Add experimental nix-snapshotter stuff
This commit is contained in:
parent
211caada8a
commit
c89209f1df
9 changed files with 55 additions and 32 deletions
|
@ -1,2 +0,0 @@
|
||||||
{ cyberchef = { cyberchef = { finalImageName = "mpepping/cyberchef"; finalImageTag = "latest"; imageDigest = "sha256:5044c72dd8070fb6e0595e720fc4440bf6168493b2433db06a1c966406398ba2"; imageName = "mpepping/cyberchef"; sha256 = "177yjfbz0ijc8lfqfr50fhqqmjk72373c0igyrxv3wwg0pyrgpv4"; }; }; }
|
|
||||||
|
|
2
container-images/image-definitions.nix
Normal file
2
container-images/image-definitions.nix
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
{ cyberchef = { cyberchef = { finalImageName = "mpepping/cyberchef"; finalImageTag = "v10.18.9"; imageDigest = "sha256:4b06936cbeff92cfebf86fdcfbb4bad7807d6a5f99b8affa114bd84f81461fe3"; imageName = "mpepping/cyberchef"; sha256 = "019wr9vrpjg6kq4sqkf9d9xr5w86hn4d93pkk57sliqwyjjn13x8"; }; }; inbucket = { inbucket = { finalImageName = "inbucket/inbucket"; finalImageTag = "edge"; imageDigest = "sha256:e39238af6ac485c406ead9cf411ca7d6bad5dd6e1bca2a02af87273db5f53c8e"; imageName = "inbucket/inbucket"; sha256 = "1z9gywpr3i5048k39dflqlp9k6227b7kdipwk790x711iga2jqpk"; }; }; }
|
||||||
|
|
13
container-images/pulled-images.nix
Normal file
13
container-images/pulled-images.nix
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
pkgs: lib:
|
||||||
|
let
|
||||||
|
imageDefs = import ./image-definitions.nix;
|
||||||
|
in
|
||||||
|
lib.attrsets.mapAttrs
|
||||||
|
(projectName: project:
|
||||||
|
lib.attrsets.mapAttrs
|
||||||
|
(imageName: imageDef:
|
||||||
|
pkgs.dockerTools.pullImage imageDef
|
||||||
|
)
|
||||||
|
project
|
||||||
|
)
|
||||||
|
imageDefs
|
|
@ -1,9 +1,11 @@
|
||||||
{ self, machines, dns, myLib, flake-utils, kubenix, nixhelm, blog-pim, ... }: flake-utils.lib.eachDefaultSystem
|
{ self, nixpkgs, machines, dns, myLib, flake-utils, kubenix, nixhelm, blog-pim, ... }: flake-utils.lib.eachDefaultSystem
|
||||||
(system:
|
(system:
|
||||||
let
|
let
|
||||||
|
pkgs = nixpkgs.legacyPackages.${system};
|
||||||
|
pulledImages = (import "${self}/container-images/pulled-images.nix") pkgs pkgs.lib;
|
||||||
mkKubenixPackage = module: kubenix.packages.${system}.default.override
|
mkKubenixPackage = module: kubenix.packages.${system}.default.override
|
||||||
{
|
{
|
||||||
specialArgs = { inherit myLib kubenix nixhelm system dns blog-pim machines; };
|
specialArgs = { inherit myLib kubenix nixhelm system dns blog-pim machines pulledImages; };
|
||||||
module = { imports = [ module ]; };
|
module = { imports = [ module ]; };
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
|
|
|
@ -32,7 +32,14 @@ in
|
||||||
cyberchef = {
|
cyberchef = {
|
||||||
cyberchef = {
|
cyberchef = {
|
||||||
image-name = "mpepping/cyberchef";
|
image-name = "mpepping/cyberchef";
|
||||||
image-tag = "latest";
|
image-tag = "v10.18.9";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
inbucket = {
|
||||||
|
inbucket = {
|
||||||
|
image-name = "inbucket/inbucket";
|
||||||
|
image-tag = "edge";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -24,26 +24,6 @@ let
|
||||||
];
|
];
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
kubernetes.resources.pods.testje.spec = {
|
|
||||||
containers.redis = {
|
|
||||||
image = "nix:0/nix/store/5nmh9qawhbwinzxidafjlfw68wfkh0pj-nix-image-redis.tar";
|
|
||||||
args = [ "--protected-mode" "no" ];
|
|
||||||
|
|
||||||
ports = [{
|
|
||||||
name = "redis";
|
|
||||||
containerPort = 6379;
|
|
||||||
}];
|
|
||||||
};
|
|
||||||
|
|
||||||
affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms = [{
|
|
||||||
matchExpressions = [{
|
|
||||||
key = "kubernetes.io/hostname";
|
|
||||||
operator = "In";
|
|
||||||
values = [ "atlas" ];
|
|
||||||
}];
|
|
||||||
}];
|
|
||||||
};
|
|
||||||
|
|
||||||
imports = [
|
imports = [
|
||||||
./base.nix
|
./base.nix
|
||||||
./longhorn.nix
|
./longhorn.nix
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{
|
{ pulledImages, ... }: {
|
||||||
kubernetes.resources = {
|
kubernetes.resources = {
|
||||||
deployments.cyberchef.spec = {
|
deployments.cyberchef.spec = {
|
||||||
replicas = 3;
|
replicas = 3;
|
||||||
|
@ -8,7 +8,7 @@
|
||||||
metadata.labels.app = "cyberchef";
|
metadata.labels.app = "cyberchef";
|
||||||
|
|
||||||
spec.containers.cyberchef = {
|
spec.containers.cyberchef = {
|
||||||
image = "mpepping/cyberchef";
|
image = "mpepping/cyberchef:latest";
|
||||||
ports.web.containerPort = 8000;
|
ports.web.containerPort = 8000;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ lib, myLib, ... }: {
|
{ pulledImages, myLib, ... }: {
|
||||||
kubernetes.resources = {
|
kubernetes.resources = {
|
||||||
deployments.inbucket = {
|
deployments.inbucket = {
|
||||||
metadata.labels.app = "inbucket";
|
metadata.labels.app = "inbucket";
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ inputs, pkgs, lib, config, ... }:
|
{ self, inputs, pkgs, lib, config, ... }:
|
||||||
let
|
let
|
||||||
cfg = config.lab.k3s;
|
cfg = config.lab.k3s;
|
||||||
|
|
||||||
|
@ -167,9 +167,30 @@ in
|
||||||
cp -f ${./k3s-ca/etcd/server-ca.crt} /var/lib/rancher/k3s/server/tls/etcd/server-ca.crt
|
cp -f ${./k3s-ca/etcd/server-ca.crt} /var/lib/rancher/k3s/server/tls/etcd/server-ca.crt
|
||||||
'';
|
'';
|
||||||
|
|
||||||
nix-snapshotter-image = ''
|
docker-images =
|
||||||
ln -sf ${image} /root/image.tar
|
let
|
||||||
|
pulledImages = (import "${self}/container-images/pulled-images.nix") pkgs lib;
|
||||||
|
basePath = "/var/docker_images";
|
||||||
|
linesForImage = projectName: imageName: pulledImage:
|
||||||
|
let
|
||||||
|
projectPath = "${basePath}/${projectName}";
|
||||||
|
in
|
||||||
|
''
|
||||||
|
mkdir -p ${projectPath}
|
||||||
|
ln -sf ${pulledImage} ${projectPath}/${imageName}.tar
|
||||||
'';
|
'';
|
||||||
|
linesForProject = projectName: project:
|
||||||
|
let
|
||||||
|
lines = lib.attrsets.mapAttrsToList (linesForImage projectName) project;
|
||||||
|
in
|
||||||
|
builtins.concatStringsSep "\n" lines;
|
||||||
|
generateLines = projects:
|
||||||
|
let
|
||||||
|
lines = lib.attrsets.mapAttrsToList linesForProject projects;
|
||||||
|
in
|
||||||
|
builtins.concatStringsSep "\n" lines;
|
||||||
|
in
|
||||||
|
generateLines pulledImages;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue