-
-
Save LnL7/8d3ea52e96c33a1d1b298cb7ccdfa69d to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
nix-daemon & | |
exec "$@" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FROM lnl7/nix:2018-01-13 | |
MAINTAINER Daiderd Jordan | |
ENV NIX_PATH=$NIX_PATH:/nix/var/nix/profiles/per-user/root/channels | |
RUN nix-env -f '<nixpkgs>' -iA \ | |
git \ | |
gnused \ | |
gnutar \ | |
gzip \ | |
nixUnstable \ | |
openssh \ | |
&& nix-store --gc | |
RUN mkdir -p /etc/nix \ | |
&& echo 'binary-caches = http://cache.nix.example.org' >> /etc/nix/nix.conf \ | |
&& echo 'binary-cache-public-keys = cache.nix.example.org:******************************************** cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=' >> /etc/nix/nix.conf \ | |
&& echo 'trusted-binary-caches = https://cache.nixos.org' >> /etc/nix/nix.conf \ | |
&& echo 'signed-binary-caches = *' >> /etc/nix/nix.conf \ | |
&& echo 'build-use-sandbox = true' >> /etc/nix/nix.conf | |
RUN mkdir -p /etc/ssh /usr/sbin \ | |
&& echo "sshd:x:498:65534::/var/empty:/run/current-system/sw/bin/nologin" >> /etc/passwd \ | |
&& cp /root/.nix-profile/etc/ssh/sshd_config /etc/ssh \ | |
&& ln -sfn /nix/store/apbgignrvzb1nyjy00biqhgwzrf2j6za-openssh-7.6p1/bin/sshd /usr/sbin/sshd \ | |
&& ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N "" -t rsa \ | |
&& ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N "" -t dsa \ | |
&& echo "export SSL_CERT_FILE=$SSL_CERT_FILE" >> /etc/bashrc \ | |
&& echo "export PATH=$PATH" >> /etc/bashrc \ | |
&& echo "export NIX_PATH=$NIX_PATH" >> /etc/bashrc \ | |
&& echo "source /etc/bashrc" >> /etc/profile | |
COPY docker-entrypoint.sh / | |
ENTRYPOINT ["/docker-entrypoint.sh"] | |
EXPOSE 22 | |
COPY secret_gitconfig /home/nix/.gitconfig | |
COPY secret_id_rsa /home/nix/.ssh/id_rsa | |
RUN mkdir -p /home/nix/.ssh \ | |
&& echo 'nix:x:1000:nix' >> /etc/group \ | |
&& echo 'nix:x:1000:1000::/home/nix:/run/current-system/sw/bin/bash' >> /etc/passwd \ | |
&& echo 'nix:***************************************************************************************************************' >> /etc/shadow \ | |
&& echo 'export NIX_REMOTE=daemon' >> /home/nix/.bashrc \ | |
&& ssh-keyscan -H git.example.org >> /home/nix/.ssh/known_hosts \ | |
&& chmod 0600 /home/nix/.ssh/id_rsa \ | |
&& chown -R nix:nix /home/nix | |
RUN nix-channel --add https://git.example.org/foo/master/archive.tar.gz foo \ | |
&& nix-channel --update |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment