Build Dnsmasq with nix-snapshotter

This commit is contained in:
Pim Kunis 2024-12-19 20:34:55 +01:00
parent 782b2e1c45
commit ab3a068066
9 changed files with 165 additions and 58 deletions

1
.gitignore vendored
View file

@ -1,2 +1,3 @@
.direnv
.pre-commit-config.yaml
result

View file

@ -27,7 +27,7 @@
},
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat_3",
"flake-compat": "flake-compat_4",
"nixpkgs": "nixpkgs_3",
"utils": "utils"
},
@ -144,11 +144,11 @@
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"type": "github"
},
"original": {
@ -174,6 +174,22 @@
}
},
"flake-compat_5": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_6": {
"flake": false,
"locked": {
"lastModified": 1673956053,
@ -189,7 +205,7 @@
"type": "github"
}
},
"flake-compat_6": {
"flake-compat_7": {
"flake": false,
"locked": {
"lastModified": 1696426674,
@ -206,6 +222,27 @@
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"nix-snapshotter",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733312601,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"servers",
@ -353,7 +390,7 @@
},
"git-hooks_2": {
"inputs": {
"flake-compat": "flake-compat_4",
"flake-compat": "flake-compat_5",
"gitignore": "gitignore_2",
"nixpkgs": [
"servers",
@ -418,6 +455,27 @@
"type": "github"
}
},
"globset": {
"inputs": {
"nixpkgs-lib": [
"nix-snapshotter",
"nixpkgs"
]
},
"locked": {
"lastModified": 1729844927,
"narHash": "sha256-nBkQx23jgpGPk3aU2KcqJCoYvzjsKEjWBePmc2z8N3k=",
"owner": "pdtpartners",
"repo": "globset",
"rev": "eb9d9e64b7ab0a64c34ba4a5a990b66506401c35",
"type": "github"
},
"original": {
"owner": "pdtpartners",
"repo": "globset",
"type": "github"
}
},
"haumea": {
"inputs": {
"nixpkgs": [
@ -465,7 +523,7 @@
},
"kubenix_2": {
"inputs": {
"flake-compat": "flake-compat_5",
"flake-compat": "flake-compat_6",
"nixpkgs": [
"servers",
"nixpkgs-unstable"
@ -542,8 +600,31 @@
},
"nix-snapshotter": {
"inputs": {
"flake-compat": "flake-compat_6",
"flake-compat": "flake-compat_3",
"flake-parts": "flake-parts",
"globset": "globset",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1734289443,
"narHash": "sha256-oU3AGvzByR7622kntPUPIHfAreOIktAsJav2ATHuc18=",
"owner": "pdtpartners",
"repo": "nix-snapshotter",
"rev": "387e220d369dfa0ad093035515e8757f83144be8",
"type": "github"
},
"original": {
"owner": "pdtpartners",
"repo": "nix-snapshotter",
"type": "github"
}
},
"nix-snapshotter_2": {
"inputs": {
"flake-compat": "flake-compat_7",
"flake-parts": "flake-parts_2",
"nixpkgs": [
"servers",
"nixpkgs-unstable"
@ -595,16 +676,16 @@
"treefmt-nix": "treefmt-nix_2"
},
"locked": {
"lastModified": 1734470616,
"narHash": "sha256-8pQ2ar2NVU3ehf1o9DHcn3rlsl440eOWcEv7bQfiOec=",
"lastModified": 1734627884,
"narHash": "sha256-C1Ih6EgmEmr2D3W0wfeR4/uTwqeyhtnPaWoT8baFmhw=",
"owner": "pizzapim",
"repo": "NixNG",
"rev": "fd29c877186dbb06d5593d734952baec199a5261",
"rev": "069d0fe8096fd2306e388e90d936cd3741896b80",
"type": "github"
},
"original": {
"owner": "pizzapim",
"ref": "radicale",
"ref": "specialargs",
"repo": "NixNG",
"type": "github"
}
@ -838,6 +919,7 @@
"flake-utils": "flake-utils_2",
"git-hooks": "git-hooks",
"kubenix": "kubenix",
"nix-snapshotter": "nix-snapshotter",
"nixhelm": "nixhelm",
"nixng": "nixng",
"nixpkgs": "nixpkgs_2",
@ -853,7 +935,7 @@
"flake-utils": "flake-utils_6",
"git-hooks": "git-hooks_2",
"kubenix": "kubenix_2",
"nix-snapshotter": "nix-snapshotter",
"nix-snapshotter": "nix-snapshotter_2",
"nixng": "nixng_2",
"nixos-facter-modules": "nixos-facter-modules",
"nixos-hardware": "nixos-hardware",

View file

@ -41,7 +41,12 @@
};
nixng = {
url = "github:pizzapim/NixNG/radicale";
url = "github:pizzapim/NixNG/specialargs";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-snapshotter = {
url = "github:pdtpartners/nix-snapshotter";
inputs.nixpkgs.follows = "nixpkgs";
};
};
@ -53,5 +58,6 @@
./globals.nix
./formatter.nix
./shell.nix
./nixng-configurations
];
}

View file

@ -1,40 +0,0 @@
{
globals,
nixpkgs,
nglib,
...
}:
nglib.makeSystem {
inherit nixpkgs;
system = "x86_64-linux";
name = "nixng-dnsmasq";
config = {...}: {
dinit.enable = true;
init.services.dnsmasq.shutdownOnExit = true;
services.dnsmasq = {
enable = true;
settings = {
address = [
"/kms.kun.is/${globals.kmsIPv4}"
"/ssh.git.kun.is/${globals.gitIPv4}"
];
alias = "${globals.routerPublicIPv4},${globals.traefikIPv4}";
expand-hosts = true;
local = "/dmz/";
log-queries = true;
no-hosts = true;
no-resolv = true;
port = 53;
server = [
"192.168.30.1"
"/kun.is/${globals.bind9IPv4}"
];
};
};
};
}

View file

@ -21,8 +21,8 @@ flake-utils.lib.eachDefaultSystem
inherit (self) globals;
utils = import ./utils.nix {
inherit pkgs;
inherit (inputs) nixpkgs nixng;
inherit pkgs self;
inherit (inputs) nixpkgs nixng nix-snapshotter;
inherit (self) globals;
};
};

View file

@ -1,5 +1,4 @@
{
self,
utils,
globals,
config,
@ -17,7 +16,7 @@
metadata.labels.app = "dnsmasq";
spec.containers.dnsmasq = {
image = utils.nixSnapshotterRef (utils.mkNixNGImage "dnsmasq" "${self}/images/dnsmasq.nix");
image = utils.mkNixNGImage2 "dnsmasq";
imagePullPolicy = "Always";
ports.dns = {

View file

@ -0,0 +1,21 @@
{
self,
flake-utils,
nixng,
nixpkgs,
...
}:
flake-utils.lib.eachDefaultSystem (system: let
images = {
dnsmasq = ./dnsmasq.nix;
};
in {
nixngConfigurations = builtins.mapAttrs (name: configFile:
nixng.nglib.makeSystem {
inherit nixpkgs system;
name = "nixng-${name}";
specialArgs = {inherit (self) globals;};
config = import configFile;
})
images;
})

View file

@ -0,0 +1,28 @@
{globals, ...}: {
dinit.enable = true;
init.services.dnsmasq.shutdownOnExit = true;
services.dnsmasq = {
enable = true;
settings = {
address = [
"/kms.kun.is/${globals.kmsIPv4}"
"/ssh.git.kun.is/${globals.gitIPv4}"
];
alias = "${globals.routerPublicIPv4},${globals.traefikIPv4}";
expand-hosts = true;
local = "/dmz/";
log-queries = true;
no-hosts = true;
no-resolv = true;
port = 53;
server = [
"192.168.30.1"
"/kun.is/${globals.bind9IPv4}"
];
};
};
}

View file

@ -1,8 +1,10 @@
{
self,
pkgs,
nixpkgs,
nixng,
globals,
nix-snapshotter,
...
}: {
mkNixNGImage = name: file: let
@ -27,4 +29,12 @@
};
nixSnapshotterRef = imagePath: "nix:0${imagePath}";
mkNixNGImage2 = name:
(nix-snapshotter.packages.${pkgs.stdenv.system}.nix-snapshotter.buildImage {
inherit name;
resolvedByNix = true;
config.entrypoint = ["${self.nixngConfigurations.${pkgs.stdenv.system}.${name}.config.system.build.toplevel}/init"];
})
.image;
}