knedlsepp · September 5, 2018 22:38
diff --git a/default.nix b/default.nix
 # Examples taken from:
 # https://github.com/NixOS/nixpkgs/blob/c58b11d229f63a85ee1d05fc9940a20fa2b73975/pkgs/build-support/docker/examples.nix
 # Usage:
 #  $ nix-build -A redis
 #  $ docker load < result
 { nixpkgs ? (builtins.fetchGit {
    url = git://github.com/NixOS/nixpkgs-channels;
    ref = "nixos-18.09";
    rev = "c58b11d229f63a85ee1d05fc9940a20fa2b73975";
  })
 }:
 let
  pkgs = import nixpkgs { overlays = [ ]; config = { }; };
  buildImage = pkgs.dockerTools.buildImage;
  pullImage = pkgs.dockerTools.pullImage;
  shadowSetup = pkgs.dockerTools.shadowSetup;
  buildImageWithNixDb = pkgs.dockerTools.buildImageWithNixDb;
 in
 rec {
  # 1. basic example
  bash = buildImage {
    name = "bash";
    tag = "latest";
    contents = pkgs.bashInteractive;
  };

  # 2. service example, layered on another image
  redis = buildImage {
    name = "redis";
    tag = "latest";

    # for example's sake, we can layer redis on top of bash or debian
    fromImage = bash;
    # fromImage = debian;

    contents = pkgs.redis;
    runAsRoot = ''
      mkdir -p /data
    '';

    config = {
      Cmd = [ "/bin/redis-server" ];
      WorkingDir = "/data";
      Volumes = {
        "/data" = {};
      };
    };
  };

  # 3. another service example
  nginx = let
    nginxPort = "80";
    nginxConf = pkgs.writeText "nginx.conf" ''
      user nginx nginx;
      daemon off;
      error_log /dev/stdout info;
      pid /dev/null;
      events {}
      http {
        access_log /dev/stdout;
        server {
          listen ${nginxPort};
          index index.html;
          location / {
            root ${nginxWebRoot};
          }
        }
      }
    '';
    nginxWebRoot = pkgs.writeTextDir "index.html" ''
      <html><body><h1>Hello from NGINX</h1></body></html>
    '';
  in
  buildImage {
    name = "nginx-container";
    tag = "latest";
    contents = pkgs.nginx;

    runAsRoot = ''
      #!${pkgs.stdenv.shell}
      ${shadowSetup}
      groupadd --system nginx
      useradd --system --gid nginx nginx
    '';

    config = {
      Cmd = [ "nginx" "-c" nginxConf ];
      ExposedPorts = {
        "${nginxPort}/tcp" = {};
      };
    };
  };

  # 4. example of pulling an image. could be used as a base for other images
  nixFromDockerHub = pullImage {
    imageName = "nixos/nix";
    imageDigest = "sha256:20d9485b25ecfd89204e843a962c1bd70e9cc6858d65d7f5fadc340246e2116b";
    sha256 = "0mqjy3zq2v6rrhizgb9nvhczl87lcfphq9601wcprdika2jz7qh8";
    finalImageTag = "1.11";
  };

  # 5. example of multiple contents, emacs and vi happily coexisting
  editors = buildImage {
    name = "editors";
    contents = [
      pkgs.coreutils
      pkgs.bash
      pkgs.emacs
      pkgs.vim
      pkgs.nano
    ];
  };

  # 6. nix example to play with the container nix store
  # docker run -it --rm nix nix-store -qR $(nix-build '<nixpkgs>' -A nix)
  nix = buildImageWithNixDb {
    name = "nix";
    tag = "latest";
    contents = [
      # nix-store uses cat program to display results as specified by
      # the image env variable NIX_PAGER.
      pkgs.coreutils
      pkgs.nix
    ];
    config = {
      Env = [ "NIX_PAGER=cat" ];
    };
  };

  # 7. example of adding something on top of an image pull by our
  # dockerTools chain.
  onTopOfPulledImage = buildImage {
    name = "onTopOfPulledImage";
    tag = "latest";
    fromImage = nixFromDockerHub;
    contents = [ pkgs.hello ];
  };

  # 8. regression test for erroneous use of eval and string expansion.
  # See issue #34779 and PR #40947 for details.
  runAsRootExtraCommands = pkgs.dockerTools.buildImage {
    name = "runAsRootExtraCommands";
    tag = "latest";
    contents = [ pkgs.coreutils ];
    # The parens here are to create problematic bash to embed and eval. In case
    # this is *embedded* into the script (with nix expansion) the initial quotes
    # will close the string and the following parens are unexpected
    runAsRoot = ''echo "(runAsRoot)" > runAsRoot'';
    extraCommands = ''echo "(extraCommand)" > extraCommands'';
  };
 }
	# Examples taken from:
	# https://github.com/NixOS/nixpkgs/blob/c58b11d229f63a85ee1d05fc9940a20fa2b73975/pkgs/build-support/docker/examples.nix
	# Usage:
	# $ nix-build -A redis
	# $ docker load < result
	{ nixpkgs ? (builtins.fetchGit {
	url = git://github.com/NixOS/nixpkgs-channels;
	ref = "nixos-18.09";
	rev = "c58b11d229f63a85ee1d05fc9940a20fa2b73975";
	})
	}:
	let
	pkgs = import nixpkgs { overlays = [ ]; config = { }; };
	buildImage = pkgs.dockerTools.buildImage;
	pullImage = pkgs.dockerTools.pullImage;
	shadowSetup = pkgs.dockerTools.shadowSetup;
	buildImageWithNixDb = pkgs.dockerTools.buildImageWithNixDb;
	in
	rec {
	# 1. basic example
	bash = buildImage {
	name = "bash";
	tag = "latest";
	contents = pkgs.bashInteractive;
	};

	# 2. service example, layered on another image
	redis = buildImage {
	name = "redis";
	tag = "latest";

	# for example's sake, we can layer redis on top of bash or debian
	fromImage = bash;
	# fromImage = debian;

	contents = pkgs.redis;
	runAsRoot = ''
	mkdir -p /data
	'';

	config = {
	Cmd = [ "/bin/redis-server" ];
	WorkingDir = "/data";
	Volumes = {
	"/data" = {};
	};
	};
	};

	# 3. another service example
	nginx = let
	nginxPort = "80";
	nginxConf = pkgs.writeText "nginx.conf" ''
	user nginx nginx;
	daemon off;
	error_log /dev/stdout info;
	pid /dev/null;
	events {}
	http {
	access_log /dev/stdout;
	server {
	listen ${nginxPort};
	index index.html;
	location / {
	root ${nginxWebRoot};
	}
	}
	}
	'';
	nginxWebRoot = pkgs.writeTextDir "index.html" ''
	<html><body><h1>Hello from NGINX</h1></body></html>
	'';
	in
	buildImage {
	name = "nginx-container";
	tag = "latest";
	contents = pkgs.nginx;

	runAsRoot = ''
	#!${pkgs.stdenv.shell}
	${shadowSetup}
	groupadd --system nginx
	useradd --system --gid nginx nginx
	'';

	config = {
	Cmd = [ "nginx" "-c" nginxConf ];
	ExposedPorts = {
	"${nginxPort}/tcp" = {};
	};
	};
	};

	# 4. example of pulling an image. could be used as a base for other images
	nixFromDockerHub = pullImage {
	imageName = "nixos/nix";
	imageDigest = "sha256:20d9485b25ecfd89204e843a962c1bd70e9cc6858d65d7f5fadc340246e2116b";
	sha256 = "0mqjy3zq2v6rrhizgb9nvhczl87lcfphq9601wcprdika2jz7qh8";
	finalImageTag = "1.11";
	};

	# 5. example of multiple contents, emacs and vi happily coexisting
	editors = buildImage {
	name = "editors";
	contents = [
	pkgs.coreutils
	pkgs.bash
	pkgs.emacs
	pkgs.vim
	pkgs.nano
	];
	};

	# 6. nix example to play with the container nix store
	# docker run -it --rm nix nix-store -qR $(nix-build '<nixpkgs>' -A nix)
	nix = buildImageWithNixDb {
	name = "nix";
	tag = "latest";
	contents = [
	# nix-store uses cat program to display results as specified by
	# the image env variable NIX_PAGER.
	pkgs.coreutils
	pkgs.nix
	];
	config = {
	Env = [ "NIX_PAGER=cat" ];
	};
	};

	# 7. example of adding something on top of an image pull by our
	# dockerTools chain.
	onTopOfPulledImage = buildImage {
	name = "onTopOfPulledImage";
	tag = "latest";
	fromImage = nixFromDockerHub;
	contents = [ pkgs.hello ];
	};

	# 8. regression test for erroneous use of eval and string expansion.
	# See issue #34779 and PR #40947 for details.
	runAsRootExtraCommands = pkgs.dockerTools.buildImage {
	name = "runAsRootExtraCommands";
	tag = "latest";
	contents = [ pkgs.coreutils ];
	# The parens here are to create problematic bash to embed and eval. In case
	# this is embedded into the script (with nix expansion) the initial quotes
	# will close the string and the following parens are unexpected
	runAsRoot = ''echo "(runAsRoot)" > runAsRoot'';
	extraCommands = ''echo "(extraCommand)" > extraCommands'';
	};
	}