noot

Author: elee1766

.github/workflows/docker-build.yml

@@ -0,0 +1,60 @@
+name: Build and Push Docker Image
+
+on:
+  push:
+    branches:
+      - main
+    tags:
+      - 'v*'
+  pull_request:
+    branches:
+      - main
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=raw,value=latest,enable={{is_default_branch}}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          platforms: linux/amd64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

.gitignore

@@ -0,0 +1,24 @@
+# Nix build results
+result
+result-*
+
+# Docker build cache
+.dockerignore
+*.tar
+*.tar.gz
+
+# OS files
+.DS_Store
+Thumbs.db
+
+# Editor files
+*.swp
+*.swo
+*~
+.vscode/
+.idea/
+
+# Temporary files
+*.tmp
+*.temp
+*.log

Dockerfile

@@ -0,0 +1,94 @@
+FROM debian:bookworm-slim
+
+SHELL ["/bin/bash", "-c"]
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Default to bash shell (other shells available at /usr/bin/fish and /usr/bin/zsh)
+ENV SHELL=/bin/bash \
+    DOCKER_BUILDKIT=1
+
+# Install the Docker apt repository
+RUN apt-get update && \
+    apt-get upgrade --yes --no-install-recommends --no-install-suggests && \
+    apt-get install --yes --no-install-recommends --no-install-suggests \
+    ca-certificates && \
+    rm -rf /var/lib/apt/lists/*
+COPY docker/docker-archive-keyring.gpg /usr/share/keyrings/docker-archive-keyring.gpg
+COPY docker/docker.list /etc/apt/sources.list.d/docker.list
+
+# Install baseline packages
+RUN apt-get update && \
+    apt-get install --yes --no-install-recommends --no-install-suggests \
+    bash \
+    build-essential \
+    containerd.io \
+    curl \
+    docker-ce \
+    docker-ce-cli \
+    docker-buildx-plugin \
+    docker-compose-plugin \
+    htop \
+    jq \
+    locales \
+    locales-all \
+    man \
+    python3 \
+    python3-pip \
+    software-properties-common \
+    sudo \
+    systemd \
+    systemd-sysv \
+    unzip \
+    vim \
+    wget \
+    rsync \
+    gnupg \
+    lsb-release \
+    ripgrep \
+    fd-find \
+    python3-dotenv-cli \
+    atool \
+    zip \
+    p7zip-full \
+    xz-utils \
+    bzip2 \
+    git git-lfs
+
+# Enables Docker starting with systemd
+RUN systemctl enable docker
+
+# Create a symlink for standalone docker-compose usage
+RUN ln -s /usr/libexec/docker/cli-plugins/docker-compose /usr/bin/docker-compose
+
+# Generate the desired locale (en_US.UTF-8)
+RUN sed -i 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \
+    locale-gen en_US.UTF-8 && \
+    update-locale LANG=en_US.UTF-8
+
+# Make typing unicode characters in the terminal work.
+ENV LANG=en_US.UTF-8
+ENV LANGUAGE=en_US.UTF-8
+ENV LC_ALL=en_US.UTF-8
+
+# Remove any existing users and add a user `coder` so that you're not developing as the `root` user
+RUN useradd coder \
+    --create-home \
+    --shell=/bin/bash \
+    --groups=docker \
+    --uid=1000 \
+    --user-group && \
+    echo "coder ALL=(ALL) NOPASSWD:ALL" >>/etc/sudoers.d/nopasswd
+
+USER coder
+
+# Install mise
+ENV MISE_DATA_DIR="/home/coder/.local/share/mise"
+ENV MISE_CONFIG_DIR="/home/coder/.config/mise"
+ENV MISE_CACHE_DIR="/home/coder/.cache/mise"
+ENV MISE_INSTALL_PATH="/home/coder/.local/bin/mise"
+ENV PATH="/home/coder/.local/bin:/home/coder/.local/share/mise/shims:$PATH"
+
+RUN curl https://mise.run | sh
+
+# Set default command to bash
+CMD ["/bin/bash"]

Makefile

@@ -0,0 +1,24 @@
+.PHONY: build push clean help
+
+# Default target
+help:
+	@echo "Available targets:"
+	@echo "  build   - Build the devimage using Docker"
+	@echo "  push    - Push the image to Docker Hub"
+	@echo "  clean   - Clean up Docker build cache"
+	@echo "  help    - Show this help message"
+
+# Build the Docker image
+build:
+	@echo "Building devimage with Docker..."
+	docker build -t devimage:latest .
+
+# Push the image to Docker Hub (requires login)
+push: build
+	@echo "Pushing image to Docker Hub..."
+	docker push devimage:latest
+
+# Clean up Docker build cache
+clean:
+	@echo "Cleaning up Docker build cache..."
+	docker system prune -f

devimage.nix

@@ -0,0 +1,188 @@
+{ pkgs ? import <nixpkgs> { }
+, system ? builtins.currentSystem
+}:
+
+let
+  # Create the coder user configuration
+  coderUser = {
+    uid = 1000;
+    gid = 1000;
+    home = "/home/coder";
+    shell = "${pkgs.bash}/bin/bash";
+  };
+
+  # Mise installation script
+  miseInstallScript = pkgs.writeScript "install-mise.sh" ''
+    #!${pkgs.bash}/bin/bash
+    set -e
+    export HOME=/home/coder
+    export MISE_DATA_DIR="$HOME/.local/share/mise"
+    export MISE_CONFIG_DIR="$HOME/.config/mise"
+    export MISE_CACHE_DIR="$HOME/.cache/mise"
+    export MISE_INSTALL_PATH="$HOME/.local/bin/mise"
+    
+    mkdir -p $HOME/.local/bin
+    ${pkgs.curl}/bin/curl -fsSL https://mise.run | ${pkgs.bash}/bin/bash
+  '';
+
+  # Declaratively create user files
+  userFiles = pkgs.runCommand "user-files" {} ''
+    mkdir -p $out/etc
+    
+    # Create /etc/passwd
+    cat > $out/etc/passwd <<EOF
+    root:x:0:0:root:/root:/bin/sh
+    nobody:x:65534:65534:nobody:/var/empty:/bin/false
+    coder:x:${toString coderUser.uid}:${toString coderUser.gid}:Coder User:${coderUser.home}:${coderUser.shell}
+    EOF
+    
+    # Create /etc/group
+    cat > $out/etc/group <<EOF
+    root:x:0:
+    nobody:x:65534:
+    coder:x:${toString coderUser.gid}:
+    EOF
+    
+    # Create /etc/shadow
+    cat > $out/etc/shadow <<EOF
+    root:!:19000:0:99999:7:::
+    nobody:!:19000:0:99999:7:::
+    coder:!:19000:0:99999:7:::
+    EOF
+    
+    chmod 0644 $out/etc/passwd $out/etc/group
+    chmod 0600 $out/etc/shadow
+    
+    # Create sudoers file
+    mkdir -p $out/etc/sudoers.d
+    echo "coder ALL=(ALL) NOPASSWD:ALL" > $out/etc/sudoers.d/nopasswd
+    chmod 0440 $out/etc/sudoers.d/nopasswd
+  '';
+
+in
+pkgs.dockerTools.streamLayeredImage {
+  name = "devimage";
+  tag = "latest";
+  
+  fromImage = pkgs.dockerTools.pullImage {
+    imageName = "debian";
+    imageDigest = "sha256:2424c1850714a4d94666ec928e24d86de958646737b1d113f5b2207be44d37d8";
+    sha256 = "sha256-O6oFV3kh1WYF60Pv6nMGtJ/q3ujNbxxqLFpKzopfe48=";
+    finalImageTag = "bookworm-slim";
+    finalImageName = "debian";
+  };
+
+  contents = pkgs.buildEnv {
+    name = "image-root";
+    paths = [
+      userFiles  # Include our declarative user configuration
+    ] ++ (with pkgs; [
+      # Core system
+      bash
+      coreutils
+      findutils
+      gnugrep
+      gawk
+      gnused
+      
+      # Build tools
+      gcc
+      gnumake
+      cmake
+      pkg-config
+      
+      # Development tools
+      git
+      git-lfs
+      curl
+      wget
+      rsync
+      jq
+      htop
+      man
+      sudo
+      vim
+      neovim
+      unzip
+      
+      # Language support
+      python3
+      python3Packages.pip
+      
+      # Modern CLI tools
+      ripgrep
+      fd
+      
+      # Archive tools
+      atool
+      zip
+      p7zip
+      xz
+      bzip2
+      
+      # System libraries
+      cacert
+      gnupg
+      lsb-release
+      
+      # Docker tools
+      docker
+      docker-compose
+      
+      # Locale data
+      glibcLocales
+    ]);
+    pathsToLink = [ "/bin" "/etc" "/lib" "/share" "/usr" "/sbin" ];
+  };
+
+  config = {
+    Cmd = [ "${pkgs.bash}/bin/bash" ];
+    
+    Env = [
+      "DEBIAN_FRONTEND=noninteractive"
+      "SHELL=/bin/bash"
+      "DOCKER_BUILDKIT=1"
+      "LANG=en_US.UTF-8"
+      "LANGUAGE=en_US.UTF-8"
+      "LC_ALL=en_US.UTF-8"
+      "PATH=/home/coder/.local/share/mise/shims:/home/coder/.local/bin:/run/current-system/sw/bin:/nix/var/nix/profiles/default/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+      "HOME=/home/coder"
+      "MISE_DATA_DIR=/home/coder/.local/share/mise"
+      "MISE_CONFIG_DIR=/home/coder/.config/mise"
+      "MISE_CACHE_DIR=/home/coder/.cache/mise"
+      "MISE_INSTALL_PATH=/home/coder/.local/bin/mise"
+    ];
+    
+    User = "coder";
+    WorkingDir = "/home/coder";
+  };
+
+  extraCommands = ''
+    # Create home directory structure
+    mkdir -p home/coder/.local/bin
+    mkdir -p home/coder/.local/share/mise/shims
+    mkdir -p home/coder/.config/mise
+    mkdir -p home/coder/.cache/mise
+    
+    # Create standard directories
+    mkdir -p usr/bin usr/sbin bin sbin
+    
+    # Create locale configuration
+    mkdir -p etc/default
+    echo "LANG=en_US.UTF-8" > etc/default/locale
+  '';
+
+  fakeRootCommands = ''
+    # Create home directory with proper ownership first
+    mkdir -p ${coderUser.home}
+    chown ${toString coderUser.uid}:${toString coderUser.gid} ${coderUser.home}
+    
+    # Install mise as coder user
+    sudo -u coder ${miseInstallScript}
+    
+    # Ensure ownership of all home directory contents
+    chown -R ${toString coderUser.uid}:${toString coderUser.gid} ${coderUser.home}
+  '';
+  
+  enableFakechroot = true;
+}