forked from hswaw/hscloud
75 lines
2.4 KiB
Nix
75 lines
2.4 KiB
Nix
{ pkgs ? import <nixpkgs> {} }:
|
|
let
|
|
#dockertarpusher = pkgs.python37Packages.buildPythonPackage {
|
|
# pname = "dockertarpusher";
|
|
# version = "0.16";
|
|
# src = pkgs.fetchFromGitHub {
|
|
# owner = "Razikus";
|
|
# repo = "dockerregistrypusher";
|
|
# rev = "217894b79181a9a02ebc6744e0628777a0f89c36";
|
|
# sha256 = "09cqzd9gz42xw30x1jp9mx056k25i20kjzzdg3bk78a4bis29kd4";
|
|
# };
|
|
# propagatedBuildInputs = with pkgs; [
|
|
# python37Packages.requests
|
|
# ];
|
|
#};
|
|
#hsregistry_push = import ./registrypush {};
|
|
config = pkgs.runCommand "sshd_config" {} ''
|
|
mkdir -p $out/etc/ssh/
|
|
cp ${./sshd_config} $out/etc/ssh/sshd_config
|
|
#cp ${./test_keys/test_host_key} $out/etc/ssh/ssh_host_ed25519_key
|
|
#cp ${./test_keys/test_host_key.pub} $out/etc/ssh/ssh_host_ed25519_key.pub
|
|
#cp ${./test_keys/authorized_keys} $out/etc/ssh/authorized_keys
|
|
'';
|
|
name = "vuko/hs-shells-sftp";
|
|
base = pkgs.dockerTools.buildImage {
|
|
name = "vuko/ssh-base";
|
|
tag = "latest";
|
|
contents = [pkgs.openssh pkgs.busybox];
|
|
};
|
|
image = pkgs.dockerTools.buildImage {
|
|
inherit name;
|
|
tag = "latest";
|
|
fromImage = base;
|
|
contents = [config];
|
|
|
|
runAsRoot = ''
|
|
#!${pkgs.runtimeShell}
|
|
mkdir /data/
|
|
#echo "root:x:0:0::/root:/bin/nologin" > /etc/passwd
|
|
echo "shells:x:1:1::/data:/bin/sh" >> /etc/passwd
|
|
mkdir -p /etc/ssh/host/
|
|
mkdir -p /etc/ssh/auth/
|
|
mkdir -m 700 /tmp
|
|
chown 1:1 /tmp
|
|
|
|
cat <<EOF > /bin/start
|
|
#!/bin/sh
|
|
cp /etc/ssh/auth/authorized_keys /tmp/authorized_keys
|
|
/bin/sshd -D -e -f /etc/ssh/sshd_config
|
|
EOF
|
|
chmod +x /bin/start
|
|
'';
|
|
|
|
#https://serverfault.com/questions/344295/is-it-possible-to-run-sshd-as-a-normal-user
|
|
config = {
|
|
Cmd = [ "/bin/start" ];
|
|
WorkingDir = "/";
|
|
ExposedPorts = {
|
|
"2222/tcp" = {};
|
|
};
|
|
};
|
|
};
|
|
push = pkgs.writeShellScriptBin "push" ''
|
|
BASEDIR=$(realpath $(dirname ''${BASH_SOURCE}))
|
|
docker load < "''${BASEDIR}/../images/sftp.tar.gz"
|
|
docker tag ${name}:latest registry.k0.hswaw.net/${name}
|
|
docker push registry.k0.hswaw.net/${name}
|
|
#exec {hsregistry_push}/bin/hsregistry-push "$BASEDIR/../images/sftp.tar.gz" "$@"
|
|
'';
|
|
in pkgs.runCommand "hs-shells-sftp" {} ''
|
|
mkdir $out
|
|
mkdir -p $out/images $out/bin
|
|
ln -s ${image} $out/images/sftp.tar.gz
|
|
install ${push}/bin/push $out/bin/
|
|
''
|