diff --git a/cluster/staging/app/dummy/deploy/dummy-nginx.hcl b/cluster/staging/app/dummy/deploy/dummy-nginx.hcl index 5f3d5f6..8e2dd43 100644 --- a/cluster/staging/app/dummy/deploy/dummy-nginx.hcl +++ b/cluster/staging/app/dummy/deploy/dummy-nginx.hcl @@ -5,17 +5,6 @@ job "dummy-nginx" { group "nginx" { count = 1 - volume "nix-store" { - type = "host" - source = "nix-store" - read_only = true - } - volume "nix-current-system-bin" { - type = "host" - source = "nix-current-system-bin" - read_only = true - } - network { port "http" { to = 8080 @@ -23,32 +12,12 @@ job "dummy-nginx" { } task "not-actually-nginx" { - driver = "exec" + driver = "nix" config { - command = "env" - args = [ - "/run/current-system/sw/bin/nix-shell", - "--run", "python3 -m http.server 8080" + packages = [ + "github:nixos/nixpkgs/nixos-21.05#python3", ] - } - env = { - NIX_PATH = "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos" - } - - volume_mount { - volume = "nix-store" - read_only = true - destination = "/nix" - } - volume_mount { - volume = "nix-current-system-bin" - read_only = true - destination = "/run/current-system/sw/bin" - } - - template { - data = file("shell.nix") - destination = "shell.nix" + command = [ "/bin/python3", "-m", "http.server", "8080" ] } } diff --git a/cluster/staging/node/cariacou.nix b/cluster/staging/node/cariacou.nix index 5662422..04e581d 100644 --- a/cluster/staging/node/cariacou.nix +++ b/cluster/staging/node/cariacou.nix @@ -24,14 +24,12 @@ # experimental: nomad as root, to enable exec driver services.nomad.dropPrivileges = false; - services.nomad.settings.client.host_volume = { - "nix-store" = { - path = "/nix"; - read_only = true; - }; - "nix-current-system-bin" = { - path = "/run/current-system/sw/bin"; - read_only = true; - }; - }; + services.nomad.extraPackages = [ + pkgs.nix + ]; + services.nomad.extraSettingsPlugins = + let nomad_driver_nix = import ./nomad-driver-nix.nix { inherit pkgs; }; + in [ nomad_driver_nix ]; + # the nix driver requires flakes to be enabled + nix.settings.experimental-features = [ "nix-command" "flakes" ]; } diff --git a/deploy_nixos b/deploy_nixos index c4ce678..6a9f4a6 100755 --- a/deploy_nixos +++ b/deploy_nixos @@ -3,6 +3,7 @@ copy nix/configuration.nix /etc/nixos/configuration.nix copy nix/deuxfleurs.nix /etc/nixos/deuxfleurs.nix copy nix/remote-unlock.nix /etc/nixos/remote-unlock.nix +copy nix/nomad-driver-nix.nix /etc/nixos/nomad-driver-nix.nix copy cluster/$CLUSTER/cluster.nix /etc/nixos/cluster.nix copy cluster/$CLUSTER/node/$NIXHOST.nix /etc/nixos/node.nix copy cluster/$CLUSTER/node/$NIXHOST.site.nix /etc/nixos/site.nix diff --git a/nix/nomad-driver-nix.nix b/nix/nomad-driver-nix.nix new file mode 100644 index 0000000..9d3638d --- /dev/null +++ b/nix/nomad-driver-nix.nix @@ -0,0 +1,31 @@ +{ + pkgs ? import {} +}: +pkgs.buildGoModule rec { + pname = "nomad-driver-nix"; + version = "0.1.0"; + + src = pkgs.fetchFromGitHub { + owner = "input-output-hk"; + repo = "nomad-driver-nix"; + rev = "010b09c680887d0cade86e8ac136c3a04609e04a"; + sha256 = "sha256-hET+b7XhDLSuVQwXLI2V5nYCcdvxQQj9BAG8z4ta6CE="; + }; + + vendorSha256 = "sha256-FDJpbNtcFEHnZvWip2pvUHF3BFyfcSohrr/3nk9YS24="; + + ldflags = [ + "-X github.com/input-output-hk/nomad-driver-nix/nix.pluginVersion=${version}" + ]; + + postInstall = '' + mv $out/bin/nomad-driver-nix $out/bin/nix-driver + ''; + + meta = with pkgs.lib; { + description = "Nomad driver to run Nix packages / NixOS in systemd-nspawn containers"; + homepage = "https://github.com/input-output-hk/nomad-driver-nix"; + license = licenses.mpl20; + platforms = platforms.linux; + }; +} diff --git a/result b/result new file mode 120000 index 0000000..fcf4197 --- /dev/null +++ b/result @@ -0,0 +1 @@ +/nix/store/q7a8xkk72pzdw468iv7zni4lar20vwzs-nomad-driver-nix-0.1.0 \ No newline at end of file