Remove code to prefetch Docker images
This commit is contained in:
parent
eb90e5d1bd
commit
553992ec2f
3 changed files with 2 additions and 113 deletions
File diff suppressed because one or more lines are too long
|
|
@ -1,4 +1,4 @@
|
||||||
{ self, inputs, pkgs, lib, config, globals, ... }:
|
{ self, inputs, pkgs, lib, config, ... }:
|
||||||
let
|
let
|
||||||
cfg = config.lab.k3s;
|
cfg = config.lab.k3s;
|
||||||
in
|
in
|
||||||
|
|
@ -191,48 +191,6 @@ in
|
||||||
'';
|
'';
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
|
|
||||||
docker-images.text =
|
|
||||||
let
|
|
||||||
imageDefs = import "${self}/container-images.nix";
|
|
||||||
|
|
||||||
setupCommands = [
|
|
||||||
"rm -rf ${self.globals.imageDir}"
|
|
||||||
"mkdir -p ${self.globals.imageDir}"
|
|
||||||
];
|
|
||||||
|
|
||||||
getDockerImageConfig = dockerImage:
|
|
||||||
let
|
|
||||||
configJson = pkgs.runCommand "config.json"
|
|
||||||
{
|
|
||||||
nativeBuildInputs = [ pkgs.skopeo pkgs.jq ];
|
|
||||||
}
|
|
||||||
''
|
|
||||||
skopeo --tmpdir $TMPDIR --insecure-policy inspect docker-archive:${dockerImage} --config | jq '.config' > $out
|
|
||||||
'';
|
|
||||||
in
|
|
||||||
builtins.fromJSON (builtins.readFile configJson);
|
|
||||||
|
|
||||||
imageDefToLinkCommand = name: imageDef:
|
|
||||||
let
|
|
||||||
dockerImage = pkgs.dockerTools.pullImage imageDef;
|
|
||||||
nixSnapshotterImage = pkgs.nix-snapshotter.buildImage {
|
|
||||||
inherit name;
|
|
||||||
resolvedByNix = true;
|
|
||||||
fromImage = dockerImage;
|
|
||||||
config = getDockerImageConfig dockerImage;
|
|
||||||
};
|
|
||||||
imageLinkPath = "${self.globals.imageDir}/${name}.tar";
|
|
||||||
in
|
|
||||||
"ln -sf ${nixSnapshotterImage} ${imageLinkPath}";
|
|
||||||
|
|
||||||
linkCommandList = lib.attrsets.mapAttrsToList imageDefToLinkCommand imageDefs;
|
|
||||||
# TODO: Creating Docker images like this seems to *explode* in size.
|
|
||||||
# Doing this for every image we currently have is infeasible.
|
|
||||||
# I should investigate why the size increases like that.
|
|
||||||
commandList = setupCommands; # ++ linkCommandList;
|
|
||||||
in
|
|
||||||
builtins.concatStringsSep "\n" commandList;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
sops.secrets =
|
sops.secrets =
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
{ self, nixpkgs, flake-utils, ... }: flake-utils.lib.eachDefaultSystem (system:
|
{ nixpkgs, flake-utils, ... }: flake-utils.lib.eachDefaultSystem (system:
|
||||||
let
|
let
|
||||||
pkgs = nixpkgs.legacyPackages.${system};
|
pkgs = nixpkgs.legacyPackages.${system};
|
||||||
createScript = { name, runtimeInputs, scriptPath, extraWrapperFlags ? "", ... }:
|
createScript = { name, runtimeInputs, scriptPath, extraWrapperFlags ? "", ... }:
|
||||||
|
|
@ -20,72 +20,4 @@ in
|
||||||
runtimeInputs = with pkgs; [ sops coreutils nixos-anywhere ];
|
runtimeInputs = with pkgs; [ sops coreutils nixos-anywhere ];
|
||||||
scriptPath = ./bootstrap.sh;
|
scriptPath = ./bootstrap.sh;
|
||||||
};
|
};
|
||||||
|
|
||||||
packages.prefetch-container-images =
|
|
||||||
let
|
|
||||||
imagesJSON = builtins.toFile "images.json" (builtins.toJSON self.globals.images);
|
|
||||||
in
|
|
||||||
pkgs.writers.writePython3Bin "prefetch-container-images.py"
|
|
||||||
{ } ''
|
|
||||||
import json
|
|
||||||
import subprocess
|
|
||||||
import tempfile
|
|
||||||
import sys
|
|
||||||
from collections import defaultdict
|
|
||||||
|
|
||||||
prefetch_docker_cmd = "${pkgs.lib.getExe pkgs.nix-prefetch-docker}" # noqa: E501
|
|
||||||
nix_cmd = "${pkgs.lib.getExe pkgs.nix}" # noqa: E501
|
|
||||||
images_file_name = "${imagesJSON}"
|
|
||||||
|
|
||||||
results = defaultdict(lambda: defaultdict(dict))
|
|
||||||
|
|
||||||
with open(images_file_name, 'r') as file:
|
|
||||||
data = json.load(file)
|
|
||||||
|
|
||||||
for image_name, image_ref in data.items():
|
|
||||||
[name, tag] = image_ref.split(":", maxsplit=1)
|
|
||||||
print(f"Prefetching image {image_ref}", file=sys.stderr)
|
|
||||||
|
|
||||||
digest = ""
|
|
||||||
if "@" in tag:
|
|
||||||
[tag, digest] = tag.split("@", maxsplit=1)
|
|
||||||
|
|
||||||
prefetch_args = [
|
|
||||||
prefetch_docker_cmd,
|
|
||||||
"--os", "linux",
|
|
||||||
"--arch", "amd64",
|
|
||||||
"--image-name", name,
|
|
||||||
"--image-tag", tag,
|
|
||||||
"--json",
|
|
||||||
"--quiet"
|
|
||||||
]
|
|
||||||
|
|
||||||
if digest:
|
|
||||||
prefetch_args.extend(["--image-digest", digest])
|
|
||||||
|
|
||||||
result = subprocess.run(prefetch_args,
|
|
||||||
check=True,
|
|
||||||
capture_output=True,
|
|
||||||
text=True)
|
|
||||||
|
|
||||||
prefetch_data = json.loads(result.stdout)
|
|
||||||
results[image_name] = prefetch_data
|
|
||||||
|
|
||||||
with tempfile.NamedTemporaryFile(mode='w+', suffix='.json') as temp_file:
|
|
||||||
json.dump(results, temp_file, indent=4)
|
|
||||||
temp_file.flush()
|
|
||||||
|
|
||||||
to_nix_args = [
|
|
||||||
nix_cmd,
|
|
||||||
"eval",
|
|
||||||
"--impure",
|
|
||||||
"--expr", f'builtins.fromJSON (builtins.readFile {temp_file.name})'
|
|
||||||
]
|
|
||||||
result = subprocess.run(to_nix_args,
|
|
||||||
check=True,
|
|
||||||
capture_output=True,
|
|
||||||
text=True)
|
|
||||||
|
|
||||||
print(result.stdout)
|
|
||||||
'';
|
|
||||||
})
|
})
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue