From 49b0dc2d5bfe9b92e6e02e6f0fa1076c4204f8b8 Mon Sep 17 00:00:00 2001
From: Alex Auvolat <alex@adnab.me>
Date: Wed, 16 Nov 2022 16:28:18 +0100
Subject: [PATCH] poc 2 for nix containers: use nomad-driver-nix

---
 .../staging/app/dummy/deploy/dummy-nginx.hcl  | 39 ++-----------------
 cluster/staging/node/cariacou.nix             | 18 ++++-----
 deploy_nixos                                  |  1 +
 nix/nomad-driver-nix.nix                      | 31 +++++++++++++++
 result                                        |  1 +
 5 files changed, 45 insertions(+), 45 deletions(-)
 create mode 100644 nix/nomad-driver-nix.nix
 create mode 120000 result

diff --git a/cluster/staging/app/dummy/deploy/dummy-nginx.hcl b/cluster/staging/app/dummy/deploy/dummy-nginx.hcl
index 5f3d5f6..8e2dd43 100644
--- a/cluster/staging/app/dummy/deploy/dummy-nginx.hcl
+++ b/cluster/staging/app/dummy/deploy/dummy-nginx.hcl
@@ -5,17 +5,6 @@ job "dummy-nginx" {
   group "nginx" {
     count = 1
 
-    volume "nix-store" {
-      type      = "host"
-      source    = "nix-store"
-      read_only = true
-    }
-    volume "nix-current-system-bin" {
-      type      = "host"
-      source    = "nix-current-system-bin"
-      read_only = true
-    }
-
     network {
       port "http" {
         to = 8080
@@ -23,32 +12,12 @@ job "dummy-nginx" {
     }
 
     task "not-actually-nginx" {
-      driver = "exec"
+      driver = "nix"
       config {
-        command = "env"
-        args = [
-          "/run/current-system/sw/bin/nix-shell",
-          "--run", "python3 -m http.server 8080"
+        packages = [
+          "github:nixos/nixpkgs/nixos-21.05#python3",
         ]
-      }
-      env = {
-        NIX_PATH = "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos"
-      }
-
-      volume_mount {
-        volume      = "nix-store"
-        read_only = true
-        destination = "/nix"
-      }
-      volume_mount {
-        volume      = "nix-current-system-bin"
-        read_only = true
-        destination = "/run/current-system/sw/bin"
-      }
-
-      template {
-        data = file("shell.nix")
-        destination = "shell.nix"
+        command = [ "/bin/python3", "-m", "http.server", "8080" ]
       }
     }
 
diff --git a/cluster/staging/node/cariacou.nix b/cluster/staging/node/cariacou.nix
index 5662422..04e581d 100644
--- a/cluster/staging/node/cariacou.nix
+++ b/cluster/staging/node/cariacou.nix
@@ -24,14 +24,12 @@
 
   # experimental: nomad as root, to enable exec driver
   services.nomad.dropPrivileges = false;
-  services.nomad.settings.client.host_volume = {
-    "nix-store" = {
-      path = "/nix";
-      read_only = true;
-    };
-    "nix-current-system-bin" = {
-      path = "/run/current-system/sw/bin";
-      read_only = true;
-    };
-  };
+  services.nomad.extraPackages = [
+    pkgs.nix
+  ];
+  services.nomad.extraSettingsPlugins =
+    let nomad_driver_nix = import ./nomad-driver-nix.nix { inherit pkgs; };
+    in [ nomad_driver_nix ];
+  # the nix driver requires flakes to be enabled
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
 }
diff --git a/deploy_nixos b/deploy_nixos
index c4ce678..6a9f4a6 100755
--- a/deploy_nixos
+++ b/deploy_nixos
@@ -3,6 +3,7 @@
 copy nix/configuration.nix /etc/nixos/configuration.nix
 copy nix/deuxfleurs.nix /etc/nixos/deuxfleurs.nix
 copy nix/remote-unlock.nix /etc/nixos/remote-unlock.nix
+copy nix/nomad-driver-nix.nix /etc/nixos/nomad-driver-nix.nix
 copy cluster/$CLUSTER/cluster.nix /etc/nixos/cluster.nix
 copy cluster/$CLUSTER/node/$NIXHOST.nix /etc/nixos/node.nix
 copy cluster/$CLUSTER/node/$NIXHOST.site.nix /etc/nixos/site.nix
diff --git a/nix/nomad-driver-nix.nix b/nix/nomad-driver-nix.nix
new file mode 100644
index 0000000..9d3638d
--- /dev/null
+++ b/nix/nomad-driver-nix.nix
@@ -0,0 +1,31 @@
+{
+  pkgs ? import <nixpkgs> {}
+}:
+pkgs.buildGoModule rec {
+  pname = "nomad-driver-nix";
+  version = "0.1.0";
+
+  src = pkgs.fetchFromGitHub {
+    owner = "input-output-hk";
+    repo = "nomad-driver-nix";
+    rev = "010b09c680887d0cade86e8ac136c3a04609e04a";
+    sha256 = "sha256-hET+b7XhDLSuVQwXLI2V5nYCcdvxQQj9BAG8z4ta6CE=";
+  };
+
+  vendorSha256 = "sha256-FDJpbNtcFEHnZvWip2pvUHF3BFyfcSohrr/3nk9YS24=";
+
+  ldflags = [
+    "-X github.com/input-output-hk/nomad-driver-nix/nix.pluginVersion=${version}"
+  ];
+
+  postInstall = ''
+    mv $out/bin/nomad-driver-nix $out/bin/nix-driver
+  '';
+
+  meta = with pkgs.lib; {
+    description = "Nomad driver to run Nix packages / NixOS in systemd-nspawn containers";
+    homepage = "https://github.com/input-output-hk/nomad-driver-nix";
+    license = licenses.mpl20;
+    platforms = platforms.linux;
+  };
+}
diff --git a/result b/result
new file mode 120000
index 0000000..fcf4197
--- /dev/null
+++ b/result
@@ -0,0 +1 @@
+/nix/store/q7a8xkk72pzdw468iv7zni4lar20vwzs-nomad-driver-nix-0.1.0
\ No newline at end of file