commit 6c678e391ef49e8242c07cc98cdd15ba3ea943f3
author vuko <vuko@hackerspace.pl> Fri May 22 22:02:22 2020 +0200
committer vuko <vuko@hackerspace.pl> Fri May 22 22:02:22 2020 +0200
tree f6370c42e0c191fe29cda2980b83c57bfa4b5adb
parent 741c08f66c9eb9c44089ac8745df44c871bde42d

personal/vuko/shells initial commit

Change-Id: Icba91e8d4ffe53fc8a7ab7946f3a1b45daf20290

personal/vuko/shells/sftp.nix

diff --git a/personal/vuko/shells/sftp.nix b/personal/vuko/shells/sftp.nix
new file mode 100644
index 0000000..706dc47
--- /dev/null
+++ b/personal/vuko/shells/sftp.nix
@@ -0,0 +1,75 @@
+{ pkgs ? import <nixpkgs> {} }:
+let
+  #dockertarpusher = pkgs.python37Packages.buildPythonPackage {
+  #  pname = "dockertarpusher";
+  #  version = "0.16";
+  #  src = pkgs.fetchFromGitHub {
+  #    owner = "Razikus";
+  #    repo = "dockerregistrypusher";
+  #    rev = "217894b79181a9a02ebc6744e0628777a0f89c36";
+  #    sha256 = "09cqzd9gz42xw30x1jp9mx056k25i20kjzzdg3bk78a4bis29kd4";
+  #  };
+  #  propagatedBuildInputs = with pkgs; [
+  #    python37Packages.requests
+  #  ];
+  #};
+  #hsregistry_push = import ./registrypush {};
+  config = pkgs.runCommand "sshd_config" {} ''
+    mkdir -p $out/etc/ssh/
+    cp ${./sshd_config} $out/etc/ssh/sshd_config
+    #cp ${./test_keys/test_host_key} $out/etc/ssh/ssh_host_ed25519_key
+    #cp ${./test_keys/test_host_key.pub} $out/etc/ssh/ssh_host_ed25519_key.pub
+    #cp ${./test_keys/authorized_keys} $out/etc/ssh/authorized_keys
+  '';
+  name = "vuko/hs-shells-sftp";
+  base = pkgs.dockerTools.buildImage {
+    name = "vuko/ssh-base";
+    tag = "latest";
+    contents = [pkgs.openssh pkgs.busybox];
+  };
+  image = pkgs.dockerTools.buildImage {
+    inherit name;
+    tag = "latest";
+    fromImage = base;
+    contents = [config];
+  
+    runAsRoot = ''
+      #!${pkgs.runtimeShell}
+      mkdir /data/
+      #echo "root:x:0:0::/root:/bin/nologin" > /etc/passwd
+      echo "shells:x:1:1::/data:/bin/sh" >> /etc/passwd
+      mkdir -p /etc/ssh/host/
+      mkdir -p /etc/ssh/auth/
+      mkdir -m 700 /tmp
+      chown 1:1 /tmp
+      
+      cat <<EOF > /bin/start
+      #!/bin/sh
+      cp /etc/ssh/auth/authorized_keys /tmp/authorized_keys
+      /bin/sshd -D -e -f /etc/ssh/sshd_config
+      EOF
+      chmod +x /bin/start
+    '';
+  
+    #https://serverfault.com/questions/344295/is-it-possible-to-run-sshd-as-a-normal-user
+    config = { 
+      Cmd = [ "/bin/start" ];
+      WorkingDir = "/";
+      ExposedPorts =  {
+        "2222/tcp" = {};
+      };
+    };
+  };
+  push = pkgs.writeShellScriptBin "push" ''
+    BASEDIR=$(realpath $(dirname ''${BASH_SOURCE}))
+    docker load < "''${BASEDIR}/../images/sftp.tar.gz"
+    docker tag ${name}:latest registry.k0.hswaw.net/${name}
+    docker push registry.k0.hswaw.net/${name}
+    #exec {hsregistry_push}/bin/hsregistry-push "$BASEDIR/../images/sftp.tar.gz" "$@"
+  '';
+in pkgs.runCommand "hs-shells-sftp" {} ''
+  mkdir $out
+  mkdir -p $out/images $out/bin
+  ln -s ${image} $out/images/sftp.tar.gz
+  install ${push}/bin/push $out/bin/
+''