Build all images with nix-snapshotter
This commit is contained in:
parent
ab3a068066
commit
708e6b4336
14 changed files with 125 additions and 184 deletions
|
@ -676,16 +676,16 @@
|
|||
"treefmt-nix": "treefmt-nix_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1734627884,
|
||||
"narHash": "sha256-C1Ih6EgmEmr2D3W0wfeR4/uTwqeyhtnPaWoT8baFmhw=",
|
||||
"lastModified": 1734638453,
|
||||
"narHash": "sha256-eZfU3yMDpRFJ2ZZUXDyOxTQCZ6DgnbpmMmsFjqAhSW8=",
|
||||
"owner": "pizzapim",
|
||||
"repo": "NixNG",
|
||||
"rev": "069d0fe8096fd2306e388e90d936cd3741896b80",
|
||||
"rev": "59039fdc19c743035f3c1bd0f6b5968484c04e19",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "pizzapim",
|
||||
"ref": "specialargs",
|
||||
"ref": "kubernetes",
|
||||
"repo": "NixNG",
|
||||
"type": "github"
|
||||
}
|
||||
|
|
|
@ -41,7 +41,7 @@
|
|||
};
|
||||
|
||||
nixng = {
|
||||
url = "github:pizzapim/NixNG/specialargs";
|
||||
url = "github:pizzapim/NixNG/kubernetes";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
|
|
|
@ -1,57 +0,0 @@
|
|||
{
|
||||
nixpkgs,
|
||||
nglib,
|
||||
...
|
||||
}:
|
||||
nglib.makeSystem {
|
||||
inherit nixpkgs;
|
||||
system = "x86_64-linux";
|
||||
name = "nixng-attic";
|
||||
|
||||
config = {...}: {
|
||||
dinit.enable = true;
|
||||
init.services.attic.shutdownOnExit = true;
|
||||
|
||||
services.attic = {
|
||||
enable = true;
|
||||
|
||||
settings = {
|
||||
# The '+" is to explicitly denote the end of the Vals expression.
|
||||
# This is done because we quote the template for the toml file.
|
||||
# See: https://github.com/helmfile/vals?tab=readme-ov-file#expression-syntax
|
||||
# database.url = "ref+sops://secrets.yml#attic/databaseURL+";
|
||||
database = {};
|
||||
|
||||
storage = {
|
||||
type = "local";
|
||||
path = "/var/lib/atticd/storage";
|
||||
};
|
||||
|
||||
listen = "[::]:8080";
|
||||
|
||||
# Data chunking
|
||||
#
|
||||
# Warning: If you change any of the values here, it will be
|
||||
# difficult to reuse existing chunks for newly-uploaded NARs
|
||||
# since the cutpoints will be different. As a result, the
|
||||
# deduplication ratio will suffer for a while after the change.
|
||||
chunking = {
|
||||
# The minimum NAR size to trigger chunking
|
||||
#
|
||||
# If 0, chunking is disabled entirely for newly-uploaded NARs.
|
||||
# If 1, all NARs are chunked.
|
||||
nar-size-threshold = 64 * 1024; # 64 KiB
|
||||
|
||||
# The preferred minimum size of a chunk, in bytes
|
||||
min-size = 16 * 1024; # 16 KiB
|
||||
|
||||
# The preferred average size of a chunk, in bytes
|
||||
avg-size = 64 * 1024; # 64 KiB
|
||||
|
||||
# The preferred maximum size of a chunk, in bytes
|
||||
max-size = 256 * 1024; # 256 KiB
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,31 +0,0 @@
|
|||
{
|
||||
nglib,
|
||||
nixpkgs,
|
||||
...
|
||||
}:
|
||||
nglib.makeSystem {
|
||||
inherit nixpkgs;
|
||||
system = "x86_64-linux";
|
||||
name = "nixng-ntfy-sh";
|
||||
|
||||
config = {...}: {
|
||||
dinit.enable = true;
|
||||
init.services.ntfy-sh.shutdownOnExit = true;
|
||||
|
||||
services.ntfy-sh = {
|
||||
enable = true;
|
||||
|
||||
settings = {
|
||||
base-url = "https://ntfy.kun.is";
|
||||
cache-file = "/var/cache/ntfy/cache.db";
|
||||
cache-duration = "14d";
|
||||
auth-file = "/var/lib/ntfy/user.db";
|
||||
auth-default-access = "deny-all";
|
||||
attachment-cache-dir = "/var/cache/ntfy-attachments";
|
||||
enable-signup = false;
|
||||
enable-login = true;
|
||||
visitor-subscription-limit = 100;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,58 +0,0 @@
|
|||
{
|
||||
nglib,
|
||||
nixpkgs,
|
||||
...
|
||||
}:
|
||||
nglib.makeSystem
|
||||
(let
|
||||
htpasswd_location = "/radicale_htpasswd";
|
||||
in {
|
||||
inherit nixpkgs;
|
||||
system = "x86_64-linux";
|
||||
name = "nixng-radicale";
|
||||
|
||||
config = {...}: {
|
||||
dinit.enable = true;
|
||||
|
||||
init.services.radicale = {
|
||||
shutdownOnExit = true;
|
||||
|
||||
tmpfiles = with nglib.nottmpfiles.dsl; [
|
||||
(f htpasswd_location "-" "radicale" "radicale" _ "pim:$apr1$GUiTihkS$dDCkaUxFx/O86m6NCy/yQ.")
|
||||
];
|
||||
};
|
||||
|
||||
services.radicale = {
|
||||
enable = true;
|
||||
|
||||
settings = {
|
||||
server = {
|
||||
hosts = "0.0.0.0:5232, [::]:5232";
|
||||
ssl = false;
|
||||
};
|
||||
|
||||
encoding = {
|
||||
request = "utf-8";
|
||||
stock = "utf-8";
|
||||
};
|
||||
|
||||
auth = {
|
||||
realm = "Radicale - Password Required";
|
||||
type = "htpasswd";
|
||||
htpasswd_filename = htpasswd_location;
|
||||
htpasswd_encryption = "md5";
|
||||
};
|
||||
|
||||
rights.type = "owner_only";
|
||||
|
||||
storage = {
|
||||
type = "multifilesystem";
|
||||
filesystem_folder = "/data";
|
||||
};
|
||||
|
||||
logging = {};
|
||||
headers = {};
|
||||
};
|
||||
};
|
||||
};
|
||||
})
|
|
@ -42,7 +42,7 @@
|
|||
|
||||
spec = {
|
||||
containers.attic = {
|
||||
image = utils.nixSnapshotterRef (utils.mkNixNGImage "attic" "${self}/images/attic.nix");
|
||||
image = utils.mkNixNGImage "attic";
|
||||
ports.web.containerPort = 8080;
|
||||
|
||||
env = {
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
metadata.labels.app = "dnsmasq";
|
||||
|
||||
spec.containers.dnsmasq = {
|
||||
image = utils.mkNixNGImage2 "dnsmasq";
|
||||
image = utils.mkNixNGImage "dnsmasq";
|
||||
imagePullPolicy = "Always";
|
||||
|
||||
ports.dns = {
|
||||
|
|
|
@ -2,7 +2,6 @@
|
|||
lib,
|
||||
config,
|
||||
utils,
|
||||
self,
|
||||
...
|
||||
}: {
|
||||
options.ntfy.enable = lib.mkEnableOption "ntfy";
|
||||
|
@ -26,7 +25,7 @@
|
|||
|
||||
spec = {
|
||||
containers.ntfy = {
|
||||
image = utils.nixSnapshotterRef (utils.mkNixNGImage "ntfy-sh" "${self}/images/ntfy-sh.nix");
|
||||
image = utils.mkNixNGImage "ntfy";
|
||||
ports.web.containerPort = 80;
|
||||
env.TZ.value = "Europe/Amsterdam";
|
||||
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
{
|
||||
self,
|
||||
config,
|
||||
utils,
|
||||
lib,
|
||||
|
@ -27,7 +26,7 @@
|
|||
|
||||
spec = {
|
||||
containers.radicale = {
|
||||
image = utils.nixSnapshotterRef (utils.mkNixNGImage "radicale" "${self}/images/radicale.nix");
|
||||
image = utils.mkNixNGImage "radicale";
|
||||
ports.web.containerPort = 5232;
|
||||
imagePullPolicy = "IfNotPresent";
|
||||
|
||||
|
|
46
nixng-configurations/attic.nix
Normal file
46
nixng-configurations/attic.nix
Normal file
|
@ -0,0 +1,46 @@
|
|||
{...}: {
|
||||
dinit.enable = true;
|
||||
init.services.attic.shutdownOnExit = true;
|
||||
|
||||
services.attic = {
|
||||
enable = true;
|
||||
|
||||
settings = {
|
||||
# The '+" is to explicitly denote the end of the Vals expression.
|
||||
# This is done because we quote the template for the toml file.
|
||||
# See: https://github.com/helmfile/vals?tab=readme-ov-file#expression-syntax
|
||||
# database.url = "ref+sops://secrets.yml#attic/databaseURL+";
|
||||
database = {};
|
||||
|
||||
storage = {
|
||||
type = "local";
|
||||
path = "/var/lib/atticd/storage";
|
||||
};
|
||||
|
||||
listen = "[::]:8080";
|
||||
|
||||
# Data chunking
|
||||
#
|
||||
# Warning: If you change any of the values here, it will be
|
||||
# difficult to reuse existing chunks for newly-uploaded NARs
|
||||
# since the cutpoints will be different. As a result, the
|
||||
# deduplication ratio will suffer for a while after the change.
|
||||
chunking = {
|
||||
# The minimum NAR size to trigger chunking
|
||||
#
|
||||
# If 0, chunking is disabled entirely for newly-uploaded NARs.
|
||||
# If 1, all NARs are chunked.
|
||||
nar-size-threshold = 64 * 1024; # 64 KiB
|
||||
|
||||
# The preferred minimum size of a chunk, in bytes
|
||||
min-size = 16 * 1024; # 16 KiB
|
||||
|
||||
# The preferred average size of a chunk, in bytes
|
||||
avg-size = 64 * 1024; # 64 KiB
|
||||
|
||||
# The preferred maximum size of a chunk, in bytes
|
||||
max-size = 256 * 1024; # 256 KiB
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -8,6 +8,9 @@
|
|||
flake-utils.lib.eachDefaultSystem (system: let
|
||||
images = {
|
||||
dnsmasq = ./dnsmasq.nix;
|
||||
attic = ./attic.nix;
|
||||
ntfy = ./ntfy.nix;
|
||||
radicale = ./radicale.nix;
|
||||
};
|
||||
in {
|
||||
nixngConfigurations = builtins.mapAttrs (name: configFile:
|
||||
|
|
20
nixng-configurations/ntfy.nix
Normal file
20
nixng-configurations/ntfy.nix
Normal file
|
@ -0,0 +1,20 @@
|
|||
{...}: {
|
||||
dinit.enable = true;
|
||||
init.services.ntfy-sh.shutdownOnExit = true;
|
||||
|
||||
services.ntfy-sh = {
|
||||
enable = true;
|
||||
|
||||
settings = {
|
||||
base-url = "https://ntfy.kun.is";
|
||||
cache-file = "/var/cache/ntfy/cache.db";
|
||||
cache-duration = "14d";
|
||||
auth-file = "/var/lib/ntfy/user.db";
|
||||
auth-default-access = "deny-all";
|
||||
attachment-cache-dir = "/var/cache/ntfy-attachments";
|
||||
enable-signup = false;
|
||||
enable-login = true;
|
||||
visitor-subscription-limit = 100;
|
||||
};
|
||||
};
|
||||
}
|
46
nixng-configurations/radicale.nix
Normal file
46
nixng-configurations/radicale.nix
Normal file
|
@ -0,0 +1,46 @@
|
|||
{nglib, ...}: let
|
||||
htpasswd_location = "/radicale_htpasswd";
|
||||
in {
|
||||
dinit.enable = true;
|
||||
|
||||
init.services.radicale = {
|
||||
shutdownOnExit = true;
|
||||
|
||||
tmpfiles = with nglib.nottmpfiles.dsl; [
|
||||
(f htpasswd_location "-" "radicale" "radicale" _ "pim:$apr1$GUiTihkS$dDCkaUxFx/O86m6NCy/yQ.")
|
||||
];
|
||||
};
|
||||
|
||||
services.radicale = {
|
||||
enable = true;
|
||||
|
||||
settings = {
|
||||
server = {
|
||||
hosts = "0.0.0.0:5232, [::]:5232";
|
||||
ssl = false;
|
||||
};
|
||||
|
||||
encoding = {
|
||||
request = "utf-8";
|
||||
stock = "utf-8";
|
||||
};
|
||||
|
||||
auth = {
|
||||
realm = "Radicale - Password Required";
|
||||
type = "htpasswd";
|
||||
htpasswd_filename = htpasswd_location;
|
||||
htpasswd_encryption = "md5";
|
||||
};
|
||||
|
||||
rights.type = "owner_only";
|
||||
|
||||
storage = {
|
||||
type = "multifilesystem";
|
||||
filesystem_folder = "/data";
|
||||
};
|
||||
|
||||
logging = {};
|
||||
headers = {};
|
||||
};
|
||||
};
|
||||
}
|
28
utils.nix
28
utils.nix
|
@ -1,36 +1,10 @@
|
|||
{
|
||||
self,
|
||||
pkgs,
|
||||
nixpkgs,
|
||||
nixng,
|
||||
globals,
|
||||
nix-snapshotter,
|
||||
...
|
||||
}: {
|
||||
mkNixNGImage = name: file: let
|
||||
stream =
|
||||
(import file {
|
||||
inherit nixpkgs nixng globals;
|
||||
inherit (nixng) nglib;
|
||||
})
|
||||
.config
|
||||
.system
|
||||
.build
|
||||
.ociImage
|
||||
.stream;
|
||||
in
|
||||
pkgs.stdenv.mkDerivation {
|
||||
name = "${name}.tar";
|
||||
src = stream;
|
||||
dontUnpack = true;
|
||||
buildPhase = ''
|
||||
$src > $out
|
||||
'';
|
||||
};
|
||||
|
||||
nixSnapshotterRef = imagePath: "nix:0${imagePath}";
|
||||
|
||||
mkNixNGImage2 = name:
|
||||
mkNixNGImage = name:
|
||||
(nix-snapshotter.packages.${pkgs.stdenv.system}.nix-snapshotter.buildImage {
|
||||
inherit name;
|
||||
resolvedByNix = true;
|
||||
|
|
Loading…
Reference in a new issue