ghoscht/arion
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge remote-tracking branch 'origin/master' into arion-hs

Browse source
This commit is contained in:
Robert Hensing 2019-09-27 12:28:57 +02:00
commit 9d7eb01c73
8 changed files with 31 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
LICENSE
View file

@ -187,7 +187,7 @@
same "printed page" as the copyright notice for easier same "printed page" as the copyright notice for easier
identification within third-party archives. identification within third-party archives.
Copyright [yyyy] [name of copyright owner] Copyright 2019 Hercules Labs OÜ
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License. you may not use this file except in compliance with the License.

2
README.asciidoc
View file

@ -51,7 +51,7 @@ Add this module to your NixOS configuration:
```nix ```nix
{ ... }: { { ... }: {
environment.systemPackages = [ (import (builtins.fetchTarball https://github.com/hercules-ci/arion/tarball/master) {}) ]; environment.systemPackages = [ (import (builtins.fetchTarball https://github.com/hercules-ci/arion/tarball/master) {}).arion ];
virtualisation.docker.enable = true; virtualisation.docker.enable = true;
users.extraUsers.myuser.extraGroups = ["docker"]; users.extraUsers.myuser.extraGroups = ["docker"];
} }

5
bors.toml Normal file
View file

@ -0,0 +1,5 @@
status = [
"ci/hercules/derivations",
"ci/hercules/evaluation",
]
delete_merged_branches = true

2
src/nix/modules/composition/docker-compose.nix
View file

@ -22,7 +22,7 @@ in
readOnly = true; readOnly = true;
}; };
build.dockerComposeYamlText = lib.mkOption { build.dockerComposeYamlText = lib.mkOption {
type = lib.types.string; type = lib.types.str;
description = "The text of build.dockerComposeYaml."; description = "The text of build.dockerComposeYaml.";
readOnly = true; readOnly = true;
}; };

2
src/nix/modules/composition/host-environment.nix
View file

@ -15,7 +15,7 @@
}; };
host.nixStorePrefix = lib.mkOption { host.nixStorePrefix = lib.mkOption {
type = lib.types.string; type = lib.types.str;
default = ""; default = "";
example = "/mnt/foo"; example = "/mnt/foo";
description = '' description = ''

14
src/nix/modules/service/docker-compose-service.nix
View file

@ -90,6 +90,11 @@ in
default = null; default = null;
description = dockerComposeRef "command"; description = dockerComposeRef "command";
}; };
service.container_name = mkOption {
type = nullOr types.str;
default = null;
description = dockerComposeRef "container_name";
};
service.depends_on = mkOption { service.depends_on = mkOption {
type = listOf str; type = listOf str;
default = []; default = [];
@ -169,6 +174,11 @@ in
default = null; default = null;
description = dockerComposeRef "network_mode"; description = dockerComposeRef "network_mode";
}; };
service.networks = mkOption {
type = nullOr (listOf types.str);
default = null;
description = dockerComposeRef "networks";
};
service.stop_signal = mkOption { service.stop_signal = mkOption {
type = nullOr str; type = nullOr str;
default = null; default = null;
@ -214,6 +224,8 @@ in
inherit cap_drop; inherit cap_drop;
} // lib.optionalAttrs (config.service.command != null) { } // lib.optionalAttrs (config.service.command != null) {
inherit (config.service) command; inherit (config.service) command;
} // lib.optionalAttrs (config.service.container_name != null) {
inherit (config.service) container_name;
} // lib.optionalAttrs (config.service.depends_on != []) { } // lib.optionalAttrs (config.service.depends_on != []) {
inherit (config.service) depends_on; inherit (config.service) depends_on;
} // lib.optionalAttrs (config.service.devices != []) { } // lib.optionalAttrs (config.service.devices != []) {
@ -238,6 +250,8 @@ in
inherit (config.service) privileged; inherit (config.service) privileged;
} // lib.optionalAttrs (config.service.network_mode != null) { } // lib.optionalAttrs (config.service.network_mode != null) {
inherit (config.service) network_mode; inherit (config.service) network_mode;
} // lib.optionalAttrs (config.service.networks != null) {
inherit (config.service) networks;
} // lib.optionalAttrs (config.service.restart != null) { } // lib.optionalAttrs (config.service.restart != null) {
inherit (config.service) restart; inherit (config.service) restart;
} // lib.optionalAttrs (config.service.stop_signal != null) { } // lib.optionalAttrs (config.service.stop_signal != null) {

9
src/nix/modules/service/host-store.nix
View file

@ -17,6 +17,11 @@ in
default = false; default = false;
description = "Bind mounts the host store if enabled, avoiding copying."; description = "Bind mounts the host store if enabled, avoiding copying.";
}; };
service.hostStoreAsReadOnly = mkOption {
type = types.bool;
default = true;
description = "Adds a ':ro' (read-only) access mode to the host nix store bind mount.";
};
service.useHostNixDaemon = mkOption { service.useHostNixDaemon = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
@ -29,8 +34,8 @@ in
service.build.context = "${../../../arion-image}"; service.build.context = "${../../../arion-image}";
service.environment.NIX_REMOTE = lib.optionalString config.service.useHostNixDaemon "daemon"; service.environment.NIX_REMOTE = lib.optionalString config.service.useHostNixDaemon "daemon";
service.volumes = [ service.volumes = [
"${config.host.nixStorePrefix}/nix/store:/nix/store" "${config.host.nixStorePrefix}/nix/store:/nix/store${lib.optionalString config.service.hostStoreAsReadOnly ":ro"}"
"${config.host.nixStorePrefix}${pkgs.buildEnv { name = "container-system-env"; paths = [ pkgs.bashInteractive pkgs.coreutils ]; }}:/run/system" "${config.host.nixStorePrefix}${pkgs.buildEnv { name = "container-system-env"; paths = [ pkgs.bashInteractive pkgs.coreutils ]; }}:/run/system${lib.optionalString config.service.hostStoreAsReadOnly ":ro"}"
] ++ lib.optional config.service.useHostNixDaemon "/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket"; ] ++ lib.optional config.service.useHostNixDaemon "/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket";
service.command = lib.mkDefault (map escape (config.image.rawConfig.Cmd or [])); service.command = lib.mkDefault (map escape (config.image.rawConfig.Cmd or []));
}; };

1
src/nix/modules/service/nixos-init.nix
View file

@ -26,6 +26,7 @@ in
]; ];
image.command = [ "${config.nixos.build.toplevel}/init" ]; image.command = [ "${config.nixos.build.toplevel}/init" ];
service.environment.container = "docker"; service.environment.container = "docker";
service.environment.PATH = "/usr/bin:/run/current-system/sw/bin/";
service.volumes = [ service.volumes = [
"/sys/fs/cgroup:/sys/fs/cgroup:ro" "/sys/fs/cgroup:/sys/fs/cgroup:ro"
]; ];