diff --git a/devices/servivi/modules/arion/default.nix b/devices/servivi/modules/arion/default.nix index 61126435..aca5942b 100644 --- a/devices/servivi/modules/arion/default.nix +++ b/devices/servivi/modules/arion/default.nix @@ -1,127 +1,20 @@ -{ - arion, - config, - lib, - pkgs, - self, - ... -} @ inputs: let - inherit (builtins) match; - inherit - (lib) - filter - hasSuffix - filesystem - hasAttr - mapAttrs - filterAttrs - listToAttrs - elemAt - removePrefix - optionalAttrs - mkForce - ; - - inherit (config.vars) mainUser hostName; - +{...}: let configPath = "/var/lib/arion"; in { - imports = [arion.nixosModules.arion]; + imports = [ + ../../../../modules/arion.nix - users.extraUsers.${mainUser}.extraGroups = ["docker"]; - - environment.systemPackages = with pkgs; [ - nix-prefetch-docker - (writeShellScriptBin "updateImages" '' - pull() { - FILE="$1" - IMAGE=$(sed -n 's/.*imageName = "\([^"]*\).*/\1/p' "$FILE") - TAG=$(sed -n 's/.*finalImageTag = "\([^"]*\).*/\1/p' "$FILE") - - echo "$IMAGE $TAG" - - PREFETCH=$(nix-prefetch-docker "$IMAGE" "$TAG") - - echo -e "pkgs:\npkgs.dockerTools.pullImage $PREFETCH" > "$FILE" - } - - DIR="$1" - if [ -z "$DIR" ]; then - DIR="." - fi - - IFS=$'\n' - for i in $(find "$DIR"/images -type f); do - pull "$i" - done - unset IFS - '') + ./forgejo/compose.nix + ./music/jbots/compose.nix ]; + arion = { + enable = true; + rwDataDir = configPath; + }; + services.borgbackup.configs.arion = { paths = [configPath]; exclude = ["**/lineageos*"]; }; - - virtualisation = { - docker = { - enable = true; - storageDriver = "btrfs"; - }; - - arion = { - backend = "docker"; - - projects = let - basePath = "${self}/devices/${hostName}/modules/arion"; - - composeFiles = - filter (n: hasSuffix "compose.nix" (toString n)) - (filesystem.listFilesRecursive basePath); - - projects = filterAttrs (n: v: v.enabled or true) (listToAttrs (map (p: { - name = elemAt (match ".*\/(.*)\/compose\.nix" (toString p)) 0; - - value = import p (inputs - // { - importImage = file: pkgs.callPackage file pkgs; - rwPath = - configPath - + "/" - + removePrefix basePath "${dirOf p}"; - }); - }) - composeFiles)); - in - mapAttrs (n: v: { - # https://docs.hercules-ci.com/arion/options - settings = { - enableDefaultNetwork = v.enableDefaultNetwork or true; - - networks = - optionalAttrs (hasAttr "networks" v) - v.networks; - - services = - mapAttrs (n': v': { - # https://github.com/hercules-ci/arion/issues/169#issuecomment-1301370634 - build.image = - optionalAttrs (hasAttr "hostImage" v') - (mkForce v'.hostImage); - - image = - optionalAttrs (hasAttr "customImage" v') - v'.customImage; - - service = - filterAttrs - (n: v: n != "customImage" && n != "hostImage") - v'; - }) - v.services; - }; - }) - projects; - }; - }; } diff --git a/devices/servivi/modules/arion/forgejo/compose.nix b/devices/servivi/modules/arion/forgejo/compose.nix index 578c3ef5..e003464e 100644 --- a/devices/servivi/modules/arion/forgejo/compose.nix +++ b/devices/servivi/modules/arion/forgejo/compose.nix @@ -1,15 +1,12 @@ -{ - config, - rwPath, - importImage, - ... -}: let - secrets = config.sops.secrets; +{config, ...}: let + inherit (config.sops) secrets; + inherit (config.arion) rwDataDir; + + rwPath = rwDataDir + "/forgejo"; in { - services = { + arion.projects."forgejo" = { "forgejo" = { - container_name = "forgejo"; - hostImage = importImage ./images/forgejo.nix; + image = ./images/forgejo.nix; ports = [ # Redirect WAN port 22 to this port @@ -42,8 +39,7 @@ in { }; "forgejo-db" = { - container_name = "forgejo-db"; - hostImage = importImage ./images/postgres.nix; + image = ./images/postgres.nix; restart = "always"; @@ -52,9 +48,8 @@ in { volumes = ["${rwPath}/db:/var/lib/postgresql/data"]; }; - "runner" = { - container_name = "act_runner"; - hostImage = importImage ./images/act_runner.nix; + "act_runner" = { + image = ./images/act_runner.nix; privileged = true; restart = "always"; diff --git a/devices/servivi/modules/arion/forgejo/images/act_runner.nix b/devices/servivi/modules/arion/forgejo/images/act_runner.nix index fd40dbe1..159a7787 100644 --- a/devices/servivi/modules/arion/forgejo/images/act_runner.nix +++ b/devices/servivi/modules/arion/forgejo/images/act_runner.nix @@ -1,8 +1,8 @@ pkgs: pkgs.dockerTools.pullImage { imageName = "vegardit/gitea-act-runner"; - imageDigest = "sha256:3365bb367c7f45fd00a0bc229effa616bc167fd8215a558ba1123a8f05dfaf9a"; - sha256 = "1q3gr55z08prf0531889sa4i6g07mlpnw7lsjb7vz3yn0jmh3jpz"; + imageDigest = "sha256:10965cf2fcd3cc146f2bd54e0234d55a499f1dedc3a1f2edd7fb5736b4921904"; + sha256 = "0pi09zz7agm33jbd41zi94lqfxmq7q64z2lfjlmdp9aq1q254zxw"; finalImageName = "vegardit/gitea-act-runner"; finalImageTag = "dind-latest"; } diff --git a/devices/servivi/modules/arion/lineageos/compose.nix b/devices/servivi/modules/arion/lineageos/compose.nix index 79f555e8..499e627f 100644 --- a/devices/servivi/modules/arion/lineageos/compose.nix +++ b/devices/servivi/modules/arion/lineageos/compose.nix @@ -1,16 +1,13 @@ -{ - config, - rwPath, - ... -}: let - secrets = config.sops.secrets; +{config, ...}: let + inherit (config.sops) secrets; + inherit (config.arion) rwDataDir; + + rwPath = rwDataDir + "/lineageos"; in { # FIXME: crashes when building + # TODO: make sure it works with latest arion custom module - # This should only be ran when an update is needed - enabled = false; - - services = { + arion.projects."lineageos" = { "builder" = { image = "lineageos4microg/docker-lineage-cicd"; container_name = "lineage_builder"; @@ -54,7 +51,6 @@ in { "caddy" = { image = "quay.io/slothcroissant/caddy-cloudflaredns:latest"; - container_name = "caddy"; ports = [ "80:80" diff --git a/devices/servivi/modules/arion/music/jbots/compose.nix b/devices/servivi/modules/arion/music/jbots/compose.nix index 0199cb60..1d3d63e9 100644 --- a/devices/servivi/modules/arion/music/jbots/compose.nix +++ b/devices/servivi/modules/arion/music/jbots/compose.nix @@ -1,12 +1,12 @@ -{ - rwPath, - importImage, - ... -}: { - services = { +{config, ...}: let + inherit (config.arion) rwDataDir; + + rwPath = rwDataDir + "/music/jbots"; +in { + arion.projects."jbots" = { "musicbot_be" = { container_name = "benis"; - hostImage = importImage ./images/jmusicbot.nix; + image = ./images/jmusicbot.nix; restart = "always"; volumes = [ @@ -17,7 +17,7 @@ "musicbot_br" = { container_name = "bruh"; - hostImage = importImage ./images/jmusicbot.nix; + image = ./images/jmusicbot.nix; restart = "always"; volumes = [ diff --git a/modules/arion.nix b/modules/arion.nix new file mode 100644 index 00000000..80828a9d --- /dev/null +++ b/modules/arion.nix @@ -0,0 +1,123 @@ +{ + arion, + config, + lib, + pkgs, + ... +}: let + inherit + (lib) + filterAttrs + hasAttr + mapAttrs + mkEnableOption + mkForce + mkIf + mkOption + optionalAttrs + types + ; + + inherit (config.vars) mainUser; + + cfg = config.arion; +in { + imports = [arion.nixosModules.arion]; + + options.arion = { + enable = mkEnableOption (lib.mdDoc "My custom arion config layer module"); + + rwDataDir = mkOption { + default = "/var/lib/arion"; + type = types.str; + description = lib.mdDoc '' + Directory to place persistent data in + ''; + }; + + projects = mkOption { + default = {}; + description = lib.mdDoc '' + Declarative specification of docker-compose in nix. + ''; + type = types.attrs; + }; + }; + + config = mkIf cfg.enable { + users.extraUsers.${mainUser}.extraGroups = ["docker"]; + + virtualisation = { + docker = { + enable = true; + storageDriver = "btrfs"; + }; + + arion = { + backend = "docker"; + + projects = + mapAttrs (n: v: { + # https://docs.hercules-ci.com/arion/options + settings = { + enableDefaultNetwork = v.enableDefaultNetwork or true; + + networks = + optionalAttrs (hasAttr "networks" v) + v.networks; + + services = + mapAttrs (n': v': { + # https://github.com/hercules-ci/arion/issues/169#issuecomment-1301370634 + build.image = let + importImage = file: pkgs.callPackage file pkgs; + in + mkForce (importImage v'.image); + + service = + (filterAttrs + (attrName: _: attrName != "image") + v') + # By default set the container_name to the attrset's name + // (optionalAttrs (! hasAttr "container_name" v') { + container_name = n'; + }); + }) + v; + }; + }) + cfg.projects; + }; + }; + + # Script for updating the images of all images of a compose.nix file + environment.systemPackages = with pkgs; [ + (writeShellApplication { + name = "updateImages"; + + runtimeInputs = [ + (writeShellApplication { + name = "pullImage"; + runtimeInputs = [nix-prefetch-docker]; + text = '' + FILE="$1" + IMAGE=$(sed -n 's/.*imageName = "\([^"]*\).*/\1/p' "$FILE") + TAG=$(sed -n 's/.*finalImageTag = "\([^"]*\).*/\1/p' "$FILE") + + echo "$IMAGE $TAG" + + PREFETCH=$(nix-prefetch-docker "$IMAGE" "$TAG") + + echo -e "pkgs:\npkgs.dockerTools.pullImage $PREFETCH" > "$FILE" + ''; + }) + ]; + + text = '' + DIR=''${1:-"."} + find "$DIR"/images -type f -exec pullImage {} \; + ''; + }) + ]; + }; +}