Merge pull request #119 from hercules-ci/nixos-21.05-podman-preparation

Add NixOS 21.05 to ci.nix
2021-06-03 10:08:31 +02:00 · 2021-06-03 10:08:31 +02:00 · 4a38050a05
commit 4a38050a05
parent 865055787a 3171cf1c21
4 changed files with 37 additions and 13 deletions
--- a/.envrc
+++ b/.envrc
@ -1,4 +1,6 @@
+HOST_XDG_DATA_DIRS="${XDG_DATA_DIRS:-}"
 eval "$(lorri direnv)"
+export XDG_DATA_DIRS="${XDG_DATA_DIRS}:${HOST_XDG_DATA_DIRS}"

 # Use system PKI
 unset SSL_CERT_FILE
--- a/docs/modules/ROOT/pages/index.adoc
+++ b/docs/modules/ROOT/pages/index.adoc
@ -61,11 +61,18 @@ Add this module to your NixOS configuration:
 { pkgs, ... }: {
  environment.systemPackages = [
    pkgs.arion
-    pkgs.docker # docker CLI will use podman socket
+
+     # Do install the docker CLI to talk to podman.
+     # Not needed when virtualisation.docker.enable = true;
+    pkgs.docker-client
  ];
+
+  # Arion works with Docker, but for NixOS-based containers, you need Podman
+  # since NixOS 21.05.
  virtualisation.docker.enable = false;
  virtualisation.podman.enable = true;
  virtualisation.podman.dockerSocket.enable = true;
+  virtualisation.podman.defaultNetwork.dnsname.enable = true;

  # Use your username instead of `myuser`
  users.extraUsers.myuser.extraGroups = ["podman"];
@ -125,8 +132,6 @@ Describe containers using NixOS-style modules. There are a few options:
    };
  };
 }
-
-
 ```

 ==== NixOS: run only one systemd service
@ -134,7 +139,6 @@ Describe containers using NixOS-style modules. There are a few options:
 `examples/nixos-unit/arion-compose.nix`:

 ```nix
-
 {
  services.webserver = { config, pkgs, ... }: {

@ -157,7 +161,6 @@ Describe containers using NixOS-style modules. There are a few options:
    ];
  };
 }
-
 ```

 ==== NixOS: run full OS
@ -220,10 +223,10 @@ development environments while working on
 https://www.hercules-ci.com[Hercules CI]. (It was also born out of
 ancient Greek deities disguised as horses. More on that later.)

-If you do want to use Arion for production environments, you’ll probably
-want to either build normal container images or manage garbage
-collection roots if you control the deployment host. Neither scenario is
-made easier by arion at this time.
+Arion can be used for simple single host deployments, using Docker's TLS
+client verification, or https://search.nixos.org/options?channel=unstable&show=virtualisation.podman.networkSocket.enable&query=virtualisation.podman[`virtualisation.podman.networkSocket` options].
+Remote deployments do not support `useHostStore`, although an SSH-based deployment method could support this.
+Docker Swarm is not currently supported.

 Arion has run successfully on Linux distributions other than NixOS, but we only perform CI for Arion on NixOS.

@ -254,6 +257,8 @@ container.

 Nope, it’s just Nix and Docker Compose under the hood.

+It does xref:hercules-ci-effects:ROOT:reference/nix-functions/runArion.adoc[integrate] nicely though.
+
 === What about garbage collection?

 Arion removes the need for garbage collecting docker images, delegating
@ -266,8 +271,9 @@ generate images that can be used in production.

 === Why is my container not running latest code?

-Restart it with `arion restart <name>` or if you've changed the image rebuild
-them using `arion up -d --always-recreate-deps <name>`.
+Rebuild the image using `arion up -d --always-recreate-deps <name>` or simply `arion up -d`.
+
+Like `docker-compose restart`, `arion restart` does not update the image before starting.

 === What is messing with my environment variables?

@ -278,11 +284,11 @@ reference a script from `pkgs.writeScript` or escape the dollar sign as

 === Why name it ``Arion``?

-Arion comes from Greek mythology. Poseidon, the god of ~Docker~ the seas
+Arion comes from Greek mythology. Poseidon, the god of Docker -- I mean the seas --
 had his eye on Demeter. Demeter tried to trick him by disguising as a
 horse, but Poseidon saw through the deception and they had Arion.

 So Arion is a super fast divine horse; the result of some weird mixing.
 Also it talks.

-(And we feel morally obliged to name our stuff after Greek mythology)
+(And we felt morally obliged to name our stuff after Greek mythology)
--- a/nix/ci.nix
+++ b/nix/ci.nix
@ -12,6 +12,10 @@ dimension "Nixpkgs version" {
      dockerSupportsSystemd = true;
      nixosHasPodmanDockerSocket = false;
    };
+    "nixos-21_05" = {
+      nixpkgsSource = "nixos-21.05";
+      enableDoc = true;
+    };
    "nixos-unstable" = {
      nixpkgsSource = "nixos-unstable";
      enableDoc = true;
--- a/nix/sources.json
+++ b/nix/sources.json
@ -23,6 +23,18 @@
        "url": "https://github.com/NixOS/nixpkgs/archive/0cfe5377e8993052f9b0dd56d058f8008af45bd9.tar.gz",
        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
    },
+    "nixos-21.05": {
+        "branch": "nixos-21.05",
+        "description": "Nix Packages collection",
+        "homepage": null,
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "297970378b9437541c065f3fef26871397edd2d4",
+        "sha256": "1q5dnylr4w1xqn3qxx7hn0pn01pcwdmsy70cjs01dn8b50ppc93g",
+        "type": "tarball",
+        "url": "https://github.com/NixOS/nixpkgs/archive/297970378b9437541c065f3fef26871397edd2d4.tar.gz",
+        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
+    },
    "nixos-unstable": {
        "branch": "master",
        "description": "A read-only mirror of NixOS/nixpkgs tracking the released channels. Send issues and PRs to",