diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..e69de29 diff --git a/build/Dockerfile b/build/Dockerfile index 0b5af92..82815af 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -31,6 +31,12 @@ RUN addgroup --gid $GROUP_ID ${USER} \ RUN mkdir -p /home/${USER} && chown -R ${USER}:${USER} /home/${USER} +ENV DOCKER_TLS_CERTDIR=/certs +RUN mkdir /certs /certs/client && chmod 1777 /certs /certs/client +COPY --from=docker:27-dind /usr/local/bin/ /usr/local/bin/ +COPY --from=docker:27-dind /usr/local/libexec/ /usr/local/libexec/ +VOLUME /var/lib/docker + USER ${USER} WORKDIR /home/${USER} @@ -57,4 +63,8 @@ RUN if [ -n "$PACKAGES" ]; then \ pkgx install ${PACKAGES};\ fi -ENTRYPOINT [ "code", "-v", "tunnel" ] +COPY entry.sh /usr/local/bin/entry.sh + +RUN sudo chmod a+x /usr/local/bin/entry.sh + +ENTRYPOINT [ "entry.sh" ] diff --git a/build/entry.sh b/build/entry.sh new file mode 100644 index 0000000..68bf486 --- /dev/null +++ b/build/entry.sh @@ -0,0 +1,5 @@ +#!/usr/bin/bash + +sudo dockerd-entrypoint.sh >/dev/null 2>/dev/null & + +code -v tunnel \ No newline at end of file diff --git a/build/main.tf b/build/main.tf index 08c09db..039db2e 100644 --- a/build/main.tf +++ b/build/main.tf @@ -19,6 +19,7 @@ resource "docker_image" "pkgx" { resource "docker_container" "pkgx" { image = docker_image.pkgx.image_id name = "pkgx-workspace" + privileged = true volumes { volume_name = "pkgx-workspace" diff --git a/devbox/Dockerfile b/devbox/Dockerfile index b1a13c0..cbdda77 100644 --- a/devbox/Dockerfile +++ b/devbox/Dockerfile @@ -27,6 +27,12 @@ RUN addgroup --gid $GROUP_ID ${USER} \ RUN mkdir -p /home/${USER} && chown -R ${USER}:${USER} /home/${USER} +ENV DOCKER_TLS_CERTDIR=/certs +RUN mkdir /certs /certs/client && chmod 1777 /certs /certs/client +COPY --from=docker:27-dind /usr/local/bin/ /usr/local/bin/ +COPY --from=docker:27-dind /usr/local/libexec/ /usr/local/libexec/ +VOLUME /var/lib/docker + USER ${USER} RUN curl --proto =https --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install linux --extra-conf "sandbox = false" --init none --no-confirm @@ -58,4 +64,9 @@ RUN curl --proto '=https' --tlsv1.2 -sSf https://setup.atuin.sh | bash ENV BASH_ENV=/home/${USER}/.bashrc -ENTRYPOINT [ "code", "-v", "tunnel" ] +COPY entry.sh /usr/local/bin/entry.sh + +RUN sudo chmod a+x /usr/local/bin/entry.sh + +ENTRYPOINT [ "entry.sh" ] + diff --git a/devbox/entry.sh b/devbox/entry.sh new file mode 100644 index 0000000..68bf486 --- /dev/null +++ b/devbox/entry.sh @@ -0,0 +1,5 @@ +#!/usr/bin/bash + +sudo dockerd-entrypoint.sh >/dev/null 2>/dev/null & + +code -v tunnel \ No newline at end of file diff --git a/devbox/main.tf b/devbox/main.tf index bb5123c..cea9ac1 100644 --- a/devbox/main.tf +++ b/devbox/main.tf @@ -1,7 +1,7 @@ terraform { required_providers { docker = { - source = "kreuzwerker/docker" + source = "kreuzwerker/docker" version = "~> 3.0.2" } } @@ -17,8 +17,9 @@ resource "docker_image" "devbox" { } resource "docker_container" "devbox" { - image = docker_image.devbox.image_id - name = "devbox-workspace" + image = docker_image.devbox.image_id + name = "devbox-workspace" + privileged = true volumes { volume_name = "devbox-workspace" @@ -27,8 +28,8 @@ resource "docker_container" "devbox" { } volumes { - volume_name = "devbox-nix" + volume_name = "devbox-nix" container_path = "/nix" - read_only = false + read_only = false } } diff --git a/devenv/Dockerfile b/devenv/Dockerfile index fed4849..857719a 100644 --- a/devenv/Dockerfile +++ b/devenv/Dockerfile @@ -31,6 +31,12 @@ RUN addgroup --gid $GROUP_ID ${USER} \ RUN mkdir -p /home/${USER} && chown -R ${USER}:${USER} /home/${USER} +ENV DOCKER_TLS_CERTDIR=/certs +RUN mkdir /certs /certs/client && chmod 1777 /certs /certs/client +COPY --from=docker:27-dind /usr/local/bin/ /usr/local/bin/ +COPY --from=docker:27-dind /usr/local/libexec/ /usr/local/libexec/ +VOLUME /var/lib/docker + USER ${USER} RUN sudo chown -R ${USER}:${USER} /nix/store /nix/var @@ -63,4 +69,9 @@ RUN curl --proto '=https' --tlsv1.2 -sSf https://setup.atuin.sh | bash ENV BASH_ENV=/home/${USER}/.bashrc -ENTRYPOINT [ "code", "-v", "tunnel" ] +COPY entry.sh /usr/local/bin/entry.sh + +RUN sudo chmod a+x /usr/local/bin/entry.sh + +ENTRYPOINT [ "entry.sh" ] + diff --git a/devenv/entry.sh b/devenv/entry.sh new file mode 100644 index 0000000..68bf486 --- /dev/null +++ b/devenv/entry.sh @@ -0,0 +1,5 @@ +#!/usr/bin/bash + +sudo dockerd-entrypoint.sh >/dev/null 2>/dev/null & + +code -v tunnel \ No newline at end of file diff --git a/devenv/main.tf b/devenv/main.tf index e711601..7bdc7f7 100644 --- a/devenv/main.tf +++ b/devenv/main.tf @@ -1,7 +1,7 @@ terraform { required_providers { docker = { - source = "kreuzwerker/docker" + source = "kreuzwerker/docker" version = "~> 3.0.2" } } @@ -17,8 +17,9 @@ resource "docker_image" "devenv" { } resource "docker_container" "devenv" { - image = docker_image.devenv.image_id - name = "devenv-workspace" + image = docker_image.devenv.image_id + name = "devenv-workspace" + privileged = true volumes { volume_name = "devenv-workspace" @@ -27,8 +28,8 @@ resource "docker_container" "devenv" { } volumes { - volume_name = "devenv-nix" + volume_name = "devenv-nix" container_path = "/nix" - read_only = false + read_only = false } } diff --git a/flox/Dockerfile b/flox/Dockerfile index bb4f84a..c26d324 100644 --- a/flox/Dockerfile +++ b/flox/Dockerfile @@ -31,6 +31,12 @@ RUN addgroup --gid $GROUP_ID ${USER} \ RUN mkdir -p /home/${USER} && chown -R ${USER}:${USER} /home/${USER} +ENV DOCKER_TLS_CERTDIR=/certs +RUN mkdir /certs /certs/client && chmod 1777 /certs /certs/client +COPY --from=docker:27-dind /usr/local/bin/ /usr/local/bin/ +COPY --from=docker:27-dind /usr/local/libexec/ /usr/local/libexec/ +VOLUME /var/lib/docker + USER ${USER} ENV PATH=${PATH}:/home/${USER}/.nix-profile/bin @@ -58,4 +64,9 @@ RUN curl --proto '=https' --tlsv1.2 -sSf https://setup.atuin.sh | bash ENV BASH_ENV=/home/${USER}/.bashrc -ENTRYPOINT [ "code", "-v", "tunnel" ] +COPY entry.sh /usr/local/bin/entry.sh + +RUN sudo chmod a+x /usr/local/bin/entry.sh + +ENTRYPOINT [ "entry.sh" ] + diff --git a/flox/entry.sh b/flox/entry.sh new file mode 100644 index 0000000..68bf486 --- /dev/null +++ b/flox/entry.sh @@ -0,0 +1,5 @@ +#!/usr/bin/bash + +sudo dockerd-entrypoint.sh >/dev/null 2>/dev/null & + +code -v tunnel \ No newline at end of file diff --git a/flox/main.tf b/flox/main.tf index c9ea249..70f9dba 100644 --- a/flox/main.tf +++ b/flox/main.tf @@ -19,6 +19,7 @@ resource "docker_image" "flox" { resource "docker_container" "flox" { image = docker_image.flox.image_id name = "flox-workspace" + privileged = true volumes { volume_name = "flox-workspace" diff --git a/homebrew/Dockerfile b/homebrew/Dockerfile index 1431921..c863123 100644 --- a/homebrew/Dockerfile +++ b/homebrew/Dockerfile @@ -28,6 +28,12 @@ RUN addgroup --gid $GROUP_ID ${USER} \ && chmod 0440 /etc/sudoers.d/${USER} RUN mkdir -p /home/${USER} && chown -R ${USER}:${USER} /home/${USER} +ENV DOCKER_TLS_CERTDIR=/certs +RUN mkdir /certs /certs/client && chmod 1777 /certs /certs/client +COPY --from=docker:27-dind /usr/local/bin/ /usr/local/bin/ +COPY --from=docker:27-dind /usr/local/libexec/ /usr/local/libexec/ +VOLUME /var/lib/docker + USER ${USER} SHELL ["bash", "-c"] @@ -54,4 +60,9 @@ RUN if [ -n "$PACKAGES" ]; then \ brew install ${PACKAGES}; exit 0;\ fi -ENTRYPOINT [ "code", "-v", "tunnel" ] +COPY entry.sh /usr/local/bin/entry.sh + +RUN sudo chmod a+x /usr/local/bin/entry.sh + +ENTRYPOINT [ "entry.sh" ] + diff --git a/homebrew/entry.sh b/homebrew/entry.sh new file mode 100644 index 0000000..68bf486 --- /dev/null +++ b/homebrew/entry.sh @@ -0,0 +1,5 @@ +#!/usr/bin/bash + +sudo dockerd-entrypoint.sh >/dev/null 2>/dev/null & + +code -v tunnel \ No newline at end of file diff --git a/homebrew/main.tf b/homebrew/main.tf index a2976d4..1bebe4a 100644 --- a/homebrew/main.tf +++ b/homebrew/main.tf @@ -1,7 +1,7 @@ terraform { required_providers { docker = { - source = "kreuzwerker/docker" + source = "kreuzwerker/docker" version = "~> 3.0.2" } } @@ -17,8 +17,9 @@ resource "docker_image" "brew" { } resource "docker_container" "brew" { - image = docker_image.brew.image_id - name = "brew-workspace" + image = docker_image.brew.image_id + name = "brew-workspace" + privileged = true volumes { volume_name = "brew-workspace" diff --git a/main.tf b/main.tf index dd6c6dd..64df86c 100644 --- a/main.tf +++ b/main.tf @@ -1,7 +1,7 @@ terraform { required_providers { docker = { - source = "kreuzwerker/docker" + source = "kreuzwerker/docker" version = "~> 3.0.2" } } @@ -10,28 +10,29 @@ terraform { provider "docker" {} resource "docker_image" "default" { - name = var.image - count = var.context != null ? 0 : 1 + name = var.image + count = var.context != null ? 0 : 1 } resource "docker_image" "base" { - name = var.workspace_name + name = var.workspace_name count = var.context != null ? 1 : 0 build { context = var.context build_args = { - USER = var.user + USER = var.user PACKAGES = join(" ", var.packages) } } } resource "docker_container" "base" { - image = var.context != null ? docker_image.base[0].image_id : docker_image.default[0].image_id - name = var.workspace_name - hostname = var.hostname - + image = var.context != null ? docker_image.base[0].image_id : docker_image.default[0].image_id + name = var.workspace_name + hostname = var.hostname + privileged = true + dynamic "volumes" { for_each = var.volumes content { diff --git a/nix/Dockerfile b/nix/Dockerfile index 28b79de..3de531d 100644 --- a/nix/Dockerfile +++ b/nix/Dockerfile @@ -31,6 +31,12 @@ RUN addgroup --gid $GROUP_ID ${USER} \ RUN mkdir -p /home/${USER} && chown -R ${USER}:${USER} /home/${USER} +ENV DOCKER_TLS_CERTDIR=/certs +RUN mkdir /certs /certs/client && chmod 1777 /certs /certs/client +COPY --from=docker:27-dind /usr/local/bin/ /usr/local/bin/ +COPY --from=docker:27-dind /usr/local/libexec/ /usr/local/libexec/ +VOLUME /var/lib/docker + USER ${USER} RUN sudo chown -R ${USER}:${USER} /nix/store/.links /nix/var @@ -51,4 +57,9 @@ RUN curl --proto '=https' --tlsv1.2 -sSf https://setup.atuin.sh | bash ENV BASH_ENV=/home/${USER}/.bashrc -ENTRYPOINT [ "code", "-v", "tunnel" ] +COPY entry.sh /usr/local/bin/entry.sh + +RUN sudo chmod a+x /usr/local/bin/entry.sh + +ENTRYPOINT [ "entry.sh" ] + diff --git a/nix/entry.sh b/nix/entry.sh new file mode 100644 index 0000000..68bf486 --- /dev/null +++ b/nix/entry.sh @@ -0,0 +1,5 @@ +#!/usr/bin/bash + +sudo dockerd-entrypoint.sh >/dev/null 2>/dev/null & + +code -v tunnel \ No newline at end of file diff --git a/nix/main.tf b/nix/main.tf index 822b4c2..736ab2f 100644 --- a/nix/main.tf +++ b/nix/main.tf @@ -1,7 +1,7 @@ terraform { required_providers { docker = { - source = "kreuzwerker/docker" + source = "kreuzwerker/docker" version = "~> 3.0.2" } } @@ -17,8 +17,9 @@ resource "docker_image" "nix" { } resource "docker_container" "nix" { - image = docker_image.nix.image_id - name = "nix-workspace" + image = docker_image.nix.image_id + name = "nix-workspace" + privileged = true volumes { volume_name = "nix-workspace" @@ -27,8 +28,8 @@ resource "docker_container" "nix" { } volumes { - volume_name = "nix-store" + volume_name = "nix-store" container_path = "/nix" - read_only = false + read_only = false } } diff --git a/pkgx/Dockerfile b/pkgx/Dockerfile index 0b5af92..2c029b3 100644 --- a/pkgx/Dockerfile +++ b/pkgx/Dockerfile @@ -31,6 +31,12 @@ RUN addgroup --gid $GROUP_ID ${USER} \ RUN mkdir -p /home/${USER} && chown -R ${USER}:${USER} /home/${USER} +ENV DOCKER_TLS_CERTDIR=/certs +RUN mkdir /certs /certs/client && chmod 1777 /certs /certs/client +COPY --from=docker:27-dind /usr/local/bin/ /usr/local/bin/ +COPY --from=docker:27-dind /usr/local/libexec/ /usr/local/libexec/ +VOLUME /var/lib/docker + USER ${USER} WORKDIR /home/${USER} diff --git a/pkgx/entry.sh b/pkgx/entry.sh new file mode 100644 index 0000000..68bf486 --- /dev/null +++ b/pkgx/entry.sh @@ -0,0 +1,5 @@ +#!/usr/bin/bash + +sudo dockerd-entrypoint.sh >/dev/null 2>/dev/null & + +code -v tunnel \ No newline at end of file diff --git a/pkgx/main.tf b/pkgx/main.tf index 08c09db..039db2e 100644 --- a/pkgx/main.tf +++ b/pkgx/main.tf @@ -19,6 +19,7 @@ resource "docker_image" "pkgx" { resource "docker_container" "pkgx" { image = docker_image.pkgx.image_id name = "pkgx-workspace" + privileged = true volumes { volume_name = "pkgx-workspace"