forked from Deuxfleurs/nixcfg
Demo running directly a service from the nix store
This commit is contained in:
parent
13fac2b446
commit
2cd4bf1ee7
3 changed files with 79 additions and 30 deletions
|
@ -5,17 +5,48 @@ job "dummy-nginx" {
|
|||
group "nginx" {
|
||||
count = 1
|
||||
|
||||
volume "nix-store" {
|
||||
type = "host"
|
||||
source = "nix-store"
|
||||
read_only = true
|
||||
}
|
||||
volume "nix-current-system-bin" {
|
||||
type = "host"
|
||||
source = "nix-current-system-bin"
|
||||
read_only = true
|
||||
}
|
||||
|
||||
network {
|
||||
port "http" {
|
||||
to = 80
|
||||
to = 8080
|
||||
}
|
||||
}
|
||||
|
||||
task "nginx" {
|
||||
driver = "docker"
|
||||
task "not-actually-nginx" {
|
||||
driver = "exec"
|
||||
config {
|
||||
image = "nginx"
|
||||
ports = [ "http" ]
|
||||
command = "env"
|
||||
args = [
|
||||
"/run/current-system/sw/bin/nix-shell",
|
||||
"--run", "python3 -m http.server 8080"
|
||||
]
|
||||
}
|
||||
env = {
|
||||
NIX_PATH = "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos"
|
||||
}
|
||||
|
||||
volume_mount {
|
||||
volume = "nix-store"
|
||||
destination = "/nix"
|
||||
}
|
||||
volume_mount {
|
||||
volume = "nix-current-system-bin"
|
||||
destination = "/run/current-system/sw/bin"
|
||||
}
|
||||
|
||||
template {
|
||||
data = file("shell.nix")
|
||||
destination = "shell.nix"
|
||||
}
|
||||
}
|
||||
|
||||
|
|
5
cluster/staging/app/dummy/deploy/shell.nix
Normal file
5
cluster/staging/app/dummy/deploy/shell.nix
Normal file
|
@ -0,0 +1,5 @@
|
|||
{ pkgs ? import <nixpkgs> {} }:
|
||||
pkgs.mkShell {
|
||||
# nativeBuildInputs is usually what you want -- tools you need to run
|
||||
nativeBuildInputs = [ pkgs.python3 ];
|
||||
}
|
|
@ -21,4 +21,17 @@
|
|||
|
||||
deuxfleurs.cluster_ip = "10.14.1.1";
|
||||
deuxfleurs.is_raft_server = true;
|
||||
|
||||
# experimental: nomad as root, to enable exec driver
|
||||
services.nomad.dropPrivileges = false;
|
||||
services.nomad.settings.client.host_volume = {
|
||||
"nix-store" = {
|
||||
path = "/nix";
|
||||
read_only = true;
|
||||
};
|
||||
"nix-current-system-bin" = {
|
||||
path = "/run/current-system/sw/bin";
|
||||
read_only = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue