diff options
| author | Kjetil Orbekk <kjetil.orbekk@gmail.com> | 2017-05-20 12:44:06 -0400 |
|---|---|---|
| committer | Kjetil Orbekk <kjetil.orbekk@gmail.com> | 2017-05-20 12:54:47 -0400 |
| commit | 16a6f5612d065d5a1252debf8f46b9befe6a2d89 (patch) | |
| tree | 6cb274eeddd6392eb80dd52524ec59daec290255 | |
| parent | 1140534669504850ad1ce8082e440c8241c92b6c (diff) | |
generic-container: Add customized container image
| -rw-r--r-- | config/container.nix | 7 | ||||
| -rw-r--r-- | data/yubikey_rsa.pub | 2 | ||||
| -rw-r--r-- | machines/generic-container.nix | 11 | ||||
| -rw-r--r-- | release.nix | 49 |
4 files changed, 68 insertions, 1 deletions
diff --git a/config/container.nix b/config/container.nix index f4508f5..4cf3c17 100644 --- a/config/container.nix +++ b/config/container.nix @@ -2,8 +2,13 @@ { boot.isContainer = true; networking.firewall.allowedTCPPorts = [ 22 ]; - services.openssh.enable = lib.mkDefault true; + services = { + openssh.enable = lib.mkDefault true; + openssh.passwordAuthentication = false; + }; system.activationScripts.installInitScript = '' ln -fs $systemConfig/init /init + mkdir -p /sbin/init + ln -fs $systemConfig/init /sbin/init ''; } diff --git a/data/yubikey_rsa.pub b/data/yubikey_rsa.pub new file mode 100644 index 0000000..35c89d5 --- /dev/null +++ b/data/yubikey_rsa.pub @@ -0,0 +1,2 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+jJRMPLi62JJLZ1+jFmJk5uouPIoRVntUU7K4MVKwTCh7kJfRjcu79ebbsi7NpgyH4yAU7Xexq07iGSGOU0z2WDzXV6yLWcHWMYrlrhP0ITSVYhPWJRCbF99bU3Tc3n9fkt2SkCUib5NQeG+Ya1v73ForJfOZQDHNoyGUazLmwOF8mXfjUeMWrGcxjE0FM3970OHlw87ScBMeQTq+TJz40tKe00IYsW0RWVpMKNAS5GGTLXzrTF4op76qgdOVyyfBCx5u/gQKZ1K2gud0aT6RIel6wSr60Ee4mpr+eGhieM+7FMA4427lCnIqevtDILx6FjYpDCXMDh9dDd7R3oJ1 /home/orbekk/.ssh/id_rsa + diff --git a/machines/generic-container.nix b/machines/generic-container.nix new file mode 100644 index 0000000..6c6c332 --- /dev/null +++ b/machines/generic-container.nix @@ -0,0 +1,11 @@ +{ config, lib, pkgs, ... }: +{ + imports = [ + ../config/container.nix + ../config/users.nix + ]; + + networking = { + hostName = lib.mkForce "new-container"; + }; +} diff --git a/release.nix b/release.nix index a4a1746..4fd73d8 100644 --- a/release.nix +++ b/release.nix @@ -1,9 +1,58 @@ { nixpkgs ? (import <nixpkgs> {}) }: +with nixpkgs.pkgs; +let + pkgs2storeContents = l : map (x: { object = x; symlink = "none"; }) l; + makeSystemTarball = + { module, maintainers ? ["viric"], system }: + + let + versionModule = { + system.nixosVersionSuffix = "orbekk"; + system.nixosRevision = "master"; + }; + + config = (import <nixpkgs/nixos/lib/eval-config.nix> { + inherit system; + modules = [ module versionModule ]; + }).config; + + tarball = import <nixpkgs/nixos/lib/make-system-tarball.nix> { + inherit (pkgs) stdenv perl xz pathsFromGraph; + contents = []; + extraArgs = "--owner=0"; + + # Add init script to image + storeContents = [ + { object = config.system.build.toplevel + "/init"; + symlink = "/init"; + } + ] ++ (pkgs2storeContents [ pkgs.stdenv ]); + + # Some container managers like lxc need these + extraCommands = writeScript "setup.sh" '' + mkdir -p proc sys dev sbin + ln -s init sbin/init + ''; + }; + in + tarball // + { meta = { + description = "NixOS system tarball for ${system} - ${stdenv.platform.name}"; + maintainers = map (x: lib.maintainers.${x}) maintainers; + }; + inherit config; + }; +in { containerTarball = (import <nixpkgs/nixos/release.nix> {}) .containerTarball.x86_64-linux; + orbekkContainerTarball = makeSystemTarball { + module = ./machines/generic-container.nix; + system = "x86_64-linux"; + }; + tests = { common = import tests/common.nix; desktop = import tests/desktop.nix; |