From 708e6b4336385863d338795296b3a50ac9336f70 Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Thu, 19 Dec 2024 21:07:30 +0100 Subject: [PATCH] Build all images with nix-snapshotter --- flake.lock | 8 ++--- flake.nix | 2 +- images/attic.nix | 57 ------------------------------ images/ntfy-sh.nix | 31 ----------------- images/radicale.nix | 58 ------------------------------- modules/attic.nix | 2 +- modules/dnsmasq.nix | 2 +- modules/ntfy.nix | 3 +- modules/radicale.nix | 3 +- nixng-configurations/attic.nix | 46 ++++++++++++++++++++++++ nixng-configurations/default.nix | 3 ++ nixng-configurations/ntfy.nix | 20 +++++++++++ nixng-configurations/radicale.nix | 46 ++++++++++++++++++++++++ utils.nix | 28 +-------------- 14 files changed, 125 insertions(+), 184 deletions(-) delete mode 100644 images/attic.nix delete mode 100644 images/ntfy-sh.nix delete mode 100644 images/radicale.nix create mode 100644 nixng-configurations/attic.nix create mode 100644 nixng-configurations/ntfy.nix create mode 100644 nixng-configurations/radicale.nix diff --git a/flake.lock b/flake.lock index 2f033f3..467fda2 100644 --- a/flake.lock +++ b/flake.lock @@ -676,16 +676,16 @@ "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1734627884, - "narHash": "sha256-C1Ih6EgmEmr2D3W0wfeR4/uTwqeyhtnPaWoT8baFmhw=", + "lastModified": 1734638453, + "narHash": "sha256-eZfU3yMDpRFJ2ZZUXDyOxTQCZ6DgnbpmMmsFjqAhSW8=", "owner": "pizzapim", "repo": "NixNG", - "rev": "069d0fe8096fd2306e388e90d936cd3741896b80", + "rev": "59039fdc19c743035f3c1bd0f6b5968484c04e19", "type": "github" }, "original": { "owner": "pizzapim", - "ref": "specialargs", + "ref": "kubernetes", "repo": "NixNG", "type": "github" } diff --git a/flake.nix b/flake.nix index 19b3ff4..9b3adf0 100644 --- a/flake.nix +++ b/flake.nix @@ -41,7 +41,7 @@ }; nixng = { - url = "github:pizzapim/NixNG/specialargs"; + url = "github:pizzapim/NixNG/kubernetes"; inputs.nixpkgs.follows = "nixpkgs"; }; diff --git a/images/attic.nix b/images/attic.nix deleted file mode 100644 index ff6e05a..0000000 --- a/images/attic.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ - nixpkgs, - nglib, - ... -}: -nglib.makeSystem { - inherit nixpkgs; - system = "x86_64-linux"; - name = "nixng-attic"; - - config = {...}: { - dinit.enable = true; - init.services.attic.shutdownOnExit = true; - - services.attic = { - enable = true; - - settings = { - # The '+" is to explicitly denote the end of the Vals expression. - # This is done because we quote the template for the toml file. - # See: https://github.com/helmfile/vals?tab=readme-ov-file#expression-syntax - # database.url = "ref+sops://secrets.yml#attic/databaseURL+"; - database = {}; - - storage = { - type = "local"; - path = "/var/lib/atticd/storage"; - }; - - listen = "[::]:8080"; - - # Data chunking - # - # Warning: If you change any of the values here, it will be - # difficult to reuse existing chunks for newly-uploaded NARs - # since the cutpoints will be different. As a result, the - # deduplication ratio will suffer for a while after the change. - chunking = { - # The minimum NAR size to trigger chunking - # - # If 0, chunking is disabled entirely for newly-uploaded NARs. - # If 1, all NARs are chunked. - nar-size-threshold = 64 * 1024; # 64 KiB - - # The preferred minimum size of a chunk, in bytes - min-size = 16 * 1024; # 16 KiB - - # The preferred average size of a chunk, in bytes - avg-size = 64 * 1024; # 64 KiB - - # The preferred maximum size of a chunk, in bytes - max-size = 256 * 1024; # 256 KiB - }; - }; - }; - }; -} diff --git a/images/ntfy-sh.nix b/images/ntfy-sh.nix deleted file mode 100644 index c272eb2..0000000 --- a/images/ntfy-sh.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ - nglib, - nixpkgs, - ... -}: -nglib.makeSystem { - inherit nixpkgs; - system = "x86_64-linux"; - name = "nixng-ntfy-sh"; - - config = {...}: { - dinit.enable = true; - init.services.ntfy-sh.shutdownOnExit = true; - - services.ntfy-sh = { - enable = true; - - settings = { - base-url = "https://ntfy.kun.is"; - cache-file = "/var/cache/ntfy/cache.db"; - cache-duration = "14d"; - auth-file = "/var/lib/ntfy/user.db"; - auth-default-access = "deny-all"; - attachment-cache-dir = "/var/cache/ntfy-attachments"; - enable-signup = false; - enable-login = true; - visitor-subscription-limit = 100; - }; - }; - }; -} diff --git a/images/radicale.nix b/images/radicale.nix deleted file mode 100644 index b5a7f24..0000000 --- a/images/radicale.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ - nglib, - nixpkgs, - ... -}: -nglib.makeSystem -(let - htpasswd_location = "/radicale_htpasswd"; -in { - inherit nixpkgs; - system = "x86_64-linux"; - name = "nixng-radicale"; - - config = {...}: { - dinit.enable = true; - - init.services.radicale = { - shutdownOnExit = true; - - tmpfiles = with nglib.nottmpfiles.dsl; [ - (f htpasswd_location "-" "radicale" "radicale" _ "pim:$apr1$GUiTihkS$dDCkaUxFx/O86m6NCy/yQ.") - ]; - }; - - services.radicale = { - enable = true; - - settings = { - server = { - hosts = "0.0.0.0:5232, [::]:5232"; - ssl = false; - }; - - encoding = { - request = "utf-8"; - stock = "utf-8"; - }; - - auth = { - realm = "Radicale - Password Required"; - type = "htpasswd"; - htpasswd_filename = htpasswd_location; - htpasswd_encryption = "md5"; - }; - - rights.type = "owner_only"; - - storage = { - type = "multifilesystem"; - filesystem_folder = "/data"; - }; - - logging = {}; - headers = {}; - }; - }; - }; -}) diff --git a/modules/attic.nix b/modules/attic.nix index 6e72133..2742b7b 100644 --- a/modules/attic.nix +++ b/modules/attic.nix @@ -42,7 +42,7 @@ spec = { containers.attic = { - image = utils.nixSnapshotterRef (utils.mkNixNGImage "attic" "${self}/images/attic.nix"); + image = utils.mkNixNGImage "attic"; ports.web.containerPort = 8080; env = { diff --git a/modules/dnsmasq.nix b/modules/dnsmasq.nix index 8a66159..05e3959 100644 --- a/modules/dnsmasq.nix +++ b/modules/dnsmasq.nix @@ -16,7 +16,7 @@ metadata.labels.app = "dnsmasq"; spec.containers.dnsmasq = { - image = utils.mkNixNGImage2 "dnsmasq"; + image = utils.mkNixNGImage "dnsmasq"; imagePullPolicy = "Always"; ports.dns = { diff --git a/modules/ntfy.nix b/modules/ntfy.nix index 822f801..d970fbe 100644 --- a/modules/ntfy.nix +++ b/modules/ntfy.nix @@ -2,7 +2,6 @@ lib, config, utils, - self, ... }: { options.ntfy.enable = lib.mkEnableOption "ntfy"; @@ -26,7 +25,7 @@ spec = { containers.ntfy = { - image = utils.nixSnapshotterRef (utils.mkNixNGImage "ntfy-sh" "${self}/images/ntfy-sh.nix"); + image = utils.mkNixNGImage "ntfy"; ports.web.containerPort = 80; env.TZ.value = "Europe/Amsterdam"; diff --git a/modules/radicale.nix b/modules/radicale.nix index 83639ed..8f2bb6e 100644 --- a/modules/radicale.nix +++ b/modules/radicale.nix @@ -1,5 +1,4 @@ { - self, config, utils, lib, @@ -27,7 +26,7 @@ spec = { containers.radicale = { - image = utils.nixSnapshotterRef (utils.mkNixNGImage "radicale" "${self}/images/radicale.nix"); + image = utils.mkNixNGImage "radicale"; ports.web.containerPort = 5232; imagePullPolicy = "IfNotPresent"; diff --git a/nixng-configurations/attic.nix b/nixng-configurations/attic.nix new file mode 100644 index 0000000..91c2e6f --- /dev/null +++ b/nixng-configurations/attic.nix @@ -0,0 +1,46 @@ +{...}: { + dinit.enable = true; + init.services.attic.shutdownOnExit = true; + + services.attic = { + enable = true; + + settings = { + # The '+" is to explicitly denote the end of the Vals expression. + # This is done because we quote the template for the toml file. + # See: https://github.com/helmfile/vals?tab=readme-ov-file#expression-syntax + # database.url = "ref+sops://secrets.yml#attic/databaseURL+"; + database = {}; + + storage = { + type = "local"; + path = "/var/lib/atticd/storage"; + }; + + listen = "[::]:8080"; + + # Data chunking + # + # Warning: If you change any of the values here, it will be + # difficult to reuse existing chunks for newly-uploaded NARs + # since the cutpoints will be different. As a result, the + # deduplication ratio will suffer for a while after the change. + chunking = { + # The minimum NAR size to trigger chunking + # + # If 0, chunking is disabled entirely for newly-uploaded NARs. + # If 1, all NARs are chunked. + nar-size-threshold = 64 * 1024; # 64 KiB + + # The preferred minimum size of a chunk, in bytes + min-size = 16 * 1024; # 16 KiB + + # The preferred average size of a chunk, in bytes + avg-size = 64 * 1024; # 64 KiB + + # The preferred maximum size of a chunk, in bytes + max-size = 256 * 1024; # 256 KiB + }; + }; + }; +} diff --git a/nixng-configurations/default.nix b/nixng-configurations/default.nix index 40af6ae..5c97bae 100644 --- a/nixng-configurations/default.nix +++ b/nixng-configurations/default.nix @@ -8,6 +8,9 @@ flake-utils.lib.eachDefaultSystem (system: let images = { dnsmasq = ./dnsmasq.nix; + attic = ./attic.nix; + ntfy = ./ntfy.nix; + radicale = ./radicale.nix; }; in { nixngConfigurations = builtins.mapAttrs (name: configFile: diff --git a/nixng-configurations/ntfy.nix b/nixng-configurations/ntfy.nix new file mode 100644 index 0000000..7fc7ef1 --- /dev/null +++ b/nixng-configurations/ntfy.nix @@ -0,0 +1,20 @@ +{...}: { + dinit.enable = true; + init.services.ntfy-sh.shutdownOnExit = true; + + services.ntfy-sh = { + enable = true; + + settings = { + base-url = "https://ntfy.kun.is"; + cache-file = "/var/cache/ntfy/cache.db"; + cache-duration = "14d"; + auth-file = "/var/lib/ntfy/user.db"; + auth-default-access = "deny-all"; + attachment-cache-dir = "/var/cache/ntfy-attachments"; + enable-signup = false; + enable-login = true; + visitor-subscription-limit = 100; + }; + }; +} diff --git a/nixng-configurations/radicale.nix b/nixng-configurations/radicale.nix new file mode 100644 index 0000000..a83fd7d --- /dev/null +++ b/nixng-configurations/radicale.nix @@ -0,0 +1,46 @@ +{nglib, ...}: let + htpasswd_location = "/radicale_htpasswd"; +in { + dinit.enable = true; + + init.services.radicale = { + shutdownOnExit = true; + + tmpfiles = with nglib.nottmpfiles.dsl; [ + (f htpasswd_location "-" "radicale" "radicale" _ "pim:$apr1$GUiTihkS$dDCkaUxFx/O86m6NCy/yQ.") + ]; + }; + + services.radicale = { + enable = true; + + settings = { + server = { + hosts = "0.0.0.0:5232, [::]:5232"; + ssl = false; + }; + + encoding = { + request = "utf-8"; + stock = "utf-8"; + }; + + auth = { + realm = "Radicale - Password Required"; + type = "htpasswd"; + htpasswd_filename = htpasswd_location; + htpasswd_encryption = "md5"; + }; + + rights.type = "owner_only"; + + storage = { + type = "multifilesystem"; + filesystem_folder = "/data"; + }; + + logging = {}; + headers = {}; + }; + }; +} diff --git a/utils.nix b/utils.nix index 8e75d68..96a8ca1 100644 --- a/utils.nix +++ b/utils.nix @@ -1,36 +1,10 @@ { self, pkgs, - nixpkgs, - nixng, - globals, nix-snapshotter, ... }: { - mkNixNGImage = name: file: let - stream = - (import file { - inherit nixpkgs nixng globals; - inherit (nixng) nglib; - }) - .config - .system - .build - .ociImage - .stream; - in - pkgs.stdenv.mkDerivation { - name = "${name}.tar"; - src = stream; - dontUnpack = true; - buildPhase = '' - $src > $out - ''; - }; - - nixSnapshotterRef = imagePath: "nix:0${imagePath}"; - - mkNixNGImage2 = name: + mkNixNGImage = name: (nix-snapshotter.packages.${pkgs.stdenv.system}.nix-snapshotter.buildImage { inherit name; resolvedByNix = true;