poc 2 for nix containers: use nomad-driver-nix

This commit is contained in:
Alex 2022-11-16 16:28:18 +01:00
parent eac950c47f
commit 49b0dc2d5b
Signed by untrusted user: lx
GPG key ID: 0E496D15096376BE
5 changed files with 45 additions and 45 deletions

View file

@ -5,17 +5,6 @@ job "dummy-nginx" {
group "nginx" { group "nginx" {
count = 1 count = 1
volume "nix-store" {
type = "host"
source = "nix-store"
read_only = true
}
volume "nix-current-system-bin" {
type = "host"
source = "nix-current-system-bin"
read_only = true
}
network { network {
port "http" { port "http" {
to = 8080 to = 8080
@ -23,32 +12,12 @@ job "dummy-nginx" {
} }
task "not-actually-nginx" { task "not-actually-nginx" {
driver = "exec" driver = "nix"
config { config {
command = "env" packages = [
args = [ "github:nixos/nixpkgs/nixos-21.05#python3",
"/run/current-system/sw/bin/nix-shell",
"--run", "python3 -m http.server 8080"
] ]
} command = [ "/bin/python3", "-m", "http.server", "8080" ]
env = {
NIX_PATH = "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos"
}
volume_mount {
volume = "nix-store"
read_only = true
destination = "/nix"
}
volume_mount {
volume = "nix-current-system-bin"
read_only = true
destination = "/run/current-system/sw/bin"
}
template {
data = file("shell.nix")
destination = "shell.nix"
} }
} }

View file

@ -24,14 +24,12 @@
# experimental: nomad as root, to enable exec driver # experimental: nomad as root, to enable exec driver
services.nomad.dropPrivileges = false; services.nomad.dropPrivileges = false;
services.nomad.settings.client.host_volume = { services.nomad.extraPackages = [
"nix-store" = { pkgs.nix
path = "/nix"; ];
read_only = true; services.nomad.extraSettingsPlugins =
}; let nomad_driver_nix = import ./nomad-driver-nix.nix { inherit pkgs; };
"nix-current-system-bin" = { in [ nomad_driver_nix ];
path = "/run/current-system/sw/bin"; # the nix driver requires flakes to be enabled
read_only = true; nix.settings.experimental-features = [ "nix-command" "flakes" ];
};
};
} }

View file

@ -3,6 +3,7 @@
copy nix/configuration.nix /etc/nixos/configuration.nix copy nix/configuration.nix /etc/nixos/configuration.nix
copy nix/deuxfleurs.nix /etc/nixos/deuxfleurs.nix copy nix/deuxfleurs.nix /etc/nixos/deuxfleurs.nix
copy nix/remote-unlock.nix /etc/nixos/remote-unlock.nix copy nix/remote-unlock.nix /etc/nixos/remote-unlock.nix
copy nix/nomad-driver-nix.nix /etc/nixos/nomad-driver-nix.nix
copy cluster/$CLUSTER/cluster.nix /etc/nixos/cluster.nix copy cluster/$CLUSTER/cluster.nix /etc/nixos/cluster.nix
copy cluster/$CLUSTER/node/$NIXHOST.nix /etc/nixos/node.nix copy cluster/$CLUSTER/node/$NIXHOST.nix /etc/nixos/node.nix
copy cluster/$CLUSTER/node/$NIXHOST.site.nix /etc/nixos/site.nix copy cluster/$CLUSTER/node/$NIXHOST.site.nix /etc/nixos/site.nix

31
nix/nomad-driver-nix.nix Normal file
View file

@ -0,0 +1,31 @@
{
pkgs ? import <nixpkgs> {}
}:
pkgs.buildGoModule rec {
pname = "nomad-driver-nix";
version = "0.1.0";
src = pkgs.fetchFromGitHub {
owner = "input-output-hk";
repo = "nomad-driver-nix";
rev = "010b09c680887d0cade86e8ac136c3a04609e04a";
sha256 = "sha256-hET+b7XhDLSuVQwXLI2V5nYCcdvxQQj9BAG8z4ta6CE=";
};
vendorSha256 = "sha256-FDJpbNtcFEHnZvWip2pvUHF3BFyfcSohrr/3nk9YS24=";
ldflags = [
"-X github.com/input-output-hk/nomad-driver-nix/nix.pluginVersion=${version}"
];
postInstall = ''
mv $out/bin/nomad-driver-nix $out/bin/nix-driver
'';
meta = with pkgs.lib; {
description = "Nomad driver to run Nix packages / NixOS in systemd-nspawn containers";
homepage = "https://github.com/input-output-hk/nomad-driver-nix";
license = licenses.mpl20;
platforms = platforms.linux;
};
}

1
result Symbolic link
View file

@ -0,0 +1 @@
/nix/store/q7a8xkk72pzdw468iv7zni4lar20vwzs-nomad-driver-nix-0.1.0