From 97eda81232b0d76098c7c72482a4e6b58b9ef36f Mon Sep 17 00:00:00 2001 From: Marco Date: Wed, 30 Aug 2023 20:42:49 +0200 Subject: [PATCH] initial commit --- README.md | 19 +++++ configuration.nix | 165 ++++++++++++++++++++++++++++++++++++++++++ ec2-build-docker-host | 57 +++++++++++++++ 3 files changed, 241 insertions(+) create mode 100644 README.md create mode 100644 configuration.nix create mode 100755 ec2-build-docker-host diff --git a/README.md b/README.md new file mode 100644 index 0000000..7b41454 --- /dev/null +++ b/README.md @@ -0,0 +1,19 @@ +## ec2-build-docker-host + +This script sets up a Docker test system based on NixOS. For configuration options consult: + +https://search.nixos.org/options + +To change the resulting system, edit the *configuration.nix* and re-run the script. + +### Usage +``` +git clone https://github.com/mrckndt/ec2-build-docker-host +cd ec2-build-docker-host + +bash ec2-build-docker-host -i +or +./ec2-build-docker-host -i +``` + +Follow the shown instructions and wait... diff --git a/configuration.nix b/configuration.nix new file mode 100644 index 0000000..f1eaf12 --- /dev/null +++ b/configuration.nix @@ -0,0 +1,165 @@ +{ config, lib, modulesPath, pkgs, ... }: + +with lib; + +let + allowedTCPPorts = [ 80 443 8065 ]; + allowedUDPPorts = [ ]; + autoUpdateContainers = true; + hostName = "nixos-docker-test"; + systemPackages = with pkgs; [ + bind + bmon + docker-compose + file + htop + iotop + ncdu + netcat-gnu + nmap + nmon + psmisc + ranger + rsync + ]; + stateVersion = "23.05"; + timeZone = "Europe/Berlin"; +in +{ + imports = [ "${modulesPath}/virtualisation/amazon-image.nix" ]; + + boot.tmp = { + cleanOnBoot = true; + useTmpfs = true; + }; + + documentation = { + info.enable = false; + man.generateCaches = true; + }; + + environment = { + systemPackages = systemPackages; + variables = { + LESS = mkDefault "-FRSMKI"; + SYSTEMD_LESS = mkDefault "FRSMKI"; + }; + }; + + fonts.fontconfig.enable = false; + + i18n.supportedLocales = [ + "en_US.UTF-8/UTF-8" + "de_DE.UTF-8/UTF-8" + ]; + + networking = { + hostName = hostName; + firewall = { + allowedTCPPorts = allowedTCPPorts; + allowedUDPPorts = allowedUDPPorts; + }; + }; + + nix = { + gc = { + automatic = true; + options = "--delete-older-than 30d"; + }; + settings.auto-optimise-store = true; + }; + + programs = { + neovim = { + enable = true; + vimAlias = true; + viAlias = true; + defaultEditor = true; + configure = { + customRC = '' + filetype plugin indent on + + set autowrite + set expandtab + set ignorecase + set laststatus=2 + set linebreak + set list listchars=tab:▸\ ,trail:· + set mouse=a + set nofoldenable + set nojoinspaces + set nowrap + set number + set shiftwidth=2 + set showbreak=↪\ + set splitbelow + set splitright + set statusline=\(%n\)\ %<%.99f\ %y\ %w%m%r%=%-14.(%l,%c%V%)\ %P + set textwidth=120 + set wrapscan + + nnoremap :buffers:buffer + + unmap Y + ''; + }; + }; + tmux = { + enable = true; + aggressiveResize = true; + baseIndex = 1; + clock24 = true; + escapeTime = 0; + extraConfig = '' + set -g mouse on + set -g renumber-windows on + set -g set-titles on + set -g status-interval 10 + set -g status-right "#(whoami)@#(hostname) | #(cut -f1 -d \" \" < /proc/loadavg) | %H:%M " + set -ga terminal-overrides ",xterm-256color:Tc" + + unbind C-b + set -g prefix C-x + bind C-x send-prefix + ''; + historyLimit = 10000; + terminal = "xterm-256color"; + }; + zsh = { + enable = true; + enableBashCompletion = true; + ohMyZsh = { + enable = true; + theme = "gentoo"; + }; + }; + }; + + # needed for rootless containers (e.g. with podman) + security.unprivilegedUsernsClone = config.virtualisation.containers.enable; + + system = { + autoUpgrade.enable = true; + stateVersion = stateVersion; + }; + + time.timeZone = timeZone; + + users.defaultUserShell = mkIf config.programs.zsh.enable pkgs.zsh; + + virtualisation = { + docker.enable = true; + oci-containers.backend = "docker"; + + oci-containers.containers.watchtower = mkIf autoUpdateContainers { + image = "containrrr/watchtower:latest"; + volumes = [ "/var/run/docker.sock:/var/run/docker.sock" ]; + extraOptions = [ + "--security-opt=no-new-privileges:true" + "--pids-limit=100" + "--read-only" + "--tmpfs=/tmp" + ]; + }; + }; +} diff --git a/ec2-build-docker-host b/ec2-build-docker-host new file mode 100755 index 0000000..452c2eb --- /dev/null +++ b/ec2-build-docker-host @@ -0,0 +1,57 @@ +#!/bin/bash + +usage() { + cat <&2 + exit 64 + ;; + esac +done + +shift $((OPTIND - 1)) + +if [ -z ${identityFile} ]; then + echo "missing option: -i is required" >&2 + usage >&2 + exit 64 +fi + +if [ -z $(type -P "scp") ] || [ -z $(type -P "ssh") ]; then + echo "SSH needs to be installed" >&2 + exit 64 +fi + +echo "Please open $(tput bold)https://nixos.org/download#nixos-amazon$(tput sgr0) and follow the +instructions to launch an EC2 instance. + +$(tput bold)Note: it's recommended to use a disk size of >=20GB.$(tput sgr0)" +echo + +read -p "Domain or IP of launched EC2 instance: " host + +echo +echo "$(tput bold)Copying configuration to ${host}...$(tput sgr0)" +scp -i "${identityFile}" ./configuration.nix root@"${host}":/etc/nixos/configuration.nix + +echo "$(tput bold)Building system...$(tput sgr0)" +ssh -i "${identityFile}" root@"${host}" "nixos-rebuild switch --upgrade"