diff --git a/Dockerfile b/Dockerfile index 818c506..4c8fc2f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,5 @@ -FROM ubuntu@sha256:8e1c1ee12a539d652c371ee2f4ee66909f4f5fd8002936d8011d958f05faf989 +# focal as of 2020-04-23 +FROM ubuntu@sha256:5747316366b8cc9e3021cd7286f42b2d6d81e3d743e2ab571f55bcd5df788cc8 ENV DEBIAN_FRONTEND noninteractive @@ -6,7 +7,7 @@ ARG UBUNTU_MIRROR=http://archive.ubuntu.com/ubuntu ARG UID_TO_ADD=1000 ARG GID_TO_ADD=1000 -ARG USERNAME_TO_ADD=sneak +ARG USERNAME_TO_ADD=user RUN \ echo "deb $UBUNTU_MIRROR focal main universe restricted multiverse" > /etc/apt/sources.list.new && \ @@ -15,29 +16,190 @@ RUN \ echo "deb $UBUNTU_MIRROR focal-backports main universe restricted multiverse" >> /etc/apt/sources.list.new && \ mv /etc/apt/sources.list.new /etc/apt/sources.list +RUN \ + groupadd -g $GID_TO_ADD $USERNAME_TO_ADD && \ + groupadd nixbld && \ + useradd -u $UID_TO_ADD -g $GID_TO_ADD --home-dir /home/user -m -s /bin/bash $USERNAME_TO_ADD && \ + usermod -p '*' $USERNAME_TO_ADD + + ADD https://sneak.cloud/authorized_keys /root/.ssh/authorized_keys +ADD https://sneak.cloud/authorized_keys /home/user/.ssh/authorized_keys # we only install essential system packages here -ARG SYSTEM_PACKAGES="build-essential ca-certificates openssh-server git golang rsync runit locales" +ARG SYSTEM_PACKAGES="\ + anacron \ + apt-transport-https \ + build-essential \ + byobu \ + ca-certificates \ + cron \ + cronic \ + curl \ + git \ + golang \ + locales \ + openssh-server \ + rsync \ + runit \ + sudo \ + tmux \ +" RUN \ apt update && \ apt -y upgrade && \ apt -y install $SYSTEM_PACKAGES && \ - groupadd -g $GID_TO_ADD $USERNAME_TO_ADD && \ - useradd -u $UID_TO_ADD -g $GID_TO_ADD --home-dir /home/user -s /bin/bash $USERNAME_TO_ADD && \ - usermod -p '*' $USERNAME_TO_ADD && \ - echo $USERNAME_TO_ADD > /etc/workuser && \ go get -v -u github.com/peterbourgon/runsvinit && \ cp /root/go/bin/runsvinit /usr/local/sbin/runsvinit && \ rm -rf /root/go && \ - rm /etc/ssh/*host*key* + rm /etc/ssh/*host*key* && \ + apt -y purge golang && \ + apt -y autoremove + +# nix for pkgs pls +RUN mkdir /nix && chown user:user /nix + +ARG OTHER_PACKAGES=" \ + apt-utils \ + aspell \ + aspell-en \ + automake \ + avahi-daemon \ + avahi-utils \ + bash-completion \ + bc \ + bind9-host \ + bonnie++ \ + build-essential \ + byobu \ + ca-certificates \ + cmake \ + curl \ + daemontools \ + debmirror \ + default-jdk \ + default-jre \ + diffstat \ + dnsutils \ + docker.io \ + dos2unix \ + editorconfig \ + ffmpeg \ + fonts-indic \ + fonts-ipafont-gothic \ + fonts-ipafont-mincho \ + fortune \ + git \ + gnupg2 \ + gnupg-agent \ + golang-go \ + host \ + imagemagick \ + iputils-ping \ + irssi \ + jq \ + lcov \ + ldap-auth-client \ + ldap-utils \ + libasound2 \ + libatk1.0-0 \ + libboost-all-dev \ + libbz2-dev \ + libdb++-dev \ + libffi-dev \ + libgconf-2-4 \ + libgtk-3-0 \ + libjpeg-dev \ + liblzma-dev \ + libncurses5-dev \ + libnss3 \ + libnss-mdns \ + libpng-dev \ + libreadline-dev \ + libsqlite3-dev \ + libssl-dev \ + libtool \ + libxcursor1 \ + libxml2 \ + libxml2-dev \ + libxmlsec1-dev \ + libxslt1-dev \ + llvm \ + locales \ + lsof \ + mailutils \ + make \ + man \ + man-db \ + mercurial \ + mosh \ + mutt \ + netcat-openbsd \ + nmap \ + nscd \ + openssh-server \ + pandoc \ + pass \ + pbzip2 \ + pinentry-curses \ + pkg-config \ + psmisc \ + pv \ + pwgen \ + python3 \ + python3-dev \ + python3-pip \ + rbenv \ + rsync \ + rsyslog \ + rsyslog-gnutls \ + rsyslog-relp \ + screen \ + snmp \ + snmpd \ + socat \ + software-properties-common \ + strace \ + sudo \ + tcpdump \ + telnet \ + texlive-latex-base \ + tk-dev \ + tmux \ + tree \ + ttf-wqy-microhei \ + ttf-wqy-zenhei \ + vagrant \ + vim \ + vim-gtk \ + wamerican-insane \ + wget \ + xterm \ + xz-utils \ + zfsutils-linux \ + zip \ + zlib1g-dev \ +" +#RUN apt -y install $OTHER_PACKAGES + +USER root +ENV HOME /root COPY ./root / - COPY ./build /tmp/build -RUN bash /tmp/build/run.sh && rm -rf /tmp/build + +RUN bash /tmp/build/root.sh + +USER user +ENV HOME /home/user +RUN bash /tmp/build/user.sh + +USER root +ENV HOME /root +RUN rm -rf /tmp/build + +RUN chsh --shell /home/user/.nix-profile/bin/zsh user RUN chmod +rx /etc/service/*/run - CMD ["/usr/local/sbin/runsvinit"] diff --git a/Makefile b/Makefile index 6d80375..6ca5dd3 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,13 @@ +#export DOCKER_HOST := ssh://las1.eeqj.de + .PHONY: build build: - sudo docker build --build-arg UBUNTU_MIRROR=http://ubuntumirror.app.las1.eeqj.de/ubuntu . 2>&1 | tee -a build.log + docker build \ + --build-arg UBUNTU_MIRROR=http://us.archive.ubuntu.com/ubuntu \ + -t sneak/work \ + . \ + 2>&1 | tee -a build.log + +enter: + docker run -ti --rm=true -e HOME=/home/user -e USER=user --user=user -v /home/sneak:/home/user/.home sneak/work /home/user/.nix-profile/bin/zsh diff --git a/build/packages.txt b/build/packages.txt deleted file mode 100644 index 1364a9d..0000000 --- a/build/packages.txt +++ /dev/null @@ -1,122 +0,0 @@ -apt-transport-https -apt-utils -aspell -aspell-en -automake -avahi-daemon -avahi-utils -bash-completion -bc -bind9-host -bonnie++ -build-essential -byobu -ca-certificates -cmake -curl -daemontools -debmirror -default-jdk -default-jre -diffstat -dnsutils -docker.io -dos2unix -editorconfig -ffmpeg -fonts-indic -fonts-ipafont-gothic -fonts-ipafont-mincho -fortune -git -gnupg2 -gnupg-agent -golang-go -host -imagemagick -iputils-ping -irssi -jq -lcov -ldap-auth-client -ldap-utils -libasound2 -libatk1.0-0 -libboost-all-dev -libbz2-dev -libdb++-dev -libffi-dev -libgconf-2-4 -libgtk-3-0 -libjpeg-dev -liblzma-dev -libncurses5-dev -libnss3 -libnss-mdns -libpng-dev -libreadline-dev -libsqlite3-dev -libssl-dev -libtool -libxcursor1 -libxml2 -libxml2-dev -libxmlsec1-dev -libxslt1-dev -llvm -locales -lsof -mailutils -make -man -man-db -mercurial -mosh -mutt -netcat-openbsd -nmap -nscd -openssh-server -pandoc -pass -pbzip2 -pinentry-curses -pkg-config -psmisc -pv -pwgen -python3 -python3-dev -python3-pip -rbenv -rsync -rsyslog -rsyslog-gnutls -rsyslog-relp -runit -screen -snmp -snmpd -socat -software-properties-common -strace -sudo -tcpdump -telnet -texlive-latex-base -tk-dev -tmux -tree -ttf-wqy-microhei -ttf-wqy-zenhei -vagrant -vim -vim-gtk -wamerican-insane -wget -xterm -xz-utils -zfsutils-linux -zip -zlib1g-dev -zsh diff --git a/build/run.sh b/build/root.sh similarity index 80% rename from build/run.sh rename to build/root.sh index b3189b2..111dbf2 100644 --- a/build/run.sh +++ b/build/root.sh @@ -1,6 +1,6 @@ #!/bin/bash -echo "##### build/run.sh" +echo "##### build/root.sh" export LANG="en_US.UTF-8" export LANGUAGE="en_US:en" @@ -12,8 +12,6 @@ TD="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd)" cd "$TD" -apt install -y $(cat packages.txt) - SSH_HOST_KEY_FILES=" ssh_host_ecdsa_key ssh_host_ecdsa_key.pub @@ -35,8 +33,10 @@ ln -s /hostroot/root /root/.home # install other stuff here -pip3 install -U pip -pip3 install black +# FIXME do these with nix: +#pip3 install -U pip +#pip3 install black + # install python packages # install yarn # install prettier @@ -46,12 +46,5 @@ mkdir -p /home/user/.ssh cp /root/.ssh/authorized_keys /home/user/.ssh/authorized_keys echo chown -Rv $UID_TO_ADD:$GID_TO_ADD /home/user chown -Rv $UID_TO_ADD:$GID_TO_ADD /home/user -chsh --shell $(which zsh) $USERNAME_TO_ADD echo "$USERNAME_TO_ADD ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/user - -sudo \ - --set-home \ - --non-interactive \ - -u $USERNAME_TO_ADD \ - bash ./user.sh diff --git a/build/user.sh b/build/user.sh index 48b9452..299a49e 100644 --- a/build/user.sh +++ b/build/user.sh @@ -4,8 +4,10 @@ set -x TD="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd)" -U="$USERNAME_TO_ADD" +U="user" +export HOME=/home/user +export USER=user export LC_ALL=en_US export LANG=en_US.UTF-8 @@ -14,43 +16,26 @@ OH="/hosthome" # link ~/.home to original home ln -s "/hosthome" $HOME/.home -# oh-my-zsh -curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh > /tmp/installomz.sh -export ZSH="$HOME/.zsh" -bash /tmp/installomz.sh --unattended --keep-zshrc - -zsh -c 'vim &' +#vim -s ~/.vimrc -c 'q!' # vim-plug # this should happen from vimrc #curl -fLo ~/.vim/autoload/plug.vim --create-dirs \ # https://raw.githubusercontent.com/junegunn/vim-plug/master/plug.vim -# link in ssh key from original home -mkdir -p ~/.ssh -ln -s ~/.home/Documents/sync/secrets/ssh/pixel16/id_rsa ~/.ssh/id_rsa -ln -s ~/.home/Documents/sync/secrets/ssh/pixel16/id_rsa.pub ~/.ssh/id_rsa.pub +# /nix is already created for us and chowned to us by now: +curl -L https://nixos.org/nix/install | sh -# install pyenv -git clone -n https://github.com/pyenv/pyenv.git ~/.pyenv -pushd ~/.pyenv -git checkout 3e0f5e798ca16cd9389c4c8805038ac2c0d45cae -popd +source /home/user/.nix-profile/etc/profile.d/nix.sh -export PYENV_ROOT="$HOME/.pyenv" -export PATH="$PYENV_ROOT/bin:$PATH" -eval "$(pyenv init -)" -pyenv install 3.8.2 -pyenv global 3.8.2 +# this should install all the packages from the config.nix: +nix-env -i workEnv -git clone -n https://github.com/nvm-sh/nvm.git ~/.nvm -pushd ~/.nvm -git checkout 73438e339e242fce0cba443e5c4322ac996e9197 -popd +# FIXME have this pull from synced dir instead +# oh-my-zsh +curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh > /tmp/installomz.sh +export ZSH="$HOME/.zsh" +zsh /tmp/installomz.sh && rm /tmp/installomz.sh -export NVM_DIR="$HOME/.nvm" -source "$NVM_DIR/nvm.sh" - -nvm install node ############################################################################### ##### Personal Config @@ -59,3 +44,18 @@ nvm install node # to abandon that hope and hardcode my own values in here. git config --global user.email sneak@sneak.berlin git config --global user.name sneak + +mkdir -p ~/.paths +# TODO FIXME change the syncthing paths on las1 when convenient sometime +ln -s ~/.home/Documents/syncthing/folders/sync ~/.paths/sneak-sync +ln -s ~/.home/Documents/syncthing/folders/scratch ~/.paths/sneak-scratch +ln -s ~/.home/Documents/syncthing/folders/sneak-docs ~/.paths/sneak-docs +ln -s ~/.paths/sneak-docs ~/Documents +ln -s ~/.paths/sneak-scratch/dev ~/dev +ln -s ~/.paths/sneak-sync/dotfiles/weechat ~/.weechat +ln -s ~/.paths/sneak-sync/ssh/config ~/.ssh/config + +# link in ssh key from original home +mkdir -p ~/.ssh +ln -s ~/.paths/sneak-sync/secrets/ssh/pixel16/id_rsa ~/.ssh/id_rsa +ln -s ~/.paths/sneak-sync/secrets/ssh/pixel16/id_rsa.pub ~/.ssh/id_rsa.pub diff --git a/root/etc/service/runtime-setup-user/run b/root/etc/service/runtime-setup-user/run deleted file mode 100644 index 03ce346..0000000 --- a/root/etc/service/runtime-setup-user/run +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash - -UN="$(cat /etc/workuser)" -HD="/home/$UN" - -if [[ -e "$HD/.setupdone" ]]; then - sleep 86400; - exit -fi - -sudo \ - --set-home \ - --non-interactive \ - -u $UN \ - bash ./usersetup.sh && \ -sudo \ - --set-home \ - --non-interactive \ - -u $UN \ - touch $HD/.setupdone - diff --git a/root/etc/service/runtime-setup-user/usersetup.sh b/root/etc/service/runtime-setup-user/usersetup.sh deleted file mode 100644 index 42c3de1..0000000 --- a/root/etc/service/runtime-setup-user/usersetup.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash - -if [[ -e ~/.home/Documents/scratch/dev ]]; then - ln -s ~/.home/Documents/scratch/dev ~/dev -else - ln -s ~/.home/dev ~/dev -fi diff --git a/root/home/user/.config/nixpkgs/config.nix b/root/home/user/.config/nixpkgs/config.nix new file mode 100644 index 0000000..7cf78d7 --- /dev/null +++ b/root/home/user/.config/nixpkgs/config.nix @@ -0,0 +1,50 @@ +{ pkgs }: +let + # Inherit utilities + inherit (pkgs) lib buildEnv; + + homeDir = builtins.getEnv "HOME"; + +in { + allowUnfree = true; + #jre = pkgs.oraclejre8; + #jdk = pkgs.oraclejdk8; + + packageOverrides = pkgs: { + + workEnv = lib.lowPrio (buildEnv { + name = "work-env"; + ignoreCollisions = true; + paths = with pkgs; [ + sneakDefaultPkgs + weechat + ]; + }); + + sneakDefaultPkgs = lib.lowPrio (buildEnv { + name = "sneakDefaultPkgs"; + ignoreCollisions = true; + paths = with pkgs; [ + clang + ctags + curl + gitAndTools.git-annex + gitAndTools.git-extras + gitAndTools.git2cl + gitAndTools.gitFull + gitAndTools.tig + gnupg + go + nix-prefetch-scripts + nix-repl + openssh + pwgen + qemu + tmux + tree + vim + wget + ]; + }); + }; +} diff --git a/root/home/user/.vimrc b/root/home/user/.vimrc index dc87d2a..43231ae 100644 --- a/root/home/user/.vimrc +++ b/root/home/user/.vimrc @@ -27,7 +27,7 @@ Plug 'zchee/deoplete-jedi', { 'for': 'python' } Plug 'vim-syntastic/syntastic' set statusline+=%#warningmsg# -set statusline+=%{SyntasticStatuslineFlag()} +"set statusline+=%{SyntasticStatuslineFlag()} set statusline+=%* let g:syntastic_always_populate_loc_list = 1 let g:syntastic_auto_loc_list = 1 diff --git a/root/home/user/.zshrc b/root/home/user/.zshrc index bd93a7d..946b913 100644 --- a/root/home/user/.zshrc +++ b/root/home/user/.zshrc @@ -68,10 +68,20 @@ HIST_STAMPS="yyyy-mm-dd" # Custom plugins may be added to ~/.oh-my-zsh/custom/plugins/ # Example format: plugins=(rails git textmate ruby lighthouse) # Add wisely, as too many plugins slow down shell startup. -plugins=(git git-prompt) +plugins=(git git-prompt zsh-autosuggestions) source $ZSH/oh-my-zsh.sh +if [[ -e ~/.nix-profile/etc/profile.d/nix.sh ]]; then + source ~/.nix-profile/etc/profile.d/nix.sh +fi + for FN in ~/.local/profile.d/*.sh ; do source "$FN" done + +if [[ -d ~/.paths/sneak-sync/bashrc.d ]]; then + for FN in ~/.paths/sneak-sync/bashrc.d/*.sh ; do + source "$FN" + done +fi