From b045fba6f18a79cbcded9a923250e79b3fa9487e Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Thu, 3 Jun 2021 08:13:55 +0200 Subject: [PATCH 1/3] ci.nix: Add nixos-21.05 --- nix/ci.nix | 4 ++++ nix/sources.json | 12 ++++++++++++ 2 files changed, 16 insertions(+) diff --git a/nix/ci.nix b/nix/ci.nix index a857704..b2b13a1 100644 --- a/nix/ci.nix +++ b/nix/ci.nix @@ -12,6 +12,10 @@ dimension "Nixpkgs version" { dockerSupportsSystemd = true; nixosHasPodmanDockerSocket = false; }; + "nixos-21_05" = { + nixpkgsSource = "nixos-21.05"; + enableDoc = true; + }; "nixos-unstable" = { nixpkgsSource = "nixos-unstable"; enableDoc = true; diff --git a/nix/sources.json b/nix/sources.json index b98b509..3a1eb15 100644 --- a/nix/sources.json +++ b/nix/sources.json @@ -23,6 +23,18 @@ "url": "https://github.com/NixOS/nixpkgs/archive/0cfe5377e8993052f9b0dd56d058f8008af45bd9.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, + "nixos-21.05": { + "branch": "nixos-21.05", + "description": "Nix Packages collection", + "homepage": null, + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "297970378b9437541c065f3fef26871397edd2d4", + "sha256": "1q5dnylr4w1xqn3qxx7hn0pn01pcwdmsy70cjs01dn8b50ppc93g", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/297970378b9437541c065f3fef26871397edd2d4.tar.gz", + "url_template": "https://github.com///archive/.tar.gz" + }, "nixos-unstable": { "branch": "master", "description": "A read-only mirror of NixOS/nixpkgs tracking the released channels. Send issues and PRs to", From 40394f48228dce1d25d987aff0da4f463c35c02a Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Thu, 3 Jun 2021 08:14:23 +0200 Subject: [PATCH 2/3] .envrc: Preserve XDG_DATA_DIRS for bash completions --- .envrc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.envrc b/.envrc index 0974ec7..e43d1e7 100644 --- a/.envrc +++ b/.envrc @@ -1,4 +1,6 @@ +HOST_XDG_DATA_DIRS="${XDG_DATA_DIRS:-}" eval "$(lorri direnv)" +export XDG_DATA_DIRS="${XDG_DATA_DIRS}:${HOST_XDG_DATA_DIRS}" # Use system PKI unset SSL_CERT_FILE From 3171cf1c217cdce0a91e04c6180ce1f0c3fb6a41 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Thu, 3 Jun 2021 08:44:37 +0200 Subject: [PATCH 3/3] Update index.adoc --- docs/modules/ROOT/pages/index.adoc | 32 ++++++++++++++++++------------ 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/docs/modules/ROOT/pages/index.adoc b/docs/modules/ROOT/pages/index.adoc index 3ef02e0..3596228 100644 --- a/docs/modules/ROOT/pages/index.adoc +++ b/docs/modules/ROOT/pages/index.adoc @@ -61,11 +61,18 @@ Add this module to your NixOS configuration: { pkgs, ... }: { environment.systemPackages = [ pkgs.arion - pkgs.docker # docker CLI will use podman socket + + # Do install the docker CLI to talk to podman. + # Not needed when virtualisation.docker.enable = true; + pkgs.docker-client ]; + + # Arion works with Docker, but for NixOS-based containers, you need Podman + # since NixOS 21.05. virtualisation.docker.enable = false; virtualisation.podman.enable = true; virtualisation.podman.dockerSocket.enable = true; + virtualisation.podman.defaultNetwork.dnsname.enable = true; # Use your username instead of `myuser` users.extraUsers.myuser.extraGroups = ["podman"]; @@ -125,8 +132,6 @@ Describe containers using NixOS-style modules. There are a few options: }; }; } - - ``` ==== NixOS: run only one systemd service @@ -134,7 +139,6 @@ Describe containers using NixOS-style modules. There are a few options: `examples/nixos-unit/arion-compose.nix`: ```nix - { services.webserver = { config, pkgs, ... }: { @@ -157,7 +161,6 @@ Describe containers using NixOS-style modules. There are a few options: ]; }; } - ``` ==== NixOS: run full OS @@ -220,10 +223,10 @@ development environments while working on https://www.hercules-ci.com[Hercules CI]. (It was also born out of ancient Greek deities disguised as horses. More on that later.) -If you do want to use Arion for production environments, you’ll probably -want to either build normal container images or manage garbage -collection roots if you control the deployment host. Neither scenario is -made easier by arion at this time. +Arion can be used for simple single host deployments, using Docker's TLS +client verification, or https://search.nixos.org/options?channel=unstable&show=virtualisation.podman.networkSocket.enable&query=virtualisation.podman[`virtualisation.podman.networkSocket` options]. +Remote deployments do not support `useHostStore`, although an SSH-based deployment method could support this. +Docker Swarm is not currently supported. Arion has run successfully on Linux distributions other than NixOS, but we only perform CI for Arion on NixOS. @@ -254,6 +257,8 @@ container. Nope, it’s just Nix and Docker Compose under the hood. +It does xref:hercules-ci-effects:ROOT:reference/nix-functions/runArion.adoc[integrate] nicely though. + === What about garbage collection? Arion removes the need for garbage collecting docker images, delegating @@ -266,8 +271,9 @@ generate images that can be used in production. === Why is my container not running latest code? -Restart it with `arion restart ` or if you've changed the image rebuild -them using `arion up -d --always-recreate-deps `. +Rebuild the image using `arion up -d --always-recreate-deps ` or simply `arion up -d`. + +Like `docker-compose restart`, `arion restart` does not update the image before starting. === What is messing with my environment variables? @@ -278,11 +284,11 @@ reference a script from `pkgs.writeScript` or escape the dollar sign as === Why name it ``Arion``? -Arion comes from Greek mythology. Poseidon, the god of ~Docker~ the seas +Arion comes from Greek mythology. Poseidon, the god of Docker -- I mean the seas -- had his eye on Demeter. Demeter tried to trick him by disguising as a horse, but Poseidon saw through the deception and they had Arion. So Arion is a super fast divine horse; the result of some weird mixing. Also it talks. -(And we feel morally obliged to name our stuff after Greek mythology) +(And we felt morally obliged to name our stuff after Greek mythology)