From 04439a9ee5d1621b20f58e3fd23dc09ce86748e4 Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Thu, 29 Aug 2024 06:53:05 +0200 Subject: [PATCH] Build tooling around nix-snapshotter --- container-images.nix | 3 +-- flake-parts/scripts/default.nix | 32 +++++++++++++------------------- kubenix-modules/paperless.nix | 4 ++-- my-lib/default.nix | 4 +++- my-lib/globals.nix | 25 ++++++++++++------------- nixos-modules/k3s/default.nix | 14 ++++++++------ 6 files changed, 39 insertions(+), 43 deletions(-) diff --git a/container-images.nix b/container-images.nix index bc9d6a2..0dbb7ca 100644 --- a/container-images.nix +++ b/container-images.nix @@ -1,2 +1 @@ -{ cyberchef = { finalImageName = "mpepping/cyberchef"; finalImageTag = "latest"; imageDigest = "sha256:2c89d08580395b932c92d708041c2a702dc8fa899fcc1677901c2dc881bed789"; imageName = "mpepping/cyberchef"; sha256 = "1frlvv6lyghf99pa37l48r7j2wvh7mcb9x99fvf0ba2zhq2xfsy4"; }; radicale = { finalImageName = "tomsquest/docker-radicale"; finalImageTag = "3.2.2.0"; imageDigest = "sha256:af050e02c4a3f7385a09595dd2a1424db6831aa9f24404095c6d2244d1c94138"; imageName = "tomsquest/docker-radicale"; sha256 = "07mxn6iqm0fhb06dwmxdhqnw3c8yi2dm2jpb2n80dxzmvavrv0lk"; }; } - +{ attic = { finalImageName = "git.kun.is/home/atticd"; finalImageTag = "fd910d91c2143295e959d2c903e9ea25cf94ba27"; imageDigest = "sha256:309264ff35f2f7cbcb6609c72d816cb41ee62c74d59d4f01cfc05e94a893dae7"; imageName = "git.kun.is/home/atticd"; sha256 = "0cvhhx4s8678ivqnswqmj2mnw81a4wbr65c02y1ayxfv2szdw8bm"; }; atuin = { finalImageName = "ghcr.io/atuinsh/atuin"; finalImageTag = "18.3.0"; imageDigest = "sha256:678def8e9d59652a502759ca431f9c5b54ebdd5e9361507c7fcf24705c9862e0"; imageName = "ghcr.io/atuinsh/atuin"; sha256 = "1lb53p6dz12lwj10v9si7l6j06q1cnfaim4mgi6dkanlynq5mrk6"; }; bazarr = { finalImageName = "lscr.io/linuxserver/bazarr"; finalImageTag = "1.4.3"; imageDigest = "sha256:8573a7d8558d7407ec53c205599d99d9876486621681355d147e9091cd99c58b"; imageName = "lscr.io/linuxserver/bazarr"; sha256 = "0vnvjnj478h76dpr24z56xfp6d6s2j5qhidh7bvmmsnw4hdvic8b"; }; bind9 = { finalImageName = "ubuntu/bind9"; finalImageTag = "9.18-22.04_beta"; imageDigest = "sha256:eb71c990a2efaa37897929bc104ef1b035c527aa2d217bc89da64cf7bdf9a8c8"; imageName = "ubuntu/bind9"; sha256 = "0cdgm9qbxdyhhhnsykn5lcvcjp7kxx9pjjamj7120d3jf6d6zqn2"; }; cyberchef = { finalImageName = "mpepping/cyberchef"; finalImageTag = "latest"; imageDigest = "sha256:2c89d08580395b932c92d708041c2a702dc8fa899fcc1677901c2dc881bed789"; imageName = "mpepping/cyberchef"; sha256 = "1frlvv6lyghf99pa37l48r7j2wvh7mcb9x99fvf0ba2zhq2xfsy4"; }; deluge = { finalImageName = "linuxserver/deluge"; finalImageTag = "2.1.1"; imageDigest = "sha256:5af8bd7f0ad2bdc5e7799f5343081f5beb57e74eef88035aed9c18b7cc18ffcd"; imageName = "linuxserver/deluge"; sha256 = "1c73wa74bi0sm5yxs3bdldv4z4vw3pbadkpd3749ybsjxy10s0rk"; }; dnsmasq = { finalImageName = "dockurr/dnsmasq"; finalImageTag = "2.90"; imageDigest = "sha256:c85b08ebcd45463383bfa8a8ba57b2ccda0a0c32869fbf8927ff74f1d33b9e5d"; imageName = "dockurr/dnsmasq"; sha256 = "1vak4nkxq8pdi5yplfan36988n5wr1w0m3ycar0r18215p1ncarc"; }; forgejo = { finalImageName = "codeberg.org/forgejo/forgejo"; finalImageTag = "8.0.1"; imageDigest = "sha256:221639a84fae9d9ec5236a50f4980c3cd5332851949f6e989f5f44cc411cf4fa"; imageName = "codeberg.org/forgejo/forgejo"; sha256 = "0llhjbr6m33yfbkb3c4xjcwywk7w2p6wahg6xiz73rcsjjgg8lz1"; }; freshrss = { finalImageName = "freshrss/freshrss"; finalImageTag = "1.24.2"; imageDigest = "sha256:126b5202e65bbfef1da19be87fb21d9909e104d3ad185775c999b76a420d30bc"; imageName = "freshrss/freshrss"; sha256 = "1pdm7p1lmnmv90zw6pz47f61mlvx0sls3qmlpsn78vl9hz6f4bng"; }; hedgedoc = { finalImageName = "quay.io/hedgedoc/hedgedoc"; finalImageTag = "1.9.9"; imageDigest = "sha256:e0dda4a168e065e62fac0f90758a4e83fee57ae6e91acbb3e46456d4456c6c48"; imageName = "quay.io/hedgedoc/hedgedoc"; sha256 = "1yvmapvzf2n94c1h3zas85pzildl1jd3ip4n3cccfxq9f6dqhy0h"; }; immich = { finalImageName = "ghcr.io/immich-app/immich-server"; finalImageTag = "v1.112.1"; imageDigest = "sha256:c4e817f0eadbd9a6c2699cc884d5e7070428daec813c17db77d31fcca5b78ca6"; imageName = "ghcr.io/immich-app/immich-server"; sha256 = "0vvyhijslldj7hpg33n2cvpn5wrn9fcprw8pw01zh4ziabyy3z07"; }; immich-machine-learning = { finalImageName = "ghcr.io/immich-app/immich-machine-learning"; finalImageTag = "v1.112.1"; imageDigest = "sha256:9600eff5a66ae426293f00b171711bc1647c85cf966d759ee08ab2d05e0580b5"; imageName = "ghcr.io/immich-app/immich-machine-learning"; sha256 = "1m189s6i8hii4vrsjx3ypa5p2brz8sa3fw5jyxhh6qm42r4xnp4c"; }; immich-postgres = { finalImageName = "docker.io/tensorchord/pgvecto-rs"; finalImageTag = "pg14-v0.2.0"; imageDigest = "sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0"; imageName = "docker.io/tensorchord/pgvecto-rs"; sha256 = "0h1s11z5d4svg2whm7gw11dwpddg5k90fp62q3zirycms787f4d3"; }; immich-redis = { finalImageName = "docker.io/redis"; finalImageTag = "6.2-alpine"; imageDigest = "sha256:e3b17ba9479deec4b7d1eeec1548a253acc5374d68d3b27937fcfe4df8d18c7e"; imageName = "docker.io/redis"; sha256 = "0sscnrn5vpmdq2g62a185nlgf9i5hwcfl630hyh7wzfbgyq4pbzj"; }; inbucket = { finalImageName = "inbucket/inbucket"; finalImageTag = "edge"; imageDigest = "sha256:f7e0bbb13d24970c30690a04ff1599907530c31152fccd20d542028cd8a7650b"; imageName = "inbucket/inbucket"; sha256 = "0whxnp222b09jlcbmwd6y1jbcsqv16ipk182i5ywgjjd0wlvh4i3"; }; jellyfin = { finalImageName = "jellyfin/jellyfin"; finalImageTag = "10.9.9"; imageDigest = "sha256:d6f3d4aa59438ce951d85669f3c22426d20edb7a6b97604c509b5f4825bc8294"; imageName = "jellyfin/jellyfin"; sha256 = "1rn093xyh8prjr3v4zs0ss6z2hbgzy1p5f0gs5dv4kyz4y1gfkhw"; }; jellyseerr = { finalImageName = "fallenbagel/jellyseerr"; finalImageTag = "1.9.2"; imageDigest = "sha256:8f708df0ce3f202056bde5d7bff625eb59efe38f4ee47bdddc7560b6e4a5a214"; imageName = "fallenbagel/jellyseerr"; sha256 = "04ala5cpkv1rhq609yxvyf8wv6ql8ism9zyrxyiil6b1gfgcsfxz"; }; kitchenowl = { finalImageName = "tombursch/kitchenowl"; finalImageTag = "v0.5.2"; imageDigest = "sha256:5d37e09c034884a0495c0460fc849981b71ff1a90908ed29804dda7f13f2d165"; imageName = "tombursch/kitchenowl"; sha256 = "10d6xrdl0si663s27ayqj6w2qq6ly81hpv9nq8whd0i17s7skkmd"; }; kms = { finalImageName = "teddysun/kms"; finalImageTag = "latest"; imageDigest = "sha256:4b366384ef3389eeecec9340468909616c409f9227504f4ee1e659ad1a801976"; imageName = "teddysun/kms"; sha256 = "0jwhlb2wgm0awp36rpann9b9gyfrnwsclhb3phxnc3aan7lc9nnx"; }; minecraft = { finalImageName = "itzg/minecraft-server"; finalImageTag = "latest"; imageDigest = "sha256:3b97ca8f48507f1c85e8d7a32aee5c9bd7e09d4e96584b71aac0b878c8f1d16c"; imageName = "itzg/minecraft-server"; sha256 = "0892ak383841n7zsx76gm7apra603pqajxzmzm0b4797wm69p79i"; }; nextcloud = { finalImageName = "nextcloud"; finalImageTag = "29.0.5"; imageDigest = "sha256:5bbc6e9f207bfddd1515ac82f647c19edf6cdd075d7d253c3118a87c835204f0"; imageName = "nextcloud"; sha256 = "1s4346f522v7nyfhsgmyfyw9s40zv0dhylqdym6vkg0nfidfk08y"; }; ntfy = { finalImageName = "binwiederhier/ntfy"; finalImageTag = "v2.11.0"; imageDigest = "sha256:4a7d0f0adc6d5d9fc36e64ab55ef676e76e124a2bdd50ce115b6d9c1c7430294"; imageName = "binwiederhier/ntfy"; sha256 = "0sqgs5bkgx35wbga95sf3n863lpmwxv84kiic1r8zaibbg54f8b3"; }; paperless = { finalImageName = "ghcr.io/paperless-ngx/paperless-ngx"; finalImageTag = "2.11.6"; imageDigest = "sha256:fca12ddea5509819dd0702cf128944aa23d01dd850a2536a96c2b46fb982b9bb"; imageName = "ghcr.io/paperless-ngx/paperless-ngx"; sha256 = "12myq5liyjgvd9rpz997wwv7gxj8rgsckrsn53gszrr3mh8gp5b6"; }; pihole = { finalImageName = "pihole/pihole"; finalImageTag = "2024.07.0"; imageDigest = "sha256:0def896a596e8d45780b6359dbf82fc8c75ef05b97e095452e67a0a4ccc95377"; imageName = "pihole/pihole"; sha256 = "16a3apailmkdv6kmkfs37y454qlnw77xflpaqxaznh359pnq3y3j"; }; postgres14 = { finalImageName = "postgres"; finalImageTag = "14"; imageDigest = "sha256:e3cc76b6d4dfc8f3547641d67053092e7c108e03ab159c00b48fa8d891e2f7b4"; imageName = "postgres"; sha256 = "0qwjsfq7h5myqfahb9fz0xs4fg1fylrjlyv6ic72hyryhanmh46f"; }; postgres15 = { finalImageName = "postgres"; finalImageTag = "15"; imageDigest = "sha256:0836104ba0de8d09e8d54e2d6a28389fbce9c0f4fe08f4aa065940452ec61c30"; imageName = "postgres"; sha256 = "04264alvi2x1pr34c3iiynlc3fqvm5q12hhkfb14wxir8imxnkqy"; }; prowlarr = { finalImageName = "lscr.io/linuxserver/prowlarr"; finalImageTag = "1.21.2"; imageDigest = "sha256:c93f075dc5afb74dc7a0a55e90974f81425a5d3c5d293022c5416431f4963ce9"; imageName = "lscr.io/linuxserver/prowlarr"; sha256 = "0ab57f7yh9c23v2m1qwk2ycj00gjfk1wjd1b92y0aycwl50dkdpv"; }; radarr = { finalImageName = "lscr.io/linuxserver/radarr"; finalImageTag = "5.9.1"; imageDigest = "sha256:b034531ff81d3e5e1f9fd70c969746040b40e6484c88981ea5d0dee732c10bc3"; imageName = "lscr.io/linuxserver/radarr"; sha256 = "037159jjgjr25w4a258hw53n194zgnlldywnsvhys3yyvcld2rzi"; }; radicale = { finalImageName = "tomsquest/docker-radicale"; finalImageTag = "3.2.2.0"; imageDigest = "sha256:af050e02c4a3f7385a09595dd2a1424db6831aa9f24404095c6d2244d1c94138"; imageName = "tomsquest/docker-radicale"; sha256 = "07mxn6iqm0fhb06dwmxdhqnw3c8yi2dm2jpb2n80dxzmvavrv0lk"; }; redis7 = { finalImageName = "docker.io/library/redis"; finalImageTag = "7"; imageDigest = "sha256:878983f8f5045b28384fc300268cec62bca3b14d5e1a448bec21f28cfcc7bf78"; imageName = "docker.io/library/redis"; sha256 = "09n5i6ps28k7529m822cd34awqpfmnlzi6djfzjd9wzx4gcvgmrh"; }; sonarr = { finalImageName = "lscr.io/linuxserver/sonarr"; finalImageTag = "4.0.8"; imageDigest = "sha256:0777b308a414000505651059a95af373ded6aba8ce5a40b50d7aad333dc912e2"; imageName = "lscr.io/linuxserver/sonarr"; sha256 = "0mdf7h85m01vw59amvgclclrq8b65aijjsbq405pdi520879bis2"; }; syncthing = { finalImageName = "lscr.io/linuxserver/syncthing"; finalImageTag = "1.27.10"; imageDigest = "sha256:d5481de808a1de5a13b814a922b1f6de5fcde64c1ca95b0a065218b56570fae3"; imageName = "lscr.io/linuxserver/syncthing"; sha256 = "08zj0s3q9r9mwnnv6nf6i157z8m6k6qrxwcvka6awg9vb507d49k"; }; } diff --git a/flake-parts/scripts/default.nix b/flake-parts/scripts/default.nix index 80d8ebd..40dd42c 100644 --- a/flake-parts/scripts/default.nix +++ b/flake-parts/scripts/default.nix @@ -1,4 +1,4 @@ -{ flake-utils, pkgs, ... }: flake-utils.lib.eachDefaultSystem (system: +{ myLib, flake-utils, pkgs, ... }: flake-utils.lib.eachDefaultSystem (system: let createScript = { name, runtimeInputs, scriptPath, extraWrapperFlags ? "", ... }: let @@ -28,21 +28,9 @@ in packages.prefetch-container-images = let - images = { - cyberchef = { - name = "mpepping/cyberchef"; - tag = "latest"; - }; - - radicale = { - name = "tomsquest/docker-radicale"; - tag = "3.2.2.0"; - }; - }; - - imagesJSON = builtins.toFile "images.json" (builtins.toJSON images); + imagesJSON = builtins.toFile "images.json" (builtins.toJSON myLib.globals.images); in - pkgs.writers.writePython3Bin "prefetch-container-images" + pkgs.writers.writePython3Bin "prefetch-container-images.py" { } '' import json import subprocess @@ -59,11 +47,13 @@ in with open(images_file_name, 'r') as file: data = json.load(file) - for image_name, image in data.items(): - name = image["name"] - tag = image["tag"] + for image_name, image_ref in data.items(): + [name, tag] = image_ref.split(":", maxsplit=1) + print(f"Prefetching image {image_ref}", file=sys.stderr) - print(f"Prefetching image {name}:{tag}", file=sys.stderr) + digest = "" + if "@" in tag: + [tag, digest] = tag.split("@", maxsplit=1) prefetch_args = [ prefetch_docker_cmd, @@ -74,6 +64,10 @@ in "--json", "--quiet" ] + + if digest: + prefetch_args.extend(["--image-digest", digest]) + result = subprocess.run(prefetch_args, check=True, capture_output=True, diff --git a/kubenix-modules/paperless.nix b/kubenix-modules/paperless.nix index 9b91d95..eaa8f47 100644 --- a/kubenix-modules/paperless.nix +++ b/kubenix-modules/paperless.nix @@ -100,7 +100,7 @@ volumes.data.persistentVolumeClaim.claimName = "redisdata"; containers.redis = { - image = myLib.globals.images.paperlessRedis; + image = myLib.globals.images.redis7; ports.redis.containerPort = 6379; imagePullPolicy = "IfNotPresent"; @@ -141,7 +141,7 @@ spec = { containers.postgres = { - image = myLib.globals.images.paperlessPostgres; + image = myLib.globals.images.postgres15; ports.postgres.containerPort = 5432; imagePullPolicy = "IfNotPresent"; diff --git a/my-lib/default.nix b/my-lib/default.nix index 37e3eeb..766186b 100644 --- a/my-lib/default.nix +++ b/my-lib/default.nix @@ -1,4 +1,6 @@ -lib: { +lib: rec { net = import ./net.nix lib; globals = import ./globals.nix; + + imagePath = name: "nix:0${globals.imageDir}/${name}.tar"; } diff --git a/my-lib/globals.nix b/my-lib/globals.nix index a5a9808..851798c 100644 --- a/my-lib/globals.nix +++ b/my-lib/globals.nix @@ -26,6 +26,8 @@ immichIPv4 = "192.168.30.147"; nextcloudIPv4 = "192.168.30.148"; + imageDir = "/var/docker_images"; + images = { jellyfin = "jellyfin/jellyfin:10.9.9"; deluge = "linuxserver/deluge:2.1.1"; @@ -35,32 +37,29 @@ sonarr = "lscr.io/linuxserver/sonarr:4.0.8"; bazarr = "lscr.io/linuxserver/bazarr:1.4.3"; atuin = "ghcr.io/atuinsh/atuin:18.3.0"; - atuinPostgres = "postgres:14"; - kms = "teddysun/kms"; + postgres14 = "postgres:14"; + kms = "teddysun/kms:latest"; paperless = "ghcr.io/paperless-ngx/paperless-ngx:2.11.6"; - paperlessRedis = "docker.io/library/redis:7"; - paperlessPostgres = "postgres:15"; + redis7 = "docker.io/library/redis:7"; nextcloud = "nextcloud:29.0.5"; - nextcloudPostgres = "postgres:15"; + postgres15 = "postgres:15"; inbucket = "inbucket/inbucket:edge"; syncthing = "lscr.io/linuxserver/syncthing:1.27.10"; - radicale = "nix:0/var/docker_images/radicale.tar"; + radicale = "tomsquest/docker-radicale:3.2.2.0"; ntfy = "binwiederhier/ntfy:v2.11.0"; forgejo = "codeberg.org/forgejo/forgejo:8.0.1"; pihole = "pihole/pihole:2024.07.0"; immich = "ghcr.io/immich-app/immich-server:v1.112.1"; - immichML = "ghcr.io/immich-app/immich-machine-learning:v1.112.1"; - immichRedis = "docker.io/redis:6.2-alpine@sha256:e3b17ba9479deec4b7d1eeec1548a253acc5374d68d3b27937fcfe4df8d18c7e"; - immichPostgres = "docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0"; + immich-machine-learning = "ghcr.io/immich-app/immich-machine-learning:v1.112.1"; + immich-redis = "docker.io/redis:6.2-alpine@sha256:e3b17ba9479deec4b7d1eeec1548a253acc5374d68d3b27937fcfe4df8d18c7e"; + immich-postgres = "docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0"; kitchenowl = "tombursch/kitchenowl:v0.5.2"; - cyberchef = "nix:0/var/docker_images/cyberchef.tar"; + cyberchef = "mpepping/cyberchef:latest"; freshrss = "freshrss/freshrss:1.24.2"; bind9 = "ubuntu/bind9:9.18-22.04_beta"; dnsmasq = "dockurr/dnsmasq:2.90"; attic = "git.kun.is/home/atticd:fd910d91c2143295e959d2c903e9ea25cf94ba27"; - atticPostgres = "postgres:15"; hedgedoc = "quay.io/hedgedoc/hedgedoc:1.9.9"; - hedgedocPostgres = "postgres:15"; - minecraft = "itzg/minecraft-server"; + minecraft = "itzg/minecraft-server:latest"; }; } diff --git a/nixos-modules/k3s/default.nix b/nixos-modules/k3s/default.nix index 52def8c..773fb98 100644 --- a/nixos-modules/k3s/default.nix +++ b/nixos-modules/k3s/default.nix @@ -1,4 +1,4 @@ -{ self, inputs, pkgs, lib, config, ... }: +{ self, myLib, inputs, pkgs, lib, config, ... }: let cfg = config.lab.k3s; in @@ -167,12 +167,11 @@ in docker-images.text = let - imageLinkDir = "/var/docker_images"; imageDefs = import "${self}/container-images.nix"; setupCommands = [ - "rm -rf ${imageLinkDir}" - "mkdir -p ${imageLinkDir}" + "rm -rf ${myLib.globals.imageDir}" + "mkdir -p ${myLib.globals.imageDir}" ]; getDockerImageConfig = dockerImage: @@ -196,12 +195,15 @@ in fromImage = dockerImage; config = getDockerImageConfig dockerImage; }; - imageLinkPath = "${imageLinkDir}/${name}.tar"; + imageLinkPath = "${myLib.globals.imageDir}/${name}.tar"; in "ln -sf ${nixSnapshotterImage} ${imageLinkPath}"; linkCommandList = lib.attrsets.mapAttrsToList imageDefToLinkCommand imageDefs; - commandList = setupCommands ++ linkCommandList; + # TODO: Creating Docker images like this seems to *explode* in size. + # Doing this for every image we currently have is infeasible. + # I should investigate why the size increases like that. + commandList = setupCommands; # ++ linkCommandList; in builtins.concatStringsSep "\n" commandList; };