-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdocker.nix
More file actions
85 lines (74 loc) · 1.65 KB
/
docker.nix
File metadata and controls
85 lines (74 loc) · 1.65 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
{
nix2containerPkgs,
config,
scripts,
tools,
pkgs,
...
}: let
l = pkgs.lib // builtins;
user = "user";
group = "user";
uid = "1000";
gid = "1000";
zshrc = pkgs.writeText "zshrc" ''
export PROMPT="tembo> "
'';
mkUser = pkgs.runCommand "mkUser" {} ''
mkdir -p $out/etc/pam.d
echo "${user}:x:${uid}:${gid}::" > $out/etc/passwd
echo "${user}:!x:::::::" > $out/etc/shadow
echo "${group}:x:${gid}:" > $out/etc/group
echo "${group}:x::" > $out/etc/gshadow
cat > $out/etc/pam.d/other <<EOF
account sufficient pam_unix.so
auth sufficient pam_rootok.so
password requisite pam_unix.so nullok sha512
session required pam_unix.so
EOF
touch $out/etc/login.defs
mkdir -p $out/home/${user}
cp ${zshrc} $out/home/${user}/.zshrc
'';
buildArgs = {
name = "ai-agents";
tag = "latest";
config = {
entrypoint = ["${config.packages.startTemboContainer}/bin/startTemboContainer"];
user = "user";
workingDir = "/home/user";
env = [
"HOME=/home/user"
"NIX_PAGER=cat"
"USER=user"
];
};
perms = [
{
path = mkUser;
regex = "/home/${user}";
mode = "0744";
uid = l.toInt uid;
gid = l.toInt gid;
uname = user;
gname = group;
}
];
copyToRoot = with pkgs; [
coreutils
bashInteractive
mkUser
(buildEnv {
name = "ai-tools";
paths =
tools
++ scripts
++ [
pkgs.busybox
];
pathsToLink = ["/bin"];
})
];
};
in
nix2containerPkgs.nix2container.buildImage buildArgs