-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathdefault.nix
73 lines (71 loc) · 2.18 KB
/
default.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
{
nixpkgs,
systemConfig,
nitro-util,
supervisord,
dnsproxy,
keygen,
tcp-proxy,
attestation-server,
gateway,
kernels,
}: let
system = systemConfig.system;
nitro = nitro-util.lib.${system};
eifArch = systemConfig.eif_arch;
pkgs = nixpkgs.legacyPackages."${system}";
supervisord' = "${supervisord}/bin/supervisord";
dnsproxy' = "${dnsproxy}/bin/dnsproxy";
itvtProxy = "${tcp-proxy}/bin/ip-to-vsock-transparent";
vtiProxy = "${tcp-proxy}/bin/vsock-to-ip";
attestationServer = "${attestation-server}/bin/oyster-attestation-server";
keygenSecp256k1 = "${keygen}/bin/keygen-secp256k1";
gateway' = "${gateway}/bin/oyster-serverless-gateway";
kernel = kernels.kernel;
kernelConfig = kernels.kernelConfig;
nsmKo = kernels.nsmKo;
init = kernels.init;
setup = ./. + "/setup.sh";
supervisorConf = ./. + "/supervisord.conf";
gwConf = ./. + "/oyster_serverless_gateway_config.json";
app = pkgs.runCommand "app" {} ''
echo Preparing the app folder
pwd
mkdir -p $out
mkdir -p $out/app
mkdir -p $out/etc
cp ${supervisord'} $out/app/supervisord
cp ${itvtProxy} $out/app/ip-to-vsock-transparent
cp ${vtiProxy} $out/app/vsock-to-ip
cp ${attestationServer} $out/app/attestation-server
cp ${dnsproxy'} $out/app/dnsproxy
cp ${keygenSecp256k1} $out/app/keygen-secp256k1
cp ${gateway'} $out/app/oyster-serverless-gateway
cp ${setup} $out/app/setup.sh
chmod +x $out/app/*
cp ${supervisorConf} $out/etc/supervisord.conf
cp ${gwConf} $out/etc/oyster_serverless_gateway_config.json
'';
# kinda hacky, my nix-fu is not great, figure out a better way
initPerms = pkgs.runCommand "initPerms" {} ''
cp ${init} $out
chmod +x $out
'';
in {
default = nitro.buildEif {
name = "enclave";
arch = eifArch;
init = initPerms;
kernel = kernel;
kernelConfig = kernelConfig;
nsmKo = nsmKo;
cmdline = builtins.readFile nitro.blobs.${eifArch}.cmdLine;
entrypoint = "/app/setup.sh";
env = "";
copyToRoot = pkgs.buildEnv {
name = "image-root";
paths = [app pkgs.busybox pkgs.nettools pkgs.iproute2 pkgs.iptables-legacy pkgs.cacert];
pathsToLink = ["/bin" "/app" "/etc"];
};
};
}