Demo running directly a service from the nix store

This commit is contained in:
Alex 2022-11-15 23:13:55 +01:00
parent 13fac2b446
commit 2cd4bf1ee7
Signed by untrusted user: lx
GPG key ID: 0E496D15096376BE
3 changed files with 79 additions and 30 deletions

View file

@ -1,35 +1,66 @@
job "dummy-nginx" { job "dummy-nginx" {
datacenters = ["neptune"] datacenters = ["neptune"]
type = "service" type = "service"
group "nginx" { group "nginx" {
count = 1 count = 1
network { volume "nix-store" {
port "http" { type = "host"
to = 80 source = "nix-store"
} read_only = true
} }
volume "nix-current-system-bin" {
type = "host"
source = "nix-current-system-bin"
read_only = true
}
task "nginx" { network {
driver = "docker" port "http" {
config { to = 8080
image = "nginx" }
ports = [ "http" ] }
}
}
service { task "not-actually-nginx" {
port = "http" driver = "exec"
tags = [ config {
"tricot home.adnab.me 100", command = "env"
] args = [
check { "/run/current-system/sw/bin/nix-shell",
type = "http" "--run", "python3 -m http.server 8080"
path = "/" ]
interval = "10s" }
timeout = "2s" env = {
} NIX_PATH = "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos"
} }
}
volume_mount {
volume = "nix-store"
destination = "/nix"
}
volume_mount {
volume = "nix-current-system-bin"
destination = "/run/current-system/sw/bin"
}
template {
data = file("shell.nix")
destination = "shell.nix"
}
}
service {
port = "http"
tags = [
"tricot home.adnab.me 100",
]
check {
type = "http"
path = "/"
interval = "10s"
timeout = "2s"
}
}
}
} }

View file

@ -0,0 +1,5 @@
{ pkgs ? import <nixpkgs> {} }:
pkgs.mkShell {
# nativeBuildInputs is usually what you want -- tools you need to run
nativeBuildInputs = [ pkgs.python3 ];
}

View file

@ -21,4 +21,17 @@
deuxfleurs.cluster_ip = "10.14.1.1"; deuxfleurs.cluster_ip = "10.14.1.1";
deuxfleurs.is_raft_server = true; deuxfleurs.is_raft_server = true;
# experimental: nomad as root, to enable exec driver
services.nomad.dropPrivileges = false;
services.nomad.settings.client.host_volume = {
"nix-store" = {
path = "/nix";
read_only = true;
};
"nix-current-system-bin" = {
path = "/run/current-system/sw/bin";
read_only = true;
};
};
} }