build(nix): implement docker build using nix

usnistgov · Aug 3, 2023 · fb4d955 · fb4d955
1 parent 0a0367f
commit fb4d955
Showing 1 changed file with 72 additions and 4 deletions.
diff --git a/flake.nix b/flake.nix
@@ -28,17 +28,32 @@
       pkgs_old = nixpkgs_old.legacyPackages.${system};
       pypkgs = pkgs.python3Packages;
       pfhub_ = pfhub.packages.${system}.pfhub;
+      USER = "main";
+      REPOPATH = "https://github.com/usnistgov/pfhub";
 
-      env = pkgs.mkShell rec {
-        packages = with pypkgs; [
+      pythonEnv = pkgs.python3.buildEnv.override {
+        extraLibs = with pypkgs; [
           pfhub_
           jupytext
           papermill
-          pkgs_old.rubyPackages.github-pages
-          pkgs.nodePackages.surge
           pypkgs.python
+          jupyterlab
+          ipython
+          notebook
+          ipykernel
           pykwalify
         ];
+      };
+
+      rubyEnv = pkgs_old.ruby.withPackages (ps: with ps; [pkgs_old.rubyPackages.github-pages ]);
+
+      env = pkgs.mkShell rec {
+
+        packages = [
+          pythonEnv
+          rubyEnv
+          pkgs.nodePackages.surge
+        ];
 
         shellHook = ''
 
@@ -55,11 +70,64 @@
 
         '';
       };
+
+      dockerImage = pkgs.dockerTools.buildImage {
+        name = "wd15/pfhub";
+        tag = "latest";
+
+        copyToRoot = pkgs.buildEnv {
+          name = "image-root";
+          paths = [
+            pythonEnv
+            rubyEnv
+            pkgs.bash
+            pkgs.coreutils
+            pkgs.openssh
+            pkgs.bashInteractive
+            pkgs.git
+            pkgs.cacert
+            pkgs.nodejs
+          ];
+          pathsToLink = [ "/bin" ];
+        };
+
+        runAsRoot = ''
+          #!${pkgs.stdenv.shell}
+          ${pkgs.dockerTools.shadowSetup}
+          groupadd --system --gid 65543 ${USER}
+          useradd --system --uid 65543 --gid 65543 -d / -s /sbin/nologin ${USER}
+        '';
+
+        extraCommands = ''
+          mkdir -m 1777 ./tmp
+          mkdir -m 777 -p ./home/${USER}
+        '';
+
+        config = {
+          Cmd = [
+            "bash"
+            "-c"
+            "git clone ${REPOPATH}; bash"
+          ];
+          User = USER;
+          Env = [
+            "OMPI_MCA_plm_rsh_agent=${pkgs.openssh}/bin/ssh"
+            "HOME=/home/${USER}"
+            "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
+          ];
+          WorkingDir = "/home/${USER}";
+          Expose = {
+            "8888/tcp" = {};
+          };
+        };
+      };
+
     in
       {
         devShells.default = env;
         packages.pfhub = env;
         packages.default = self.packages.${system}.pfhub;
+        packages.docker = dockerImage;
       }
   ));
 }