mirror of
https://github.com/nix-community/linuxkit-nix.git
synced 2024-10-03 22:58:00 +03:00
Initial commit
This commit is contained in:
commit
220208deb0
4
.gitignore
vendored
Normal file
4
.gitignore
vendored
Normal file
@ -0,0 +1,4 @@
|
||||
result
|
||||
result-bin
|
||||
*~
|
||||
\#*\#
|
1
default.nix
Normal file
1
default.nix
Normal file
@ -0,0 +1 @@
|
||||
import <nixpkgs> { overlays = [ (import ./overlay.nix) ]; }
|
41
hyperkit/default.nix
Normal file
41
hyperkit/default.nix
Normal file
@ -0,0 +1,41 @@
|
||||
{ stdenv, lib, fetchFromGitHub, Hypervisor, vmnet, xpc, libobjc }:
|
||||
|
||||
let
|
||||
rev = "6f6edf716b893544c9e0ef3032459180560f0333";
|
||||
in
|
||||
stdenv.mkDerivation rec {
|
||||
name = "hyperkit-${version}";
|
||||
# HyperKit release binary uses 6 characters in the version
|
||||
version = lib.strings.substring 0 6 rev;
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "moby";
|
||||
repo = "hyperkit";
|
||||
inherit rev;
|
||||
sha256 = "1vpha4dmal3alw76xfvwj7k0qf5gsb5rz821z5j5a3silqjhihcy";
|
||||
};
|
||||
|
||||
buildInputs = [ Hypervisor vmnet xpc libobjc ];
|
||||
|
||||
# Don't use git to determine version
|
||||
prePatch = ''
|
||||
substituteInPlace Makefile \
|
||||
--replace 'shell git describe --abbrev=6 --dirty --always --tags' "$version" \
|
||||
--replace 'shell git rev-parse HEAD' "${rev}" \
|
||||
--replace 'PHONY: clean' 'PHONY:'
|
||||
cp ${./dtrace.h} src/include/xhyve/dtrace.h
|
||||
'';
|
||||
|
||||
makeFlags = [ "CFLAGS+=-Wno-shift-sign-overflow" ''CFLAGS+=-DVERSION=\"${version}\"'' ''CFLAGS+=-DVERSION_SHA1=\"${rev}\"'' ];
|
||||
installPhase = ''
|
||||
mkdir -p $out/bin
|
||||
cp build/hyperkit $out/bin
|
||||
'';
|
||||
|
||||
meta = {
|
||||
description = "A toolkit for embedding hypervisor capabilities in your application";
|
||||
homepage = "https://github.com/moby/hyperkit";
|
||||
maintainers = [ lib.maintainers.puffnfresh ];
|
||||
platforms = lib.platforms.darwin;
|
||||
};
|
||||
}
|
209
hyperkit/dtrace.h
Normal file
209
hyperkit/dtrace.h
Normal file
@ -0,0 +1,209 @@
|
||||
/*
|
||||
* Generated by dtrace(1M).
|
||||
*/
|
||||
|
||||
#ifndef _DTRACE_H
|
||||
#define _DTRACE_H
|
||||
|
||||
#include <unistd.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#define HYPERKIT_STABILITY "___dtrace_stability$hyperkit$v1$1_1_0_1_1_0_1_1_0_1_1_0_1_1_0"
|
||||
|
||||
#define HYPERKIT_TYPEDEFS "___dtrace_typedefs$hyperkit$v2$6f66665f74"
|
||||
|
||||
#if !defined(DTRACE_PROBES_DISABLED) || !DTRACE_PROBES_DISABLED
|
||||
|
||||
#define HYPERKIT_BLOCK_DELETE(arg0, arg1) \
|
||||
do { \
|
||||
__asm__ volatile(".reference " HYPERKIT_TYPEDEFS); \
|
||||
__dtrace_probe$hyperkit$block__delete$v1$6f66665f74$6f66665f74(arg0, arg1); \
|
||||
__asm__ volatile(".reference " HYPERKIT_STABILITY); \
|
||||
} while (0)
|
||||
#define HYPERKIT_BLOCK_DELETE_ENABLED() \
|
||||
({ int _r = __dtrace_isenabled$hyperkit$block__delete$v1(); \
|
||||
__asm__ volatile(""); \
|
||||
_r; })
|
||||
#define HYPERKIT_BLOCK_DELETE_DONE(arg0, arg1) \
|
||||
do { \
|
||||
__asm__ volatile(".reference " HYPERKIT_TYPEDEFS); \
|
||||
__dtrace_probe$hyperkit$block__delete__done$v1$6f66665f74$6f66665f74(arg0, arg1); \
|
||||
__asm__ volatile(".reference " HYPERKIT_STABILITY); \
|
||||
} while (0)
|
||||
#define HYPERKIT_BLOCK_DELETE_DONE_ENABLED() \
|
||||
({ int _r = __dtrace_isenabled$hyperkit$block__delete__done$v1(); \
|
||||
__asm__ volatile(""); \
|
||||
_r; })
|
||||
#define HYPERKIT_BLOCK_PREADV(arg0, arg1) \
|
||||
do { \
|
||||
__asm__ volatile(".reference " HYPERKIT_TYPEDEFS); \
|
||||
__dtrace_probe$hyperkit$block__preadv$v1$6f66665f74$73697a655f74(arg0, arg1); \
|
||||
__asm__ volatile(".reference " HYPERKIT_STABILITY); \
|
||||
} while (0)
|
||||
#define HYPERKIT_BLOCK_PREADV_ENABLED() \
|
||||
({ int _r = __dtrace_isenabled$hyperkit$block__preadv$v1(); \
|
||||
__asm__ volatile(""); \
|
||||
_r; })
|
||||
#define HYPERKIT_BLOCK_PREADV_DONE(arg0, arg1) \
|
||||
do { \
|
||||
__asm__ volatile(".reference " HYPERKIT_TYPEDEFS); \
|
||||
__dtrace_probe$hyperkit$block__preadv__done$v1$6f66665f74$7373697a655f74(arg0, arg1); \
|
||||
__asm__ volatile(".reference " HYPERKIT_STABILITY); \
|
||||
} while (0)
|
||||
#define HYPERKIT_BLOCK_PREADV_DONE_ENABLED() \
|
||||
({ int _r = __dtrace_isenabled$hyperkit$block__preadv__done$v1(); \
|
||||
__asm__ volatile(""); \
|
||||
_r; })
|
||||
#define HYPERKIT_BLOCK_PWRITEV(arg0, arg1) \
|
||||
do { \
|
||||
__asm__ volatile(".reference " HYPERKIT_TYPEDEFS); \
|
||||
__dtrace_probe$hyperkit$block__pwritev$v1$6f66665f74$73697a655f74(arg0, arg1); \
|
||||
__asm__ volatile(".reference " HYPERKIT_STABILITY); \
|
||||
} while (0)
|
||||
#define HYPERKIT_BLOCK_PWRITEV_ENABLED() \
|
||||
({ int _r = __dtrace_isenabled$hyperkit$block__pwritev$v1(); \
|
||||
__asm__ volatile(""); \
|
||||
_r; })
|
||||
#define HYPERKIT_BLOCK_PWRITEV_DONE(arg0, arg1) \
|
||||
do { \
|
||||
__asm__ volatile(".reference " HYPERKIT_TYPEDEFS); \
|
||||
__dtrace_probe$hyperkit$block__pwritev__done$v1$6f66665f74$7373697a655f74(arg0, arg1); \
|
||||
__asm__ volatile(".reference " HYPERKIT_STABILITY); \
|
||||
} while (0)
|
||||
#define HYPERKIT_BLOCK_PWRITEV_DONE_ENABLED() \
|
||||
({ int _r = __dtrace_isenabled$hyperkit$block__pwritev__done$v1(); \
|
||||
__asm__ volatile(""); \
|
||||
_r; })
|
||||
#define HYPERKIT_VMX_EPT_FAULT(arg0, arg1, arg2) \
|
||||
do { \
|
||||
__asm__ volatile(".reference " HYPERKIT_TYPEDEFS); \
|
||||
__dtrace_probe$hyperkit$vmx__ept__fault$v1$696e74$756e7369676e6564206c6f6e67$756e7369676e6564206c6f6e67(arg0, arg1, arg2); \
|
||||
__asm__ volatile(".reference " HYPERKIT_STABILITY); \
|
||||
} while (0)
|
||||
#define HYPERKIT_VMX_EPT_FAULT_ENABLED() \
|
||||
({ int _r = __dtrace_isenabled$hyperkit$vmx__ept__fault$v1(); \
|
||||
__asm__ volatile(""); \
|
||||
_r; })
|
||||
#define HYPERKIT_VMX_EXIT(arg0, arg1) \
|
||||
do { \
|
||||
__asm__ volatile(".reference " HYPERKIT_TYPEDEFS); \
|
||||
__dtrace_probe$hyperkit$vmx__exit$v1$696e74$756e7369676e656420696e74(arg0, arg1); \
|
||||
__asm__ volatile(".reference " HYPERKIT_STABILITY); \
|
||||
} while (0)
|
||||
#define HYPERKIT_VMX_EXIT_ENABLED() \
|
||||
({ int _r = __dtrace_isenabled$hyperkit$vmx__exit$v1(); \
|
||||
__asm__ volatile(""); \
|
||||
_r; })
|
||||
#define HYPERKIT_VMX_INJECT_VIRQ(arg0, arg1) \
|
||||
do { \
|
||||
__asm__ volatile(".reference " HYPERKIT_TYPEDEFS); \
|
||||
__dtrace_probe$hyperkit$vmx__inject__virq$v1$696e74$696e74(arg0, arg1); \
|
||||
__asm__ volatile(".reference " HYPERKIT_STABILITY); \
|
||||
} while (0)
|
||||
#define HYPERKIT_VMX_INJECT_VIRQ_ENABLED() \
|
||||
({ int _r = __dtrace_isenabled$hyperkit$vmx__inject__virq$v1(); \
|
||||
__asm__ volatile(""); \
|
||||
_r; })
|
||||
#define HYPERKIT_VMX_READ_MSR(arg0, arg1, arg2) \
|
||||
do { \
|
||||
__asm__ volatile(".reference " HYPERKIT_TYPEDEFS); \
|
||||
__dtrace_probe$hyperkit$vmx__read__msr$v1$696e74$756e7369676e656420696e74$756e7369676e6564206c6f6e67(arg0, arg1, arg2); \
|
||||
__asm__ volatile(".reference " HYPERKIT_STABILITY); \
|
||||
} while (0)
|
||||
#define HYPERKIT_VMX_READ_MSR_ENABLED() \
|
||||
({ int _r = __dtrace_isenabled$hyperkit$vmx__read__msr$v1(); \
|
||||
__asm__ volatile(""); \
|
||||
_r; })
|
||||
#define HYPERKIT_VMX_WRITE_MSR(arg0, arg1, arg2) \
|
||||
do { \
|
||||
__asm__ volatile(".reference " HYPERKIT_TYPEDEFS); \
|
||||
__dtrace_probe$hyperkit$vmx__write__msr$v1$696e74$756e7369676e656420696e74$756e7369676e6564206c6f6e67(arg0, arg1, arg2); \
|
||||
__asm__ volatile(".reference " HYPERKIT_STABILITY); \
|
||||
} while (0)
|
||||
#define HYPERKIT_VMX_WRITE_MSR_ENABLED() \
|
||||
({ int _r = __dtrace_isenabled$hyperkit$vmx__write__msr$v1(); \
|
||||
__asm__ volatile(""); \
|
||||
_r; })
|
||||
|
||||
|
||||
extern void __dtrace_probe$hyperkit$block__delete$v1$6f66665f74$6f66665f74(off_t, off_t);
|
||||
extern int __dtrace_isenabled$hyperkit$block__delete$v1(void);
|
||||
extern void __dtrace_probe$hyperkit$block__delete__done$v1$6f66665f74$6f66665f74(off_t, off_t);
|
||||
extern int __dtrace_isenabled$hyperkit$block__delete__done$v1(void);
|
||||
extern void __dtrace_probe$hyperkit$block__preadv$v1$6f66665f74$73697a655f74(off_t, size_t);
|
||||
extern int __dtrace_isenabled$hyperkit$block__preadv$v1(void);
|
||||
extern void __dtrace_probe$hyperkit$block__preadv__done$v1$6f66665f74$7373697a655f74(off_t, ssize_t);
|
||||
extern int __dtrace_isenabled$hyperkit$block__preadv__done$v1(void);
|
||||
extern void __dtrace_probe$hyperkit$block__pwritev$v1$6f66665f74$73697a655f74(off_t, size_t);
|
||||
extern int __dtrace_isenabled$hyperkit$block__pwritev$v1(void);
|
||||
extern void __dtrace_probe$hyperkit$block__pwritev__done$v1$6f66665f74$7373697a655f74(off_t, ssize_t);
|
||||
extern int __dtrace_isenabled$hyperkit$block__pwritev__done$v1(void);
|
||||
extern void __dtrace_probe$hyperkit$vmx__ept__fault$v1$696e74$756e7369676e6564206c6f6e67$756e7369676e6564206c6f6e67(int, unsigned long, unsigned long);
|
||||
extern int __dtrace_isenabled$hyperkit$vmx__ept__fault$v1(void);
|
||||
extern void __dtrace_probe$hyperkit$vmx__exit$v1$696e74$756e7369676e656420696e74(int, unsigned int);
|
||||
extern int __dtrace_isenabled$hyperkit$vmx__exit$v1(void);
|
||||
extern void __dtrace_probe$hyperkit$vmx__inject__virq$v1$696e74$696e74(int, int);
|
||||
extern int __dtrace_isenabled$hyperkit$vmx__inject__virq$v1(void);
|
||||
extern void __dtrace_probe$hyperkit$vmx__read__msr$v1$696e74$756e7369676e656420696e74$756e7369676e6564206c6f6e67(int, unsigned int, unsigned long);
|
||||
extern int __dtrace_isenabled$hyperkit$vmx__read__msr$v1(void);
|
||||
extern void __dtrace_probe$hyperkit$vmx__write__msr$v1$696e74$756e7369676e656420696e74$756e7369676e6564206c6f6e67(int, unsigned int, unsigned long);
|
||||
extern int __dtrace_isenabled$hyperkit$vmx__write__msr$v1(void);
|
||||
|
||||
#else
|
||||
|
||||
#define HYPERKIT_BLOCK_DELETE(arg0, arg1) \
|
||||
do { \
|
||||
} while (0)
|
||||
#define HYPERKIT_BLOCK_DELETE_ENABLED() (0)
|
||||
#define HYPERKIT_BLOCK_DELETE_DONE(arg0, arg1) \
|
||||
do { \
|
||||
} while (0)
|
||||
#define HYPERKIT_BLOCK_DELETE_DONE_ENABLED() (0)
|
||||
#define HYPERKIT_BLOCK_PREADV(arg0, arg1) \
|
||||
do { \
|
||||
} while (0)
|
||||
#define HYPERKIT_BLOCK_PREADV_ENABLED() (0)
|
||||
#define HYPERKIT_BLOCK_PREADV_DONE(arg0, arg1) \
|
||||
do { \
|
||||
} while (0)
|
||||
#define HYPERKIT_BLOCK_PREADV_DONE_ENABLED() (0)
|
||||
#define HYPERKIT_BLOCK_PWRITEV(arg0, arg1) \
|
||||
do { \
|
||||
} while (0)
|
||||
#define HYPERKIT_BLOCK_PWRITEV_ENABLED() (0)
|
||||
#define HYPERKIT_BLOCK_PWRITEV_DONE(arg0, arg1) \
|
||||
do { \
|
||||
} while (0)
|
||||
#define HYPERKIT_BLOCK_PWRITEV_DONE_ENABLED() (0)
|
||||
#define HYPERKIT_VMX_EPT_FAULT(arg0, arg1, arg2) \
|
||||
do { \
|
||||
} while (0)
|
||||
#define HYPERKIT_VMX_EPT_FAULT_ENABLED() (0)
|
||||
#define HYPERKIT_VMX_EXIT(arg0, arg1) \
|
||||
do { \
|
||||
} while (0)
|
||||
#define HYPERKIT_VMX_EXIT_ENABLED() (0)
|
||||
#define HYPERKIT_VMX_INJECT_VIRQ(arg0, arg1) \
|
||||
do { \
|
||||
} while (0)
|
||||
#define HYPERKIT_VMX_INJECT_VIRQ_ENABLED() (0)
|
||||
#define HYPERKIT_VMX_READ_MSR(arg0, arg1, arg2) \
|
||||
do { \
|
||||
} while (0)
|
||||
#define HYPERKIT_VMX_READ_MSR_ENABLED() (0)
|
||||
#define HYPERKIT_VMX_WRITE_MSR(arg0, arg1, arg2) \
|
||||
do { \
|
||||
} while (0)
|
||||
#define HYPERKIT_VMX_WRITE_MSR_ENABLED() (0)
|
||||
|
||||
#endif /* !defined(DTRACE_PROBES_DISABLED) || !DTRACE_PROBES_DISABLED */
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* _DTRACE_H */
|
196
linuxkit-builder/default.nix
Normal file
196
linuxkit-builder/default.nix
Normal file
@ -0,0 +1,196 @@
|
||||
# TODO: Sadly this file has lots of duplication with vmTools.
|
||||
|
||||
{ system
|
||||
, stdenv
|
||||
, perl
|
||||
, xz
|
||||
, bash
|
||||
, pathsFromGraph
|
||||
, hyperkit
|
||||
, linuxkit
|
||||
, vpnkit
|
||||
, socat
|
||||
, writeScript
|
||||
, writeScriptBin
|
||||
, writeText
|
||||
, forceSystem
|
||||
, vmTools
|
||||
, makeInitrd
|
||||
|
||||
, linuxkitKernel ? (forceSystem "x86_64-linux" "x86_64").callPackage ./kernel.nix { }
|
||||
, storeDir ? builtins.storeDir
|
||||
}:
|
||||
|
||||
let
|
||||
pkgsLinux = forceSystem "x86_64-linux" "x86_64";
|
||||
vmToolsLinux = vmTools.override { kernel = linuxkitKernel; pkgs = pkgsLinux; };
|
||||
containerIp = "192.168.65.2";
|
||||
|
||||
hd = "sda";
|
||||
systemTarball = import <nixpkgs/nixos/lib/make-system-tarball.nix> {
|
||||
inherit stdenv perl xz pathsFromGraph;
|
||||
contents = [];
|
||||
storeContents = [
|
||||
{
|
||||
object = stage2Init;
|
||||
symlink = "none";
|
||||
}
|
||||
];
|
||||
};
|
||||
stage1Init = writeScript "vm-run-stage1" ''
|
||||
#! ${vmToolsLinux.initrdUtils}/bin/ash -e
|
||||
|
||||
export PATH=${vmToolsLinux.initrdUtils}/bin
|
||||
|
||||
mkdir /etc
|
||||
echo -n > /etc/fstab
|
||||
|
||||
mount -t proc none /proc
|
||||
mount -t sysfs none /sys
|
||||
|
||||
echo 2 > /proc/sys/vm/panic_on_oom
|
||||
|
||||
# echo "loading kernel modules..."
|
||||
# for i in $(cat ${vmToolsLinux.modulesClosure}/insmod-list); do
|
||||
# insmod $i
|
||||
# done
|
||||
|
||||
mount -t devtmpfs devtmpfs /dev
|
||||
|
||||
ifconfig lo up
|
||||
|
||||
mkdir /fs
|
||||
|
||||
mount -t ext4 /dev/${hd} /fs 2>/dev/null || {
|
||||
${pkgsLinux.e2fsprogs}/bin/mkfs.ext4 -q /dev/${hd}
|
||||
mount -t ext4 /dev/${hd} /fs
|
||||
} || true
|
||||
|
||||
mkdir -p /fs/dev
|
||||
mount -o bind /dev /fs/dev
|
||||
|
||||
mkdir -p /fs/dev/shm /fs/dev/pts
|
||||
mount -t tmpfs -o "mode=1777" none /fs/dev/shm
|
||||
mount -t devpts none /fs/dev/pts
|
||||
|
||||
echo "extracting Nix store..."
|
||||
EXTRACT_UNSAFE_SYMLINKS=1 tar -C /fs -xf ${systemTarball}/tarball/nixos-system-${system}.tar.xz nix nix-path-registration
|
||||
|
||||
mkdir -p /fs/tmp /fs/run /fs/var
|
||||
mount -t tmpfs -o "mode=755" none /fs/run
|
||||
ln -sfn /run /fs/var/run
|
||||
|
||||
mkdir -p /fs/proc
|
||||
mount -t proc none /fs/proc
|
||||
|
||||
mkdir -p /fs/sys
|
||||
mount -t sysfs none /fs/sys
|
||||
|
||||
mkdir -p /fs/etc
|
||||
ln -sf /proc/mounts /fs/etc/mtab
|
||||
echo "127.0.0.1 localhost" > /fs/etc/hosts
|
||||
|
||||
echo "starting stage 2 ($command)"
|
||||
exec switch_root /fs $command
|
||||
'';
|
||||
|
||||
sshdConfig = writeText "linuxkit-sshd-config" ''
|
||||
PermitRootLogin yes
|
||||
PasswordAuthentication no
|
||||
ChallengeResponseAuthentication no
|
||||
'';
|
||||
stage2Init = writeScript "vm-run-stage2" ''
|
||||
#! ${pkgsLinux.bash}/bin/bash
|
||||
|
||||
export NIX_STORE=${storeDir}
|
||||
export NIX_BUILD_TOP=/tmp
|
||||
export TMPDIR=/tmp
|
||||
cd "$NIX_BUILD_TOP"
|
||||
|
||||
${pkgsLinux.coreutils}/bin/mkdir -p /bin
|
||||
${pkgsLinux.coreutils}/bin/ln -fs ${pkgsLinux.bash}/bin/sh /bin/sh
|
||||
|
||||
# # Set up automatic kernel module loading.
|
||||
export MODULE_DIR=${pkgsLinux.linux}/lib/modules/
|
||||
${pkgsLinux.coreutils}/bin/cat <<EOF > /run/modprobe
|
||||
#! /bin/sh
|
||||
export MODULE_DIR=$MODULE_DIR
|
||||
exec ${pkgsLinux.kmod}/bin/modprobe "\$@"
|
||||
EOF
|
||||
${pkgsLinux.coreutils}/bin/chmod 755 /run/modprobe
|
||||
echo /run/modprobe > /proc/sys/kernel/modprobe
|
||||
|
||||
ln -sfn /proc/self/fd /dev/fd
|
||||
|
||||
echo "root:x:0:0:System administrator:/root:${pkgsLinux.bash}/bin/bash" >> /etc/passwd
|
||||
echo "sshd:x:1:65534:SSH privilege separation user:/var/empty:${pkgsLinux.shadow}/bin/nologin" >> /etc/passwd
|
||||
echo "nixbld1:x:30001:30000:Nix build user 1:/var/empty:${pkgsLinux.shadow}/bin/nologin" >> /etc/passwd
|
||||
echo "nixbld:x:30000:nixbld1" >> /etc/group
|
||||
|
||||
export PATH="${vmToolsLinux.initrdUtils}/bin:${pkgsLinux.nix}/bin"
|
||||
|
||||
if [ -f /nix-path-registration ]; then
|
||||
cat /nix-path-registration | nix-store --load-db
|
||||
rm /nix-path-registration
|
||||
fi
|
||||
|
||||
mkdir -p /etc/ssh /root/.ssh /var/db /var/empty
|
||||
|
||||
ifconfig eth0 ${containerIp}
|
||||
route add default gw 192.168.65.1 eth0
|
||||
echo 'nameserver 192.168.65.1' > /etc/resolv.conf
|
||||
|
||||
export NIX_SSL_CERT_FILE="${pkgsLinux.cacert}/etc/ssl/certs/ca-bundle.crt"
|
||||
mkdir -p /run/nix-daemon
|
||||
${pkgsLinux.virtsock}/bin/vsudd -inport 2374:unix:/run/nix-daemon/daemon.sock &
|
||||
exec ${pkgsLinux.socat}/bin/socat UNIX-LISTEN:/run/nix-daemon/daemon.sock EXEC:"nix-daemon --stdio"
|
||||
'';
|
||||
|
||||
img = "bzImage";
|
||||
initrd = makeInitrd {
|
||||
contents = [
|
||||
{ object = stage1Init;
|
||||
symlink = "/init";
|
||||
}
|
||||
];
|
||||
};
|
||||
dir = "$HOME/.nixpkgs/linuxkit-builder";
|
||||
linuxkit-nix-daemon = writeScriptBin "linuxkit-nix-daemon" ''
|
||||
#!${bash}/bin/bash
|
||||
|
||||
SIZE="1G"
|
||||
CPUS=1
|
||||
MEM=1024
|
||||
|
||||
mkdir -p "${dir}"
|
||||
ln -fs ${linuxkitKernel}/${img} "${dir}/nix-kernel"
|
||||
ln -fs ${initrd}/initrd "${dir}/nix-initrd.img"
|
||||
echo -n "console=ttyS0 panic=1 command=${stage2Init} loglevel=7 debug" > "${dir}/nix-cmdline"
|
||||
exec ${linuxkit}/bin/linuxkit run \
|
||||
hyperkit \
|
||||
-hyperkit ${hyperkit}/bin/hyperkit \
|
||||
-vpnkit ${vpnkit}/bin/vpnkit \
|
||||
-disk "${dir}/nix-disk,size=$SIZE" \
|
||||
-cpus $CPUS \
|
||||
-mem $MEM \
|
||||
-networking vpnkit \
|
||||
-ip ${containerIp} \
|
||||
-vsock-ports 2374 \
|
||||
-console-file \
|
||||
"${dir}/nix"
|
||||
'';
|
||||
linuxkit-builder = writeScriptBin "linuxkit-builder" ''
|
||||
#!${bash}/bin/bash
|
||||
|
||||
${linuxkit-nix-daemon}/bin/linuxkit-nix-daemon >/dev/null &
|
||||
|
||||
while ! grep -q "Listening on port 2374" "${dir}/nix-state/console-ring"; do
|
||||
echo "Waiting for LinuxKit VM to boot..." >&2
|
||||
sleep 2
|
||||
done
|
||||
sleep 1
|
||||
|
||||
exec ${socat}/bin/socat UNIX-CONNECT:"${dir}/nix-state/00000003.00000946" -
|
||||
'';
|
||||
in
|
||||
linuxkit-builder
|
12
linuxkit-builder/kernel.nix
Normal file
12
linuxkit-builder/kernel.nix
Normal file
@ -0,0 +1,12 @@
|
||||
{ stdenv, fetchurl, linux_4_9, linuxManualConfig, hostPlatform }:
|
||||
|
||||
linuxManualConfig {
|
||||
inherit stdenv hostPlatform;
|
||||
inherit (linux_4_9) src;
|
||||
version = "${linux_4_9.version}-linuxkit";
|
||||
configfile = fetchurl {
|
||||
url = https://raw.githubusercontent.com/linuxkit/linuxkit/cb1c74977297b326638daeb824983f0a2e13fdf2/kernel/kernel_config-4.9.x-x86_64;
|
||||
sha256 = "1lpz2q5mhvq7g5ys2s2zynibbxczqzscxbwxfbhb4mkkpps8dv08";
|
||||
};
|
||||
allowImportFromDerivation = true;
|
||||
}
|
28
linuxkit/default.nix
Normal file
28
linuxkit/default.nix
Normal file
@ -0,0 +1,28 @@
|
||||
{ lib, buildGoPackage, go, fetchFromGitHub }:
|
||||
|
||||
buildGoPackage rec {
|
||||
name = "linuxkit-${version}";
|
||||
version = "0.2";
|
||||
|
||||
goPackagePath = "github.com/linuxkit/linuxkit";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "linuxkit";
|
||||
repo = "linuxkit";
|
||||
rev = "v${version}";
|
||||
sha256 = "1y7pjmzimnm52v218fznqg8gjiwzxg38ywxiqig8iiljpc6hiyha";
|
||||
};
|
||||
|
||||
subPackages = [ "src/cmd/linuxkit" ];
|
||||
|
||||
preBuild = ''
|
||||
buildFlagsArray+=("-ldflags" "-X main.GitCommit=1c552f7 -X main.Version=0.2.0")
|
||||
'';
|
||||
|
||||
meta = {
|
||||
description = "A toolkit for building secure, portable and lean operating systems for containers";
|
||||
license = lib.licenses.asl20;
|
||||
homepage = https://github.com/linuxkit/linuxkit;
|
||||
platforms = lib.platforms.unix;
|
||||
};
|
||||
}
|
11
overlay.nix
Normal file
11
overlay.nix
Normal file
@ -0,0 +1,11 @@
|
||||
self: super: {
|
||||
hyperkit = self.callPackage ./hyperkit {
|
||||
inherit (self.darwin.apple_sdk.frameworks) Hypervisor vmnet;
|
||||
inherit (self.darwin.apple_sdk.libs) xpc;
|
||||
inherit (self.darwin) libobjc;
|
||||
};
|
||||
virtsock = self.callPackage ./virtsock { };
|
||||
vpnkit = self.callPackage ./vpnkit { };
|
||||
linuxkit = self.callPackage ./linuxkit { };
|
||||
linuxkit-builder = self.callPackage ./linuxkit-builder { };
|
||||
}
|
20
virtsock/default.nix
Normal file
20
virtsock/default.nix
Normal file
@ -0,0 +1,20 @@
|
||||
{ stdenv, buildGoPackage, fetchFromGitHub }:
|
||||
|
||||
buildGoPackage rec {
|
||||
name = "virtsock-unstable-${version}";
|
||||
version = "2017-09-14";
|
||||
rev = "cce5df4cc3fbd5966290ae44f43b407205d4a2e4";
|
||||
|
||||
goPackagePath = "github.com/linuxkit/virtsock";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "linuxkit";
|
||||
repo = "virtsock";
|
||||
inherit rev;
|
||||
sha256 = "1qc3v9xrpzvk2xw9hgqvimwcahl9nva5jghadqzlpqw51a39didh";
|
||||
};
|
||||
|
||||
# TODO: add metadata https://nixos.org/nixpkgs/manual/#sec-standard-meta-attributes
|
||||
meta = {
|
||||
};
|
||||
}
|
27
vpnkit/default.nix
Normal file
27
vpnkit/default.nix
Normal file
@ -0,0 +1,27 @@
|
||||
{ stdenv, lib, fetchurl }:
|
||||
|
||||
let
|
||||
rev = "75434cdd2c2c7c3be257f07f3b7c1a91eca27225";
|
||||
in
|
||||
stdenv.mkDerivation rec {
|
||||
name = "vpnkit-${version}";
|
||||
version = lib.strings.substring 0 7 rev;
|
||||
|
||||
src = fetchurl {
|
||||
url = https://1013-58395340-gh.circle-artifacts.com/0/Users/distiller/vpnkit/vpnkit.tgz;
|
||||
sha256 = "1jcgx1cg70kdlxc7xrggk1fkb96aqn1h5sklqavpnxn08myla8bj";
|
||||
};
|
||||
|
||||
sourceRoot = ".";
|
||||
|
||||
installPhase = ''
|
||||
cp -r Contents/Resources $out
|
||||
'';
|
||||
|
||||
meta = {
|
||||
description = "VPN-friendly networking devices for HyperKit";
|
||||
homepage = "https://github.com/moby/vpnkit";
|
||||
maintainers = [ lib.maintainers.puffnfresh ];
|
||||
platforms = lib.platforms.darwin;
|
||||
};
|
||||
}
|
Loading…
Reference in New Issue
Block a user