home/nixos-servers
home/nixos-servers
2
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

Add experimental nix-snapshotter stuff

Browse source
This commit is contained in:
Pim Kunis 2024-07-12 10:08:35 +02:00
parent 211caada8a
commit c89209f1df
9 changed files with 55 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
container-images.nix
View file

@ -1,2 +0,0 @@
{ cyberchef = { cyberchef = { finalImageName = "mpepping/cyberchef"; finalImageTag = "latest"; imageDigest = "sha256:5044c72dd8070fb6e0595e720fc4440bf6168493b2433db06a1c966406398ba2"; imageName = "mpepping/cyberchef"; sha256 = "177yjfbz0ijc8lfqfr50fhqqmjk72373c0igyrxv3wwg0pyrgpv4"; }; }; }

2
container-images/image-definitions.nix Normal file
View file

@ -0,0 +1,2 @@
{ cyberchef = { cyberchef = { finalImageName = "mpepping/cyberchef"; finalImageTag = "v10.18.9"; imageDigest = "sha256:4b06936cbeff92cfebf86fdcfbb4bad7807d6a5f99b8affa114bd84f81461fe3"; imageName = "mpepping/cyberchef"; sha256 = "019wr9vrpjg6kq4sqkf9d9xr5w86hn4d93pkk57sliqwyjjn13x8"; }; }; inbucket = { inbucket = { finalImageName = "inbucket/inbucket"; finalImageTag = "edge"; imageDigest = "sha256:e39238af6ac485c406ead9cf411ca7d6bad5dd6e1bca2a02af87273db5f53c8e"; imageName = "inbucket/inbucket"; sha256 = "1z9gywpr3i5048k39dflqlp9k6227b7kdipwk790x711iga2jqpk"; }; }; }

13
container-images/pulled-images.nix Normal file
View file

@ -0,0 +1,13 @@
pkgs: lib:
let
imageDefs = import ./image-definitions.nix;
in
lib.attrsets.mapAttrs
(projectName: project:
lib.attrsets.mapAttrs
(imageName: imageDef:
pkgs.dockerTools.pullImage imageDef
)
project
)
imageDefs

6
flake-parts/kubenix.nix
View file

@ -1,9 +1,11 @@
{ self, machines, dns, myLib, flake-utils, kubenix, nixhelm, blog-pim, ... }: flake-utils.lib.eachDefaultSystem { self, nixpkgs, machines, dns, myLib, flake-utils, kubenix, nixhelm, blog-pim, ... }: flake-utils.lib.eachDefaultSystem
(system: (system:
let let
pkgs = nixpkgs.legacyPackages.${system};
pulledImages = (import "${self}/container-images/pulled-images.nix") pkgs pkgs.lib;
mkKubenixPackage = module: kubenix.packages.${system}.default.override mkKubenixPackage = module: kubenix.packages.${system}.default.override
{ {
specialArgs = { inherit myLib kubenix nixhelm system dns blog-pim machines; }; specialArgs = { inherit myLib kubenix nixhelm system dns blog-pim machines pulledImages; };
module = { imports = [ module ]; }; module = { imports = [ module ]; };
}; };
in in

9
flake-parts/scripts/default.nix
View file

@ -32,7 +32,14 @@ in
cyberchef = { cyberchef = {
cyberchef = { cyberchef = {
image-name = "mpepping/cyberchef"; image-name = "mpepping/cyberchef";
image-tag = "latest"; image-tag = "v10.18.9";
};
};
inbucket = {
inbucket = {
image-name = "inbucket/inbucket";
image-tag = "edge";
}; };
}; };
}; };

20
kubenix-modules/all.nix
View file

@ -24,26 +24,6 @@ let
]; ];
in in
{ {
kubernetes.resources.pods.testje.spec = {
containers.redis = {
image = "nix:0/nix/store/5nmh9qawhbwinzxidafjlfw68wfkh0pj-nix-image-redis.tar";
args = [ "--protected-mode" "no" ];
ports = [{
name = "redis";
containerPort = 6379;
}];
};
affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms = [{
matchExpressions = [{
key = "kubernetes.io/hostname";
operator = "In";
values = [ "atlas" ];
}];
}];
};
imports = [ imports = [
./base.nix ./base.nix
./longhorn.nix ./longhorn.nix

4
kubenix-modules/cyberchef.nix
View file

@ -1,4 +1,4 @@
{ { pulledImages, ... }: {
kubernetes.resources = { kubernetes.resources = {
deployments.cyberchef.spec = { deployments.cyberchef.spec = {
replicas = 3; replicas = 3;
@ -8,7 +8,7 @@
metadata.labels.app = "cyberchef"; metadata.labels.app = "cyberchef";
spec.containers.cyberchef = { spec.containers.cyberchef = {
image = "mpepping/cyberchef"; image = "mpepping/cyberchef:latest";
ports.web.containerPort = 8000; ports.web.containerPort = 8000;
}; };
}; };

2
kubenix-modules/inbucket.nix
View file

@ -1,4 +1,4 @@
{ lib, myLib, ... }: { { pulledImages, myLib, ... }: {
kubernetes.resources = { kubernetes.resources = {
deployments.inbucket = { deployments.inbucket = {
metadata.labels.app = "inbucket"; metadata.labels.app = "inbucket";

29
nixos-modules/k3s/default.nix
View file

@ -1,4 +1,4 @@
{ inputs, pkgs, lib, config, ... }: { self, inputs, pkgs, lib, config, ... }:
let let
cfg = config.lab.k3s; cfg = config.lab.k3s;
@ -167,9 +167,30 @@ in
cp -f ${./k3s-ca/etcd/server-ca.crt} /var/lib/rancher/k3s/server/tls/etcd/server-ca.crt cp -f ${./k3s-ca/etcd/server-ca.crt} /var/lib/rancher/k3s/server/tls/etcd/server-ca.crt
''; '';
nix-snapshotter-image = '' docker-images =
ln -sf ${image} /root/image.tar let
''; pulledImages = (import "${self}/container-images/pulled-images.nix") pkgs lib;
basePath = "/var/docker_images";
linesForImage = projectName: imageName: pulledImage:
let
projectPath = "${basePath}/${projectName}";
in
''
mkdir -p ${projectPath}
ln -sf ${pulledImage} ${projectPath}/${imageName}.tar
'';
linesForProject = projectName: project:
let
lines = lib.attrsets.mapAttrsToList (linesForImage projectName) project;
in
builtins.concatStringsSep "\n" lines;
generateLines = projects:
let
lines = lib.attrsets.mapAttrsToList linesForProject projects;
in
builtins.concatStringsSep "\n" lines;
in
generateLines pulledImages;
}; };
}; };