Demo running directly a service from the nix store

This commit is contained in:
Alex 2022-11-15 23:13:55 +01:00
parent 13fac2b446
commit 2cd4bf1ee7
Signed by untrusted user: lx
GPG key ID: 0E496D15096376BE
3 changed files with 79 additions and 30 deletions

View file

@ -5,17 +5,48 @@ job "dummy-nginx" {
group "nginx" { group "nginx" {
count = 1 count = 1
volume "nix-store" {
type = "host"
source = "nix-store"
read_only = true
}
volume "nix-current-system-bin" {
type = "host"
source = "nix-current-system-bin"
read_only = true
}
network { network {
port "http" { port "http" {
to = 80 to = 8080
} }
} }
task "nginx" { task "not-actually-nginx" {
driver = "docker" driver = "exec"
config { config {
image = "nginx" command = "env"
ports = [ "http" ] args = [
"/run/current-system/sw/bin/nix-shell",
"--run", "python3 -m http.server 8080"
]
}
env = {
NIX_PATH = "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos"
}
volume_mount {
volume = "nix-store"
destination = "/nix"
}
volume_mount {
volume = "nix-current-system-bin"
destination = "/run/current-system/sw/bin"
}
template {
data = file("shell.nix")
destination = "shell.nix"
} }
} }

View file

@ -0,0 +1,5 @@
{ pkgs ? import <nixpkgs> {} }:
pkgs.mkShell {
# nativeBuildInputs is usually what you want -- tools you need to run
nativeBuildInputs = [ pkgs.python3 ];
}

View file

@ -21,4 +21,17 @@
deuxfleurs.cluster_ip = "10.14.1.1"; deuxfleurs.cluster_ip = "10.14.1.1";
deuxfleurs.is_raft_server = true; deuxfleurs.is_raft_server = true;
# experimental: nomad as root, to enable exec driver
services.nomad.dropPrivileges = false;
services.nomad.settings.client.host_volume = {
"nix-store" = {
path = "/nix";
read_only = true;
};
"nix-current-system-bin" = {
path = "/run/current-system/sw/bin";
read_only = true;
};
};
} }