home/kubernetes-deployments
2
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

Build all images with nix-snapshotter

Browse source
This commit is contained in:
Pim Kunis 2024-12-19 21:07:30 +01:00
parent ab3a068066
commit 708e6b4336
14 changed files with 125 additions and 184 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
flake.lock
View file

@ -676,16 +676,16 @@
"treefmt-nix": "treefmt-nix_2" "treefmt-nix": "treefmt-nix_2"
}, },
"locked": { "locked": {
"lastModified": 1734627884, "lastModified": 1734638453,
"narHash": "sha256-C1Ih6EgmEmr2D3W0wfeR4/uTwqeyhtnPaWoT8baFmhw=", "narHash": "sha256-eZfU3yMDpRFJ2ZZUXDyOxTQCZ6DgnbpmMmsFjqAhSW8=",
"owner": "pizzapim", "owner": "pizzapim",
"repo": "NixNG", "repo": "NixNG",
"rev": "069d0fe8096fd2306e388e90d936cd3741896b80", "rev": "59039fdc19c743035f3c1bd0f6b5968484c04e19",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "pizzapim", "owner": "pizzapim",
"ref": "specialargs", "ref": "kubernetes",
"repo": "NixNG", "repo": "NixNG",
"type": "github" "type": "github"
} }

2
flake.nix
View file

@ -41,7 +41,7 @@
}; };
nixng = { nixng = {
url = "github:pizzapim/NixNG/specialargs"; url = "github:pizzapim/NixNG/kubernetes";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };

57
images/attic.nix
View file

@ -1,57 +0,0 @@
{
nixpkgs,
nglib,
...
}:
nglib.makeSystem {
inherit nixpkgs;
system = "x86_64-linux";
name = "nixng-attic";
config = {...}: {
dinit.enable = true;
init.services.attic.shutdownOnExit = true;
services.attic = {
enable = true;
settings = {
# The '+" is to explicitly denote the end of the Vals expression.
# This is done because we quote the template for the toml file.
# See: https://github.com/helmfile/vals?tab=readme-ov-file#expression-syntax
# database.url = "ref+sops://secrets.yml#attic/databaseURL+";
database = {};
storage = {
type = "local";
path = "/var/lib/atticd/storage";
};
listen = "[::]:8080";
# Data chunking
#
# Warning: If you change any of the values here, it will be
# difficult to reuse existing chunks for newly-uploaded NARs
# since the cutpoints will be different. As a result, the
# deduplication ratio will suffer for a while after the change.
chunking = {
# The minimum NAR size to trigger chunking
#
# If 0, chunking is disabled entirely for newly-uploaded NARs.
# If 1, all NARs are chunked.
nar-size-threshold = 64 * 1024; # 64 KiB
# The preferred minimum size of a chunk, in bytes
min-size = 16 * 1024; # 16 KiB
# The preferred average size of a chunk, in bytes
avg-size = 64 * 1024; # 64 KiB
# The preferred maximum size of a chunk, in bytes
max-size = 256 * 1024; # 256 KiB
};
};
};
};
}

31
images/ntfy-sh.nix
View file

@ -1,31 +0,0 @@
{
nglib,
nixpkgs,
...
}:
nglib.makeSystem {
inherit nixpkgs;
system = "x86_64-linux";
name = "nixng-ntfy-sh";
config = {...}: {
dinit.enable = true;
init.services.ntfy-sh.shutdownOnExit = true;
services.ntfy-sh = {
enable = true;
settings = {
base-url = "https://ntfy.kun.is";
cache-file = "/var/cache/ntfy/cache.db";
cache-duration = "14d";
auth-file = "/var/lib/ntfy/user.db";
auth-default-access = "deny-all";
attachment-cache-dir = "/var/cache/ntfy-attachments";
enable-signup = false;
enable-login = true;
visitor-subscription-limit = 100;
};
};
};
}

58
images/radicale.nix
View file

@ -1,58 +0,0 @@
{
nglib,
nixpkgs,
...
}:
nglib.makeSystem
(let
htpasswd_location = "/radicale_htpasswd";
in {
inherit nixpkgs;
system = "x86_64-linux";
name = "nixng-radicale";
config = {...}: {
dinit.enable = true;
init.services.radicale = {
shutdownOnExit = true;
tmpfiles = with nglib.nottmpfiles.dsl; [
(f htpasswd_location "-" "radicale" "radicale" _ "pim:$apr1$GUiTihkS$dDCkaUxFx/O86m6NCy/yQ.")
];
};
services.radicale = {
enable = true;
settings = {
server = {
hosts = "0.0.0.0:5232, [::]:5232";
ssl = false;
};
encoding = {
request = "utf-8";
stock = "utf-8";
};
auth = {
realm = "Radicale - Password Required";
type = "htpasswd";
htpasswd_filename = htpasswd_location;
htpasswd_encryption = "md5";
};
rights.type = "owner_only";
storage = {
type = "multifilesystem";
filesystem_folder = "/data";
};
logging = {};
headers = {};
};
};
};
})

2
modules/attic.nix
View file

@ -42,7 +42,7 @@
spec = { spec = {
containers.attic = { containers.attic = {
image = utils.nixSnapshotterRef (utils.mkNixNGImage "attic" "${self}/images/attic.nix"); image = utils.mkNixNGImage "attic";
ports.web.containerPort = 8080; ports.web.containerPort = 8080;
env = { env = {

2
modules/dnsmasq.nix
View file

@ -16,7 +16,7 @@
metadata.labels.app = "dnsmasq"; metadata.labels.app = "dnsmasq";
spec.containers.dnsmasq = { spec.containers.dnsmasq = {
image = utils.mkNixNGImage2 "dnsmasq"; image = utils.mkNixNGImage "dnsmasq";
imagePullPolicy = "Always"; imagePullPolicy = "Always";
ports.dns = { ports.dns = {

3
modules/ntfy.nix
View file

@ -2,7 +2,6 @@
lib, lib,
config, config,
utils, utils,
self,
... ...
}: { }: {
options.ntfy.enable = lib.mkEnableOption "ntfy"; options.ntfy.enable = lib.mkEnableOption "ntfy";
@ -26,7 +25,7 @@
spec = { spec = {
containers.ntfy = { containers.ntfy = {
image = utils.nixSnapshotterRef (utils.mkNixNGImage "ntfy-sh" "${self}/images/ntfy-sh.nix"); image = utils.mkNixNGImage "ntfy";
ports.web.containerPort = 80; ports.web.containerPort = 80;
env.TZ.value = "Europe/Amsterdam"; env.TZ.value = "Europe/Amsterdam";

3
modules/radicale.nix
View file

@ -1,5 +1,4 @@
{ {
self,
config, config,
utils, utils,
lib, lib,
@ -27,7 +26,7 @@
spec = { spec = {
containers.radicale = { containers.radicale = {
image = utils.nixSnapshotterRef (utils.mkNixNGImage "radicale" "${self}/images/radicale.nix"); image = utils.mkNixNGImage "radicale";
ports.web.containerPort = 5232; ports.web.containerPort = 5232;
imagePullPolicy = "IfNotPresent"; imagePullPolicy = "IfNotPresent";

46
nixng-configurations/attic.nix Normal file
View file

@ -0,0 +1,46 @@
{...}: {
dinit.enable = true;
init.services.attic.shutdownOnExit = true;
services.attic = {
enable = true;
settings = {
# The '+" is to explicitly denote the end of the Vals expression.
# This is done because we quote the template for the toml file.
# See: https://github.com/helmfile/vals?tab=readme-ov-file#expression-syntax
# database.url = "ref+sops://secrets.yml#attic/databaseURL+";
database = {};
storage = {
type = "local";
path = "/var/lib/atticd/storage";
};
listen = "[::]:8080";
# Data chunking
#
# Warning: If you change any of the values here, it will be
# difficult to reuse existing chunks for newly-uploaded NARs
# since the cutpoints will be different. As a result, the
# deduplication ratio will suffer for a while after the change.
chunking = {
# The minimum NAR size to trigger chunking
#
# If 0, chunking is disabled entirely for newly-uploaded NARs.
# If 1, all NARs are chunked.
nar-size-threshold = 64 * 1024; # 64 KiB
# The preferred minimum size of a chunk, in bytes
min-size = 16 * 1024; # 16 KiB
# The preferred average size of a chunk, in bytes
avg-size = 64 * 1024; # 64 KiB
# The preferred maximum size of a chunk, in bytes
max-size = 256 * 1024; # 256 KiB
};
};
};
}

3
nixng-configurations/default.nix
View file

@ -8,6 +8,9 @@
flake-utils.lib.eachDefaultSystem (system: let flake-utils.lib.eachDefaultSystem (system: let
images = { images = {
dnsmasq = ./dnsmasq.nix; dnsmasq = ./dnsmasq.nix;
attic = ./attic.nix;
ntfy = ./ntfy.nix;
radicale = ./radicale.nix;
}; };
in { in {
nixngConfigurations = builtins.mapAttrs (name: configFile: nixngConfigurations = builtins.mapAttrs (name: configFile:

20
nixng-configurations/ntfy.nix Normal file
View file

@ -0,0 +1,20 @@
{...}: {
dinit.enable = true;
init.services.ntfy-sh.shutdownOnExit = true;
services.ntfy-sh = {
enable = true;
settings = {
base-url = "https://ntfy.kun.is";
cache-file = "/var/cache/ntfy/cache.db";
cache-duration = "14d";
auth-file = "/var/lib/ntfy/user.db";
auth-default-access = "deny-all";
attachment-cache-dir = "/var/cache/ntfy-attachments";
enable-signup = false;
enable-login = true;
visitor-subscription-limit = 100;
};
};
}

46
nixng-configurations/radicale.nix Normal file
View file

@ -0,0 +1,46 @@
{nglib, ...}: let
htpasswd_location = "/radicale_htpasswd";
in {
dinit.enable = true;
init.services.radicale = {
shutdownOnExit = true;
tmpfiles = with nglib.nottmpfiles.dsl; [
(f htpasswd_location "-" "radicale" "radicale" _ "pim:$apr1$GUiTihkS$dDCkaUxFx/O86m6NCy/yQ.")
];
};
services.radicale = {
enable = true;
settings = {
server = {
hosts = "0.0.0.0:5232, [::]:5232";
ssl = false;
};
encoding = {
request = "utf-8";
stock = "utf-8";
};
auth = {
realm = "Radicale - Password Required";
type = "htpasswd";
htpasswd_filename = htpasswd_location;
htpasswd_encryption = "md5";
};
rights.type = "owner_only";
storage = {
type = "multifilesystem";
filesystem_folder = "/data";
};
logging = {};
headers = {};
};
};
}

28
utils.nix
View file

@ -1,36 +1,10 @@
{ {
self, self,
pkgs, pkgs,
nixpkgs,
nixng,
globals,
nix-snapshotter, nix-snapshotter,
... ...
}: { }: {
mkNixNGImage = name: file: let mkNixNGImage = name:
stream =
(import file {
inherit nixpkgs nixng globals;
inherit (nixng) nglib;
})
.config
.system
.build
.ociImage
.stream;
in
pkgs.stdenv.mkDerivation {
name = "${name}.tar";
src = stream;
dontUnpack = true;
buildPhase = ''
$src > $out
'';
};
nixSnapshotterRef = imagePath: "nix:0${imagePath}";
mkNixNGImage2 = name:
(nix-snapshotter.packages.${pkgs.stdenv.system}.nix-snapshotter.buildImage { (nix-snapshotter.packages.${pkgs.stdenv.system}.nix-snapshotter.buildImage {
inherit name; inherit name;
resolvedByNix = true; resolvedByNix = true;