Fix sudo

kylecarbs · kylecarbs · commit b8b476f394e7 · 2023-08-15T11:49:42.000-05:00
diff --git a/flake.nix b/flake.nix
@@ -22,6 +22,7 @@
           exa
           getopt
           git
+          gnused
           go_1_20
           go-migrate
           golangci-lint
@@ -48,33 +49,67 @@
           shellcheck
           shfmt
           sqlc
+          strace
           terraform
           typos
           yq
           zip
           zstd
         ];
-        baseImage = pkgs.dockerTools.pullImage {
+
+        # Start with an Ubuntu image!
+        baseDevEnvImage = pkgs.dockerTools.pullImage {
           imageName = "ubuntu";
           imageDigest = "sha256:7a520eeb6c18bc6d32a21bb7edcf673a7830813c169645d51c949cecb62387d0";
           sha256 = "1qa9nq3rir0wnhbs15mwbilzw530x7ih9pq5q1wv3axz44ap6dka";
           finalImageName = "ubuntu";
           finalImageTag = "lunar";
         };
+        # Build the image and modify it to have the "coder" user.
+        intermediateDevEnvImage = pkgs.dockerTools.buildImage {
+          name = "intermediate";
+          fromImage = baseDevEnvImage;
+          # This replaces the "ubuntu" user with "coder" and
+          # gives it sudo privileges!
+          runAsRoot = ''
+            #!${pkgs.runtimeShell}
+            ${pkgs.dockerTools.shadowSetup}
+            userdel ubuntu
+            useradd coder \
+              --create-home \
+              --shell=/bin/bash \
+              --uid=1000 \
+              --user-group
+            cat > /etc/pam.d/other <<EOF
+                account sufficient pam_unix.so
+                auth sufficient pam_rootok.so
+                password requisite pam_unix.so nullok yescrypt
+                session required pam_unix.so
+            EOF
+            echo "coder ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers
+            cp ${pkgs.sudo}/bin/sudo /usr/bin/sudo
+            chmod 4755 /usr/bin/sudo
+          '';
+        };
         dockerImage = pkgs.dockerTools.streamLayeredImage {
           name = "codercom/oss-dogfood";
           tag = "testing";
-          fromImage = baseImage;
-          extraCommands = ''
-          touch ./.wh.bin
-          ln -s usr/bin bin
-          '';
+          fromImage = builtImage;
 
           config = {
             Env = [
-              "PATH=${pkgs.lib.makeBinPath devShellPackages}:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin"
+              "PATH=${pkgs.lib.makeBinPath devShellPackages}:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/home/coder/go/bin"
+              #This setting prevents Go from using the public checksum database for
+              # our module path prefixes. It is required because these are in private
+              # repositories that require authentication.
+              #
+              # For details, see: https://golang.org/ref/mod#private-modules
+              "GOPRIVATE=coder.com,cdr.dev,go.coder.com,github.com/cdr,github.com/coder"
+              # Increase memory allocation to NodeJS
+              "NODE_OPTIONS=--max_old_space_size=8192"
             ];
             Entrypoint = [ "/bin/bash" ];
+            User = "coder";
           };
         };
       in
