home/kubernetes-deployments
2
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

Build Dnsmasq with nix-snapshotter

Browse source
This commit is contained in:
Pim Kunis 2024-12-19 20:34:55 +01:00
parent 782b2e1c45
commit ab3a068066
9 changed files with 165 additions and 58 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -1,2 +1,3 @@
.direnv .direnv
.pre-commit-config.yaml .pre-commit-config.yaml
result

108
flake.lock
View file

@ -27,7 +27,7 @@
}, },
"deploy-rs": { "deploy-rs": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_3", "flake-compat": "flake-compat_4",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_3",
"utils": "utils" "utils": "utils"
}, },
@ -144,11 +144,11 @@
"flake-compat_3": { "flake-compat_3": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1696426674, "lastModified": 1733328505,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"owner": "edolstra", "owner": "edolstra",
"repo": "flake-compat", "repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -174,6 +174,22 @@
} }
}, },
"flake-compat_5": { "flake-compat_5": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_6": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1673956053, "lastModified": 1673956053,
@ -189,7 +205,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_6": { "flake-compat_7": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1696426674, "lastModified": 1696426674,
@ -206,6 +222,27 @@
} }
}, },
"flake-parts": { "flake-parts": {
"inputs": {
"nixpkgs-lib": [
"nix-snapshotter",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733312601,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
"servers", "servers",
@ -353,7 +390,7 @@
}, },
"git-hooks_2": { "git-hooks_2": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_4", "flake-compat": "flake-compat_5",
"gitignore": "gitignore_2", "gitignore": "gitignore_2",
"nixpkgs": [ "nixpkgs": [
"servers", "servers",
@ -418,6 +455,27 @@
"type": "github" "type": "github"
} }
}, },
"globset": {
"inputs": {
"nixpkgs-lib": [
"nix-snapshotter",
"nixpkgs"
]
},
"locked": {
"lastModified": 1729844927,
"narHash": "sha256-nBkQx23jgpGPk3aU2KcqJCoYvzjsKEjWBePmc2z8N3k=",
"owner": "pdtpartners",
"repo": "globset",
"rev": "eb9d9e64b7ab0a64c34ba4a5a990b66506401c35",
"type": "github"
},
"original": {
"owner": "pdtpartners",
"repo": "globset",
"type": "github"
}
},
"haumea": { "haumea": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -465,7 +523,7 @@
}, },
"kubenix_2": { "kubenix_2": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_5", "flake-compat": "flake-compat_6",
"nixpkgs": [ "nixpkgs": [
"servers", "servers",
"nixpkgs-unstable" "nixpkgs-unstable"
@ -542,8 +600,31 @@
}, },
"nix-snapshotter": { "nix-snapshotter": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_6", "flake-compat": "flake-compat_3",
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"globset": "globset",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1734289443,
"narHash": "sha256-oU3AGvzByR7622kntPUPIHfAreOIktAsJav2ATHuc18=",
"owner": "pdtpartners",
"repo": "nix-snapshotter",
"rev": "387e220d369dfa0ad093035515e8757f83144be8",
"type": "github"
},
"original": {
"owner": "pdtpartners",
"repo": "nix-snapshotter",
"type": "github"
}
},
"nix-snapshotter_2": {
"inputs": {
"flake-compat": "flake-compat_7",
"flake-parts": "flake-parts_2",
"nixpkgs": [ "nixpkgs": [
"servers", "servers",
"nixpkgs-unstable" "nixpkgs-unstable"
@ -595,16 +676,16 @@
"treefmt-nix": "treefmt-nix_2" "treefmt-nix": "treefmt-nix_2"
}, },
"locked": { "locked": {
"lastModified": 1734470616, "lastModified": 1734627884,
"narHash": "sha256-8pQ2ar2NVU3ehf1o9DHcn3rlsl440eOWcEv7bQfiOec=", "narHash": "sha256-C1Ih6EgmEmr2D3W0wfeR4/uTwqeyhtnPaWoT8baFmhw=",
"owner": "pizzapim", "owner": "pizzapim",
"repo": "NixNG", "repo": "NixNG",
"rev": "fd29c877186dbb06d5593d734952baec199a5261", "rev": "069d0fe8096fd2306e388e90d936cd3741896b80",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "pizzapim", "owner": "pizzapim",
"ref": "radicale", "ref": "specialargs",
"repo": "NixNG", "repo": "NixNG",
"type": "github" "type": "github"
} }
@ -838,6 +919,7 @@
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils_2",
"git-hooks": "git-hooks", "git-hooks": "git-hooks",
"kubenix": "kubenix", "kubenix": "kubenix",
"nix-snapshotter": "nix-snapshotter",
"nixhelm": "nixhelm", "nixhelm": "nixhelm",
"nixng": "nixng", "nixng": "nixng",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs_2",
@ -853,7 +935,7 @@
"flake-utils": "flake-utils_6", "flake-utils": "flake-utils_6",
"git-hooks": "git-hooks_2", "git-hooks": "git-hooks_2",
"kubenix": "kubenix_2", "kubenix": "kubenix_2",
"nix-snapshotter": "nix-snapshotter", "nix-snapshotter": "nix-snapshotter_2",
"nixng": "nixng_2", "nixng": "nixng_2",
"nixos-facter-modules": "nixos-facter-modules", "nixos-facter-modules": "nixos-facter-modules",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",

8
flake.nix
View file

@ -41,7 +41,12 @@
}; };
nixng = { nixng = {
url = "github:pizzapim/NixNG/radicale"; url = "github:pizzapim/NixNG/specialargs";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-snapshotter = {
url = "github:pdtpartners/nix-snapshotter";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
}; };
@ -53,5 +58,6 @@
./globals.nix ./globals.nix
./formatter.nix ./formatter.nix
./shell.nix ./shell.nix
./nixng-configurations
]; ];
} }

40
images/dnsmasq.nix
View file

@ -1,40 +0,0 @@
{
globals,
nixpkgs,
nglib,
...
}:
nglib.makeSystem {
inherit nixpkgs;
system = "x86_64-linux";
name = "nixng-dnsmasq";
config = {...}: {
dinit.enable = true;
init.services.dnsmasq.shutdownOnExit = true;
services.dnsmasq = {
enable = true;
settings = {
address = [
"/kms.kun.is/${globals.kmsIPv4}"
"/ssh.git.kun.is/${globals.gitIPv4}"
];
alias = "${globals.routerPublicIPv4},${globals.traefikIPv4}";
expand-hosts = true;
local = "/dmz/";
log-queries = true;
no-hosts = true;
no-resolv = true;
port = 53;
server = [
"192.168.30.1"
"/kun.is/${globals.bind9IPv4}"
];
};
};
};
}

4
kubenix.nix
View file

@ -21,8 +21,8 @@ flake-utils.lib.eachDefaultSystem
inherit (self) globals; inherit (self) globals;
utils = import ./utils.nix { utils = import ./utils.nix {
inherit pkgs; inherit pkgs self;
inherit (inputs) nixpkgs nixng; inherit (inputs) nixpkgs nixng nix-snapshotter;
inherit (self) globals; inherit (self) globals;
}; };
}; };

3
modules/dnsmasq.nix
View file

@ -1,5 +1,4 @@
{ {
self,
utils, utils,
globals, globals,
config, config,
@ -17,7 +16,7 @@
metadata.labels.app = "dnsmasq"; metadata.labels.app = "dnsmasq";
spec.containers.dnsmasq = { spec.containers.dnsmasq = {
image = utils.nixSnapshotterRef (utils.mkNixNGImage "dnsmasq" "${self}/images/dnsmasq.nix"); image = utils.mkNixNGImage2 "dnsmasq";
imagePullPolicy = "Always"; imagePullPolicy = "Always";
ports.dns = { ports.dns = {

21
nixng-configurations/default.nix Normal file
View file

@ -0,0 +1,21 @@
{
self,
flake-utils,
nixng,
nixpkgs,
...
}:
flake-utils.lib.eachDefaultSystem (system: let
images = {
dnsmasq = ./dnsmasq.nix;
};
in {
nixngConfigurations = builtins.mapAttrs (name: configFile:
nixng.nglib.makeSystem {
inherit nixpkgs system;
name = "nixng-${name}";
specialArgs = {inherit (self) globals;};
config = import configFile;
})
images;
})

28
nixng-configurations/dnsmasq.nix Normal file
View file

@ -0,0 +1,28 @@
{globals, ...}: {
dinit.enable = true;
init.services.dnsmasq.shutdownOnExit = true;
services.dnsmasq = {
enable = true;
settings = {
address = [
"/kms.kun.is/${globals.kmsIPv4}"
"/ssh.git.kun.is/${globals.gitIPv4}"
];
alias = "${globals.routerPublicIPv4},${globals.traefikIPv4}";
expand-hosts = true;
local = "/dmz/";
log-queries = true;
no-hosts = true;
no-resolv = true;
port = 53;
server = [
"192.168.30.1"
"/kun.is/${globals.bind9IPv4}"
];
};
};
}

10
utils.nix
View file

@ -1,8 +1,10 @@
{ {
self,
pkgs, pkgs,
nixpkgs, nixpkgs,
nixng, nixng,
globals, globals,
nix-snapshotter,
... ...
}: { }: {
mkNixNGImage = name: file: let mkNixNGImage = name: file: let
@ -27,4 +29,12 @@
}; };
nixSnapshotterRef = imagePath: "nix:0${imagePath}"; nixSnapshotterRef = imagePath: "nix:0${imagePath}";
mkNixNGImage2 = name:
(nix-snapshotter.packages.${pkgs.stdenv.system}.nix-snapshotter.buildImage {
inherit name;
resolvedByNix = true;
config.entrypoint = ["${self.nixngConfigurations.${pkgs.stdenv.system}.${name}.config.system.build.toplevel}/init"];
})
.image;
} }