Merge pull request #3779 from offlinehacker/docker
full nixos inside docker
This commit is contained in:
		
						commit
						d140851472
					
				| @ -15,6 +15,9 @@ | ||||
|   # store path whose closure will be copied, and `symlink' is a | ||||
|   # symlink to `object' that will be added to the tarball. | ||||
|   storeContents ? [] | ||||
| 
 | ||||
|   # Extra tar arguments | ||||
| , extraArgs ? "" | ||||
| }: | ||||
| 
 | ||||
| stdenv.mkDerivation { | ||||
| @ -22,7 +25,7 @@ stdenv.mkDerivation { | ||||
|   builder = ./make-system-tarball.sh; | ||||
|   buildInputs = [perl xz]; | ||||
| 
 | ||||
|   inherit fileName pathsFromGraph; | ||||
|   inherit fileName pathsFromGraph extraArgs; | ||||
| 
 | ||||
|   # !!! should use XML. | ||||
|   sources = map (x: x.source) contents; | ||||
|  | ||||
| @ -50,7 +50,7 @@ done | ||||
| 
 | ||||
| mkdir -p $out/tarball | ||||
| 
 | ||||
| tar cvJf $out/tarball/$fileName.tar.xz * | ||||
| tar cvJf $out/tarball/$fileName.tar.xz * $extraArgs | ||||
| 
 | ||||
| mkdir -p $out/nix-support | ||||
| echo $system > $out/nix-support/system | ||||
|  | ||||
| @ -66,6 +66,12 @@ with lib; | ||||
|         restartIfChanged = false; | ||||
|       }; | ||||
| 
 | ||||
|     systemd.services."console-getty" = | ||||
|       { serviceConfig.ExecStart = "@${pkgs.utillinux}/sbin/agetty agetty --noclear --login-program ${pkgs.shadow}/bin/login --keep-baud console 115200,38400,9600 $TERM"; | ||||
|         serviceConfig.Restart = "always"; | ||||
|         restartIfChanged = false; | ||||
|       }; | ||||
| 
 | ||||
|     environment.etc = singleton | ||||
|       { # Friendly greeting on the virtual consoles. | ||||
|         source = pkgs.writeText "issue" '' | ||||
|  | ||||
							
								
								
									
										67
									
								
								nixos/modules/virtualisation/docker-image.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										67
									
								
								nixos/modules/virtualisation/docker-image.nix
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,67 @@ | ||||
| { config, lib, pkgs, ... }: | ||||
| 
 | ||||
| with lib; | ||||
| 
 | ||||
| let | ||||
|  pkgs2storeContents = l : map (x: { object = x; symlink = "none"; }) l; | ||||
| 
 | ||||
| in { | ||||
|   # Create the tarball | ||||
|   system.build.dockerImage = import ../../lib/make-system-tarball.nix { | ||||
|     inherit (pkgs) stdenv perl xz pathsFromGraph; | ||||
| 
 | ||||
|     contents = []; | ||||
|     extraArgs = "--owner=0"; | ||||
|     storeContents = [ | ||||
|       { object = config.system.build.toplevel + "/init"; | ||||
|         symlink = "/bin/init"; | ||||
|       } | ||||
|     ] ++ (pkgs2storeContents [ pkgs.stdenv ]); | ||||
|   }; | ||||
| 
 | ||||
|   boot.postBootCommands = | ||||
|     '' | ||||
|       # After booting, register the contents of the Nix store in the Nix | ||||
|       # database. | ||||
|       if [ -f /nix-path-registration ]; then | ||||
|         ${config.nix.package}/bin/nix-store --load-db < /nix-path-registration && | ||||
|         rm /nix-path-registration | ||||
|       fi | ||||
| 
 | ||||
|       # nixos-rebuild also requires a "system" profile and an | ||||
|       # /etc/NIXOS tag. | ||||
|       touch /etc/NIXOS | ||||
|       ${config.nix.package}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system | ||||
| 
 | ||||
|       # Set virtualisation to docker | ||||
|       echo "docker" > /run/systemd/container  | ||||
|     ''; | ||||
| 
 | ||||
| 
 | ||||
|   # docker image config | ||||
|   require = [ | ||||
|     ../installer/cd-dvd/channel.nix | ||||
|     ../profiles/minimal.nix | ||||
|     ../profiles/clone-config.nix | ||||
|   ]; | ||||
| 
 | ||||
|   boot.isContainer = true; | ||||
| 
 | ||||
|   # Iptables do not work in docker | ||||
|   networking.firewall.enable = false; | ||||
| 
 | ||||
|   services.openssh.enable = true; | ||||
| 
 | ||||
|   # Socket activated ssh presents problem in docker | ||||
|   services.openssh.startWhenNeeded = false; | ||||
| 
 | ||||
|   # Allow the user to login as root without password | ||||
|   security.initialRootPassword = ""; | ||||
| 
 | ||||
|   # Some more help text. | ||||
|   services.mingetty.helpLine = | ||||
|     '' | ||||
| 
 | ||||
|       Log in as "root" with an empty password. | ||||
|     ''; | ||||
| } | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user
	 Michael Raskin
						Michael Raskin