Demo running directly a service from the nix store

2022-11-15 23:13:55 +01:00 · 2022-11-15 23:13:55 +01:00 · 2cd4bf1ee7
commit 2cd4bf1ee7
parent 13fac2b446
3 changed files with 79 additions and 30 deletions
--- a/cluster/staging/app/dummy/deploy/dummy-nginx.hcl
+++ b/cluster/staging/app/dummy/deploy/dummy-nginx.hcl
@ -1,35 +1,66 @@
 job "dummy-nginx" {
-	datacenters = ["neptune"]
-	type = "service"
-	
-	group "nginx" {
-		count = 1
+  datacenters = ["neptune"]
+  type = "service"
+  
+  group "nginx" {
+    count = 1

-		network {
-			port "http" {
-				to = 80
-			}
-		}
+    volume "nix-store" {
+      type      = "host"
+      source    = "nix-store"
+      read_only = true
+    }
+    volume "nix-current-system-bin" {
+      type      = "host"
+      source    = "nix-current-system-bin"
+      read_only = true
+    }

-		task "nginx" {
-			driver = "docker"
-			config {
-				image = "nginx"
-				ports = [ "http" ]
-			}
-		}
+    network {
+      port "http" {
+        to = 8080
+      }
+    }

-		service {
-			port = "http"
-			tags = [
-				"tricot home.adnab.me 100",
-			]
-			check {
-				type = "http"
-				path = "/"
-				interval = "10s"
-				timeout = "2s"
-			}
-		}
-	}
+    task "not-actually-nginx" {
+      driver = "exec"
+      config {
+        command = "env"
+        args = [
+          "/run/current-system/sw/bin/nix-shell",
+          "--run", "python3 -m http.server 8080"
+        ]
+      }
+      env = {
+        NIX_PATH = "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos"
+      }
+
+      volume_mount {
+        volume      = "nix-store"
+        destination = "/nix"
+      }
+      volume_mount {
+        volume      = "nix-current-system-bin"
+        destination = "/run/current-system/sw/bin"
+      }
+
+      template {
+        data = file("shell.nix")
+        destination = "shell.nix"
+      }
+    }
+
+    service {
+      port = "http"
+      tags = [
+        "tricot home.adnab.me 100",
+      ]
+      check {
+        type = "http"
+        path = "/"
+        interval = "10s"
+        timeout = "2s"
+      }
+    }
+  }
 }
--- a/cluster/staging/app/dummy/deploy/shell.nix
+++ b/cluster/staging/app/dummy/deploy/shell.nix
@ -0,0 +1,5 @@
+{ pkgs ? import <nixpkgs> {} }:
+pkgs.mkShell {
+# nativeBuildInputs is usually what you want -- tools you need to run
+  nativeBuildInputs = [ pkgs.python3 ];
+}
--- a/cluster/staging/node/cariacou.nix
+++ b/cluster/staging/node/cariacou.nix
@ -21,4 +21,17 @@

  deuxfleurs.cluster_ip = "10.14.1.1";
  deuxfleurs.is_raft_server = true;
+
+  # experimental: nomad as root, to enable exec driver
+  services.nomad.dropPrivileges = false;
+  services.nomad.settings.client.host_volume = {
+    "nix-store" = {
+      path = "/nix";
+      read_only = true;
+    };
+    "nix-current-system-bin" = {
+      path = "/run/current-system/sw/bin";
+      read_only = true;
+    };
+  };
 }