From 3964ac2f1e5fdda67ef16f6ab52b59f913652f04 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Domen=20Ko=C5=BEar?= Date: Thu, 2 May 2019 06:29:14 +0000 Subject: [PATCH 1/9] nixos: set correct $PATH Not tested. --- src/nix/modules/service/nixos-init.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/src/nix/modules/service/nixos-init.nix b/src/nix/modules/service/nixos-init.nix index 7521a09..5e97451 100644 --- a/src/nix/modules/service/nixos-init.nix +++ b/src/nix/modules/service/nixos-init.nix @@ -26,6 +26,7 @@ in ]; image.command = [ "${config.nixos.build.toplevel}/init" ]; service.environment.container = "docker"; + service.environment.PATH = "/usr/bin:/run/current-system/sw/bin/"; service.volumes = [ "/sys/fs/cgroup:/sys/fs/cgroup:ro" ]; From c5fb4177b85844c34148c4a881ed82e9beedd64e Mon Sep 17 00:00:00 2001 From: Moises Nessim Date: Thu, 11 Jul 2019 15:42:36 -0500 Subject: [PATCH 2/9] Add hostStoreAsReadOnly option to service host-store. Make /nix/store and /run/system read-only when hostStoreAsReadOnly == true. --- src/nix/modules/service/host-store.nix | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/nix/modules/service/host-store.nix b/src/nix/modules/service/host-store.nix index 9ec06fc..e8fa9ee 100644 --- a/src/nix/modules/service/host-store.nix +++ b/src/nix/modules/service/host-store.nix @@ -17,6 +17,11 @@ in default = false; description = "Bind mounts the host store if enabled, avoiding copying."; }; + service.hostStoreAsReadOnly = mkOption { + type = types.bool; + default = false; + description = "Adds a ':ro' (read-only) access mode to the host nix store bind mount."; + }; service.useHostNixDaemon = mkOption { type = types.bool; default = false; @@ -29,8 +34,8 @@ in service.build.context = "${../../../arion-image}"; service.environment.NIX_REMOTE = lib.optionalString config.service.useHostNixDaemon "daemon"; service.volumes = [ - "${config.host.nixStorePrefix}/nix/store:/nix/store" - "${config.host.nixStorePrefix}${pkgs.buildEnv { name = "container-system-env"; paths = [ pkgs.bashInteractive pkgs.coreutils ]; }}:/run/system" + "${config.host.nixStorePrefix}/nix/store:/nix/store${lib.optionalString config.service.hostStoreAsReadOnly ":ro"}" + "${config.host.nixStorePrefix}${pkgs.buildEnv { name = "container-system-env"; paths = [ pkgs.bashInteractive pkgs.coreutils ]; }}:/run/system${lib.optionalString config.service.hostStoreAsReadOnly ":ro"}" ] ++ lib.optional config.service.useHostNixDaemon "/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket"; service.command = lib.mkDefault (map escape (config.image.rawConfig.Cmd or [])); }; From 662042a2bf857b68efeb29eb11ee38eb6c974823 Mon Sep 17 00:00:00 2001 From: moinessim <47434700+moinessim@users.noreply.github.com> Date: Tue, 23 Jul 2019 10:09:15 -0500 Subject: [PATCH 3/9] Make hostStoreAsReadOnly true by default. Co-Authored-By: Robert Hensing --- src/nix/modules/service/host-store.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/nix/modules/service/host-store.nix b/src/nix/modules/service/host-store.nix index e8fa9ee..63a77c1 100644 --- a/src/nix/modules/service/host-store.nix +++ b/src/nix/modules/service/host-store.nix @@ -19,7 +19,7 @@ in }; service.hostStoreAsReadOnly = mkOption { type = types.bool; - default = false; + default = true; description = "Adds a ':ro' (read-only) access mode to the host nix store bind mount."; }; service.useHostNixDaemon = mkOption { From dfe1b63c4b9edba32c0f77b7350add5e25bfffaf Mon Sep 17 00:00:00 2001 From: paumr <53442728+paumr@users.noreply.github.com> Date: Mon, 29 Jul 2019 18:24:32 +0200 Subject: [PATCH 4/9] Fixed faulty documentation Fixed installation instructions for NixOS. The previous version failed due to trying to add the set `{ arion; doc; tests; }` to the list `environment.systemPackages`. --- README.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.asciidoc b/README.asciidoc index 725f3c3..459b0b8 100644 --- a/README.asciidoc +++ b/README.asciidoc @@ -51,7 +51,7 @@ Add this module to your NixOS configuration: ```nix { ... }: { - environment.systemPackages = [ (import (builtins.fetchTarball https://github.com/hercules-ci/arion/tarball/master) {}) ]; + environment.systemPackages = [ (import (builtins.fetchTarball https://github.com/hercules-ci/arion/tarball/master) {}).arion ]; virtualisation.docker.enable = true; users.extraUsers.myuser.extraGroups = ["docker"]; } From c46404cb8692324d9b968503134a3c3118c6717b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Domen=20Ko=C5=BEar?= Date: Mon, 9 Sep 2019 19:12:54 +0200 Subject: [PATCH 5/9] LICENSE: fill in --- LICENSE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSE b/LICENSE index d645695..e8d43bf 100644 --- a/LICENSE +++ b/LICENSE @@ -187,7 +187,7 @@ same "printed page" as the copyright notice for easier identification within third-party archives. - Copyright [yyyy] [name of copyright owner] + Copyright 2019 Hercules Labs OÜ Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. From 2d079e4f416aee2457536a997b89781a40736b44 Mon Sep 17 00:00:00 2001 From: Serhii Khoma Date: Mon, 16 Sep 2019 20:35:39 +0300 Subject: [PATCH 6/9] feat: docker-compose fields -> container_name -> add --- src/nix/modules/service/docker-compose-service.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/nix/modules/service/docker-compose-service.nix b/src/nix/modules/service/docker-compose-service.nix index 54dae9f..5bde3ad 100644 --- a/src/nix/modules/service/docker-compose-service.nix +++ b/src/nix/modules/service/docker-compose-service.nix @@ -90,6 +90,11 @@ in default = null; description = dockerComposeRef "command"; }; + service.container_name = mkOption { + type = nullOr types.str; + default = null; + description = dockerComposeRef "container_name"; + }; service.depends_on = mkOption { type = listOf str; default = []; @@ -214,6 +219,8 @@ in inherit cap_drop; } // lib.optionalAttrs (config.service.command != null) { inherit (config.service) command; + } // lib.optionalAttrs (config.service.container_name != null) { + inherit (config.service) container_name; } // lib.optionalAttrs (config.service.depends_on != []) { inherit (config.service) depends_on; } // lib.optionalAttrs (config.service.devices != []) { From 0f85d7b03ca429a9e0ce560eafa85458f4b5af83 Mon Sep 17 00:00:00 2001 From: Serhii Khoma Date: Wed, 18 Sep 2019 19:34:26 +0300 Subject: [PATCH 7/9] feat: docker-compose fields -> networks -> add --- src/nix/modules/service/docker-compose-service.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/nix/modules/service/docker-compose-service.nix b/src/nix/modules/service/docker-compose-service.nix index 5bde3ad..80a795d 100644 --- a/src/nix/modules/service/docker-compose-service.nix +++ b/src/nix/modules/service/docker-compose-service.nix @@ -174,6 +174,11 @@ in default = null; description = dockerComposeRef "network_mode"; }; + service.networks = mkOption { + type = nullOr (listOf types.str); + default = null; + description = dockerComposeRef "networks"; + }; service.stop_signal = mkOption { type = nullOr str; default = null; @@ -245,6 +250,8 @@ in inherit (config.service) privileged; } // lib.optionalAttrs (config.service.network_mode != null) { inherit (config.service) network_mode; + } // lib.optionalAttrs (config.service.networks != null) { + inherit (config.service) networks; } // lib.optionalAttrs (config.service.restart != null) { inherit (config.service) restart; } // lib.optionalAttrs (config.service.stop_signal != null) { From 89e5f4a90fe0eeec13cff3d74857e713fad60e22 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Wed, 18 Sep 2019 19:32:24 +0200 Subject: [PATCH 8/9] Add bors --- bors.toml | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 bors.toml diff --git a/bors.toml b/bors.toml new file mode 100644 index 0000000..8d42320 --- /dev/null +++ b/bors.toml @@ -0,0 +1,5 @@ +status = [ + "ci/hercules/derivations", + "ci/hercules/evaluation", +] +delete_merged_branches = true From 0f0f976eab6ad21cf45c0b1a943b3f2172bbb9f6 Mon Sep 17 00:00:00 2001 From: Moises Nessim Date: Thu, 19 Sep 2019 12:00:50 -0500 Subject: [PATCH 9/9] Change deprecated types.string to types.str --- src/nix/modules/composition/docker-compose.nix | 2 +- src/nix/modules/composition/host-environment.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/nix/modules/composition/docker-compose.nix b/src/nix/modules/composition/docker-compose.nix index 95855ff..24b33c5 100644 --- a/src/nix/modules/composition/docker-compose.nix +++ b/src/nix/modules/composition/docker-compose.nix @@ -21,7 +21,7 @@ in description = "A derivation that produces a docker-compose.yaml file for this composition."; }; build.dockerComposeYamlText = lib.mkOption { - type = lib.types.string; + type = lib.types.str; description = "The text of build.dockerComposeYaml."; }; docker-compose.raw = lib.mkOption { diff --git a/src/nix/modules/composition/host-environment.nix b/src/nix/modules/composition/host-environment.nix index 3e36531..5989695 100644 --- a/src/nix/modules/composition/host-environment.nix +++ b/src/nix/modules/composition/host-environment.nix @@ -15,7 +15,7 @@ }; host.nixStorePrefix = lib.mkOption { - type = lib.types.string; + type = lib.types.str; default = ""; example = "/mnt/foo"; description = ''