-- Hoogle documentation, generated by Haddock
-- See Hoogle, http://www.haskell.org/hoogle/
-- | A container wrapper
--
-- Podenv provides a declarative interface to manage containerized
-- applications. . Using rootless containers, podenv let you run
-- applications seamlessly. .
@package podenv
@version 0.2.0
-- | This module defines Haskell data types and lenses for the podenv dhall
-- schemas.
module Podenv.Dhall
-- | The hub submodule commit, this is only used for the PODENV environment
-- value
hubCommit :: Expr Void Void
-- | Embed static dhall code
podenvPackage :: Expr Void Void
appType :: Expr Void Void
appDefault :: Expr Void Void
runtimeType :: Expr Void Void
containerBuildDefault :: Expr Void Void
capsDefault :: Expr Void Void
systemConfigDefault :: Expr Void Void
-- | Generate Haskell Types from Dhall Types. See:
-- https://hackage.haskell.org/package/dhall-1.39.0/docs/Dhall-TH.html
data Capabilities
Capabilities :: Bool -> Bool -> Bool -> Bool -> Bool -> Bool -> Bool -> Bool -> Bool -> Bool -> Bool -> Bool -> Bool -> Bool -> Bool -> Bool -> Bool -> Bool -> Bool -> Bool -> Capabilities
[$sel:alsa:Capabilities] :: Capabilities -> Bool
[$sel:cwd:Capabilities] :: Capabilities -> Bool
[$sel:dbus:Capabilities] :: Capabilities -> Bool
[$sel:dri:Capabilities] :: Capabilities -> Bool
[$sel:gpg:Capabilities] :: Capabilities -> Bool
[$sel:hostfile:Capabilities] :: Capabilities -> Bool
[$sel:interactive:Capabilities] :: Capabilities -> Bool
[$sel:kvm:Capabilities] :: Capabilities -> Bool
[$sel:network:Capabilities] :: Capabilities -> Bool
[$sel:pipewire:Capabilities] :: Capabilities -> Bool
[$sel:privileged:Capabilities] :: Capabilities -> Bool
[$sel:pulseaudio:Capabilities] :: Capabilities -> Bool
[$sel:root:Capabilities] :: Capabilities -> Bool
[$sel:rw:Capabilities] :: Capabilities -> Bool
[$sel:ssh:Capabilities] :: Capabilities -> Bool
[$sel:terminal:Capabilities] :: Capabilities -> Bool
[$sel:tun:Capabilities] :: Capabilities -> Bool
[$sel:video:Capabilities] :: Capabilities -> Bool
[$sel:wayland:Capabilities] :: Capabilities -> Bool
[$sel:x11:Capabilities] :: Capabilities -> Bool
data ContainerBuild
ContainerBuild :: Text -> Maybe Text -> Maybe Text -> Maybe Text -> [] Text -> ContainerBuild
[$sel:containerfile:ContainerBuild] :: ContainerBuild -> Text
[$sel:image_home:ContainerBuild] :: ContainerBuild -> Maybe Text
[$sel:image_name:ContainerBuild] :: ContainerBuild -> Maybe Text
[$sel:image_update:ContainerBuild] :: ContainerBuild -> Maybe Text
[$sel:image_volumes:ContainerBuild] :: ContainerBuild -> [] Text
data Flakes
Flakes :: [] Text -> Maybe Text -> Flakes
[$sel:installables:Flakes] :: Flakes -> [] Text
[$sel:nixpkgs:Flakes] :: Flakes -> Maybe Text
data SystemConfig
SystemConfig :: Maybe Text -> Maybe Text -> SystemConfig
[$sel:data_volumes_dir:SystemConfig] :: SystemConfig -> Maybe Text
[$sel:dns:SystemConfig] :: SystemConfig -> Maybe Text
data Runtime
Container :: ContainerBuild -> Runtime
Image :: Text -> Runtime
Nix :: Flakes -> Runtime
Rootfs :: Text -> Runtime
data Application
Application :: Capabilities -> [] Text -> Maybe Text -> [] Text -> Text -> Maybe Text -> Runtime -> [] Text -> [] Text -> Application
[$sel:capabilities:Application] :: Application -> Capabilities
[$sel:command:Application] :: Application -> [] Text
[$sel:description:Application] :: Application -> Maybe Text
[$sel:environ:Application] :: Application -> [] Text
[$sel:name:Application] :: Application -> Text
[$sel:namespace:Application] :: Application -> Maybe Text
[$sel:runtime:Application] :: Application -> Runtime
[$sel:syscaps:Application] :: Application -> [] Text
[$sel:volumes:Application] :: Application -> [] Text
capX11 :: Functor f => (Bool -> f Bool) -> Capabilities -> f Capabilities
capWayland :: Functor f => (Bool -> f Bool) -> Capabilities -> f Capabilities
capVideo :: Functor f => (Bool -> f Bool) -> Capabilities -> f Capabilities
capTun :: Functor f => (Bool -> f Bool) -> Capabilities -> f Capabilities
capTerminal :: Functor f => (Bool -> f Bool) -> Capabilities -> f Capabilities
capSsh :: Functor f => (Bool -> f Bool) -> Capabilities -> f Capabilities
capRw :: Functor f => (Bool -> f Bool) -> Capabilities -> f Capabilities
capRoot :: Functor f => (Bool -> f Bool) -> Capabilities -> f Capabilities
capPulseaudio :: Functor f => (Bool -> f Bool) -> Capabilities -> f Capabilities
capPrivileged :: Functor f => (Bool -> f Bool) -> Capabilities -> f Capabilities
capPipewire :: Functor f => (Bool -> f Bool) -> Capabilities -> f Capabilities
capNetwork :: Functor f => (Bool -> f Bool) -> Capabilities -> f Capabilities
capKvm :: Functor f => (Bool -> f Bool) -> Capabilities -> f Capabilities
capInteractive :: Functor f => (Bool -> f Bool) -> Capabilities -> f Capabilities
capHostfile :: Functor f => (Bool -> f Bool) -> Capabilities -> f Capabilities
capGpg :: Functor f => (Bool -> f Bool) -> Capabilities -> f Capabilities
capDri :: Functor f => (Bool -> f Bool) -> Capabilities -> f Capabilities
capDbus :: Functor f => (Bool -> f Bool) -> Capabilities -> f Capabilities
capCwd :: Functor f => (Bool -> f Bool) -> Capabilities -> f Capabilities
capAlsa :: Functor f => (Bool -> f Bool) -> Capabilities -> f Capabilities
appVolumes :: Functor f => ([Text] -> f [Text]) -> Application -> f Application
appSyscaps :: Functor f => ([Text] -> f [Text]) -> Application -> f Application
appRuntime :: Functor f => (Runtime -> f Runtime) -> Application -> f Application
appNamespace :: Functor f => (Maybe Text -> f (Maybe Text)) -> Application -> f Application
appName :: Functor f => (Text -> f Text) -> Application -> f Application
appEnviron :: Functor f => ([Text] -> f [Text]) -> Application -> f Application
appDescription :: Functor f => (Maybe Text -> f (Maybe Text)) -> Application -> f Application
appCommand :: Functor f => ([Text] -> f [Text]) -> Application -> f Application
appCapabilities :: Functor f => (Capabilities -> f Capabilities) -> Application -> f Application
cbImage_volumes :: Functor f => ([Text] -> f [Text]) -> ContainerBuild -> f ContainerBuild
cbImage_update :: Functor f => (Maybe Text -> f (Maybe Text)) -> ContainerBuild -> f ContainerBuild
cbImage_name :: Functor f => (Maybe Text -> f (Maybe Text)) -> ContainerBuild -> f ContainerBuild
cbImage_home :: Functor f => (Maybe Text -> f (Maybe Text)) -> ContainerBuild -> f ContainerBuild
cbContainerfile :: Functor f => (Text -> f Text) -> ContainerBuild -> f ContainerBuild
sysDns :: Functor f => (Maybe Text -> f (Maybe Text)) -> SystemConfig -> f SystemConfig
sysData_volumes_dir :: Functor f => (Maybe Text -> f (Maybe Text)) -> SystemConfig -> f SystemConfig
instance GHC.Show.Show Podenv.Dhall.SystemConfig
instance GHC.Classes.Eq Podenv.Dhall.SystemConfig
instance GHC.Show.Show Podenv.Dhall.Runtime
instance GHC.Classes.Eq Podenv.Dhall.Runtime
instance GHC.Show.Show Podenv.Dhall.ContainerBuild
instance GHC.Classes.Eq Podenv.Dhall.ContainerBuild
instance GHC.Show.Show Podenv.Dhall.Flakes
instance GHC.Classes.Eq Podenv.Dhall.Flakes
instance GHC.Show.Show Podenv.Dhall.Capabilities
instance GHC.Classes.Eq Podenv.Dhall.Capabilities
instance GHC.Show.Show Podenv.Dhall.Application
instance GHC.Classes.Eq Podenv.Dhall.Application
instance GHC.Generics.Generic Podenv.Dhall.Capabilities
instance GHC.Generics.Generic Podenv.Dhall.ContainerBuild
instance GHC.Generics.Generic Podenv.Dhall.Flakes
instance GHC.Generics.Generic Podenv.Dhall.SystemConfig
instance GHC.Generics.Generic Podenv.Dhall.Runtime
instance GHC.Generics.Generic Podenv.Dhall.Application
instance Dhall.Marshal.Decode.FromDhall Podenv.Dhall.Application
instance Dhall.Marshal.Encode.ToDhall Podenv.Dhall.Application
instance Dhall.Marshal.Decode.FromDhall Podenv.Dhall.Runtime
instance Dhall.Marshal.Encode.ToDhall Podenv.Dhall.Runtime
instance Dhall.Marshal.Decode.FromDhall Podenv.Dhall.SystemConfig
instance Dhall.Marshal.Encode.ToDhall Podenv.Dhall.SystemConfig
instance Dhall.Marshal.Decode.FromDhall Podenv.Dhall.Flakes
instance Dhall.Marshal.Encode.ToDhall Podenv.Dhall.Flakes
instance Dhall.Marshal.Decode.FromDhall Podenv.Dhall.ContainerBuild
instance Dhall.Marshal.Encode.ToDhall Podenv.Dhall.ContainerBuild
instance Dhall.Marshal.Decode.FromDhall Podenv.Dhall.Capabilities
instance Dhall.Marshal.Encode.ToDhall Podenv.Dhall.Capabilities
-- | Common functions
module Podenv.Prelude
-- | The foldM function is analogous to foldl, except that
-- its result is encapsulated in a monad. Note that foldM works
-- from left-to-right over the list arguments. This could be an issue
-- where (>>) and the `folded function' are not
-- commutative.
--
--
-- foldM f a1 [x1, x2, ..., xm]
--
-- ==
--
-- do
-- a2 <- f a1 x1
-- a3 <- f a2 x2
-- ...
-- f am xm
--
--
-- If right-to-left evaluation is required, the input list should be
-- reversed.
--
-- Note: foldM is the same as foldlM
foldM :: (Foldable t, Monad m) => (b -> a -> m b) -> b -> t a -> m b
-- | <math>. lookup key assocs looks up a key in an
-- association list.
--
--
-- >>> lookup 2 [(1, "first"), (2, "second"), (3, "third")]
-- Just "second"
--
lookup :: Eq a => a -> [(a, b)] -> Maybe b
-- | Computation getEnv var returns the value of the
-- environment variable var. For the inverse, the setEnv
-- function can be used.
--
-- This computation may fail with:
--
--
getEnv :: String -> IO String
orDie :: Maybe a -> Text -> Either Text a
mayFail :: Either Text a -> IO a
readFileM :: FilePath -> IO Text
-- | The same as hPutStr, but adds a newline character.
hPutStrLn :: Handle -> String -> IO ()
-- | Returns the absolute pathname of the current executable.
--
-- Note that for scripts and interactive sessions, this is the path to
-- the interpreter (e.g. ghci.)
--
-- Since base 4.11.0.0, getExecutablePath resolves symlinks on
-- Windows. If an executable is launched through a symlink,
-- getExecutablePath returns the absolute path of the original
-- executable.
getExecutablePath :: IO FilePath
getCacheDir :: IO FilePath
getConfigDir :: IO FilePath
getDataDir :: IO FilePath
-- | createDirectoryIfMissing parents dir creates a new
-- directory dir if it doesn't exist. If the first argument is
-- True the function will also create all parent directories if
-- they are missing.
createDirectoryIfMissing :: Bool -> FilePath -> IO ()
-- | Obtain the current working directory as an absolute path.
--
-- In a multithreaded program, the current working directory is a global
-- state shared among all threads of the process. Therefore, when
-- performing filesystem operations from multiple threads, it is highly
-- recommended to use absolute rather than relative paths (see:
-- makeAbsolute).
--
-- The operation may fail with:
--
--
-- - HardwareFault A physical I/O error has occurred.
-- [EIO]
-- - isDoesNotExistError There is no path referring to the
-- working directory. [EPERM, ENOENT, ESTALE...]
-- - isPermissionError The process has insufficient privileges
-- to perform the operation. [EACCES]
-- - isFullError Insufficient resources are available to perform
-- the operation.
-- - UnsupportedOperation The operating system has no notion
-- of current working directory.
--
getCurrentDirectory :: IO FilePath
-- | The operation doesFileExist returns True if the argument
-- file exists and is not a directory, and False otherwise.
doesFileExist :: FilePath -> IO Bool
-- | Test whether the given path points to an existing filesystem object.
-- If the user lacks necessary permissions to search the parent
-- directories, this function may return false even if the file does
-- actually exist.
doesPathExist :: FilePath -> IO Bool
doesSymlinkExist :: FilePath -> IO Bool
-- | Check whether an existing path is a symbolic link. If
-- path is a regular file or directory, False is
-- returned. If path does not exist or is otherwise
-- inaccessible, an exception is thrown (see below).
--
-- On Windows, this checks for FILE_ATTRIBUTE_REPARSE_POINT. In
-- addition to symbolic links, the function also returns true on junction
-- points. On POSIX systems, this checks for S_IFLNK.
--
-- The operation may fail with:
--
--
pathIsSymbolicLink :: FilePath -> IO Bool
-- | Given the name or path of an executable file, findExecutable
-- searches for such a file in a list of system-defined locations, which
-- generally includes PATH and possibly more. The full path to
-- the executable is returned if found. For example, (findExecutable
-- "ghc") would normally give you the path to GHC.
--
-- The path returned by findExecutable name corresponds
-- to the program that would be executed by createProcess
-- when passed the same string (as a RawCommand, not a
-- ShellCommand), provided that name is not a relative
-- path with more than one segment.
--
-- On Windows, findExecutable calls the Win32 function
-- SearchPath, which may search other places before
-- checking the directories in the PATH environment variable.
-- Where it actually searches depends on registry settings, but notably
-- includes the directory containing the current executable.
--
-- On non-Windows platforms, the behavior is equivalent to
-- findFileWith using the search directories from the
-- PATH environment variable and testing each file for
-- executable permissions. Details can be found in the documentation of
-- findFileWith.
findExecutable :: String -> IO (Maybe FilePath)
-- | Combine two paths with a path separator. If the second path starts
-- with a path separator or a drive letter, then it returns the second.
-- The intention is that readFile (dir </> file)
-- will access the same file as setCurrentDirectory dir; readFile
-- file.
--
--
-- Posix: "/directory" </> "file.ext" == "/directory/file.ext"
-- Windows: "/directory" </> "file.ext" == "/directory\\file.ext"
-- "directory" </> "/file.ext" == "/file.ext"
-- Valid x => (takeDirectory x </> takeFileName x) `equalFilePath` x
--
--
-- Combined:
--
--
-- Posix: "/" </> "test" == "/test"
-- Posix: "home" </> "bob" == "home/bob"
-- Posix: "x:" </> "foo" == "x:/foo"
-- Windows: "C:\\foo" </> "bar" == "C:\\foo\\bar"
-- Windows: "home" </> "bob" == "home\\bob"
--
--
-- Not combined:
--
--
-- Posix: "home" </> "/bob" == "/bob"
-- Windows: "home" </> "C:\\bob" == "C:\\bob"
--
--
-- Not combined (tricky):
--
-- On Windows, if a filepath starts with a single slash, it is relative
-- to the root of the current drive. In [1], this is (confusingly)
-- referred to as an absolute path. The current behavior of
-- </> is to never combine these forms.
--
--
-- Windows: "home" </> "/bob" == "/bob"
-- Windows: "home" </> "\\bob" == "\\bob"
-- Windows: "C:\\home" </> "\\bob" == "\\bob"
--
--
-- On Windows, from [1]: "If a file name begins with only a disk
-- designator but not the backslash after the colon, it is interpreted as
-- a relative path to the current directory on the drive with the
-- specified letter." The current behavior of </> is to
-- never combine these forms.
--
--
-- Windows: "D:\\foo" </> "C:bar" == "C:bar"
-- Windows: "C:\\foo" </> "C:bar" == "C:bar"
--
() :: FilePath -> FilePath -> FilePath
infixr 5
-- | Get the file name.
--
--
-- takeFileName "/directory/file.ext" == "file.ext"
-- takeFileName "test/" == ""
-- takeFileName x `isSuffixOf` x
-- takeFileName x == snd (splitFileName x)
-- Valid x => takeFileName (replaceFileName x "fred") == "fred"
-- Valid x => takeFileName (x </> "fred") == "fred"
-- Valid x => isRelative (takeFileName x)
--
takeFileName :: FilePath -> FilePath
-- | Get the directory name, move up one level.
--
--
-- takeDirectory "/directory/other.ext" == "/directory"
-- takeDirectory x `isPrefixOf` x || takeDirectory x == "."
-- takeDirectory "foo" == "."
-- takeDirectory "/" == "/"
-- takeDirectory "/foo" == "/"
-- takeDirectory "/foo/bar/baz" == "/foo/bar"
-- takeDirectory "/foo/bar/baz/" == "/foo/bar/baz"
-- takeDirectory "foo/bar/baz" == "foo/bar"
-- Windows: takeDirectory "foo\\bar" == "foo"
-- Windows: takeDirectory "foo\\bar\\\\" == "foo\\bar"
-- Windows: takeDirectory "C:\\" == "C:\\"
--
takeDirectory :: FilePath -> FilePath
-- | Is an item either a directory or the last character a path separator?
--
--
-- hasTrailingPathSeparator "test" == False
-- hasTrailingPathSeparator "test/" == True
--
hasTrailingPathSeparator :: FilePath -> Bool
-- | listDirectory dir returns a list of all entries
-- in dir without the special entries (. and
-- ..).
--
-- The operation may fail with:
--
--
-- - HardwareFault A physical I/O error has occurred.
-- [EIO]
-- - InvalidArgument The operand is not a valid directory
-- name. [ENAMETOOLONG, ELOOP]
-- - isDoesNotExistError The directory does not exist.
-- [ENOENT, ENOTDIR]
-- - isPermissionError The process has insufficient privileges
-- to perform the operation. [EACCES]
-- - isFullError Insufficient resources are available to perform
-- the operation. [EMFILE, ENFILE]
-- - InappropriateType The path refers to an existing
-- non-directory object. [ENOTDIR]
--
listDirectory :: FilePath -> IO [FilePath]
type UserID = CUid
-- | getRealUserID calls getuid to obtain the real
-- UserID associated with the current process.
getRealUserID :: IO UserID
-- | The monomorphic lenses which don't change the type of the container
-- (or of the value inside). It has a Functor constraint, and
-- since both Const and Identity are functors, it can be
-- used whenever a getter or a setter is needed.
--
--
-- - a is the type of the value inside of structure
-- - s is the type of the whole structure
--
type Lens' s a = forall (f :: Type -> Type). Functor f => a -> f a -> s -> f s
-- |
-- (^.) :: s -> Getter s t a b -> a
--
--
-- Access the value referenced by a getter or lens.
--
--
-- (^.) :: Monoid a => s -> Fold s t a b -> a
--
--
-- Access the monoidal summary referenced by a traversal or a fold.
(^.) :: s -> FoldLike a s t a b -> a
infixl 8 ^.
-- | Set all referenced fields to the given value.
(.~) :: ASetter s t a b -> b -> s -> t
infixr 4 .~
(?~) :: ASetter s t a (Maybe b) -> b -> s -> t
-- | Modify all referenced fields.
(%~) :: ASetter s t a b -> (a -> b) -> s -> t
infixr 4 %~
setWhenNothing :: ASetter s t (Maybe b) (Maybe b) -> b -> s -> t
-- | The platform environment
module Podenv.Env
data AppEnv
AppEnv :: Maybe FilePath -> Maybe FilePath -> FilePath -> UserID -> Maybe FilePath -> (FilePath -> IO (Maybe FilePath)) -> AppEnv
[_hostXdgRunDir] :: AppEnv -> Maybe FilePath
[_hostHomeDir] :: AppEnv -> Maybe FilePath
[_hostCwd] :: AppEnv -> FilePath
[_hostUid] :: AppEnv -> UserID
[_appHomeDir] :: AppEnv -> Maybe FilePath
[_rootfsHome] :: AppEnv -> FilePath -> IO (Maybe FilePath)
rootfsHome :: Functor f => ((FilePath -> IO (Maybe FilePath)) -> f (FilePath -> IO (Maybe FilePath))) -> AppEnv -> f AppEnv
appHomeDir :: Functor f => (Maybe FilePath -> f (Maybe FilePath)) -> AppEnv -> f AppEnv
hostUid :: Functor f => (UserID -> f UserID) -> AppEnv -> f AppEnv
hostCwd :: Functor f => (FilePath -> f FilePath) -> AppEnv -> f AppEnv
hostHomeDir :: Functor f => (Maybe FilePath -> f (Maybe FilePath)) -> AppEnv -> f AppEnv
hostXdgRunDir :: Functor f => (Maybe FilePath -> f (Maybe FilePath)) -> AppEnv -> f AppEnv
type AppEnvT a = ReaderT AppEnv IO a
-- | Get the current uid home path in the rootfs
getRootfsHome :: UserID -> Maybe FilePath -> FilePath -> IO (Maybe FilePath)
new :: IO AppEnv
-- | Runtime Context data types and lenses
module Podenv.Context
newtype ImageName
ImageName :: Text -> ImageName
[$sel:unImageName:ImageName] :: ImageName -> Text
data RuntimeContext
Container :: ImageName -> RuntimeContext
Bubblewrap :: FilePath -> RuntimeContext
data Mode
RO :: Mode
RW :: Mode
data VolumeType
HostPath :: FilePath -> VolumeType
TmpFS :: VolumeType
Volume :: Text -> VolumeType
data Volume
MkVolume :: Mode -> VolumeType -> Volume
data RunAs
RunAsRoot :: RunAs
RunAsHostUID :: RunAs
RunAsAnyUID :: RunAs
data Port
PortTcp :: Natural -> Port
PortUdp :: Natural -> Port
newtype Name
Name :: Text -> Name
[$sel:unName:Name] :: Name -> Text
-- | The application context to be executed by podman or kubectl
data Context
Context :: Name -> Maybe Text -> RuntimeContext -> Bool -> [Port] -> Maybe RunAs -> Bool -> UserID -> UserID -> [Text] -> Maybe FilePath -> Map Text Text -> Map FilePath Volume -> Set Capability -> Bool -> Set FilePath -> Maybe Text -> Bool -> Bool -> Bool -> Context
-- | identifier
[$sel:_name:Context] :: Context -> Name
[$sel:_namespace:Context] :: Context -> Maybe Text
-- | container image name
[$sel:_runtimeCtx:Context] :: Context -> RuntimeContext
-- | network namespace name
[$sel:_network:Context] :: Context -> Bool
[$sel:_ports:Context] :: Context -> [Port]
[$sel:_runAs:Context] :: Context -> Maybe RunAs
[$sel:_selinux:Context] :: Context -> Bool
-- | the unique uid for this container
[$sel:_anyUid:Context] :: Context -> UserID
-- | host uid
[$sel:_uid:Context] :: Context -> UserID
-- | container command
[$sel:_command:Context] :: Context -> [Text]
[$sel:_workdir:Context] :: Context -> Maybe FilePath
-- | container env
[$sel:_environ:Context] :: Context -> Map Text Text
-- | container volumes
[$sel:_mounts:Context] :: Context -> Map FilePath Volume
[$sel:_syscaps:Context] :: Context -> Set Capability
[$sel:_ro:Context] :: Context -> Bool
-- | container devices
[$sel:_devices:Context] :: Context -> Set FilePath
[$sel:_hostname:Context] :: Context -> Maybe Text
[$sel:_interactive:Context] :: Context -> Bool
[$sel:_terminal:Context] :: Context -> Bool
[$sel:_privileged:Context] :: Context -> Bool
privileged :: Functor f => (Bool -> f Bool) -> Context -> f Context
terminal :: Functor f => (Bool -> f Bool) -> Context -> f Context
interactive :: Functor f => (Bool -> f Bool) -> Context -> f Context
hostname :: Functor f => (Maybe Text -> f (Maybe Text)) -> Context -> f Context
devices :: Functor f => (Set FilePath -> f (Set FilePath)) -> Context -> f Context
ro :: Functor f => (Bool -> f Bool) -> Context -> f Context
syscaps :: Functor f => (Set Capability -> f (Set Capability)) -> Context -> f Context
mounts :: Functor f => (Map FilePath Volume -> f (Map FilePath Volume)) -> Context -> f Context
environ :: Functor f => (Map Text Text -> f (Map Text Text)) -> Context -> f Context
workdir :: Functor f => (Maybe FilePath -> f (Maybe FilePath)) -> Context -> f Context
command :: Functor f => ([Text] -> f [Text]) -> Context -> f Context
uid :: Functor f => (UserID -> f UserID) -> Context -> f Context
anyUid :: Functor f => (UserID -> f UserID) -> Context -> f Context
selinux :: Functor f => (Bool -> f Bool) -> Context -> f Context
runAs :: Functor f => (Maybe RunAs -> f (Maybe RunAs)) -> Context -> f Context
ports :: Functor f => ([Port] -> f [Port]) -> Context -> f Context
network :: Functor f => (Bool -> f Bool) -> Context -> f Context
runtimeCtx :: Functor f => (RuntimeContext -> f RuntimeContext) -> Context -> f Context
namespace :: Functor f => (Maybe Text -> f (Maybe Text)) -> Context -> f Context
name :: Functor f => (Name -> f Name) -> Context -> f Context
defaultContext :: Name -> RuntimeContext -> Context
rwHostPath :: FilePath -> Volume
roHostPath :: FilePath -> Volume
tmpfs :: Volume
addEnv :: Text -> Text -> Context -> Context
addMount :: FilePath -> Volume -> Context -> Context
directMount :: FilePath -> Context -> Context
addDevice :: FilePath -> Context -> Context
instance GHC.Show.Show Podenv.Context.ImageName
instance GHC.Show.Show Podenv.Context.RuntimeContext
instance GHC.Show.Show Podenv.Context.Mode
instance GHC.Show.Show Podenv.Context.VolumeType
instance GHC.Show.Show Podenv.Context.Volume
instance GHC.Show.Show Podenv.Context.RunAs
instance GHC.Show.Show Podenv.Context.Port
instance GHC.Show.Show Podenv.Context.Name
instance GHC.Show.Show Podenv.Context.Context
-- | This module contains the logic to load the dhall configuration
module Podenv.Config
-- | Config load entrypoint
load :: Maybe Text -> Maybe Text -> IO Config
-- | Pure config load
decodeExpr :: DhallExpr -> Config
-- | Select the application, returning the unused cli args.
select :: Config -> [Text] -> Either Text ([Text], Application)
data Config
-- | A standalone application, e.g. defaultSelector
ConfigDefault :: ApplicationRecord -> Config
-- | A single application
ConfigApplication :: Atom -> Config
-- | A collection of applications
ConfigApplications :: [(Text, Atom)] -> Config
data Atom
-- | A literal application
Lit :: ApplicationRecord -> Atom
-- | A paremeterized application
LamArg :: ArgName -> (Text -> ApplicationRecord) -> Atom
LamArg2 :: ArgName -> ArgName -> (Text -> Text -> ApplicationRecord) -> Atom
-- | A functional application
LamApp :: (Application -> ApplicationRecord) -> Atom
-- | A wrapper around the true Application type to manage weakly typed
-- configuration (e.g. so that `{ runtime.image = "ubi8" }` can be
-- manually decoded)
newtype ApplicationRecord
ApplicationRecord :: Application -> ApplicationRecord
[unRecord] :: ApplicationRecord -> Application
defaultConfigPath :: Text
-- | The default app
defaultApp :: Application
loadSystem :: IO SystemConfig
-- | The default system config
defaultSystemConfig :: SystemConfig
podenvImportTxt :: Text
instance GHC.Show.Show Podenv.Config.ArgName
instance Dhall.Marshal.Decode.FromDhall Podenv.Config.ApplicationRecord
-- | This module contains the podman/bubblewrap context wrapper
module Podenv.Runtime
execute :: RuntimeEnv -> Context -> IO ()
showRuntimeCmd :: RuntimeEnv -> Context -> Text
getPodmanPodStatus :: MonadIO m => Name -> m PodmanStatus
deletePodmanPod :: MonadIO m => Name -> m ()
podman :: [String] -> ProcessConfig () () ()
podmanRunArgs :: RuntimeEnv -> Context -> ImageName -> [String]
bwrap :: [String] -> ProcessConfig () () ()
bwrapRunArgs :: RuntimeEnv -> Context -> FilePath -> [String]
data RuntimeEnv
RuntimeEnv :: Bool -> Bool -> SystemConfig -> [Text] -> FilePath -> RuntimeEnv
[$sel:verbose:RuntimeEnv] :: RuntimeEnv -> Bool
[$sel:detach:RuntimeEnv] :: RuntimeEnv -> Bool
[$sel:system:RuntimeEnv] :: RuntimeEnv -> SystemConfig
-- | The app argument provided on the command line
[$sel:extraArgs:RuntimeEnv] :: RuntimeEnv -> [Text]
-- | The host location of the volumes directory, default to
-- ~.localsharepodenvvolumes
[$sel:volumesDir:RuntimeEnv] :: RuntimeEnv -> FilePath
defaultRuntimeEnv :: FilePath -> RuntimeEnv
instance GHC.Show.Show Podenv.Runtime.RuntimeEnv
instance GHC.Classes.Eq Podenv.Runtime.PodmanStatus
instance GHC.Show.Show Podenv.Runtime.PodmanStatus
-- | This modules contains logic to perform application runtime build
module Podenv.Build
-- | Create the build env
prepare :: RuntimeEnv -> Application -> IO (BuildEnv, Application)
-- | A build env contains action to be performed before preparation and
-- execution
data BuildEnv
BuildEnv :: Text -> (AppRunner -> IO ()) -> (AppRunner -> IO ()) -> BuildEnv
[beInfos] :: BuildEnv -> Text
-- | Builds the runtime
[beEnsure] :: BuildEnv -> AppRunner -> IO ()
-- | Updates the runtime
[beUpdate] :: BuildEnv -> AppRunner -> IO ()
containerBuildRuntime :: ContainerBuild -> RuntimeContext
-- | Nix runtime re-use the host root filesystem, prepareNix added the
-- nix-store volume.
nixRuntime :: RuntimeContext
-- | This module contains the capability logic. The goal is to convert an
-- Application into a Context
--
-- This module performs read-only IO
module Podenv.Application
-- | Converts an Application into a Context
prepare :: Mode -> Application -> Name -> IO Context
preparePure :: Mode -> AppEnv -> Application -> Name -> IO Context
-- | The main list of capabilities
capsAll :: [Cap]
-- | CapInfo describes a capability and how it modify the runtime context
data Cap
Cap :: Text -> Text -> Lens' Capabilities Bool -> (Context -> AppEnvT Context) -> Cap
[$sel:capName:Cap] :: Cap -> Text
[$sel:capDescription:Cap] :: Cap -> Text
-- | How to get the capability value from the user provided record:
[$sel:capLens:Cap] :: Cap -> Lens' Capabilities Bool
-- | How the capability change the context:
[$sel:capSet:Cap] :: Cap -> Context -> AppEnvT Context
data Mode
Regular :: Mode
Shell :: Mode
-- | The podenv library entry point
module Podenv
data Application
Application :: Capabilities -> [] Text -> Maybe Text -> [] Text -> Text -> Maybe Text -> Runtime -> [] Text -> [] Text -> Application
[$sel:capabilities:Application] :: Application -> Capabilities
[$sel:command:Application] :: Application -> [] Text
[$sel:description:Application] :: Application -> Maybe Text
[$sel:environ:Application] :: Application -> [] Text
[$sel:name:Application] :: Application -> Text
[$sel:namespace:Application] :: Application -> Maybe Text
[$sel:runtime:Application] :: Application -> Runtime
[$sel:syscaps:Application] :: Application -> [] Text
[$sel:volumes:Application] :: Application -> [] Text
-- | Generate Haskell Types from Dhall Types. See:
-- https://hackage.haskell.org/package/dhall-1.39.0/docs/Dhall-TH.html
data Capabilities
Capabilities :: Bool -> Bool -> Bool -> Bool -> Bool -> Bool -> Bool -> Bool -> Bool -> Bool -> Bool -> Bool -> Bool -> Bool -> Bool -> Bool -> Bool -> Bool -> Bool -> Bool -> Capabilities
[$sel:alsa:Capabilities] :: Capabilities -> Bool
[$sel:cwd:Capabilities] :: Capabilities -> Bool
[$sel:dbus:Capabilities] :: Capabilities -> Bool
[$sel:dri:Capabilities] :: Capabilities -> Bool
[$sel:gpg:Capabilities] :: Capabilities -> Bool
[$sel:hostfile:Capabilities] :: Capabilities -> Bool
[$sel:interactive:Capabilities] :: Capabilities -> Bool
[$sel:kvm:Capabilities] :: Capabilities -> Bool
[$sel:network:Capabilities] :: Capabilities -> Bool
[$sel:pipewire:Capabilities] :: Capabilities -> Bool
[$sel:privileged:Capabilities] :: Capabilities -> Bool
[$sel:pulseaudio:Capabilities] :: Capabilities -> Bool
[$sel:root:Capabilities] :: Capabilities -> Bool
[$sel:rw:Capabilities] :: Capabilities -> Bool
[$sel:ssh:Capabilities] :: Capabilities -> Bool
[$sel:terminal:Capabilities] :: Capabilities -> Bool
[$sel:tun:Capabilities] :: Capabilities -> Bool
[$sel:video:Capabilities] :: Capabilities -> Bool
[$sel:wayland:Capabilities] :: Capabilities -> Bool
[$sel:x11:Capabilities] :: Capabilities -> Bool
loadConfig :: Text -> IO Config
-- | Pure config load
decodeExpr :: DhallExpr -> Config
-- | Select the application, returning the unused cli args.
select :: Config -> [Text] -> Either Text ([Text], Application)
appToContext :: AppEnv -> Application -> Name -> IO Context
data RuntimeEnv
RuntimeEnv :: Bool -> Bool -> SystemConfig -> [Text] -> FilePath -> RuntimeEnv
[$sel:verbose:RuntimeEnv] :: RuntimeEnv -> Bool
[$sel:detach:RuntimeEnv] :: RuntimeEnv -> Bool
[$sel:system:RuntimeEnv] :: RuntimeEnv -> SystemConfig
-- | The app argument provided on the command line
[$sel:extraArgs:RuntimeEnv] :: RuntimeEnv -> [Text]
-- | The host location of the volumes directory, default to
-- ~.localsharepodenvvolumes
[$sel:volumesDir:RuntimeEnv] :: RuntimeEnv -> FilePath
defaultRuntimeEnv :: FilePath -> RuntimeEnv
execute :: RuntimeEnv -> Context -> IO ()
getPodmanPodStatus :: MonadIO m => Name -> m PodmanStatus
deletePodmanPod :: MonadIO m => Name -> m ()
-- | Podenv version
module Podenv.Version
version :: String
-- | This module contains the podenv CLI entrypoint The workflow is: Main
-- -> Config -> Build -> Application -> Context
--
--
-- - Main: select the app and override with command line arguments
-- - Config: load the configuration and select the application
-- - Build: optional application build
-- - App: convert application and capability into a Context
-- - Runtime: execute with podman or kubernetes
--
module Podenv.Main
-- | podenv entrypoint
main :: IO ()
-- | helper function to run a Application.
runApp :: RuntimeEnv -> Application -> IO ()
usage :: [String] -> IO CLI
-- | Load the config
cliConfigLoad :: CLI -> IO (Application, Mode, Name, RuntimeEnv)
cliInfo :: ParserInfo CLI
-- | Apply the CLI argument to the application
cliPrepare :: CLI -> Application -> Application
data CLI
CLI :: Bool -> Bool -> Bool -> Bool -> Bool -> Maybe Text -> Bool -> Bool -> Bool -> [Capabilities -> Capabilities] -> Bool -> Maybe Text -> Maybe Text -> [Text] -> [Text] -> Maybe Text -> [Text] -> CLI
[listApps] :: CLI -> Bool
[listCaps] :: CLI -> Bool
[showManifest] :: CLI -> Bool
[showDhallEnv] :: CLI -> Bool
[showApplication] :: CLI -> Bool
[configExpr] :: CLI -> Maybe Text
[update] :: CLI -> Bool
[verbose] :: CLI -> Bool
[detach] :: CLI -> Bool
[capsOverride] :: CLI -> [Capabilities -> Capabilities]
[shell] :: CLI -> Bool
[namespace] :: CLI -> Maybe Text
[name] :: CLI -> Maybe Text
[cliEnv] :: CLI -> [Text]
[volumes] :: CLI -> [Text]
[selector] :: CLI -> Maybe Text
[cliExtraArgs] :: CLI -> [Text]