From c89209f1df76749ac4669f5ffdbcac6fb67ecd4b Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Fri, 12 Jul 2024 10:08:35 +0200
Subject: [PATCH] Add experimental nix-snapshotter stuff
---
container-images.nix | 2 --
container-images/image-definitions.nix | 2 ++
container-images/pulled-images.nix | 13 ++++++++++++
flake-parts/kubenix.nix | 6 ++++--
flake-parts/scripts/default.nix | 9 +++++++-
kubenix-modules/all.nix | 20 ------------------
kubenix-modules/cyberchef.nix | 4 ++--
kubenix-modules/inbucket.nix | 2 +-
nixos-modules/k3s/default.nix | 29 ++++++++++++++++++++++----
9 files changed, 55 insertions(+), 32 deletions(-)
delete mode 100644 container-images.nix
create mode 100644 container-images/image-definitions.nix
create mode 100644 container-images/pulled-images.nix
diff --git a/container-images.nix b/container-images.nix
deleted file mode 100644
index 037defa..0000000
--- a/container-images.nix
+++ /dev/null
@@ -1,2 +0,0 @@
-{ cyberchef = { cyberchef = { finalImageName = "mpepping/cyberchef"; finalImageTag = "latest"; imageDigest = "sha256:5044c72dd8070fb6e0595e720fc4440bf6168493b2433db06a1c966406398ba2"; imageName = "mpepping/cyberchef"; sha256 = "177yjfbz0ijc8lfqfr50fhqqmjk72373c0igyrxv3wwg0pyrgpv4"; }; }; }
-
diff --git a/container-images/image-definitions.nix b/container-images/image-definitions.nix
new file mode 100644
index 0000000..d9faf29
--- /dev/null
+++ b/container-images/image-definitions.nix
@@ -0,0 +1,2 @@
+{ cyberchef = { cyberchef = { finalImageName = "mpepping/cyberchef"; finalImageTag = "v10.18.9"; imageDigest = "sha256:4b06936cbeff92cfebf86fdcfbb4bad7807d6a5f99b8affa114bd84f81461fe3"; imageName = "mpepping/cyberchef"; sha256 = "019wr9vrpjg6kq4sqkf9d9xr5w86hn4d93pkk57sliqwyjjn13x8"; }; }; inbucket = { inbucket = { finalImageName = "inbucket/inbucket"; finalImageTag = "edge"; imageDigest = "sha256:e39238af6ac485c406ead9cf411ca7d6bad5dd6e1bca2a02af87273db5f53c8e"; imageName = "inbucket/inbucket"; sha256 = "1z9gywpr3i5048k39dflqlp9k6227b7kdipwk790x711iga2jqpk"; }; }; }
+
diff --git a/container-images/pulled-images.nix b/container-images/pulled-images.nix
new file mode 100644
index 0000000..8e8d40c
--- /dev/null
+++ b/container-images/pulled-images.nix
@@ -0,0 +1,13 @@
+pkgs: lib:
+let
+ imageDefs = import ./image-definitions.nix;
+in
+lib.attrsets.mapAttrs
+ (projectName: project:
+ lib.attrsets.mapAttrs
+ (imageName: imageDef:
+ pkgs.dockerTools.pullImage imageDef
+ )
+ project
+ )
+ imageDefs
diff --git a/flake-parts/kubenix.nix b/flake-parts/kubenix.nix
index d3774a3..33c90ed 100644
--- a/flake-parts/kubenix.nix
+++ b/flake-parts/kubenix.nix
@@ -1,9 +1,11 @@
-{ self, machines, dns, myLib, flake-utils, kubenix, nixhelm, blog-pim, ... }: flake-utils.lib.eachDefaultSystem
+{ self, nixpkgs, machines, dns, myLib, flake-utils, kubenix, nixhelm, blog-pim, ... }: flake-utils.lib.eachDefaultSystem
(system:
let
+ pkgs = nixpkgs.legacyPackages.${system};
+ pulledImages = (import "${self}/container-images/pulled-images.nix") pkgs pkgs.lib;
mkKubenixPackage = module: kubenix.packages.${system}.default.override
{
- specialArgs = { inherit myLib kubenix nixhelm system dns blog-pim machines; };
+ specialArgs = { inherit myLib kubenix nixhelm system dns blog-pim machines pulledImages; };
module = { imports = [ module ]; };
};
in
diff --git a/flake-parts/scripts/default.nix b/flake-parts/scripts/default.nix
index 451e575..2e4aa4d 100644
--- a/flake-parts/scripts/default.nix
+++ b/flake-parts/scripts/default.nix
@@ -32,7 +32,14 @@ in
cyberchef = {
cyberchef = {
image-name = "mpepping/cyberchef";
- image-tag = "latest";
+ image-tag = "v10.18.9";
+ };
+ };
+
+ inbucket = {
+ inbucket = {
+ image-name = "inbucket/inbucket";
+ image-tag = "edge";
};
};
};
diff --git a/kubenix-modules/all.nix b/kubenix-modules/all.nix
index fe91bc5..eb470c4 100644
--- a/kubenix-modules/all.nix
+++ b/kubenix-modules/all.nix
@@ -24,26 +24,6 @@ let
];
in
{
- kubernetes.resources.pods.testje.spec = {
- containers.redis = {
- image = "nix:0/nix/store/5nmh9qawhbwinzxidafjlfw68wfkh0pj-nix-image-redis.tar";
- args = [ "--protected-mode" "no" ];
-
- ports = [{
- name = "redis";
- containerPort = 6379;
- }];
- };
-
- affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms = [{
- matchExpressions = [{
- key = "kubernetes.io/hostname";
- operator = "In";
- values = [ "atlas" ];
- }];
- }];
- };
-
imports = [
./base.nix
./longhorn.nix
diff --git a/kubenix-modules/cyberchef.nix b/kubenix-modules/cyberchef.nix
index 19c2578..6691687 100644
--- a/kubenix-modules/cyberchef.nix
+++ b/kubenix-modules/cyberchef.nix
@@ -1,4 +1,4 @@
-{
+{ pulledImages, ... }: {
kubernetes.resources = {
deployments.cyberchef.spec = {
replicas = 3;
@@ -8,7 +8,7 @@
metadata.labels.app = "cyberchef";
spec.containers.cyberchef = {
- image = "mpepping/cyberchef";
+ image = "mpepping/cyberchef:latest";
ports.web.containerPort = 8000;
};
};
diff --git a/kubenix-modules/inbucket.nix b/kubenix-modules/inbucket.nix
index ba4edbd..83d2987 100644
--- a/kubenix-modules/inbucket.nix
+++ b/kubenix-modules/inbucket.nix
@@ -1,4 +1,4 @@
-{ lib, myLib, ... }: {
+{ pulledImages, myLib, ... }: {
kubernetes.resources = {
deployments.inbucket = {
metadata.labels.app = "inbucket";
diff --git a/nixos-modules/k3s/default.nix b/nixos-modules/k3s/default.nix
index 4c902d9..6800efb 100644
--- a/nixos-modules/k3s/default.nix
+++ b/nixos-modules/k3s/default.nix
@@ -1,4 +1,4 @@
-{ inputs, pkgs, lib, config, ... }:
+{ self, inputs, pkgs, lib, config, ... }:
let
cfg = config.lab.k3s;
@@ -167,9 +167,30 @@ in
cp -f ${./k3s-ca/etcd/server-ca.crt} /var/lib/rancher/k3s/server/tls/etcd/server-ca.crt
'';
- nix-snapshotter-image = ''
- ln -sf ${image} /root/image.tar
- '';
+ docker-images =
+ let
+ pulledImages = (import "${self}/container-images/pulled-images.nix") pkgs lib;
+ basePath = "/var/docker_images";
+ linesForImage = projectName: imageName: pulledImage:
+ let
+ projectPath = "${basePath}/${projectName}";
+ in
+ ''
+ mkdir -p ${projectPath}
+ ln -sf ${pulledImage} ${projectPath}/${imageName}.tar
+ '';
+ linesForProject = projectName: project:
+ let
+ lines = lib.attrsets.mapAttrsToList (linesForImage projectName) project;
+ in
+ builtins.concatStringsSep "\n" lines;
+ generateLines = projects:
+ let
+ lines = lib.attrsets.mapAttrsToList linesForProject projects;
+ in
+ builtins.concatStringsSep "\n" lines;
+ in
+ generateLines pulledImages;
};
};