Add docker cli Guix Home service and some docker authentication plugins

+++ b/gnu/packages/docker.scm

+;;; Copyright © 2024 Giacomo Leidi <goodoldpaul@autistici.org>

+ #:use-module (gnu packages virtualization)

+ #:export (docker-credential-helpers))

+;; Actual users of this procedure are

+;; docker-credentials-secretservice and docker-credential-pass, they live in

+;; different modules to avoid circular imports.

+(define* (docker-credential-helpers plugin-name #:key (inputs '()))

+ (package

+ (name (string-append "docker-credential-" plugin-name))

+ (version "0.8.1")

+ (source

+ (origin

+ (method git-fetch)

+ (uri (git-reference

+ (url "https://github.com/docker/docker-credential-helpers")

+ (commit (string-append "v" version))))

+ (file-name (git-file-name name version))

+ (sha256

+ (base32 "1kric2yrgypdqncqfrmrh7l7904km5zisygi3fg6zlfkyh6rsm23"))))

+ (build-system go-build-system)

+ (arguments

+ (list

+ #:install-source? #f

+ #:go go-1.19

+ #:unpack-path "github.com/docker/docker-credential-helpers"

+ #:import-path

+ (string-append "github.com/docker/docker-credential-helpers/"

+ plugin-name "/cmd")

+ #:phases

+ #~(modify-phases %standard-phases

+ (replace 'build

+ (lambda* (#:key unpack-path import-path build-flags #:allow-other-keys)

+ (apply invoke "go" "build"

+ "-v"

+ "-x"

+ (string-append "-ldflags=-s -w "

+ "-X github.com/docker/docker-credential-helpers"

+ "/credentials.Version=" #$version " "

+ "-X github.com/docker/docker-credential-helpers"

+ "/credentials.Package=" unpack-path " "

+ "-X github.com/docker/docker-credential-helpers"

+ "/credentials.Name=" #$name)

+ "-o" (string-append "bin/" #$name)

+ `(,@build-flags ,import-path))))

+ (replace 'install

+ (lambda _

+ (let* ((bin

+ (string-append #$output "/bin"))

+ (lib

+ (string-append #$output "/libexec/docker/cli-plugins"))

+ (entrypoint

+ (string-append lib "/" #$name)))

+ (mkdir-p bin)

+ (mkdir-p lib)

+ (copy-file (string-append "bin/" #$name) entrypoint)

+ (symlink entrypoint

+ (string-append bin "/" #$name))))))))

+ (native-inputs

+ (list pkg-config))

+ (inputs inputs)

+ (home-page "https://github.com/docker/docker-credential-helpers")

+ (synopsis "Store Docker login credentials in platform keystores")

+ (description

+ (string-append "docker-credential-helpers is a suite of programs to use native stores to keep

+Docker credentials safe.

+

+This package provides the @code{" name "} plugin."))

+ (license license:expat)))

+

+++ b/gnu/packages/gnome.scm

+;;; Copyright © 2019, 2024 Giacomo Leidi <goodoldpaul@autistici.org>

+(define-public docker-credential-secretservice

+ (docker-credential-helpers "secretservice"

+ #:inputs (list libsecret)))

+

+++ b/gnu/packages/gnome.scm

+(define-public docker-credential-pass

+ (docker-credential-helpers "pass"

+ #:inputs (list password-store)))

+

+++ b/doc/guix.texi

+@subsubheading Container Services

+

+@cindex docker cli service, for Home

+The @code{(gnu home services containers)} module provides the following service:

+

+@defvar home-docker-cli-service-type

+This service allows for configuring the Docker command line interface, for

+example to make it aware of Guix provided plugins.

+@end defvar

+

+For example, you can use it like this to make Docker safely store your registry

+credentials with the system

+@uref{https://wiki.gnome.org/Projects/Libsecret, libsecret} compatible Secret service:

+

+@lisp

+(use-modules (gnu packages docker))

+

+(service home-docker-cli-service-type

+ (docker-cli-configuration

+ (creds-store "secretservice")

+ (cli-plugins

+ (list docker-credential-secretservice))

+ (extra-content ", \"auths\": @{\"https://index.docker.io/v1/\": @{@}@}")))

+@end lisp

+

+

+@c %start of fragment

+

+@deftp {Data Type} docker-cli-configuration

+Available @code{docker-cli-configuration} fields are:

+

+@table @asis

+@item @code{docker-cli} (default: @code{docker-cli}) (type: package)

+The Docker cli package installed to the Home profile.

+

+@item @code{creds-store} (type: maybe-string)

+A native secrets store used to store Docker credentials.

+

+@item @code{cli-plugins} (default: @code{()}) (type: list-of-docker-cli-plugins)

+A list of Docker cli plugin package records that will be configured to

+work with Docker's cli.

+

+@item @code{extra-content} (default: @code{""}) (type: string)

+Additional literal content that will be appended to Docker cli

+config.json.

+

+@end table

+

+@end deftp

+

+

+@c %end of fragment

+

+++ b/gnu/home/services/containers.scm

+;;; GNU Guix --- Functional package management for GNU

+;;; Copyright © 2024 Giacomo Leidi <goodoldpaul@autistici.org>

+;;;

+;;; This file is part of GNU Guix.

+;;;

+;;; GNU Guix is free software; you can redistribute it and/or modify

+;;; it under the terms of the GNU General Public License as published by

+;;; the Free Software Foundation, either version 3 of the License, or

+;;; (at your option) any later version.

+;;;

+;;; GNU Guix is distributed in the hope that it will be useful,

+;;; but WITHOUT ANY WARRANTY; without even the implied warranty of

+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

+;;; GNU General Public License for more details.

+;;;

+;;; You should have received a copy of the GNU General Public License

+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.

+

+(define-module (gnu home services containers)

+ #:use-module (guix gexp)

+ #:use-module (guix packages)

+ #:use-module (gnu packages docker)

+ #:use-module (gnu services configuration)

+ #:use-module (gnu home services)

+ #:use-module (ice-9 match)

+ #:use-module (ice-9 string-fun)

+ #:export (docker-cli-configuration

+ docker-cli-configuration?

+ docker-cli-configuration-fields

+ docker-cli-configuration-docker-cli

+ docker-cli-configuration-creds-store

+ docker-cli-configuration-cli-plugins

+

+ home-docker-cli-service-type

+ home-docker-cli-configuration-file

+ docker-cli-configuration->json-fields))

+

+;; Turn field names, which are Scheme symbols into strings

+;; cli-plugins-extra-dirs -> cliPluginsExtraDirs

+(define (format-name name)

+ (define without-dashes (string-replace-substring (symbol->string name) "-" " "))

+ (define splitted (string-split without-dashes #\space))

+ (string-replace-substring

+ (apply string-append

+ `(,(car splitted)

+ ,@(map string-capitalize (cdr splitted))))

+ " " ""))

+

+(define (serialize-json-value name value)

+ #~(begin

+ (use-modules (ice-9 format))

+ (format #f "\"~a\": ~a" #$(format-name name) #$value)))

+

+(define (serialize-json-list values)

+ #~(string-append "["

+ (string-join

+ (map (lambda (s) (string-append "\"" s "\""))

+ (list #$@values))

+ ", ")

+ "]"))

+

+(define (serialize-string field-name value)

+ (serialize-json-value field-name (string-append "\"" value "\"")))

+

+(define (serialize-maybe-string field-name value)

+ (if (maybe-value-set? value)

+ (serialize-string field-name value)

+ '()))

+

+(define (serialize-list-of-strings field-name value)

+ (serialize-json-value field-name (serialize-json-list value)))

+

+(define (serialize-list-of-docker-cli-plugins value)

+ (serialize-json-value 'cli-plugins-extra-dirs

+ (serialize-json-list

+ (map (lambda (p)

+ (file-append p "/libexec/docker/cli-plugins"))

+ value))))

+

+(define list-of-strings?

+ (list-of string?))

+

+(define list-of-docker-cli-plugins?

+ (list-of package?))

+

+(define-maybe string)

+

+(define-configuration/no-serialization docker-cli-configuration

+ (docker-cli

+ (package docker-cli)

+ "The Docker cli package installed to the Home profile.")

+ (creds-store

+ (maybe-string)

+ "A native secrets store used to store Docker credentials.")

+ (cli-plugins

+ (list-of-docker-cli-plugins '())

+ "A list of Docker cli plugin package records that will be configured to work with Docker's cli.")

+ (extra-content

+ (string "")

+ "Additional literal content that will be appended to Docker cli config.json."))

+

+(define docker-cli-configuration->json-fields

+ (lambda (config)

+ (filter (compose not (lambda (f) (or (null? f) (and (string? f) (string-null? f)))))

+ (map (lambda (f)

+ (let ((field-name (configuration-field-name f))

+ (type (configuration-field-type f))

+ (value ((configuration-field-getter f) config)))

+ (if (not (member field-name '(docker-cli extra-content)))

+ (match type

+ ('string

+ (serialize-string field-name value))

+ ('maybe-string

+ (serialize-maybe-string field-name value))

+ ('list-of-strings

+ (serialize-list-of-strings field-name value))

+ ('list-of-docker-cli-plugins

+ (serialize-list-of-docker-cli-plugins value))

+ (_

+ (raise

+ (formatted-message

+ (G_ "Unknown docker-cli-configuration field type: ~a")

+ type))))

+ '())))

+ docker-cli-configuration-fields))))

+

+(define (home-docker-cli-configuration-file config)

+ `((".docker/config.json"

+ ,(computed-file "docker-cli-config.json"

+ #~(with-output-to-file #$output

+ (lambda _

+ (display

+ (string-append "{"

+ (string-join (list #$@(docker-cli-configuration->json-fields config)) ",")

+ #$(docker-cli-configuration-extra-content config)

+ "}\n"))))))))

+

+(define home-docker-cli-service-type

+ (service-type (name 'docker-cli)

+ (extensions (list (service-extension home-profile-service-type

+ (lambda (config)

+ `(,(docker-cli-configuration-docker-cli config)

+ ,@(docker-cli-configuration-cli-plugins config))))

+ (service-extension home-files-service-type

+ home-docker-cli-configuration-file)))

+ (default-value (docker-cli-configuration))

+ (description

+ "This service install and configures Docker's command line interface.")))

+++ b/gnu/local.mk

+ %D%/home/services/containers.scm \