Create Nix base image

.gitignore

@@ -1 +1,2 @@
 .idea/
+/result

config/entrypoint-sh.nix

@@ -0,0 +1,14 @@
+{ writeText
+, bash
+, busybox
+, nginxConf
+, phpFpmConf
+, phpIni
+}: writeText "entrypoint.sh" ''
+  #!${bash}/bin/bash
+  find /entrypoint.d -type f -executable -print0 | xargs -0I{} {}
+  nginx -e /dev/null -c ${nginxConf} &
+  php-fpm -Fy ${phpFpmConf} -c ${phpIni} &
+  wait -n
+  echo $?
+''

config/nginx-conf.nix

@@ -0,0 +1,40 @@
+{ nginx
+, writeText
+}: writeText "nginx.conf" ''
+  user nobody nobody;
+  worker_processes 1;
+  daemon off;
+  error_log /dev/stdout info;
+  pid /dev/null;
+  events {
+    worker_connections 1024;
+  }
+  http {
+    access_log /dev/stdout;
+    sendfile on;
+    tcp_nopush on;
+    tcp_nodelay on;
+    keepalive_timeout 65;
+    include ${nginx}/conf/mime.types;
+    default_type application/octet-stream;
+    upstream php {
+      server 127.0.0.1:9000;
+    }
+    server {
+      listen 80;
+      index index.php;
+      client_max_body_size 50m;
+      root /app/public;
+      location / {
+        try_files $uri $uri/ /index.php?$query_string;
+      }
+      location ~ \.php$ {
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_pass php;
+        include ${nginx}/conf/fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $request_filename;
+        fastcgi_read_timeout 600;
+      }
+    }
+  }
+''

config/php-fpm-conf.nix

@@ -0,0 +1,20 @@
+{ writeText }: writeText "php-fpm.conf" ''
+  [global]
+  error_log = /dev/stderr
+  log_limit = 8192
+  [www]
+  access.log = /dev/stderr
+  access.format = "[php-fpm:access] %R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
+  clear_env = no
+  catch_workers_output = yes
+  decorate_workers_output = no
+  user = nobody
+  group = nobody
+  listen = 127.0.0.1:9000
+  pm = dynamic
+  pm.max_children = 20
+  pm.max_requests = 1000
+  pm.start_servers = 2
+  pm.min_spare_servers = 1
+  pm.max_spare_servers = 3
+''

config/php-ini.nix

@@ -0,0 +1,20 @@
+{ writeText }: writeText "php.ini" ''
+  display_errors = On
+  log_errors = On
+  error_log = /dev/stderr
+  short_open_tag = Off
+  variables_order = 'GPCS'
+  request_order = 'GP'
+  memory_limit = 512M
+  max_execution_time = 300
+  max_input_time = 300
+  post_max_size = 50M
+  upload_max_size = 50M
+  max_input_vars = 5000
+  expose_php = Off
+  date.timezone = UTC
+  opcache.memory_consumption = 512
+  opcache.interned_strings_buffer = 64
+  opcache.max_accelerated_files = 32531
+  opcache.fast_shutdown = Off
+''

flake.nix

@@ -0,0 +1,24 @@
+{
+  inputs = {
+    nixpkgs.url = "nixpkgs/nixos-23.05";
+    systems.url = "github:nix-systems/default";
+  };
+
+  outputs = { self, nixpkgs, systems }:
+  let
+    lib = nixpkgs.lib;
+    eachSystem = lib.genAttrs (import systems);
+    pkgsFor = eachSystem (system: nixpkgs.legacyPackages.${system});
+  in {
+    packages = eachSystem (system: let
+      pkgs = pkgsFor.${system};
+    in {
+      default = pkgs.callPackage ./image.nix {};
+      php74 = pkgs.callPackage ./image.nix { php = pkgs.php74; };
+      php80 = pkgs.callPackage ./image.nix { php = pkgs.php80; };
+      php81 = pkgs.callPackage ./image.nix { php = pkgs.php81; };
+      php82 = pkgs.callPackage ./image.nix { php = pkgs.php82; };
+      php83 = pkgs.callPackage ./image.nix { php = pkgs.php83; };
+    });
+  };
+}

image.nix

@@ -0,0 +1,60 @@
+{ lib
+, pkgs
+, hiPrio
+, nginx
+, php
+, busybox
+, bash
+, buildEnv
+, runCommand
+, dockerTools
+, imageName ? "laravel-base-image"
+, imageTag ? "local"
+, extraEnv ? []
+, extraPkgs ? []
+, extraPhpExtensions ? ({enabled, all}: enabled)
+}: let
+  callPackage = lib.callPackageWith (pkgs // config);
+  config = {
+    entrypointSh = callPackage ./config/entrypoint-sh.nix {};
+    phpFpmConf = callPackage ./config/php-fpm-conf.nix {};
+    phpIni = callPackage ./config/php-ini.nix {};
+    nginxConf = callPackage ./config/nginx-conf.nix {};
+  };
+  phpWithExtensions = php.withExtensions extraPhpExtensions;
+  bin = buildEnv {
+    name = "bin";
+    paths = [
+      (hiPrio busybox)
+      bash
+      nginx
+      phpWithExtensions
+      phpWithExtensions.packages.composer
+    ] ++ extraPkgs;
+    pathsToLink = [ "/bin" ];
+  };
+in dockerTools.buildImage {
+  name = imageName;
+  tag = imageTag;
+  copyToRoot = buildEnv {
+    name = "laravel-base";
+    paths = with dockerTools; [
+      bin
+      usrBinEnv
+      caCertificates
+      fakeNss
+    ];
+  };
+  runAsRoot = ''
+    #!${bash}/bin/bash
+    mkdir -pm1777 /tmp
+    mkdir -p /entrypoint.d /var/cache/nginx /app
+  '';
+  config = {
+    Cmd = [ "${bash}/bin/bash" config.entrypointSh ];
+    WorkingDir = "/app";
+    Env = [
+      "PHPRC=${config.phpIni}"
+    ] ++ extraEnv;
+  };
+}