home/nixos-servers
home/nixos-servers
2
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

Remove code to prefetch Docker images

Browse source
This commit is contained in:
Pim Kunis 2024-09-22 20:40:54 +02:00
parent eb90e5d1bd
commit 553992ec2f
3 changed files with 2 additions and 113 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
container-images.nix
View file

File diff suppressed because one or more lines are too long

44
modules/k3s/default.nix
View file

@ -1,4 +1,4 @@
{ self, inputs, pkgs, lib, config, globals, ... }:
{ self, inputs, pkgs, lib, config, ... }:
let
cfg = config.lab.k3s;
in
@ -191,48 +191,6 @@ in
'';
}
);
docker-images.text =
let
imageDefs = import "${self}/container-images.nix";
setupCommands = [
"rm -rf ${self.globals.imageDir}"
"mkdir -p ${self.globals.imageDir}"
];
getDockerImageConfig = dockerImage:
let
configJson = pkgs.runCommand "config.json"
{
nativeBuildInputs = [ pkgs.skopeo pkgs.jq ];
}
''
skopeo --tmpdir $TMPDIR --insecure-policy inspect docker-archive:${dockerImage} --config | jq '.config' > $out
'';
in
builtins.fromJSON (builtins.readFile configJson);
imageDefToLinkCommand = name: imageDef:
let
dockerImage = pkgs.dockerTools.pullImage imageDef;
nixSnapshotterImage = pkgs.nix-snapshotter.buildImage {
inherit name;
resolvedByNix = true;
fromImage = dockerImage;
config = getDockerImageConfig dockerImage;
};
imageLinkPath = "${self.globals.imageDir}/${name}.tar";
in
"ln -sf ${nixSnapshotterImage} ${imageLinkPath}";
linkCommandList = lib.attrsets.mapAttrsToList imageDefToLinkCommand imageDefs;
# TODO: Creating Docker images like this seems to *explode* in size.
# Doing this for every image we currently have is infeasible.
# I should investigate why the size increases like that.
commandList = setupCommands; # ++ linkCommandList;
in
builtins.concatStringsSep "\n" commandList;
};
sops.secrets =

70
scripts/default.nix
View file

@ -1,4 +1,4 @@
{ self, nixpkgs, flake-utils, ... }: flake-utils.lib.eachDefaultSystem (system:
{ nixpkgs, flake-utils, ... }: flake-utils.lib.eachDefaultSystem (system:
let
pkgs = nixpkgs.legacyPackages.${system};
createScript = { name, runtimeInputs, scriptPath, extraWrapperFlags ? "", ... }:
@ -20,72 +20,4 @@ in
runtimeInputs = with pkgs; [ sops coreutils nixos-anywhere ];
scriptPath = ./bootstrap.sh;
};
packages.prefetch-container-images =
let
imagesJSON = builtins.toFile "images.json" (builtins.toJSON self.globals.images);
in
pkgs.writers.writePython3Bin "prefetch-container-images.py"
{ } ''
import json
import subprocess
import tempfile
import sys
from collections import defaultdict
prefetch_docker_cmd = "${pkgs.lib.getExe pkgs.nix-prefetch-docker}" # noqa: E501
nix_cmd = "${pkgs.lib.getExe pkgs.nix}" # noqa: E501
images_file_name = "${imagesJSON}"
results = defaultdict(lambda: defaultdict(dict))
with open(images_file_name, 'r') as file:
data = json.load(file)
for image_name, image_ref in data.items():
[name, tag] = image_ref.split(":", maxsplit=1)
print(f"Prefetching image {image_ref}", file=sys.stderr)
digest = ""
if "@" in tag:
[tag, digest] = tag.split("@", maxsplit=1)
prefetch_args = [
prefetch_docker_cmd,
"--os", "linux",
"--arch", "amd64",
"--image-name", name,
"--image-tag", tag,
"--json",
"--quiet"
]
if digest:
prefetch_args.extend(["--image-digest", digest])
result = subprocess.run(prefetch_args,
check=True,
capture_output=True,
text=True)
prefetch_data = json.loads(result.stdout)
results[image_name] = prefetch_data
with tempfile.NamedTemporaryFile(mode='w+', suffix='.json') as temp_file:
json.dump(results, temp_file, indent=4)
temp_file.flush()
to_nix_args = [
nix_cmd,
"eval",
"--impure",
"--expr", f'builtins.fromJSON (builtins.readFile {temp_file.name})'
]
result = subprocess.run(to_nix_args,
check=True,
capture_output=True,
text=True)
print(result.stdout)
'';
})