diff options
| author | Matthias Beyer <matthias.beyer@ifm.com> | 2022-01-14 14:04:55 +0100 |
|---|---|---|
| committer | Matthias Beyer <matthias.beyer@ifm.com> | 2022-02-14 16:04:54 +0100 |
| commit | eee6c20153a89a1041c8bac4a9ce1a1fdd1c8b5d (patch) | |
| tree | 9d6b1b1beedf4a261e5f2586bd4868a388e18316 | |
| parent | 68bbb3d40b4203cadb033f74842463700d7378b8 (diff) | |
Add setup script for container
Signed-off-by: Matthias Beyer <matthias.beyer@ifm.com>
| -rw-r--r-- | examples/containers.nix | 35 | ||||
| -rw-r--r-- | examples/default.nix | 5 |
2 files changed, 37 insertions, 3 deletions
diff --git a/examples/containers.nix b/examples/containers.nix index 801e086e..7865642e 100644 --- a/examples/containers.nix +++ b/examples/containers.nix @@ -1,5 +1,6 @@ { pkgs , packages +, container-debug ? false }: let @@ -11,17 +12,47 @@ let contents = [ pkgs.mosquitto ]; }; + setupScript = pkgs.writeScriptBin "setup-container" '' + #!${pkgs.runtimeShell} + set +x + + mkdir -p /etc/sudoers.d + + groupadd tedge-users + groupadd tedge + useradd --system --no-create-home --shell /sbin/nologin -g tedge tedge + + install -g tedge -o tedge -m 755 -d /etc/tedge + install -g tedge -o tedge -m 755 -d /etc/tedge/mosquitto-conf + install -g mosquitto -o mosquitto -m 755 -d /etc/tedge/device-certs + install -g tedge -o tedge -m 755 -d /etc/tedge/operations + install -g tedge -o tedge -m 755 -d /etc/tedge/plugins + install -g tedge -o tedge -m 755 -d /var/log/tedge + + if ! ${pkgs.gnugrep}/bin/grep -q "/etc/tedge/mosquitto-conf" "/etc/mosquitto/mosquitto.conf"; then + echo "include_dir /etc/tedge/mosquitto-conf" >>/etc/mosquitto/mosquitto.conf + fi + + echo "%tedge-users ALL = (ALL) /usr/bin/tedge" >/etc/sudoers.d/tedge-users + + if [ -f "/etc/sudoers.d/010_pi-nopasswd" ]; then + echo "%tedge-users ALL = (ALL) NOPASSWD: /usr/bin/tedge" >/etc/sudoers.d/tedge-users-nopasswd + fi + ''; + mkTedgeContainerForPkg = tPackage: pkgs.dockerTools.buildImage { name = tPackage.pname; tag = tPackage.version; fromImage = mosquittoContainerImage; - contents = [ tPackage.pkg pkgs.bashInteractive ]; + contents = [ tPackage.pkg ] + ++ pkgs.lib.optionals container-debug (with pkgs; [ bashInteractive coreutils ]); runAsRoot = '' #!${pkgs.runtimeShell} - mkdir -p /etc/sudoers.d + ${pkgs.dockerTools.shadowSetup} + bash ${setupScript}/bin/setup-container || exit 1 ''; config = { diff --git a/examples/default.nix b/examples/default.nix index f40c09c4..81a5823f 100644 --- a/examples/default.nix +++ b/examples/default.nix @@ -1,8 +1,11 @@ { pkgs ? (import <nixpkgs> {}) +, container-debug ? false }: let packages = import ./packages.nix { inherit pkgs; }; - containers = import ./containers.nix { inherit pkgs packages; }; + containers = import ./containers.nix { + inherit pkgs packages container-debug; + }; in {} // containers // packages |