filebrowser on each launch
+                    systemd.out
+                    service-wrapper
+                    docker_26
+                    shadow.out
                   ])
                   ++ oldAttrs.buildInputs;
               });
diff --git a/nix/docker.nix b/nix/docker.nix
@@ -13,6 +13,7 @@
   runCommand,
   writeShellScriptBin,
   writeText,
+  writeTextFile,
   cacert,
   storeDir ? builtins.storeDir,
   pigz,
@@ -157,6 +158,46 @@ let
         chmod 644 $out/etc/pam.d/sudo
       '';
 
+      # Add our Docker init script
+      dockerInit = writeTextFile {
+        name = "initd-docker";
+        destination = "/etc/init.d/docker";
+        executable = true;
+
+        text = ''
+          #!/usr/bin/env sh
+          ### BEGIN INIT INFO
+          # Provides:          docker
+          # Required-Start:    $remote_fs $syslog
+          # Required-Stop:     $remote_fs $syslog
+          # Default-Start:     2 3 4 5
+          # Default-Stop:      0 1 6
+          # Short-Description: Start and stop Docker daemon
+          # Description:       This script starts and stops the Docker daemon.
+          ### END INIT INFO
+
+          case "$1" in
+            start)
+                echo "Starting dockerd"
+                SSL_CERT_FILE="${cacert}/etc/ssl/certs/ca-bundle.crt" dockerd --group=${toString gid} &
+                ;;
+            stop)
+                echo "Stopping dockerd"
+                killall dockerd
+                ;;
+            restart)
+                $0 stop
+                $0 start
+                ;;
+            *)
+                echo "Usage: $0 {start|stop|restart}"
+                exit 1
+                ;;
+          esac
+          exit 0
+        '';
+      };
+
       # https://github.com/NixOS/nix/blob/2.8.0/src/libstore/globals.hh#L464-L465
       sandboxBuildDir = "/build";
 
@@ -194,16 +235,15 @@ let
           LD_LIBRARY_PATH = lib.makeLibraryPath [ stdenv.cc.cc ];
         }
         // drvEnv
-        // {
-
+        // rec {
           # https://github.com/NixOS/nix/blob/2.8.0/src/libstore/build/local-derivation-goal.cc#L1008-L1010
           NIX_BUILD_TOP = sandboxBuildDir;
 
           # https://github.com/NixOS/nix/blob/2.8.0/src/libstore/build/local-derivation-goal.cc#L1012-L1013
-          TMPDIR = sandboxBuildDir;
-          TEMPDIR = sandboxBuildDir;
-          TMP = sandboxBuildDir;
-          TEMP = "/tmp";
+          TMPDIR = TMP;
+          TEMPDIR = TMP;
+          TMP = "/tmp";
+          TEMP = TMP;
 
           # https://github.com/NixOS/nix/blob/2.8.0/src/libstore/build/local-derivation-goal.cc#L1015-L1019
           PWD = homeDirectory;
@@ -235,8 +275,10 @@ let
           ];
           extraGroupLines = [
             "${toString uname}:!:${toString gid}:"
+            "docker:!:${toString (builtins.sub gid 1)}:${toString uname}"
           ];
         })
+        dockerInit
       ];
 
       fakeRootCommands = ''
@@ -283,6 +325,11 @@ let
 
         chown root:root ./etc/pam.d/sudo
         chown root:root ./etc/sudoers
+
+        # Create /var/run and chown it so docker command
+        # doesnt encounter permission issues.
+        mkdir -p ./var/run/
+        chown -R ${toString uid}:${toString gid} ./var/run/
       '';
 
       # Run this image as the given uid/gid
