diff --git a/container-images.nix b/container-images.nix deleted file mode 100644 index 037defa..0000000 --- a/container-images.nix +++ /dev/null @@ -1,2 +0,0 @@ -{ cyberchef = { cyberchef = { finalImageName = "mpepping/cyberchef"; finalImageTag = "latest"; imageDigest = "sha256:5044c72dd8070fb6e0595e720fc4440bf6168493b2433db06a1c966406398ba2"; imageName = "mpepping/cyberchef"; sha256 = "177yjfbz0ijc8lfqfr50fhqqmjk72373c0igyrxv3wwg0pyrgpv4"; }; }; } - diff --git a/container-images/image-definitions.nix b/container-images/image-definitions.nix new file mode 100644 index 0000000..d9faf29 --- /dev/null +++ b/container-images/image-definitions.nix @@ -0,0 +1,2 @@ +{ cyberchef = { cyberchef = { finalImageName = "mpepping/cyberchef"; finalImageTag = "v10.18.9"; imageDigest = "sha256:4b06936cbeff92cfebf86fdcfbb4bad7807d6a5f99b8affa114bd84f81461fe3"; imageName = "mpepping/cyberchef"; sha256 = "019wr9vrpjg6kq4sqkf9d9xr5w86hn4d93pkk57sliqwyjjn13x8"; }; }; inbucket = { inbucket = { finalImageName = "inbucket/inbucket"; finalImageTag = "edge"; imageDigest = "sha256:e39238af6ac485c406ead9cf411ca7d6bad5dd6e1bca2a02af87273db5f53c8e"; imageName = "inbucket/inbucket"; sha256 = "1z9gywpr3i5048k39dflqlp9k6227b7kdipwk790x711iga2jqpk"; }; }; } + diff --git a/container-images/pulled-images.nix b/container-images/pulled-images.nix new file mode 100644 index 0000000..8e8d40c --- /dev/null +++ b/container-images/pulled-images.nix @@ -0,0 +1,13 @@ +pkgs: lib: +let + imageDefs = import ./image-definitions.nix; +in +lib.attrsets.mapAttrs + (projectName: project: + lib.attrsets.mapAttrs + (imageName: imageDef: + pkgs.dockerTools.pullImage imageDef + ) + project + ) + imageDefs diff --git a/flake-parts/kubenix.nix b/flake-parts/kubenix.nix index d3774a3..33c90ed 100644 --- a/flake-parts/kubenix.nix +++ b/flake-parts/kubenix.nix @@ -1,9 +1,11 @@ -{ self, machines, dns, myLib, flake-utils, kubenix, nixhelm, blog-pim, ... }: flake-utils.lib.eachDefaultSystem +{ self, nixpkgs, machines, dns, myLib, flake-utils, kubenix, nixhelm, blog-pim, ... }: flake-utils.lib.eachDefaultSystem (system: let + pkgs = nixpkgs.legacyPackages.${system}; + pulledImages = (import "${self}/container-images/pulled-images.nix") pkgs pkgs.lib; mkKubenixPackage = module: kubenix.packages.${system}.default.override { - specialArgs = { inherit myLib kubenix nixhelm system dns blog-pim machines; }; + specialArgs = { inherit myLib kubenix nixhelm system dns blog-pim machines pulledImages; }; module = { imports = [ module ]; }; }; in diff --git a/flake-parts/scripts/default.nix b/flake-parts/scripts/default.nix index 451e575..2e4aa4d 100644 --- a/flake-parts/scripts/default.nix +++ b/flake-parts/scripts/default.nix @@ -32,7 +32,14 @@ in cyberchef = { cyberchef = { image-name = "mpepping/cyberchef"; - image-tag = "latest"; + image-tag = "v10.18.9"; + }; + }; + + inbucket = { + inbucket = { + image-name = "inbucket/inbucket"; + image-tag = "edge"; }; }; }; diff --git a/kubenix-modules/all.nix b/kubenix-modules/all.nix index fe91bc5..eb470c4 100644 --- a/kubenix-modules/all.nix +++ b/kubenix-modules/all.nix @@ -24,26 +24,6 @@ let ]; in { - kubernetes.resources.pods.testje.spec = { - containers.redis = { - image = "nix:0/nix/store/5nmh9qawhbwinzxidafjlfw68wfkh0pj-nix-image-redis.tar"; - args = [ "--protected-mode" "no" ]; - - ports = [{ - name = "redis"; - containerPort = 6379; - }]; - }; - - affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms = [{ - matchExpressions = [{ - key = "kubernetes.io/hostname"; - operator = "In"; - values = [ "atlas" ]; - }]; - }]; - }; - imports = [ ./base.nix ./longhorn.nix diff --git a/kubenix-modules/cyberchef.nix b/kubenix-modules/cyberchef.nix index 19c2578..6691687 100644 --- a/kubenix-modules/cyberchef.nix +++ b/kubenix-modules/cyberchef.nix @@ -1,4 +1,4 @@ -{ +{ pulledImages, ... }: { kubernetes.resources = { deployments.cyberchef.spec = { replicas = 3; @@ -8,7 +8,7 @@ metadata.labels.app = "cyberchef"; spec.containers.cyberchef = { - image = "mpepping/cyberchef"; + image = "mpepping/cyberchef:latest"; ports.web.containerPort = 8000; }; }; diff --git a/kubenix-modules/inbucket.nix b/kubenix-modules/inbucket.nix index ba4edbd..83d2987 100644 --- a/kubenix-modules/inbucket.nix +++ b/kubenix-modules/inbucket.nix @@ -1,4 +1,4 @@ -{ lib, myLib, ... }: { +{ pulledImages, myLib, ... }: { kubernetes.resources = { deployments.inbucket = { metadata.labels.app = "inbucket"; diff --git a/nixos-modules/k3s/default.nix b/nixos-modules/k3s/default.nix index 4c902d9..6800efb 100644 --- a/nixos-modules/k3s/default.nix +++ b/nixos-modules/k3s/default.nix @@ -1,4 +1,4 @@ -{ inputs, pkgs, lib, config, ... }: +{ self, inputs, pkgs, lib, config, ... }: let cfg = config.lab.k3s; @@ -167,9 +167,30 @@ in cp -f ${./k3s-ca/etcd/server-ca.crt} /var/lib/rancher/k3s/server/tls/etcd/server-ca.crt ''; - nix-snapshotter-image = '' - ln -sf ${image} /root/image.tar - ''; + docker-images = + let + pulledImages = (import "${self}/container-images/pulled-images.nix") pkgs lib; + basePath = "/var/docker_images"; + linesForImage = projectName: imageName: pulledImage: + let + projectPath = "${basePath}/${projectName}"; + in + '' + mkdir -p ${projectPath} + ln -sf ${pulledImage} ${projectPath}/${imageName}.tar + ''; + linesForProject = projectName: project: + let + lines = lib.attrsets.mapAttrsToList (linesForImage projectName) project; + in + builtins.concatStringsSep "\n" lines; + generateLines = projects: + let + lines = lib.attrsets.mapAttrsToList linesForProject projects; + in + builtins.concatStringsSep "\n" lines; + in + generateLines pulledImages; }; };