add sysbox

utils/pkgs/sysbox.nix

@@ -0,0 +1,82 @@
+{ lib
+, stdenv
+, buildGoModule
+, fetchurl
+, makeWrapper
+, git
+, bash
+, coreutils
+, gitea
+, gzip
+, openssh
+, pam
+, sqliteSupport ? true
+, pamSupport ? true
+, runCommand
+, brotli
+, xorg
+, nixosTests
+}:
+
+buildGoModule rec {
+  pname = "sysbox";
+  version = "0.6.2";
+
+  # not fetching directly from the git repo, because that lacks several vendor files for the web UI
+  src = fetchurl {
+    url = "https://github.com/nestybox/sysbox/archive/refs/tags/v${version}.tar.gz";
+    hash = "sha256-cH/AHsFXOdvfSfj9AZUd3l/RlYE06o1ByZu0vvGQuXw=";
+  };
+
+  vendorHash = null;
+
+  # subPackages = [ "." ];
+
+  nativeBuildInputs = [ makeWrapper ];
+
+  # buildInputs = lib.optional pamSupport pam;
+
+  # tags = lib.optional pamSupport "pam"
+  #   ++ lib.optionals sqliteSupport [ "sqlite" "sqlite_unlock_notify" ];
+
+  # ldflags = [
+  #   "-s"
+  #   "-w"
+  #   "-X main.Version=${version}"
+  #   "-X 'main.Tags=${lib.concatStringsSep " " tags}'"
+  # ];
+
+  outputs = [ "out" ];
+
+  postInstall = ''
+    mkdir -p $out
+    # cp -R ./options/locale $out/locale
+
+    wrapProgram $out/bin/gitea \
+      --prefix PATH : ${lib.makeBinPath [ ]}
+  '';
+
+  # passthru = {
+  #   data-compressed = runCommand "gitea-data-compressed" {
+  #     nativeBuildInputs = [ brotli xorg.lndir ];
+  #   } ''
+  #     mkdir $out
+  #     lndir ${gitea.data}/ $out/
+  #
+  #     # Create static gzip and brotli files
+  #     find -L $out -type f -regextype posix-extended -iregex '.*\.(css|html|js|svg|ttf|txt)' \
+  #       -exec gzip --best --keep --force {} ';' \
+  #       -exec brotli --best --keep --no-copy-stat {} ';'
+  #   '';
+  #
+  #   tests = nixosTests.gitea;
+  # };
+
+  meta = with lib; {
+    description = "Improves container isolation";
+    homepage = "https://github.com/nestybox/sysbox";
+    license = licenses.apache;
+    broken = stdenv.isDarwin;
+    mainProgram = "sysbox-runc";
+  };
+}