From 42a44ce63b0d3ecbeab77484649b564264a67fae Mon Sep 17 00:00:00 2001
From: Szabo Gergely <gege251@mailbox.org>
Date: Mon, 3 Feb 2025 09:47:00 +0100
Subject: [PATCH] Add experimental devcontainer

---
 .devcontainer/Dockerfile          | 38 +++++++++++++++++++++++++++++++
 .devcontainer/devcontainer.json   |  7 ++++++
 .devcontainer/docker-compose.yaml | 16 +++++++++++++
 3 files changed, 61 insertions(+)
 create mode 100644 .devcontainer/Dockerfile
 create mode 100644 .devcontainer/devcontainer.json
 create mode 100644 .devcontainer/docker-compose.yaml

diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
new file mode 100644
index 00000000..c1ba610d
--- /dev/null
+++ b/.devcontainer/Dockerfile
@@ -0,0 +1,38 @@
+FROM docker.io/library/debian
+
+VOLUME /nix
+
+RUN apt-get update
+RUN apt-get -y install \
+  sudo \
+  xz-utils \
+  curl \
+  git \
+  direnv
+
+ENV PATH="${PATH}:/nix/var/nix/profiles/default/bin"
+ENV DIRENV_CONFIG=/etc
+
+# install bash config
+COPY bash.bashrc /etc/bash.bashrc
+
+# set env for non interactive shell to load nix
+COPY envrc /etc/envrc
+ENV ENV="/etc/envrc" BASH_ENV="/etc/envrc"
+
+COPY ./nix.conf /etc/nix/nix.conf
+COPY direnv.toml /etc
+
+RUN --mount=type=secret,id=NIX_NETRC cp /run/secrets/NIX_NETRC /netrc && chmod a+r /netrc
+
+# create non-root user and group and add it sudoers
+ARG USERNAME=code
+ARG USER_UID=1000
+ARG USER_GID=${USER_UID}
+RUN groupadd --gid ${USER_GID} ${USERNAME} && \
+    useradd --uid ${USER_UID} --gid ${USER_GID} -m ${USERNAME} -s /bin/bash && \
+    echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/devcontainer && \
+    chmod 0440 /etc/sudoers.d/devcontainer
+
+ARG NIX_INSTALL_SCRIPT=https://nixos.org/nix/install
+RUN curl -L ${NIX_INSTALL_SCRIPT} | sudo -u code NIX_INSTALLER_NO_MODIFY_PROFILE=1 sh
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
new file mode 100644
index 00000000..c70f7122
--- /dev/null
+++ b/.devcontainer/devcontainer.json
@@ -0,0 +1,7 @@
+{
+  "dockerComposeFile": "docker-compose.yaml",
+  "service": "mlabs-devcontainer",
+  "shutdownAction": "stopCompose",
+  "workspaceFolder": "/workspace",
+  "remoteUser": "code"
+}
diff --git a/.devcontainer/docker-compose.yaml b/.devcontainer/docker-compose.yaml
new file mode 100644
index 00000000..f1cf708d
--- /dev/null
+++ b/.devcontainer/docker-compose.yaml
@@ -0,0 +1,16 @@
+services:
+  mlabs-devcontainer:
+    image: ghcr.io/mlabs-haskell/mlabs-devcontainer
+    platform: linux/x86_64
+    volumes:
+      - nix-store:/nix
+      - ..:/workspace:cached
+    command: /bin/sh -c "while sleep 1000; do :; done"
+    cap_add:
+    - SYS_PTRACE
+    security_opt:
+    - seccomp:unconfined
+
+volumes:
+  nix-store:
+    external: true