Commit 49151b1a096f
Changed files (3)
systems
hosts
modules
systems/hosts/aomi.nix
@@ -82,6 +82,30 @@ in
hardware = {
laptop.enable = true;
};
+ dev = {
+ enable = true;
+ containers = {
+ enable = true;
+ docker.enable = true;
+ podman.enable = true;
+ image-mirroring = {
+ enable = true;
+ targets = [ "quay.io/vdemeest" "ghcr.io/vdemeester" ];
+ settings = {
+ "docker.io" = {
+ "images" = {
+ # sync latest and edge tags
+ "alpine" = [ "latest" "edge" ];
+ };
+ "images-by-tag-regex" = {
+ # sync all "3.x" images"
+ "alpine" = "^[3-0]\.[0-9]+$";
+ };
+ };
+ };
+ };
+ };
+ };
services = {
avahi.enable = true;
ssh.enable = true;
@@ -92,10 +116,10 @@ in
profiles = {
externalbuilder.enable = true;
home = true;
- dev.enable = true;
+ # dev.enable = true;
virtualization = { enable = true; nested = true; };
redhat.enable = true;
- docker.enable = true;
+ # docker.enable = true;
};
@@ -140,21 +164,21 @@ in
};
};
- virtualisation.podman.enable = true;
- virtualisation.containers = {
- enable = true;
- registries = {
- search = [ "registry.fedoraproject.org" "registry.access.redhat.com" "registry.centos.org" "docker.io" "quay.io" ];
- };
- policy = {
- default = [{ type = "insecureAcceptAnything"; }];
- transports = {
- docker-daemon = {
- "" = [{ type = "insecureAcceptAnything"; }];
- };
- };
- };
- };
+ # virtualisation.podman.enable = true;
+ # virtualisation.containers = {
+ # enable = true;
+ # registries = {
+ # search = [ "registry.fedoraproject.org" "registry.access.redhat.com" "registry.centos.org" "docker.io" "quay.io" ];
+ # };
+ # policy = {
+ # default = [{ type = "insecureAcceptAnything"; }];
+ # transports = {
+ # docker-daemon = {
+ # "" = [{ type = "insecureAcceptAnything"; }];
+ # };
+ # };
+ # };
+ # };
# Move this to a "builder" role
users.extraUsers.builder = {
systems/modules/dev/containers-image-mirroring.nix
@@ -0,0 +1,80 @@
+{ config, lib, pkgs, ... }:
+
+let
+ inherit (lib) mkEnableOption mkOption mkIf types;
+ cfg = config.modules.dev.containers.image-mirroring;
+ settingsFormat = pkgs.formats.yaml { };
+ settingsFile = settingsFormat.generate "sync.yaml" cfg.settings;
+in
+{
+ ##### interface
+ options = {
+ modules.dev.containers.image-mirroring = {
+ enable = mkEnableOption "Enable container image mirroring service";
+ targets = mkOption {
+ type = types.listOf types.str;
+ example = [ "quay.io/vdemeest" "ghcr.io/vdemeester" ];
+ description = lib.mdDoc ''
+ A list of targets to sync images to. It will use the same
+ sync configuration to push on all.
+ '';
+ };
+ settings = mkOption {
+ type = settingsFormat.type;
+ default = { };
+ example = {
+ "docker.io" = {
+ "vdemeester/foo" = [ "latest" "bar" ];
+ };
+ "quay.io" = {
+ "buildah/stable" = [ "latest" ];
+ };
+ };
+ description = lib.mdDoc ''
+ Configuration of the image to sync, using skopeo-sync.
+ See skopeo-sync(1) for the content.
+ '';
+ };
+ };
+ };
+ ##### implementation
+ config = mkIf cfg.enable {
+ systemd.services.container-image-mirroring = {
+ description = "Synchronize docker images to a set of targets";
+ requires = [ "network-online.target" ];
+
+ restartIfChanged = false;
+ unitConfig.X-StopOnRemoval = false;
+
+ serviceConfig = {
+ Type = "oneshot";
+ User = "vincent";
+ OnFailure = "status-email-root@%.service";
+ };
+
+ path = with pkgs; [ skopeo ];
+ # ./scripts/docker.mirroring.script.sh;
+ script = ''
+ BUILDTMPDIR=$(mktemp -d)
+ trap 'rm -rf -- "$BUILDTMPDIR"' EXIT
+
+
+ # Pull to dir first
+ skopeo sync --src yaml --dest dir \
+ ${settingsFile} \
+ $BUILDTMPDIR
+
+ # Push to targets
+ for target in ${lib.strings.concatStringsSep " " cfg.targets}; do
+ skopeo sync --src dir --dest docker \
+ $BUILDTMPDIR \
+ $target
+ done
+ '';
+
+ after = [ "network-online.target" ];
+ # Make it configurable ?
+ startAt = "weekly";
+ };
+ };
+}
systems/modules/dev/default.nix
@@ -2,5 +2,6 @@
imports = [
./base.nix
./containers.nix
+ ./containers-image-mirroring.nix
];
}