{ nixpkgsPath ? , ociconfig , name , ...}: let pkgs = import nixpkgsPath {}; dummyOption = with pkgs.lib; mkOption { type = types.attrs; default = {}; }; systemModule = { lib, config, ... }: { options = { toplevel = lib.mkOption { type = lib.types.str; }; systemd = with lib; { services = dummyOption; targets = dummyOption; timers = dummyOption; }; environment = dummyOption; users.users = dummyOption; users.groups = dummyOption; meta = dummyOption; networking.enableIPv6 = lib.mkOption { type = lib.types.bool; default = false; }; }; config._module.args.pkgs = pkgs; }; config = pkgs.lib.evalModules { modules = [ systemModule ociconfig "${nixpkgsPath}/nixos/modules/misc/assertions.nix" ]; }; in pkgs.dockerTools.buildImage { inherit name; contents = pkgs.coreutils; runAsRoot = (with pkgs.lib; strings.concatStrings (mapAttrsToList (n: u: if u ? createHome && u.createHome then ("mkdir -p ${u.home}\n") else "") config.config.users.users)); config = with pkgs.lib; { Cmd = pkgs.writeShellScript "main-entrypoint" (strings.concatStrings (map (command: "${command}&") (mapAttrsToList (name: service: (pkgs.writeShellScript "systemd-script-${name}" '' #!${pkgs.dash.outPath}/bin/sh set -ueo pipefail ${if service ? preStart then '' echo ${escapeShellArg name}: running preStart script ${service.preStart} '' else ""} echo ${name}: starting ... ${if service ? serviceConfig && service.serviceConfig ? WorkingDirectory then "cd ${service.serviceConfig.WorkingDirectory}" else ""} ${if service ? environment then (strings.concatStrings (mapAttrsToList (n: k: "export ${n}=${escapeShellArg k}\n") service.environment)) + service.script else ""} '').outPath) config.config.systemd.services)) + "\n wait"); }; }