technofab/coder-templates
1
0
Fork 0
mirror of https://gitlab.com/TECHNOFAB/coder-templates.git synced 2025-12-12 02:00:11 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore: initial commit

Browse source
This commit is contained in:
technofab 2025-11-13 21:47:52 +01:00
commit 8cf73a70ef
No known key found for this signature in database
19 changed files with 1004 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

28
nix/packages/flake.lock generated Normal file
View file

@ -0,0 +1,28 @@
{
"nodes": {
"root": {
"inputs": {
"tofunix-lib": "tofunix-lib"
}
},
"tofunix-lib": {
"locked": {
"dir": "lib",
"lastModified": 1763036122,
"narHash": "sha256-AFsuSeZ6MjJk5kxfL09rmhKh+AxUICfQhactWAMzVmo=",
"owner": "TECHNOFAB",
"repo": "tofunix",
"rev": "69bffa53c525d6128b6a23743149e37c72d3d5ba",
"type": "gitlab"
},
"original": {
"dir": "lib",
"owner": "TECHNOFAB",
"repo": "tofunix",
"type": "gitlab"
}
}
},
"root": "root",
"version": 7
}

10
nix/packages/flake.nix Normal file
View file

@ -0,0 +1,10 @@
{
inputs = {
tofunix-lib.url = "gitlab:TECHNOFAB/tofunix?dir=lib";
};
outputs = i:
i
// {
tofulib = i.tofunix-lib.lib {inherit (i.parent) pkgs;};
};
}

150
nix/packages/image.nix Normal file
View file

@ -0,0 +1,150 @@
{
lib,
pkgs,
...
}: let
baseSystem = let
packages = with pkgs; [
nix
bashInteractive
coreutils-full
procps
gnugrep
openssh
gitMinimal
curl
ncurses
less
cacert.out
(writeShellScriptBin "reload-dotfiles" ''
${home-manager}/bin/home-manager switch --flake ''${DOTFILES_REPO:-$1} --option tarball-ttl 0
'')
];
rootEnv = pkgs.buildPackages.buildEnv {
name = "root-profile-env";
paths = packages;
};
nixConf = {
sandbox = "false";
experimental-features = "nix-command flakes";
min-free = toString (100 * 1024 * 1024);
max-free = toString (1024 * 1024 * 1024);
};
nixConfContents =
(lib.concatStringsSep "\n" (lib.mapAttrsToList (n: v: let
vStr =
if builtins.isList v
then lib.concatStringsSep " " v
else v;
in "${n} = ${vStr}")
nixConf))
+ "\n";
manifest = pkgs.buildPackages.runCommand "manifest.nix" {} ''
cat > $out <<EOF
[
${lib.concatStringsSep "\n" (builtins.map (drv: let
outputs = drv.outputsToInstall or ["out"];
in ''
{
${lib.concatStringsSep "\n" (builtins.map (output: ''
${output} = { outPath = "${lib.getOutput output drv}"; };
'')
outputs)}
outputs = [ ${lib.concatStringsSep " " (builtins.map (x: "\"${x}\"") outputs)} ];
name = "${drv.name}";
outPath = "${drv}";
system = "${drv.system}";
type = "derivation";
meta = { };
}
'')
packages)}
]
EOF
'';
profile = pkgs.buildPackages.runCommand "user-environment" {} ''
mkdir $out
cp -a ${rootEnv}/* $out/
ln -s ${manifest} $out/manifest.nix
'';
dirsToCreate = ["/etc/ssl/certs" "/etc/nix" "/usr" "/nix/var/nix/gcroots" "/bin" "/usr/bin" "/tmp" "/var/tmp" "/home/coder/.nix-defexpr" "/nix/var/nix/profiles/per-user/coder"];
in
pkgs.runCommand "base-system" {
allowSubstitutes = false;
preferLocalBuild = true;
} ''
env
set -x
mkdir -p ${lib.concatMapStringsSep " " (x: "$out${x}") dirsToCreate}
ln -s /nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt $out/etc/ssl/certs
ln -s /nix/var/nix/profiles/share $out/usr/
echo "${nixConfContents}" > $out/etc/nix/nix.conf
echo "ID=nixos" > $out/etc/os-release
echo "coder:x:1000:1000::/home/coder:/bin/bash" > $out/etc/passwd
echo "coder:!:::::::" > $out/etc/shadow
echo "coder:x:1000:" > $out/etc/group
echo "coder:x::" > $out/etc/gshadow
echo "coder:100000:65536" > $out/etc/subuid
echo "coder:100000:65536" > $out/etc/subgid
# support timezones
ln -s ${pkgs.tzdata}/share/zoneinfo $out/etc/zoneinfo
ln -s ${profile} $out/nix/var/nix/profiles/default-1-link
ln -s /nix/var/nix/profiles/default-1-link $out/nix/var/nix/profiles/default
# prevents the profiles from being cleaned up by the GC
ln -s /nix/var/nix/profiles $out/nix/var/nix/gcroots/profiles
ln -s ${pkgs.coreutils}/bin/env $out/usr/bin/env
ln -s ${pkgs.bashInteractive}/bin/bash $out/bin/sh
ln -s ${pkgs.bashInteractive}/bin/bash $out/bin/bash
'';
in
pkgs.dockerTools.buildLayeredImageWithNixDb {
name = "nix-coder";
tag = "latest";
contents = [baseSystem];
maxLayers = 10;
uid = 1000;
gid = 1000;
fakeRootCommands = ''
chown -R 1000:1000 ./
chmod 1777 tmp
chmod 1777 var/tmp
'';
config = {
Cmd = ["/bin/bash"];
User = "1000:1000";
Env = [
"USER=coder"
"HOME=/home/coder"
"TMPDIR=/tmp"
"XDG_RUNTIME_DIR=/tmp"
"TZDIR=/etc/zoneinfo"
"PATH=${lib.concatStringsSep ":" [
"/home/coder/.nix-profile/bin"
# this makes all the packages defined at the top available
# in the workspace
"/nix/var/nix/profiles/default/bin"
"/nix/var/nix/profiles/default/sbin"
]}"
"SSL_CERT_FILE=/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"
"GIT_SSL_CAINFO=/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"
"NIX_SSL_CERT_FILE=/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"
"NIX_PATH=/nix/var/nix/profiles/per-user/coder/channels:/home/coder/.nix-defexpr/channels"
];
};
}

23
nix/packages/packages.nix Normal file
View file

@ -0,0 +1,23 @@
{inputs, ...}: let
inherit (inputs) self pkgs tofulib;
in rec {
nix-coder-image = pkgs.callPackage ./image.nix {};
nix-kubernetes = nix-kubernetes-cli.tfjson;
nix-kubernetes-cli = tofulib.mkCliAio {
plugins = [
(tofulib.mkOpentofuProvider {
owner = "coder";
repo = "coder";
version = "2.8.0";
hash = "sha256-wnjgnD1c6U42ceizqfBG6SE4YXm7rZ7kyYkAdtE8t0k=";
})
(tofulib.mkOpentofuProvider {
owner = "hashicorp";
repo = "kubernetes";
version = "2.29.0";
hash = "sha256-r8DomSe+gUAbHuc8ciiuVl/6IeeIjJK6HFVaqAsnze8=";
})
];
moduleConfig = "${self}/nix-kubernetes";
};
}