-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathDockerfile.gitpod
73 lines (63 loc) · 3.74 KB
/
Dockerfile.gitpod
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
FROM docker.io/library/debian:bookworm-20240110-slim as builder
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
ca-certificates curl dirmngr git git-crypt gnupg less libc6 libstdc++6 \
binutils locales netbase sudo tar wget xz-utils procps && \
rm -rf /var/lib/apt/lists/* && \
mkdir -p /src /workspaces
RUN groupadd --gid 1000 robot && \
useradd --shell /bin/bash --uid 1000 --gid 1000 --create-home robot && \
echo 'robot ALL=(root) NOPASSWD:ALL' > /etc/sudoers.d/robot && \
chmod 0440 /etc/sudoers.d/robot
COPY guix-install.d /src/oops/guix-install.d
RUN find /src/oops/guix-install.d/gpg_signing_keys -type f -exec gpg --import {} \; && \
bash /src/oops/guix-install.d/guix-install.sh && \
start-stop-daemon --user root --pidfile /tmp/guix.sock --background --start --exec /var/guix/profiles/per-user/root/current-guix/bin/guix-daemon -- --build-users-group=guixbuild --disable-chroot -c 2 -M 2 --substitute-urls="https://ci.guix.gnu.org https://bordeaux.guix.gnu.org https://txgvnn.github.io/guxti" && \
sleep 1 && \
sudo -H -u robot bash -c 'mkdir -p ~/.config/guix && \
cp /src/oops/guix-install.d/channels.scm ~/.config/guix/channels.scm && \
guix pull && \
~/.config/guix/current/bin/guix package -m /src/oops/guix-install.d/manifest.scm && \
rm -rf ~/.cache/guix/inferiors/ && guix gc'
FROM docker.io/library/debian:bookworm-20240110-slim
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
ca-certificates curl dirmngr git git-crypt gnupg less libc6 libstdc++6 \
binutils locales netbase sudo tar wget xz-utils procps \
openssh-server openssh-client lsof bash-completion \
man screen iproute2 && \
rm -rf /var/lib/apt/lists/* && \
mkdir -p /src /workspaces && \
echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen && locale-gen
# Copy guix from the builder
COPY --from=builder /var/guix /var/guix
COPY --from=builder /gnu /gnu
COPY --from=builder /root/.config/guix /root/.config/guix
COPY --from=builder /etc/profile.d/zzz-guix.sh /etc/profile.d/zzz-guix.sh
COPY --from=builder /etc/guix /etc/guix
COPY ./ /src/oops
### Add Gitpod user and configure Guix
RUN useradd -l -u 33333 -G sudo -md /home/gitpod -s /bin/bash -p gitpod gitpod \
# Remove `use_pty` option and enable passwordless sudo for users in the 'sudo' group
&& sed -i.bkp -e '/Defaults\tuse_pty/d' -e 's/%sudo\s\+ALL=(ALL\(:ALL\)\?)\s\+ALL/%sudo ALL=NOPASSWD:ALL/g' /etc/sudoers \
# To emulate the workspace-session behavior within dazzle build env
&& mkdir -p /workspace \
&& chown -hR gitpod:gitpod /workspace \
&& mv /var/guix/profiles/per-user/robot /var/guix/profiles/per-user/gitpod \
&& chown gitpod:gitpod -R /var/guix/profiles/per-user/gitpod
&& mkdir -p /home/gitpod/.config/guix \
&& ln -s /var/guix/profiles/per-user/gitpod/current-guix /home/gitpod/.config/guix/current \
&& ln -s /var/guix/profiles/per-user/gitpod/guix-profile /home/gitpod/.guix-profile \
&& cp /src/oops/guix-install.d/channels.scm /home/gitpod/.config/guix/channels.scm \
&& groupadd --system guixbuild \
&& for i in $(seq -w 1 4); do useradd -g guixbuild -G guixbuild -d /var/empty -s "$(which nologin)" -c "GuixBuilder $i" --system "guixbuilder${i}"; done
USER gitpod
WORKDIR /home/gitpod
ENV LANG=en_US.UTF-8
ENV LOCALE_ARCHIVE=/usr/lib/locale/locale-archive
ENV WORKSPACE=/workspace
ENV PATH=/workspace/.oops/profile/bin:/src/oops/profile/bin:$PATH
ARG REVISION
LABEL org.opencontainers.image.source="https://github.com/TxGVNN/oops"
LABEL org.opencontainers.image.documentation="https://github.com/TxGVNN/oops/blob/${REVISION}/README.md"
LABEL org.opencontainers.image.description="Gitpod IDE, Powerful by Guix!"