mirror of
https://git.sr.ht/~magic_rb/cluster
synced 2024-11-25 09:36:14 +01:00
Nginx Nomad job, with Nix
This commit is contained in:
parent
7b3ab825e3
commit
17bc131266
57
.gitignore
vendored
57
.gitignore
vendored
|
@ -1 +1,58 @@
|
|||
bin/
|
||||
|
||||
# Created by https://www.toptal.com/developers/gitignore/api/emacs
|
||||
# Edit at https://www.toptal.com/developers/gitignore?templates=emacs
|
||||
|
||||
### Emacs ###
|
||||
# -*- mode: gitignore; -*-
|
||||
*~
|
||||
\#*\#
|
||||
/.emacs.desktop
|
||||
/.emacs.desktop.lock
|
||||
*.elc
|
||||
auto-save-list
|
||||
tramp
|
||||
.\#*
|
||||
|
||||
# Org-mode
|
||||
.org-id-locations
|
||||
*_archive
|
||||
ltximg/**
|
||||
|
||||
# flymake-mode
|
||||
*_flymake.*
|
||||
|
||||
# eshell files
|
||||
/eshell/history
|
||||
/eshell/lastdir
|
||||
|
||||
# elpa packages
|
||||
/elpa/
|
||||
|
||||
# reftex files
|
||||
*.rel
|
||||
|
||||
# AUCTeX auto folder
|
||||
/auto/
|
||||
|
||||
# cask packages
|
||||
.cask/
|
||||
dist/
|
||||
|
||||
# Flycheck
|
||||
flycheck_*.el
|
||||
|
||||
# server auth directory
|
||||
/server/
|
||||
|
||||
# projectiles files
|
||||
.projectile
|
||||
|
||||
# directory configuration
|
||||
.dir-locals.el
|
||||
|
||||
# network security
|
||||
/network-security.data
|
||||
|
||||
|
||||
# End of https://www.toptal.com/developers/gitignore/api/emacs
|
||||
|
|
|
@ -52,5 +52,9 @@
|
|||
}).config.services.mysql.dataDir;
|
||||
in {
|
||||
inherit flakes dockerImages containerTest;
|
||||
|
||||
nginx-test = import ./infrastructure/nginx-test {
|
||||
inherit rlib inputs pkgs;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
10
infrastructure/nginx-test/default.nix
Normal file
10
infrastructure/nginx-test/default.nix
Normal file
|
@ -0,0 +1,10 @@
|
|||
{ pkgs, rlib, inputs }:
|
||||
let
|
||||
lockedNixpkgs =
|
||||
(builtins.fromJSON (builtins.readFile ../../flake.lock))
|
||||
.nodes.nixpkgs.locked;
|
||||
in
|
||||
rlib.substitute pkgs.runCommandNoCC "nginx-test.hcl" ./job.hcl {
|
||||
"nixpkgs.rev" = lockedNixpkgs.rev;
|
||||
"nixpkgs.sha" = lockedNixpkgs.narHash;
|
||||
}
|
166
infrastructure/nginx-test/job.hcl
Normal file
166
infrastructure/nginx-test/job.hcl
Normal file
|
@ -0,0 +1,166 @@
|
|||
job "nginx-test" {
|
||||
datacenters = [ "homelab-1" ]
|
||||
type = "service"
|
||||
|
||||
group "nginx-test" {
|
||||
count = 1
|
||||
|
||||
network {
|
||||
port "http" {
|
||||
static = "8087"
|
||||
to = "80"
|
||||
}
|
||||
}
|
||||
|
||||
task "nix-prestart" {
|
||||
lifecycle {
|
||||
hook = "prestart"
|
||||
sidecar = false
|
||||
}
|
||||
|
||||
driver = "raw_exec"
|
||||
|
||||
template {
|
||||
data = <<EOF
|
||||
#!/usr/bin/env bash
|
||||
|
||||
_profile_dir=/nix/var/nix/profiles/nomad/${NOMAD_GROUP_NAME}-${NOMAD_ALLOC_INDEX}
|
||||
_gcroots_dir=/nix/var/nix/gcroots/nomad/${NOMAD_GROUP_NAME}-${NOMAD_ALLOC_INDEX}
|
||||
|
||||
if [[ ! -d ${_profile_dir} ]]
|
||||
then
|
||||
mkdir -p "${_profile_dir}"
|
||||
else
|
||||
echo "${_profile_dir} exists when it shouldn't! Exiting..." ; exit 1
|
||||
fi
|
||||
|
||||
if [[ ! -d ${_gcroots} ]]
|
||||
then
|
||||
mkdir -p "${_gcroots_dir}"
|
||||
else
|
||||
echo "${_gcroots_dir} exists when it shouldn't! Exiting..." ; exit 1
|
||||
fi
|
||||
|
||||
/nix/var/nix/profiles/default/bin/nix-build "${NOMAD_TASK_DIR}/default.nix" -o "${_profile_dir}/system"
|
||||
|
||||
EOF
|
||||
destination = "/local/prepare.sh"
|
||||
}
|
||||
|
||||
template {
|
||||
data = <<EOF
|
||||
let
|
||||
nixpkgs = builtins.fetchTarball {
|
||||
url = "https://github.com/NixOS/nixpkgs/tarball/@nixpkgs.rev@";
|
||||
sha256 = "@nixpkgs.sha@";
|
||||
};
|
||||
pkgs = import nixpkgs {};
|
||||
nixosSystem = import /nix/store/v61f12269zsqsliilpl0jqwg8xsvbvai-nixpkgs-21.03pre268117.64c12484642/nixpkgs/nixos;
|
||||
nspawn-init = pkgs.writeShellScriptBin "nspawn-init" ''
|
||||
${pkgs.bash}/bin/bash /nix/var/nix/profiles/system/activate
|
||||
exec /nix/var/nix/profiles/system/sw/bin/init
|
||||
'';
|
||||
in
|
||||
(nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
|
||||
configuration = _: {
|
||||
boot.isContainer = true;
|
||||
time.timeZone = "Europe/Bratislava";
|
||||
|
||||
environment.systemPackages = [
|
||||
nspawn-init
|
||||
];
|
||||
|
||||
systemd.extraConfig = ''
|
||||
DefaultStandardOutput=tty
|
||||
'';
|
||||
|
||||
networking.firewall.enable = false;
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
};
|
||||
};
|
||||
}).config.system.build.toplevel
|
||||
EOF
|
||||
destination = "/local/default.nix"
|
||||
}
|
||||
|
||||
config {
|
||||
command = "bash"
|
||||
args = [ "${NOMAD_TASK_DIR}/prepare.sh" ]
|
||||
}
|
||||
}
|
||||
|
||||
task "app" {
|
||||
driver = "nspawn"
|
||||
|
||||
config {
|
||||
image = "/nomad-nspawn-empty-dir"
|
||||
resolv_conf = "off"
|
||||
|
||||
ephemeral = true
|
||||
|
||||
bind_read_only = {
|
||||
"/nix/store" = "/nix/store"
|
||||
"/nix/var/nix/db" = "/nix/var/nix/db"
|
||||
"/nix/var/nix/daemon-socket" = "/nix/var/nix/daemon-socket"
|
||||
}
|
||||
|
||||
bind = {
|
||||
"/run/systemd/notify" = "/var/lib/provate/host-notify"
|
||||
"/nix/var/nix/profiles/nomad/${NOMAD_GROUP_NAME}-${NOMAD_ALLOC_INDEX}":"/nix/var/nix/profiles"
|
||||
"/nix/var/nix/gcroots/nomad/${NOMAD_GROUP_NAME}-${NOMAD_ALLOC_INDEX}":"/nix/var/nix/gcroots"
|
||||
}
|
||||
|
||||
user_namespacing = false
|
||||
boot = false
|
||||
|
||||
command = [
|
||||
"/nix/var/nix/profiles/system/sw/bin/bash",
|
||||
"/nix/var/nix/profiles/system/sw/bin/nspawn-init"
|
||||
]
|
||||
|
||||
ports = ["http"]
|
||||
}
|
||||
}
|
||||
|
||||
task "nix-poststop" {
|
||||
lifecycle {
|
||||
hook = "poststop"
|
||||
sidecar = false
|
||||
}
|
||||
|
||||
driver = "raw_exec"
|
||||
|
||||
template {
|
||||
data = <<EOF
|
||||
#!/usr/bin/env bash
|
||||
|
||||
_profile_dir=/nix/var/nix/profiles/nomad/${NOMAD_GROUP_NAME}-${NOMAD_ALLOC_INDEX}
|
||||
_gcroots_dir=/nix/var/nix/gcroots/nomad/${NOMAD_GROUP_NAME}-${NOMAD_ALLOC_INDEX}
|
||||
|
||||
if [[ -d ${_profile_dir} ]]
|
||||
then
|
||||
rm -r ${_profile_dir}
|
||||
else
|
||||
echo "${_profile_dir} does not exist! Exiting..." ; exit 1
|
||||
fi
|
||||
|
||||
if [[ -d ${_gcroots_dir} ]]
|
||||
then
|
||||
rm -r ${_gcroots_dir}
|
||||
else
|
||||
echo "${_gcroots_dir} does not exist! Exiting..." ; exit 1
|
||||
fi
|
||||
EOF
|
||||
destination = "/local/cleanup.sh"
|
||||
}
|
||||
|
||||
config {
|
||||
command = "bash"
|
||||
args = [ "${NOMAD_TASK_DIR}/cleanup.sh" ]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
11
lib.nix
11
lib.nix
|
@ -1,5 +1,16 @@
|
|||
{ nixpkgs, pkgs, system, inputs }:
|
||||
with pkgs.lib; {
|
||||
substitute = runCommand: name: inFile: vars:
|
||||
runCommand name {}
|
||||
(let
|
||||
varsStr = pkgs.lib.mapAttrsToList
|
||||
(name: value: ''--subst-var-by "${name}" "${value}"'')
|
||||
vars;
|
||||
in
|
||||
''
|
||||
substitute ${inFile} $out \
|
||||
${builtins.concatStringsSep " " varsStr}
|
||||
'');
|
||||
flakes = path: modules: genAttrs modules (module:
|
||||
let
|
||||
self = (import (path + "/${module}/flake.nix")).outputs (inputs // { inherit self; });
|
||||
|
|
Loading…
Reference in a new issue