shrub/nix/ops/image/default.nix

{ pkgs
, herb
, urbit
, solid ? null
, brass ? null
, ivory ? null
}:

let
  link = pill: path:
    if pill == null then ""
                    else "${pkgs.coreutils}/bin/ln -sf ${pill} ${path}";

in pkgs.dockerTools.buildImage {
  name = urbit.meta.name;

  runAsRoot = ''
    #!${pkgs.stdenv.shell}

    set -euo pipefail

    ${pkgs.dockerTools.shadowSetup}

    mkdir -p /share /data /tmp

    ${link solid "/share/solid.pill"}
    ${link brass "/share/brass.pill"}
    ${link ivory "/share/ivory.pill"}
  '';

  contents = [ urbit herb ];

  config = {
    Entrypoint = [ urbit.meta.name ];

    WorkingDir = "/data";

    Volumes = {
      "/data" = {};
    };

    ExposedPorts = {
      "80/tcp" = {};
      "443/tcp" = {};
    };
 };
}
build: allow baking multiple pills into docker images By baking (potentially) multiple pills into an image, we can provide mainnet vs ropsten images. It is still up to the operator to pass along the pill path(s) to the entrypoint. For example, using Docker: docker run --tty urbit -B /share/brass.pill -J /share/ivory.pill ... The main .image attribute still uses only the solid pill, and image-ropsten has been provided with brass and ivory pills. Additionally herb has been added to the image for convenience. 2019-12-18 13:01:15 +03:00			`{ pkgs`
			`, herb`
			`, urbit`
			`, solid ? null`
			`, brass ? null`
			`, ivory ? null`
			`}:`

			`let`
			`link = pill: path:`
			`if pill == null then ""`
			`else "${pkgs.coreutils}/bin/ln -sf ${pill} ${path}";`

			`in pkgs.dockerTools.buildImage {`
build: simplify image build interface This removes the baked in codedump inspection and wrapper scripts in favour of downstream tooling overriding this as necessary by using FROM <image> in their respective dockerfile. 2019-10-21 11:03:41 +03:00			`name = urbit.meta.name;`
Adding nix expressions to build/bake docker images 2019-10-03 21:19:07 +03:00
			`runAsRoot = ''`
			`#!${pkgs.stdenv.shell}`

			`set -euo pipefail`

			`${pkgs.dockerTools.shadowSetup}`

build: trimming unnecessary image configuration 2019-12-16 11:18:08 +03:00			`mkdir -p /share /data /tmp`
build: simplify image build interface This removes the baked in codedump inspection and wrapper scripts in favour of downstream tooling overriding this as necessary by using FROM <image> in their respective dockerfile. 2019-10-21 11:03:41 +03:00
build: allow baking multiple pills into docker images By baking (potentially) multiple pills into an image, we can provide mainnet vs ropsten images. It is still up to the operator to pass along the pill path(s) to the entrypoint. For example, using Docker: docker run --tty urbit -B /share/brass.pill -J /share/ivory.pill ... The main .image attribute still uses only the solid pill, and image-ropsten has been provided with brass and ivory pills. Additionally herb has been added to the image for convenience. 2019-12-18 13:01:15 +03:00			`${link solid "/share/solid.pill"}`
			`${link brass "/share/brass.pill"}`
			`${link ivory "/share/ivory.pill"}`
Adding nix expressions to build/bake docker images 2019-10-03 21:19:07 +03:00			`'';`

build: allow baking multiple pills into docker images By baking (potentially) multiple pills into an image, we can provide mainnet vs ropsten images. It is still up to the operator to pass along the pill path(s) to the entrypoint. For example, using Docker: docker run --tty urbit -B /share/brass.pill -J /share/ivory.pill ... The main .image attribute still uses only the solid pill, and image-ropsten has been provided with brass and ivory pills. Additionally herb has been added to the image for convenience. 2019-12-18 13:01:15 +03:00			`contents = [ urbit herb ];`
build: trimming unnecessary image configuration 2019-12-16 11:18:08 +03:00
Adding nix expressions to build/bake docker images 2019-10-03 21:19:07 +03:00			`config = {`
build: trimming unnecessary image configuration 2019-12-16 11:18:08 +03:00			`Entrypoint = [ urbit.meta.name ];`
Adding nix expressions to build/bake docker images 2019-10-03 21:19:07 +03:00
			`WorkingDir = "/data";`

			`Volumes = {`
			`"/data" = {};`
			`};`

			`ExposedPorts = {`
			`"80/tcp" = {};`
			`"443/tcp" = {};`
			`};`
			`};`
			`}`