Compare commits

..

322 commits

Author SHA1 Message Date
ec4f2a836d
Add profiles 2024-10-01 16:23:38 +02:00
hercules-ci[bot]
90bc855327
Merge pull request #258 from hercules-ci/flake-update
`flake.lock`: Update
2024-08-05 02:44:33 +00:00
Hercules CI Effects
16c4d4d8b8 flake.lock: Update
Flake lock file updates:

• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/9227223f6d922fee3c7b190b2cc238a99527bbb7' (2024-07-03)
  → 'github:hercules-ci/flake-parts/8471fe90ad337a8074e957b69ca4d0089218391d' (2024-08-01)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/9f4128e00b0ae8ec65918efeba59db998750ead6' (2024-07-03)
  → 'github:NixOS/nixpkgs/d04953086551086b44b6f3c6b7eeb26294f207da' (2024-08-02)
2024-08-05 02:38:38 +00:00
hercules-ci[bot]
236f9dd82d
Merge pull request #253 from hercules-ci/flake-update
`flake.lock`: Update
2024-07-05 02:50:08 +00:00
Hercules CI Effects
ab9bdaf08f flake.lock: Update
Flake lock file updates:

• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8' (2024-06-01)
  → 'github:hercules-ci/flake-parts/9227223f6d922fee3c7b190b2cc238a99527bbb7' (2024-07-03)
• Updated input 'hercules-ci-effects':
    'github:hercules-ci/hercules-ci-effects/c0302ec12d569532a6b6bd218f698bc402e93adc' (2024-04-23)
  → 'github:hercules-ci/hercules-ci-effects/11e4b8dc112e2f485d7c97e1cee77f9958f498f5' (2024-06-24)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/57610d2f8f0937f39dbd72251e9614b1561942d8' (2024-05-31)
  → 'github:NixOS/nixpkgs/9f4128e00b0ae8ec65918efeba59db998750ead6' (2024-07-03)
2024-07-05 02:38:52 +00:00
Robert Hensing
555e7ba634
Merge pull request #241 from tomeon/remove-defaultPackage
chore(flake): remove `defaultPackage` output
2024-06-26 13:17:50 +02:00
Robert Hensing
01777136c6
Merge pull request #248 from KiaraGrouwstra/rename-tmpfs-option
rename boot.tmpOnTmpfs -> boot.tmp.useTmpfs
2024-06-24 08:01:23 +02:00
Kiara Grouwstra
8f0549b434 rename boot.tmpOnTmpfs -> boot.tmp.useTmpfs
resolves warning:
trace: Obsolete option `boot.tmpOnTmpfs' is used. It was renamed to
`boot.tmp.useTmpfs'.
c.f.
a5d95ac5fc
2024-06-12 22:14:14 +00:00
hercules-ci[bot]
c24c185e67
Merge pull request #245 from hercules-ci/flake-update
`flake.lock`: Update
2024-06-05 02:52:18 +00:00
Hercules CI Effects
d917218d05 flake.lock: Update
Flake lock file updates:

• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/e5d10a24b66c3ea8f150e47dfdb0416ab7c3390e' (2024-05-02)
  → 'github:hercules-ci/flake-parts/2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8' (2024-06-01)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/63c3a29ca82437c87573e4c6919b09a24ea61b0f' (2024-05-02)
  → 'github:NixOS/nixpkgs/57610d2f8f0937f39dbd72251e9614b1561942d8' (2024-05-31)
2024-06-05 02:38:23 +00:00
hercules-ci[bot]
e9945eb6cd
Merge pull request #242 from hercules-ci/flake-update
`flake.lock`: Update
2024-05-05 02:48:07 +00:00
Hercules CI Effects
0449d31ffb flake.lock: Update
Flake lock file updates:

• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/9126214d0a59633752a136528f5f3b9aa8565b7d' (2024-04-01)
  → 'github:hercules-ci/flake-parts/e5d10a24b66c3ea8f150e47dfdb0416ab7c3390e' (2024-05-02)
• Updated input 'hercules-ci-effects':
    'github:hercules-ci/hercules-ci-effects/64e7763d72c1e4c1e5e6472640615b6ae2d40fbf' (2024-03-15)
  → 'github:hercules-ci/hercules-ci-effects/c0302ec12d569532a6b6bd218f698bc402e93adc' (2024-04-23)
• Updated input 'hercules-ci-effects/flake-parts':
    'github:hercules-ci/flake-parts/f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2' (2024-03-01)
  → 'github:hercules-ci/flake-parts/9126214d0a59633752a136528f5f3b9aa8565b7d' (2024-04-01)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/5c24cf2f0a12ad855f444c30b2421d044120c66f' (2024-04-19)
  → 'github:NixOS/nixpkgs/63c3a29ca82437c87573e4c6919b09a24ea61b0f' (2024-05-02)
2024-05-05 02:38:58 +00:00
Matt Schreiber
7e7aa3dfc6
chore(flake): remove defaultPackage output
Follow-up to #240.
2024-04-28 20:35:20 -04:00
Robert Hensing
efa008e12f
Merge pull request #240 from tomeon/defaultPackage-eval-fix
fix(flake): allow `defaultPackage` to evaluate
2024-04-28 20:30:18 +02:00
Matt Schreiber
df306b74bc
fix(flake): allow defaultPackage to evaluate
by adding the missing (and in this case ignored) key/attribute-name
argument to `lib.mapAttrs`.
2024-04-28 11:55:23 -04:00
hercules-ci[bot]
add0e67d2b
Merge pull request #239 from hercules-ci/flake-update
`flake.lock`: Update
2024-04-21 19:36:12 +00:00
Hercules CI Effects
c8c61a3c67 flake.lock: Update
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/fd281bd6b7d3e32ddfa399853946f782553163b5' (2024-04-03)
  → 'github:NixOS/nixpkgs/5c24cf2f0a12ad855f444c30b2421d044120c66f' (2024-04-19)
2024-04-21 17:53:24 +00:00
hercules-ci[bot]
1886d25075
Merge pull request #236 from hercules-ci/flake-update
`flake.lock`: Update
2024-04-05 02:50:56 +00:00
Hercules CI Effects
c2cc3dae34 flake.lock: Update
Flake lock file updates:

• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2' (2024-03-01)
  → 'github:hercules-ci/flake-parts/9126214d0a59633752a136528f5f3b9aa8565b7d' (2024-04-01)
• Updated input 'hercules-ci-effects':
    'github:hercules-ci/hercules-ci-effects/0ca27bd58e4d5be3135a4bef66b582e57abe8f4a' (2024-02-21)
  → 'github:hercules-ci/hercules-ci-effects/64e7763d72c1e4c1e5e6472640615b6ae2d40fbf' (2024-03-15)
• Updated input 'hercules-ci-effects/flake-parts':
    'github:hercules-ci/flake-parts/34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5' (2023-12-01)
  → 'github:hercules-ci/flake-parts/f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2' (2024-03-01)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/b8697e57f10292a6165a20f03d2f42920dfaf973' (2024-03-03)
  → 'github:NixOS/nixpkgs/fd281bd6b7d3e32ddfa399853946f782553163b5' (2024-04-03)
2024-04-05 02:39:24 +00:00
hercules-ci[bot]
d2d48c9ec3
Merge pull request #233 from hercules-ci/flake-update
`flake.lock`: Update
2024-03-05 02:44:05 +00:00
Hercules CI Effects
c1597ef64b flake.lock: Update
Flake lock file updates:

• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/b253292d9c0a5ead9bc98c4e9a26c6312e27d69f' (2024-02-01)
  → 'github:hercules-ci/flake-parts/f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2' (2024-03-01)
• Updated input 'hercules-ci-effects':
    'github:hercules-ci/hercules-ci-effects/d5cbf433a6ae9cae05400189a8dbc6412a03ba16' (2023-12-31)
  → 'github:hercules-ci/hercules-ci-effects/0ca27bd58e4d5be3135a4bef66b582e57abe8f4a' (2024-02-21)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/f9d39fb9aff0efee4a3d5f4a6d7c17701d38a1d8' (2024-02-11)
  → 'github:NixOS/nixpkgs/b8697e57f10292a6165a20f03d2f42920dfaf973' (2024-03-03)
2024-03-05 02:38:52 +00:00
hercules-ci[bot]
2b1fa9a8e9
Merge pull request #232 from hercules-ci/flake-update
`flake.lock`: Update
2024-02-14 15:12:56 +00:00
Hercules CI Effects
4fb872dc07 flake.lock: Update
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/e92b6015881907e698782c77641aa49298330223' (2024-02-02)
  → 'github:NixOS/nixpkgs/f9d39fb9aff0efee4a3d5f4a6d7c17701d38a1d8' (2024-02-11)
2024-02-14 14:56:50 +00:00
Robert Hensing
39ee2bc7f7
Merge pull request #231 from EricTheMagician/docker-build
add support for more docker-compose build options
2024-02-14 15:54:56 +01:00
Eric Yen
245fec68a2 add support for more docker-compose build options 2024-02-09 22:46:18 -08:00
hercules-ci[bot]
9e5caa2b48
Merge pull request #228 from hercules-ci/flake-update
`flake.lock`: Update
2024-02-05 16:37:50 +00:00
Hercules CI Effects
5321799830 flake.lock: Update
Flake lock file updates:

• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/88a2cd8166694ba0b6cb374700799cec53aef527' (2024-01-01)
  → 'github:hercules-ci/flake-parts/b253292d9c0a5ead9bc98c4e9a26c6312e27d69f' (2024-02-01)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/bd645e8668ec6612439a9ee7e71f7eac4099d4f6' (2024-01-02)
  → 'github:NixOS/nixpkgs/e92b6015881907e698782c77641aa49298330223' (2024-02-02)
2024-02-05 17:31:21 +01:00
Hercules CI Effects
e92e133563 flake.lock: Update
Flake lock file updates:

• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5' (2023-12-01)
  → 'github:hercules-ci/flake-parts/88a2cd8166694ba0b6cb374700799cec53aef527' (2024-01-01)
• Updated input 'hercules-ci-effects':
    'github:hercules-ci/hercules-ci-effects/31b6cd7569191bfcd0a548575b0e2ef953ed7d09' (2023-11-26)
  → 'github:hercules-ci/hercules-ci-effects/d5cbf433a6ae9cae05400189a8dbc6412a03ba16' (2023-12-31)
• Updated input 'hercules-ci-effects/flake-parts':
    'github:hercules-ci/flake-parts/c9afaba3dfa4085dbd2ccb38dfade5141e33d9d4' (2023-10-03)
  → 'github:hercules-ci/flake-parts/34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5' (2023-12-01)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/91050ea1e57e50388fa87a3302ba12d188ef723a' (2023-12-01)
  → 'github:NixOS/nixpkgs/bd645e8668ec6612439a9ee7e71f7eac4099d4f6' (2024-01-02)
2024-02-05 17:31:21 +01:00
Robert Hensing
6ad33828e7 tests: Add VM memory
https://hercules-ci.com/accounts/github/hercules-ci/derivations/%2Fnix%2Fstore%2Fccihcy0i8p98vhf9rq0k64mdlin1d7dv-vm-test-run-arion-test.drv/log?via-job=446d4a99-fc0c-442d-a2ed-50ed004a8c48
2024-02-05 17:31:21 +01:00
Robert Hensing
f295eabd25
Merge pull request #199 from 0x450x6c/patch-1
Disable DHCP in full-nixos example
2023-12-30 16:37:40 +01:00
Robert Hensing
a27295cbf5
Merge pull request #226 from ciarandg/configurable-service-names
Add configurable systemd service name to NixOS module
2023-12-30 16:22:27 +01:00
Nikita Pedorich
b181b822f8
Use Compose Spec links in docs (#202) 2023-12-30 15:19:45 +00:00
Ciaran De Groot
49bc39d860 Add serviceName option to documentation 2023-12-17 12:46:15 -07:00
Ciaran De Groot
91e67df844 Add configurable systemd service name to nixos module 2023-12-17 12:36:47 -07:00
Robert Hensing
da2141cd93
Merge pull request #211 from MartinNikov/fix/boot-tmpfs
fix(modules/service/nixos-init): Use `boot.tmp.useTmpfs` option instead of `boot.tmpOnTmpfs`
2023-12-05 17:45:42 +01:00
Robert Hensing
14b8d91ce0 Merge remote-tracking branch 'origin/main' into fix/boot-tmpfs 2023-12-05 17:40:21 +01:00
hercules-ci[bot]
2d546f6372
Merge pull request #225 from hercules-ci/flake-update
`flake.lock`: Update
2023-12-05 15:53:59 +00:00
Hercules CI Effects
f68888200d flake.lock: Update
Flake lock file updates:

• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/47478a4a003e745402acf63be7f9a092d51b83d7' (2023-02-09)
  → 'github:hercules-ci/flake-parts/34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5' (2023-12-01)
• Updated input 'hercules-ci-effects':
    'github:hercules-ci/hercules-ci-effects/0a63bfa3f00a3775ea3a6722b247880f1ffe91ce' (2023-07-15)
  → 'github:hercules-ci/hercules-ci-effects/31b6cd7569191bfcd0a548575b0e2ef953ed7d09' (2023-11-26)
• Updated input 'hercules-ci-effects/flake-parts':
    'github:hercules-ci/flake-parts/8e8d955c22df93dbe24f19ea04f47a74adbdc5ec' (2023-07-04)
  → 'github:hercules-ci/flake-parts/c9afaba3dfa4085dbd2ccb38dfade5141e33d9d4' (2023-10-03)
• Updated input 'hercules-ci-effects/flake-parts/nixpkgs-lib':
    'github:NixOS/nixpkgs/4bc72cae107788bf3f24f30db2e2f685c9298dc9?dir=lib' (2023-06-29)
  → follows 'hercules-ci-effects/nixpkgs'
• Removed input 'hercules-ci-effects/hercules-ci-agent'
• Removed input 'hercules-ci-effects/hercules-ci-agent/flake-parts'
• Removed input 'hercules-ci-effects/hercules-ci-agent/flake-parts/nixpkgs-lib'
• Removed input 'hercules-ci-effects/hercules-ci-agent/haskell-flake'
• Removed input 'hercules-ci-effects/hercules-ci-agent/nixpkgs'
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/545c7a31e5dedea4a6d372712a18e00ce097d462' (2023-02-13)
  → 'github:NixOS/nixpkgs/91050ea1e57e50388fa87a3302ba12d188ef723a' (2023-12-01)
2023-12-05 15:49:42 +00:00
Robert Hensing
39030b9566
Merge pull request #224 from hercules-ci/doc-deployment-fetchTarball
deployment.adoc: fetchTarball instead of abstract variable
2023-11-28 19:39:04 +01:00
Robert Hensing
493fa1e575
deployment.adoc: fetchTarball instead of abstract variable 2023-11-28 19:36:55 +01:00
Robert Hensing
172e69d563
Merge pull request #220 from Gigahawk/stop_grace_period
add support for stop_grace_period
2023-11-24 13:24:56 +01:00
Jasper Chan
6881b440b6 add support for stop_grace_period 2023-11-06 21:58:30 -08:00
Robert Hensing
28902d3488
Merge pull request #212 from hercules-ci/flake-updater
dev: Add flake-update
2023-08-23 12:42:16 +02:00
Robert Hensing
57516c38fa dev: Add flake-update 2023-08-23 11:32:21 +02:00
MartinNikov
e9ebb6f79f
fix(modules/service/nixos-init): Use boot.tmp.useTmpfs option instead of boot.tmpOnTmpfs
This change fixes the following warning:

```
trace: Obsolete option `boot.tmpOnTmpfs' is used. It was renamed to `boot.tmp.useTmpfs'.
```

This option was renamed in this PR:
https://github.com/NixOS/nixpkgs/pull/204534
2023-08-22 14:25:38 +03:00
bors[bot]
51ed7054c1
Merge #209
209: fix: services.<name>.service.build.context r=roberth a=LoveIsGrief

 - [x] Support services.<name>.service.build.context see 638c4b8  for more details
 - [x] Add test

Closes #208

Co-authored-by: LoveIsGrief <loveisgrief@tuta.io>
2023-08-20 16:16:39 +00:00
LoveIsGrief
3588b01e13
test: Add tests for using build.context
These are simple tests to make sure that the generated docker-compose.json
looks like it should. This means has a build.context and does NOT
have an image defined - the image is built when starting the service.
2023-08-20 16:42:48 +02:00
LoveIsGrief
638c4b8e55
fix: services.<name>.service.build.context
One could declare it, but it was unceremoniously ignored.
A "localhost/" image was created with pretty much nothing in it
 and it couldn't be launched.

The cause was services.<name>.service.image being always set
 and subsequently thugs services.<name>.image.nixBuild being truthy.
That would build an image and write the services.<name>.image field
 in the docker-compose.json. It leads to the build.context being
ignored and the service failing.

This was solved by only writing services.<name>.service.image when
 services.<name>.service.build.context is not set.
services.<name>.image.nixBuild is additionally set to false when
the context is set.

Related to #208
2023-08-20 15:20:34 +02:00
LoveIsGrief
a8d9725e6c
chore: Add *.swp to .gitignore
When working with vim (and possibly other editors), swap files are created
and they should be ignored.
2023-08-19 22:11:17 +02:00
Robert Hensing
f0436c8478
Merge pull request #204 from hercules-ci/release
Bump to v0.2.1.0
2023-07-26 14:54:39 +02:00
Robert Hensing
8868689d3f Bump to v0.2.1.0 2023-07-26 14:50:13 +02:00
Robert Hensing
408841513b
Merge pull request #203 from hercules-ci/jailbreak
Remove base upper bound
2023-07-26 14:14:55 +02:00
Robert Hensing
22ef4649d8 Remove nix run -c 2023-07-26 14:09:49 +02:00
Robert Hensing
0e7dc62ccf arion-compose.cabal: Assume base package will remain compatible
Having to bump base is causing more breakage than what it fixes.
2023-07-26 14:08:19 +02:00
bors[bot]
9ba47f9fbb
Merge #200
200: Improve service.networks r=roberth a=pedorich-n

This PR adds more options to `service.networks`, according to the [spec](https://docs.docker.com/compose/compose-file/compose-file-v3/#networks) it exposes:
- `aliases`
- `ipv4_address`
- `ipv6_address`

A more complex example using these options is added, by modifying the existing `traefik` example.
I wasn't able to run the tests locally on my non-NixOS machine, but from what I can see, it just tests if the host is available. 
That is still true and works, I checked by running `arion up` from the `examples/traefik` folder.

Co-authored-by: Nikita Pedorich <pedorich.n@gmail.com>
2023-07-21 14:03:31 +00:00
Nikita Pedorich
16f9888732
Add missing link_local_ips and priority 2023-07-20 00:17:02 +09:00
Nikita Pedorich
b175f45613
Improve service.networks 2023-07-20 00:12:09 +09:00
Robert Hensing
f8359746cc
Merge pull request #201 from hercules-ci/links
Fix doc links
2023-07-19 15:55:46 +02:00
Robert Hensing
2ef502c912 Fix doc links 2023-07-19 15:50:08 +02:00
Elbek Azimov
daf4aebad7
Disable DHCP in full-nixos example 2023-07-08 16:45:35 +00:00
Robert Hensing
6a1f03329c
Update bors.toml 2023-04-22 18:41:17 +02:00
Robert Hensing
7e98b7af10
Merge pull request #189 from KeepTruckin/issue-188/volumes-support
Add support for volumes to mount host paths
2023-04-22 18:40:52 +02:00
Qaif Shaikh
5ba2990f72 Try with lib.types.unspecified 2023-03-02 13:41:53 -06:00
Qaif Shaikh
cb13795408 Use service submodule for volumes type 2023-02-28 16:52:18 -06:00
Robert Hensing
0f27ae484f
Merge pull request #190 from hercules-ci/issue-185
nixos-module: compatibilty with 22.11 and >=23
2023-02-25 23:03:54 +01:00
Robert Hensing
399c8c0b36 nixos-module: compatibilty with 22.11 and >=23 2023-02-25 22:43:36 +01:00
Qaif Shaikh
de9930171a Add support for volumes to mount host paths 2023-02-23 13:04:59 -06:00
Robert Hensing
e67a5d3049
Merge pull request #187 from hercules-ci/image-fakeRootCommands
Add `image.fakeRootCommands`
2023-02-22 10:34:00 +01:00
Robert Hensing
a38db89ef8 Add image.fakeRootCommands 2023-02-21 00:37:56 +01:00
Robert Hensing
591036ae85
Merge pull request #186 from hercules-ci/contrib/olebedev/patch-1
Update
2023-02-17 17:55:06 +01:00
Robert Hensing
1b65892ea6 Pin haskell-flake at 0.1.0 2023-02-16 23:28:30 +01:00
Robert Hensing
76a6bdbdb2 Resolve warnings and enable in-VM sandbox 2023-02-16 23:04:20 +01:00
Robert Hensing
379724cdcd flake.lock: Update
Flake lock file updates:

• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/7930f5b1c356270cec420d4f4cb43f4907206640' (2023-01-05)
  → 'github:hercules-ci/flake-parts/47478a4a003e745402acf63be7f9a092d51b83d7' (2023-02-09)
• Updated input 'haskell-flake':
    'github:srid/haskell-flake/4fc511d93a55fedf815c1647ad146c26d7a2054e' (2022-11-11)
  → 'github:srid/haskell-flake/34641d4508c2ad00d1a5ef5fb592f49bfa9e2770' (2023-02-11)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/6c8644fc37b6e141cbfa6c7dc8d98846c4ff0c2e' (2023-01-11)
  → 'github:NixOS/nixpkgs/545c7a31e5dedea4a6d372712a18e00ce097d462' (2023-02-13)
2023-02-16 20:44:25 +01:00
Oleg Lebedev
54079bfbc3
fix nixos option refference 2023-02-15 21:51:51 +11:00
Robert Hensing
09ef2d1377
Merge pull request #184 from hercules-ci/option-docs-maintenance
Option docs maintenance
2023-01-13 19:18:05 +01:00
Robert Hensing
4ea9760991 Ignore broken test
It is either flaky or caused by an update in NixOS/Nixpkgs.
Probably not the podman update though, because I've specifically
tested it with that pr at the time.
2023-01-13 19:15:04 +01:00
Robert Hensing
f7391f3e17 docs/options: Add page title 2023-01-13 18:18:54 +01:00
Robert Hensing
6cbf0860ca Make NixOS module compatible with recent podman module change 2023-01-13 18:16:04 +01:00
Robert Hensing
d1cc2b2a7d Touch up the option docs to be proper markdown 2023-01-13 18:07:34 +01:00
Robert Hensing
3ac9c63a01 Remove generated committed code, update 2023-01-13 18:06:55 +01:00
Robert Hensing
50bf4fe6c5
Merge pull request #183 from hercules-ci/update
flake.lock: Update
2023-01-05 01:19:12 +01:00
Robert Hensing
ce3e96e212 flake.lock: Update
Flake lock file updates:

• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/c0892379669077dcc7e306eb4bdf6ade2a03e090' (2023-01-04)
  → 'github:hercules-ci/flake-parts/7930f5b1c356270cec420d4f4cb43f4907206640' (2023-01-05)
2023-01-05 01:18:11 +01:00
Robert Hensing
c946f1ecc2
Merge pull request #182 from hercules-ci/update
flake.lock: Update
2023-01-04 20:35:42 +01:00
Robert Hensing
0e27a7acd1 flake.lock: Update
Flake lock file updates:

• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/87673d7c13a799d95ce25ff5dc7b9e15f01af2ea' (2023-01-01)
  → 'github:hercules-ci/flake-parts/c0892379669077dcc7e306eb4bdf6ade2a03e090' (2023-01-04)
2023-01-04 20:33:51 +01:00
Robert Hensing
48b4787a5a
Merge pull request #181 from hercules-ci/fix-warning
Fix flake-parts warning
2023-01-04 19:07:47 +01:00
Robert Hensing
0f5f229425 Fix flake-parts warning 2023-01-04 19:06:05 +01:00
Robert Hensing
2dc6bbe049
Merge pull request #179 from hercules-ci/workaround-nix-7555
flake.lock: Update
2023-01-04 17:11:23 +01:00
Robert Hensing
1a174e2eaa flake.lock: Update
Flake lock file updates:

• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/995d6bc162c0539998ef6375c2c6b612972dc016' (2022-12-01)
  → 'github:hercules-ci/flake-parts/87673d7c13a799d95ce25ff5dc7b9e15f01af2ea' (2023-01-01)
2023-01-04 17:09:47 +01:00
Robert Hensing
cabcbcacca Duplicate the examples once more, because antora is broken 2022-12-16 02:44:50 +01:00
Robert Hensing
d0b8e02c28 Work around antora bug? Worked locally. 2022-12-16 02:37:20 +01:00
Robert Hensing
6851553d2b
Merge pull request #177 from hercules-ci/fix-docs-examples
docs: Fix examples using asciidoc includes
2022-12-16 02:32:38 +01:00
Robert Hensing
295e8698bd docs: Fix examples using asciidoc includes 2022-12-16 02:31:20 +01:00
Robert Hensing
261d1507d6
Merge pull request #174 from hercules-ci/lens-aeson-1.1-compat
Restore compatibility with lens-aeson <1.2
2022-12-06 14:49:26 +00:00
Robert Hensing
cfec8ff678 Restore compatibility with lens-aeson <1.2 2022-12-06 15:45:05 +01:00
Robert Hensing
683a79dfcc
Merge pull request #172 from hercules-ci/release
Bump to v0.2.0.0
2022-12-02 13:24:12 +00:00
Robert Hensing
92e17b7fe0 Bump to v0.2.0.0 2022-12-02 13:19:56 +00:00
Robert Hensing
935c32afa3
Merge pull request #171 from hercules-ci/aeson
Aeson 1 -> 2
2022-12-02 13:13:17 +00:00
Robert Hensing
b9525cef7c aeson: 1 -> 2 2022-12-02 11:34:29 +00:00
Robert Hensing
7987c7ec0d Fix nixos-unit nginx test 2022-12-02 10:25:01 +00:00
Robert Hensing
890f9d9428 flake.nix: Update nixpkgs 2022-12-02 10:25:01 +00:00
Robert Hensing
4aff7e3a11 Use flake-parts 2022-12-02 10:25:01 +00:00
Robert Hensing
8159c4faa3
Merge pull request #167 from PetarKirov/patch-1
docs: Add missing newline before list
2022-10-05 17:16:22 +01:00
Petar Kirov
06266c155c
docs: Add missing newline before list 2022-10-05 18:47:52 +03:00
Robert Hensing
e5fb978143 Update changelog 2022-06-10 18:24:43 +02:00
Robert Hensing
9b6418810d Update changelog 2022-06-10 18:15:55 +02:00
Robert Hensing
8d9824c622 Remove builtins.trace calls 2022-06-09 02:04:51 +02:00
Robert Hensing
5b0126a55d
Merge pull request #157 from hercules-ci/nixos-module-set-default-project.name
nixos-module: Set default project.name
2022-06-09 02:01:18 +02:00
Robert Hensing
c519be7211
Merge pull request #161 from hercules-ci/networks-and-networks.default.name
Networks and `networks.default.name`
2022-06-09 01:59:39 +02:00
Robert Hensing
52c8798dbf Drop NixOS 20.09 support 2022-06-09 01:56:30 +02:00
Robert Hensing
6a0846c41b Update changelog 2022-06-09 01:47:16 +02:00
Robert Hensing
037c87837f Add default network with name = project.name 2022-06-09 01:47:16 +02:00
Robert Hensing
ca785e548b Add options below networks 2022-06-09 01:47:16 +02:00
Robert Hensing
c8944a2871 Extract dockerComposeRef and link into new lib.nix 2022-06-09 01:20:09 +02:00
Robert Hensing
42146bb0b2 Adjust docs 2022-06-09 01:18:22 +02:00
Robert Hensing
fa48a5241e Add nixpkgs-fmt to shell 2022-06-09 01:17:51 +02:00
Robert Hensing
c24a87f429 Merge branch 'mandatory-project.name' into HEAD 2022-06-09 01:16:17 +02:00
Robert Hensing
f4cd854c8e
Merge pull request #160 from hercules-ci/update
Update
2022-06-07 01:05:55 +02:00
Robert Hensing
84d77a2002 Update nixos-unstable 2022-06-01 00:14:54 +02:00
Robert Hensing
6d2e07173c Test with NixOS 22.05 2022-06-01 00:14:25 +02:00
Robert Hensing
d90c7dc326 project.name: nullOr str -> str 2022-06-01 00:06:33 +02:00
Robert Hensing
5ffaa4104a nixos-module: Set default project.name 2022-05-31 23:46:14 +02:00
bors[bot]
bd3e2fe4e3
Merge #153
153: Add service.healthcheck and extend service.depends_on r=roberth a=t4ccer

Add option to define custom health checks for services, and extend `depends_on` so it can also include `<service>.condition` field for conditions based on health checks.

Co-authored-by: t4ccer <t4ccer@gmail.com>
2022-05-18 17:12:19 +00:00
t4ccer
fb5ab7b76f
Move healthcheck options to healthcheck submodule 2022-04-27 19:43:16 -06:00
t4ccer
69b9109dea
Define module for detailed depends_on options 2022-04-27 14:23:25 -06:00
t4ccer
cf20442a7a
Add service.healthcheck.start_period option 2022-04-27 13:54:12 -06:00
t4ccer
ec8ef96d52
Add service.healthcheck and extend service.depends_on 2022-04-26 18:35:08 -06:00
Robert Hensing
cd962c840e
Merge pull request #148 from hercules-ci/hs-update
arion-compose.cabal: Loosen base constraint + update
2022-04-23 23:29:28 +02:00
Robert Hensing
0ee76740d0 image.name: Default to localhost/$name 2022-04-23 23:20:33 +02:00
Robert Hensing
72293ef5f6
Merge pull request #149 from mausch/patch-1
Fix link in docs
2022-04-20 16:19:40 +02:00
Mauricio Scheffer
3dba169791
Fix link in docs 2022-04-08 22:26:48 +01:00
Robert Hensing
40fd74e71f zookeeper ships with an appropriate java now 2022-04-08 00:04:13 +02:00
Robert Hensing
fbb56568e9 podman now expects localhost/ in name 2022-04-08 00:03:45 +02:00
Robert Hensing
83bc14fba8 nixosTest invocation got stricter 2022-04-08 00:03:31 +02:00
Robert Hensing
2c10b297ad Disable _module.args docs 2022-04-08 00:03:13 +02:00
Robert Hensing
161ee3aaf9 Avoid rebuilds with sourceByRegex
Awful function, but it works.
2022-04-08 00:02:37 +02:00
Robert Hensing
cb0d5ed7fd antora in nixpkgs is currently broken 2022-04-08 00:02:09 +02:00
Robert Hensing
ad9e564308 optionsAsciiDoc is a file now 2022-04-08 00:01:25 +02:00
Robert Hensing
baa515d88e Fix warnings 2022-04-07 22:55:22 +02:00
Robert Hensing
72efe2145d Update nixos-unstable 2022-04-07 22:20:31 +02:00
Robert Hensing
56f5c5d5a0 arion-compose.cabal: Loosen base constraint 2022-03-09 23:51:17 +01:00
Robert Hensing
db6d4d7490
Merge pull request #140 from hercules-ci/nixos-module
Add NixOS module
2021-11-02 14:13:37 +01:00
Robert Hensing
a7c545074b docs: Write about deployment 2021-11-02 13:29:30 +01:00
Robert Hensing
e263614045 Add NixOS module 2021-11-02 12:25:00 +01:00
bors[bot]
ee331fa1cd
Merge #137
137: Fix missing sh in PATH r=roberth a=winston0410

Fixes #136 

Co-authored-by: kghugo <hugosum.dev@protonmail.com>
2021-10-17 21:43:44 +00:00
kghugo
600aa2c8ac Link only sh from bash package to reduce image size 2021-10-17 21:02:51 +01:00
kghugo
ff2b9bbc44 Fix missing sh in PATH 2021-10-17 20:35:14 +01:00
bors[bot]
ac20241a41
Merge #131
131: Fix `pkgs` of evaluated configuration. r=roberth a=tomprince



Co-authored-by: Tom Prince <tom.prince@private.storage>
2021-08-28 05:44:11 +00:00
Tom Prince
ab13e0a3f4 Fix pkgs of evaluated configuration. 2021-08-25 01:52:02 -06:00
Robert Hensing
f5a3f299c6
Merge pull request #127 from hercules-ci/update
Update nixos-unstable
2021-07-17 16:34:35 +02:00
Robert Hensing
3374cbec26 Update nixos-unstable 2021-07-17 15:15:01 +02:00
Robert Hensing
65b2106d2a
Typo 2021-06-13 10:03:35 +02:00
Robert Hensing
af8257eb66
Merge pull request #123 from hercules-ci/docs-update
Docs about repl and arion.build function
2021-06-11 17:02:11 +02:00
Robert Hensing
a1a2475be5 docs: Add repl and build with Nix sections 2021-06-11 13:29:52 +02:00
Robert Hensing
b30c76822d Remove todomvc example (gone) 2021-06-11 13:14:33 +02:00
Robert Hensing
01f359b8f6 Bump to v0.1.3.0 2021-06-03 11:46:36 +02:00
Robert Hensing
f94dc40f05
Merge pull request #120 from hercules-ci/nixos-unstable-is-reference-nixpkgs
ci.nix: Set nixos-unstable as reference nixpkgs
2021-06-03 11:12:04 +02:00
Robert Hensing
cedf8be896 ci.nix: Set nixos-unstable as reference nixpkgs 2021-06-03 10:15:03 +02:00
Robert Hensing
4a38050a05
Merge pull request #119 from hercules-ci/nixos-21.05-podman-preparation
Add NixOS 21.05 to ci.nix
2021-06-03 10:08:31 +02:00
Robert Hensing
3171cf1c21 Update index.adoc 2021-06-03 08:44:57 +02:00
Robert Hensing
40394f4822 .envrc: Preserve XDG_DATA_DIRS for bash completions 2021-06-03 08:14:47 +02:00
Robert Hensing
b045fba6f1 ci.nix: Add nixos-21.05 2021-06-03 08:13:55 +02:00
Robert Hensing
865055787a
Merge pull request #117 from hercules-ci/nixos-21.05-podman-preparation
NixOS 21.05/podman preparation
2021-05-31 17:06:34 +02:00
Robert Hensing
a7c7ec3a03 Update niv boilerplate 2021-05-31 16:53:57 +02:00
Robert Hensing
07998216c4 Update nixos-unstable 2021-05-31 16:53:57 +02:00
Robert Hensing
2b46a9b5f6 Format 2021-05-31 16:53:57 +02:00
Robert Hensing
e73710caf9 examples/full-nixos: Disable nscd 2021-05-31 16:53:57 +02:00
Robert Hensing
dcc5b1e3ce Test and fix that we only load images when needed 2021-05-31 16:53:57 +02:00
Robert Hensing
9dd1ab0568 Update change log 2021-05-31 16:53:57 +02:00
Robert Hensing
144864d61c Drop NixOS 19.03 2021-05-31 16:53:57 +02:00
Robert Hensing
a2f5c9415c Update README for 21.05 2021-05-31 16:53:57 +02:00
Robert Hensing
1a24fe9639 Warn when DynamicUser is used without SYS_ADMIN 2021-05-31 16:53:57 +02:00
Robert Hensing
286d56a83c Add test with podman docker socket backend 2021-05-31 16:53:57 +02:00
Robert Hensing
e0e7531f7d Add image.enableRecommendedContents for /bin/sh and such 2021-05-31 16:53:57 +02:00
Robert Hensing
48d3d4b0d7 Use image.includeStorePaths = false, no more "arion base image"
The arion base image was a poor substitute for the customization
layer that only worked for some images.

By modifying dockerTools to export only the customization layer,
we can support arbitrary root contents.
2021-05-31 16:53:57 +02:00
Robert Hensing
ad41d1e39b Use streamLayeredImage for base image 2021-05-24 12:28:32 +02:00
Robert Hensing
b83cf51efd
Merge pull request #116 from hercules-ci/flake
Flake
2021-05-19 17:13:43 +02:00
Robert Hensing
e1f7840780 Update doc about garbage collection 2021-05-18 12:54:53 +02:00
Robert Hensing
3fb8782296 Allow overriding the source used for evaluation 2021-05-18 12:54:53 +02:00
Robert Hensing
525b598ce3 flake: Add overlay 2021-05-18 12:54:53 +02:00
Robert Hensing
39249c5956 flake: Add build and eval functions 2021-05-18 12:54:53 +02:00
Robert Hensing
8cb231fa89 Update comment about tarballs 2021-05-18 12:54:53 +02:00
Robert Hensing
7340d37636 Use nixpkgs upstream expression 2021-05-18 12:54:53 +02:00
Robert Hensing
29599f529b Add basic flake 2021-05-18 12:54:53 +02:00
Robert Hensing
5ed7b893bd
Merge pull request #114 from hercules-ci/flake-example
Add experimental flake example
2021-04-20 11:39:47 +02:00
Robert Hensing
1da9c00cd5 Add experimental flake example 2021-04-20 11:30:21 +02:00
bors[bot]
127a5babaa
Merge #111
111: Add service.dns r=roberth a=lunik1

Exposes the the [`dns` option](https://docs.docker.com/compose/compose-file/compose-file-v3/#dns). The spec says this can be a list of strings or a single string (for a single DNS resolver), but no functionality is lost by restricting it to the former so I have done so for simplicity's case.

Co-authored-by: lunik1 <ch.gpg@themaw.xyz>
Co-authored-by: Robert Hensing <robert@roberthensing.nl>
2021-04-10 09:51:33 +00:00
Robert Hensing
e44c2c95ac ./update-options 2021-04-10 11:50:51 +02:00
lunik1
aed2c40e77
Add service.dns 2021-04-10 00:51:40 +01:00
Robert Hensing
0417272e0e
Add docs/README.md
Refer github.com visitors to the docs site.
2021-02-11 14:45:56 +01:00
Robert Hensing
44bd4b34c6
options.adoc: Hint where to edit options
Useful when generated docs will have edit links pointing to options.adoc.
2021-02-11 14:42:26 +01:00
Robert Hensing
c605eac50f
Merge pull request #108 from hercules-ci/labels
Add service.labels
2021-01-22 10:50:09 +01:00
Robert Hensing
bb23a55c8a Improve labels example 2021-01-22 10:39:34 +01:00
Robert Hensing
3d9f19b630 Update changelog 2021-01-22 10:32:14 +01:00
Robert Hensing
648230492d Remove obsolete Nixpkgs versions
Traefik test fails on NixOS 20.03, which is end-of-life.
2021-01-22 10:28:14 +01:00
Robert Hensing
3bad85064b Tests: curl --fail 2021-01-22 00:00:31 +01:00
Robert Hensing
cfa65c56a6 Test examples/traefik 2021-01-21 23:53:37 +01:00
Robert Hensing
32b00781b4 examples/traefik: Make pure 2021-01-21 23:53:26 +01:00
lunik1
ee2f71327d Add traefik example 2021-01-21 23:07:52 +01:00
Robert Hensing
9a523b45d7 ./update-options 2021-01-20 18:20:07 +01:00
Robert Hensing
35cb7adfb5 service.labels: Bad example 2021-01-20 18:20:07 +01:00
Robert Hensing
38048ada2c Add service.labels 2021-01-20 18:11:52 +01:00
Robert Hensing
86e420d15c
Merge pull request #106 from hercules-ci/release
Release 0.1.2.0
2020-12-07 00:34:54 +01:00
Robert Hensing
7b27176274 Bump to v0.1.2.0 2020-12-05 00:08:18 +01:00
Robert Hensing
3cbb40281c Add releaser tool to shell 2020-12-05 00:07:33 +01:00
Robert Hensing
ed42a5c708 buildInputs -> nativeBuildInputs
Will fix bash completion in the shell and is a good practice for
non-shell derivations.
2020-12-05 00:05:35 +01:00
Robert Hensing
bddf4d919d Prepare changelog 2020-12-05 00:01:29 +01:00
Robert Hensing
a96df5d7c1 Boldly bump banal base bound 2020-12-04 23:53:19 +01:00
Robert Hensing
896316ce29
Merge pull request #104 from hercules-ci/set-project-name
Add name option for project/composition name
2020-10-11 12:55:11 +02:00
Robert Hensing
700297748d Support --no-ansi, --compatibility, --log-level options 2020-10-11 12:47:28 +02:00
Robert Hensing
b959ab492d Move name -> project.name 2020-10-11 12:02:58 +02:00
Robert Hensing
92c389fab5 Fix tests 2020-10-10 22:14:22 +02:00
Robert Hensing
2de4188b9d Update options 2020-10-10 22:12:37 +02:00
Robert Hensing
df0ec2eb50 Add name option for project/composition name 2020-10-10 22:09:35 +02:00
Robert Hensing
427a3b0e3c
Merge pull request #103 from hercules-ci/streamlayer
Add dockerTools.streamLayeredImage support
2020-10-02 13:00:10 +02:00
Robert Hensing
067ce26177 Use dockerTools.streamLayeredImage if available
Technically this opens a new attack vector, but if you don't trust
the code you're deploying, you should already have taken precautions
because of nix-shell, direnv etc. This just adds arion to that list.
2020-10-02 11:52:35 +02:00
Robert Hensing
88c361c81c Rename getDockerImages 2020-10-02 11:52:35 +02:00
Robert Hensing
fa06bc80dc examples/minimal: Speed up shutdown 2020-10-02 11:52:35 +02:00
Robert Hensing
b4c17aac7c
Merge pull request #102 from hercules-ci/prebuilt
Prebuilt
2020-10-01 19:43:56 +02:00
Robert Hensing
7c20fa9a11 Support use of prebuilt docker-compose.yaml 2020-10-01 18:47:29 +02:00
Robert Hensing
9dabd9bb92 Remove broken live-check script, use ./build 2020-10-01 16:53:04 +02:00
Robert Hensing
f7d2f2d93c Add Haskell Language Server support
vscode:
  - use Nix Environment Selector (with shell.nix)
  - install haskell.haskell extension
2020-10-01 16:52:19 +02:00
Robert Hensing
5df15b33a7
Merge pull request #99 from hercules-ci/update
Update
2020-10-01 15:49:16 +02:00
Robert Hensing
3e3c1754a5 Work around nginx problem in 20.03 2020-10-01 15:38:01 +02:00
Robert Hensing
ed2bc14032 Add nixos-20.09 2020-10-01 11:58:43 +02:00
Robert Hensing
97df92183d nixos-20.03: update 2020-10-01 11:54:15 +02:00
Robert Hensing
fd41e1e7de Increase test memory 2020-09-05 23:02:21 +02:00
Robert Hensing
b2e2aad1d5 Fix warning 2020-09-05 23:02:11 +02:00
Robert Hensing
90c2637947 Update 2020-09-05 23:00:30 +02:00
Robert Hensing
7609d3a88d Bump to v0.1.1.1 2020-03-20 22:39:52 +01:00
Robert Hensing
4afa8694f6
Merge pull request #95 from hercules-ci/maintenance
Maintenance
2020-03-20 22:37:39 +01:00
Robert Hensing
3b86679399 Resolve NonEmpty import warning 2020-03-20 22:28:46 +01:00
Robert Hensing
eeed0577be haskell: Resolve lines ambiguity 2020-03-20 22:28:37 +01:00
Robert Hensing
313bf21228 arion-compose.cabal: Allow newer base up to a point 2020-03-20 22:24:22 +01:00
Robert Hensing
7d6ddb960f arion-compose.cabal: Allow all newer base 2020-03-20 21:45:45 +01:00
Robert Hensing
5670a09cac Bump to v0.1.1.0 2020-03-19 12:27:07 +01:00
Robert Hensing
d92eb8ada5
Merge pull request #94 from hercules-ci/update-nixos-20.03
Update for nixos 20.03
2020-03-19 12:18:18 +01:00
Robert Hensing
5c318409cc Revert nixos-19.09 due to broken python docker on darwin 2020-03-19 12:12:09 +01:00
Robert Hensing
265f6a29ce ci.nix: Disable nixos-unstable 2020-03-19 12:12:09 +01:00
Robert Hensing
fc2ec12ead Update 2020-03-19 12:12:09 +01:00
Robert Hensing
52dfbeccb1 Adapt to 20.03
- Migrate tests to python-based runner for newer nixpkgs.
 - Adaptations for newer nginx module used in tests
 - Increase memory size for tests
2020-03-19 12:12:09 +01:00
Matt Schreiber
5bd7ea2aa3 Clean up "work" directory before "arion up"
to ensure that the subtests defined in tests/arion-test/default.nix do
not inadvertently re-use the arion-compose.nix, arion-pkgs.nix, etc. set
up during the _previous_ subtest.

Previously, each subtest attempted to clean itself up by doing
the following:

    cd work && [...snip...] && rm -rf work

This removes the directory "work/work", while leaving "work" itself
intact.  Subsequent subtests would then run:

    cp -r ${../../examples/some-example} work

thereby copying the contents of "some-example" into "work/work" rather
than into "work".

As a result, all subtests but the first simply reapplied the Arion
configuration set up by the first subtest, because this configuration
persisted within the "work" directory used as the working directory for
"arion up", etc.

This commit corrects the issue by:

    1. Removing "work" rather than "work/work", and
    2. Adding certain flags to the "cp" invocation to ensure it reliably
       copies files into "work" rather than "work/work": (a) "-f"
       ("--force"), to overwrite destination files if they already
       exist, and (b) "-T" ("--no-target-directory") to copy the
       *contents* of the source directory to "work" rather than copying
       the source directory itself as a subdirectory of "work".

Additionally, this commit factors out code common to all subtests into a
reusable subtest generator coderef.
2020-03-19 12:04:04 +01:00
Robert Hensing
41d3fb490c sources.nixpkgs: 19.03 -> 20.03 2020-03-19 12:04:04 +01:00
Robert Hensing
1778d76117 arion-base: buildLayeredImage -> buildImage to avoid build error
buildLayeredImage doesn't work when the number of nix store layers is 0.
This may be fixed by pull https://github.com/NixOS/nixpkgs/pull/80921/files
but meanwhile, plain buildImage will do the job.
2020-02-24 00:46:26 +01:00
Robert Hensing
77b89cb424 Merge branch 'fix-doc-formatting' 2019-10-29 13:02:49 +01:00
Robert Hensing
0a8f8e7fb8 Fix doc formatting 2019-10-29 12:52:00 +01:00
Robert Hensing
24503bcbe5 Fix warnings 2019-10-29 11:04:25 +01:00
Robert Hensing
697b3a27bb
Update index.adoc 2019-10-28 23:52:59 +01:00
Domen Kožar
8f2b953701
Merge pull request #87 from hercules-ci/enable-darwin-build
ci.nix: Enable darwin build
2019-10-27 11:50:38 +01:00
Robert Hensing
c38c374fa6 Work around Nix enforcing cross-system fetch bug
https://github.com/hercules-ci/hercules-ci-agent/issues/168
2019-10-27 11:42:40 +01:00
Robert Hensing
dda66e104e Fix test 2019-10-26 15:37:24 +02:00
Robert Hensing
4cc75b7cc5 ci.nix: Enable darwin build 2019-10-26 15:27:32 +02:00
Robert Hensing
3580fef52e
Update README.asciidoc 2019-10-25 13:29:11 +02:00
bors[bot]
1ed2161bcd
Merge #85
85: Use antora for documentation r=roberth a=domenkozar

Fixes #10

Co-authored-by: Domen Kožar <domen@dev.si>
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
Co-authored-by: Robert Hensing <robert@roberthensing.nl>
2019-10-24 23:13:58 +00:00
Robert Hensing
4a12286e92 docs: Fake repo for CI 2019-10-25 01:10:01 +02:00
Robert Hensing
da83692996 docs: Use lib.evalModules 2019-10-25 01:10:01 +02:00
Robert Hensing
60f3f34527 Rename module-composition -> modules 2019-10-25 00:32:59 +02:00
Robert Hensing
2856bbbe7f
Update antora-playbook.yml 2019-10-25 00:13:41 +02:00
Robert Hensing
09f324bfe0
Update README.asciidoc 2019-10-25 00:13:13 +02:00
Domen Kožar
5140cf0a09
Use antora for documentation 2019-10-25 00:11:35 +02:00
Domen Kožar
4444cf1856
nix/overlay.nix: fix eval 2019-10-24 16:25:57 +02:00
Robert Hensing
9fedd0e152
Merge pull request #74 from hercules-ci/release-prep
Release prep, release
2019-10-07 11:27:59 +02:00
Robert Hensing
cc07068beb Bump to v0.1.0.0 2019-10-04 20:18:25 +02:00
Robert Hensing
e21b1b4e75 Add nixos-19.09 2019-10-04 19:29:09 +02:00
Robert Hensing
0ab8ad6bdd Update changelog 2019-10-04 19:09:52 +02:00
Robert Hensing
7749eb2ef9 Add cabal check to ci, build strictly (once) 2019-10-04 19:09:29 +02:00
Robert Hensing
41d4fefd64 Add releaser 2019-10-04 17:24:01 +02:00
Robert Hensing
80a4dbe8b9 Build matrix 2019-10-04 17:16:41 +02:00
Robert Hensing
6fb0b1ec66 Update nixpkgs via added niv 2019-10-04 16:37:39 +02:00
Robert Hensing
535feae97a
Merge pull request #73 from hercules-ci/various-cleanups
Various cleanups
2019-10-04 12:14:35 +02:00
Robert Hensing
c8f7f5a6d3 Rename, refactor, hide build.imagesToLoad
imagesToLoad is not the right api for non-service images.
2019-10-03 21:55:58 +02:00
Robert Hensing
c3a5f8c13f Assertions, warnings, renames 2019-10-03 21:30:14 +02:00
Robert Hensing
6abcc26a76 Add run-arion-quick + HACKING.md 2019-10-03 17:56:06 +02:00
Robert Hensing
5f56a0846a Make service.{host, composition} readOnly 2019-10-03 17:54:48 +02:00
Robert Hensing
d0815c4393 Add lib and pkgs to repl
Side effect: expose them in eval-composition.
2019-10-03 17:54:07 +02:00
Robert Hensing
83a9d4668f Use proper submodule for services 2019-10-03 17:53:13 +02:00
Robert Hensing
8d3e68c167
Merge pull request #60 from hercules-ci/arion-hs
Arion hs
2019-09-30 10:49:49 +02:00
Robert Hensing
c88d2bb9cf docker load arion-base-image 2019-09-29 23:53:55 +02:00
Robert Hensing
02d319acf6 Expose composition to services 2019-09-29 23:53:55 +02:00
Robert Hensing
a90190fc9e Fix stderr streaming
Just good old-fashioned handles.
2019-09-29 22:44:33 +02:00
Robert Hensing
286d0ae084 Rewire nix 2019-09-28 16:27:07 +02:00
Robert Hensing
adc2e34deb Remove the bash implementation 2019-09-28 15:27:19 +02:00
Robert Hensing
3918799b9a Fix live-* script cabal file references 2019-09-28 14:53:46 +02:00
Robert Hensing
0474544d0b Implement defaultExec 2019-09-28 14:25:41 +02:00
Robert Hensing
02c0f80b02 Implement uid parameter 2019-09-28 00:53:11 +02:00
Robert Hensing
77c492fa86 Wrap arion binary
PATH+=docker-compose, unset PYTHONPATH
2019-09-28 00:42:03 +02:00
Robert Hensing
1fe10c076d Implement image loading, use it instead of arion-base 2019-09-27 23:59:08 +02:00
Robert Hensing
fcf270c80c Make arion repl work 2019-09-27 21:45:06 +02:00
Robert Hensing
b9488b7f49 Make some commands work 2019-09-27 21:01:57 +02:00
Robert Hensing
c0e995043a Fix unit tests to reflect updated master 2019-09-27 12:44:24 +02:00
Robert Hensing
44df36673c Rename 2019-09-27 12:39:07 +02:00
Robert Hensing
81887ba633 cat: Write to stdout not stderr 2019-09-27 12:36:23 +02:00
Robert Hensing
9d7eb01c73 Merge remote-tracking branch 'origin/master' into arion-hs 2019-09-27 12:28:57 +02:00
bors[bot]
81a51ae5ea
Merge #72
72: Change deprecated types.string to types.str r=roberth a=moinessim

To avoid: "trace: warning: types.string is deprecated because it quietly concatenates strings"

Co-authored-by: Moises Nessim <moises.nessim@topmanage.com>
2019-09-19 20:45:24 +00:00
Moises Nessim
0f0f976eab Change deprecated types.string to types.str 2019-09-19 12:00:50 -05:00
Domen Kožar
520c80d927
Merge pull request #71 from hercules-ci/add-bors
Add bors
2019-09-18 20:19:23 +02:00
Robert Hensing
cc9e70a2cc
Merge pull request #70 from srghma/container_name
feat: docker-compose fields -> networks -> add
2019-09-18 19:37:26 +02:00
Robert Hensing
89e5f4a90f Add bors 2019-09-18 19:32:24 +02:00
Serhii Khoma
0f85d7b03c feat: docker-compose fields -> networks -> add 2019-09-18 19:34:26 +03:00
Robert Hensing
13a702968d
Merge pull request #68 from srghma/container_name
feat: docker-compose fields -> container_name -> add
2019-09-18 11:52:13 +02:00
Serhii Khoma
2d079e4f41 feat: docker-compose fields -> container_name -> add 2019-09-18 12:46:11 +03:00
Robert Hensing
466d8e3af3
Merge pull request #67 from hercules-ci/domenkozar-patch-2
LICENSE: fill in
2019-09-10 10:11:21 +02:00
Domen Kožar
c46404cb86
LICENSE: fill in 2019-09-09 19:12:54 +02:00
Robert Hensing
695785f5e7
Merge pull request #40 from hercules-ci/domenkozar-patch-1
nixos: set correct $PATH
2019-07-31 14:35:07 +02:00
Robert Hensing
52a0fe5d95
Merge pull request #64 from paumr/patch-1
Fixed faulty documentation
2019-07-29 18:45:06 +02:00
paumr
dfe1b63c4b
Fixed faulty documentation
Fixed installation instructions for NixOS.
The previous version failed due to trying to add the set `{ arion; doc; tests; }` to the list `environment.systemPackages`.
2019-07-29 18:24:32 +02:00
Robert Hensing
a356daaa86
Merge pull request #62 from moinessim/Add-read-only-access-mode-to-nix-store-volume
Add hostStoreAsReadOnly option to service host-store.
2019-07-29 15:56:40 +02:00
Robert Hensing
6d6361e7e8 Add --show-trace, eval unit test 2019-07-29 13:49:26 +02:00
Robert Hensing
381c3ec37f Fix live-unit-tests 2019-07-29 13:46:49 +02:00
moinessim
662042a2bf
Make hostStoreAsReadOnly true by default.
Co-Authored-By: Robert Hensing <roberth@users.noreply.github.com>
2019-07-23 10:09:15 -05:00
Moises Nessim
c5fb4177b8 Add hostStoreAsReadOnly option to service host-store.
Make /nix/store and /run/system read-only when hostStoreAsReadOnly == true.
2019-07-11 15:42:36 -05:00
Robert Hensing
c2bdf8e047 Add scripts for hacking 2019-06-23 21:33:23 +02:00
Robert Hensing
36e48776cf Cover up the -compose part of the Haskell package 2019-06-23 21:27:44 +02:00
Robert Hensing
6882a92e56 Make arion cat work 2019-06-23 21:27:13 +02:00
Robert Hensing
77eadf4c41 Build Haskell arion instead 2019-06-16 11:38:22 +02:00
Robert Hensing
93b34dec1a
Merge pull request #59 from smatting/arion-hs
Add basic command line parsing
2019-06-15 21:35:43 +02:00
Stefan Matting
60cb5cb5c3 refactor command line parsing 2019-06-15 21:13:09 +02:00
Stefan Matting
9b047987ae Add basic command line parsing 2019-06-15 15:54:48 +02:00
Robert Hensing
01f73e486b Build the examples explicitly on/for Linux 2019-06-15 15:45:06 +02:00
Robert Hensing
61cc348281 Pass system through project nix files 2019-06-15 14:32:59 +02:00
Robert Hensing
ba6fa62c4a Add docker compose example for parsing unit test 2019-06-14 18:10:37 +02:00
Robert Hensing
9443fe8410 Add Haskell package 2019-06-14 16:10:37 +02:00
Domen Kožar
3964ac2f1e
nixos: set correct $PATH
Not tested.
2019-05-02 06:29:14 +00:00
123 changed files with 3770 additions and 1687 deletions

7
.envrc Normal file
View file

@ -0,0 +1,7 @@
HOST_XDG_DATA_DIRS="${XDG_DATA_DIRS:-}"
eval "$(lorri direnv)"
export XDG_DATA_DIRS="${XDG_DATA_DIRS}:${HOST_XDG_DATA_DIRS}"
# Use system PKI
unset SSL_CERT_FILE
unset NIX_SSL_CERT_FILE

7
.gitignore vendored
View file

@ -1,2 +1,9 @@
result result
result-* result-*
dist/
dist-newstyle/
cabal.project.local
*.swp

100
CHANGELOG.md Normal file
View file

@ -0,0 +1,100 @@
# Revision history for Arion
## 0.2.1.0 -- 2023-07-26
### Added
* `service.networks` now supports attribute set values with various options, thanks to @pedorich-n.
* `docker-compose.volumes` can now be specified in multiple modules, thanks to @qaifshaikh.
* `image.fakeRootCommands` for making modifications to the image that aren't "add a link farm".
### Fixed
* Regular maintenance fixes, including one by olebedev
## 0.2.0.0 -- 2022-12-02
### BREAKING
* The `project.name` option is now mandatory for projects that aren't deployed with the NixOS module.
* The NixOS module now sets the default network name to the project name (commonly referred to as `<name>` in the option path).
If this is not desired, for instance if you need the projects to be on the same network, set `networks.default.name` in each of them.
* The NixOS module now sets the default project name. You can still set your own value with the `project.name` option.
If you did not set one, docker compose heuristically determined the name to be `store`, so you may want to set `project.name = "store"` or prepare to rename the network manually.
### Removed
- NixOS 20.09 support. Its docker-compose does not support the
`networks.<name>.name` option, which is important in later versions.
A newer, bundled docker compose may work there, but for now the decision
is to drop this legacy version.
### Changed
* Healthcheck-based dependencies in `service.depends_on`.
### Added
* Support `service.healthcheck` for defining custom healthchecks.
* Arion now declares a `networks.default` by default, with `name` set to
`project.name`. This improves compatibility with container runtimes by
copying pre-existing behavior. Most users will want to keep using this
behavior, but it can be disabled with `enableDefaultNetwork`.
## 0.1.3.0 -- 2020-05-03
### Changed
* `useHostStore` now uses an image derived from the `image.*` options. You may
need to enable `enableRecommendedContents` because with this change, files
like `/bin/sh` aren't added by default anymore.
* Drop obsolete NixOS 19.03, 19.09 and 20.03 from CI.
### Added
* NixOS-based containers can now run on Podman when it is configured to provide a docker socket. See the [installation docs](https://docs.hercules-ci.com/arion/#_nixos).
* Support `service.dns`, for overriding the DNS servers used by containers.
* Support `service.labels`, which is useful for autodiscovery among other things.
* Add a tested example for Traefik with label-based routing.
* Add a `flake.nix` and an experimental flake example
* Add a warning when systemd `DynamicUser` is used but not available to the
container.
* CI with NixOS 21.05
## 0.1.2.0 -- 2020-03-05
* Support use of prebuilt `docker-compose.yaml`.
Separates build and execution without duplicating evaluation.
* Avoid storing tarballs (wasting store space) by using
`dockerTools.streamLayeredImage` if available.
* Project name is now configurable via the `project.name` option
* Support --no-ansi, --compatibility, --log-level options
## 0.1.1.1 -- 2020-03-20
* Fix ambiguous import of `lines`
* Improve base version constraint
* Fix warnings
## 0.1.1.0 -- 2020-03-19
* Support Nixpkgs 20.03
* Fixes for macOS
## 0.1.0.0 -- 2019-10-04
* First released version. Released on an unsuspecting world.

31
HACKING.md Normal file
View file

@ -0,0 +1,31 @@
# Hacking on the modules
## Easiest option
The module system does not distinguish between modules and configurations.
This mean you can prototype any feature by factoring out functionality in a real-world project.
## Changing the built-in modules
If your change is not just an addition or if it's better implemented by refactoring, you'll want to fork and edit arion sources directly.
For a fast iteration cycle (but possibly outdated arion command logic):
~/src/arion/run-arion-quick up -d
To update the arion command logic on the next run
rm ~/src/arion/result-run-arion-quick
# Hacking on the arion command
The arion command is written in Haskell. Anyone can make small changes to the code.
Experience with Haskell tooling is not required. You can use the nixified scripts in the root of the repo for common tasks.
- `build` or `live-check` for typechecking
- `live-unit-tests` (only the test suite is "live" though)
- `repl` for a Haskell REPL
- `run-arion` to run an incrementally built arion
- `run-arion-via-nix` to run a nix-built arion
- ~~`run-arion-quick`~~ *not for command hacking;* use stale command. See previous section.

View file

@ -187,7 +187,7 @@
same "printed page" as the copyright notice for easier same "printed page" as the copyright notice for easier
identification within third-party archives. identification within third-party archives.
Copyright [yyyy] [name of copyright owner] Copyright 2019 Hercules Labs OÜ
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License. you may not use this file except in compliance with the License.

View file

@ -1,274 +1,7 @@
== Introduction
Arion is a tool for building and running applications that Arion is a tool for building and running applications that
consist of multiple docker containers using NixOS modules. consist of multiple docker containers using NixOS modules.
It has special support for docker images that are built with Nix, It has special support for docker images that are built with Nix,
for a smooth development experience and improved performance. for a smooth development experience and improved performance.
It is built on top of https://docs.docker.com/compose/overview/[Docker
Compose], which implements the container orchestration functionality.
Instead of configuring the compositions in YAML files like # https://docs.hercules-ci.com/arion/[Intro and Documentation]
`docker-compose.yaml`, Arion uses the https://nixos.org/nix/[Nix]
language to declare the compositions. Because of this, Arion gives you
the ability to declare your deployments, configuration and packaging
in the same language. By replacing multiple tools with a single
language, you decrease your mental load and you can more easily
refactor and maintain your configurations.
Although Arion can be used as a Docker Compose with an improved
configuration front end, there is more to be gained from integrating
with Nix. In particular, the more structured approach of Nix compared
to Dockerfiles allows the following:
* Build components of your image in *parallel, automatically*
* *Share packages between images*, regardless of the order they were
added
* Improve performance by *skipping container
image creation*
* Work with *structured data instead of strings*,
templates and a multitude of expression languages
* Refactor across deployments, configuration and packaging
Arion allows to compose containers with different granularity:
* <<Minimal: Plain command using nixpkgs>>
* <<NixOS: run only one systemd service>>
* <<NixOS: run full OS>>
* <<Docker image from DockerHub>>
== Installation
=== Nix
```bash
$ nix-env -iA arion -f https://github.com/hercules-ci/arion/tarball/master
```
=== NixOS
Add this module to your NixOS configuration:
```nix
{ ... }: {
environment.systemPackages = [ (import (builtins.fetchTarball https://github.com/hercules-ci/arion/tarball/master) {}) ];
virtualisation.docker.enable = true;
users.extraUsers.myuser.extraGroups = ["docker"];
}
```
////
== Not installing: use it in a project
TODO: describe: using nix-shell or in a script, building images as
part of nix-build, pinning, see also todomvc-nix.
TODO: exposed Nix functions: arion.build, arion.eval (a bit of IFD)
////
== Usage
Arion is configured declaratively with two files:
=== arion-pkgs.nix
Arion needs `arion-pkgs.nix` to import nixpkgs, it's contents can be as simple as:
```nix
import <nixpkgs> {}
```
or more sophisticated (recommended) setup with https://github.com/nmattia/niv[Niv].
=== arion-compose.nix
Describe containers using NixOS-style modules. There are a few options:
==== Minimal: Plain command using nixpkgs
`examples/minimal/arion-compose.nix`:
```nix
{ pkgs, ... }:
{
config.docker-compose.services = {
webserver = {
service.useHostStore = true;
service.command = [ "sh" "-c" ''
cd "$$WEB_ROOT"
${pkgs.python3}/bin/python -m http.server
'' ];
service.ports = [
"8000:8000" # host:container
];
service.environment.WEB_ROOT = "${pkgs.nix.doc}/share/doc/nix/manual";
};
};
}
```
==== NixOS: run only one systemd service
`examples/nixos-unit/arion-compose.nix`:
```nix
{
docker-compose.services.webserver = { config, pkgs, ... }: {
nixos.configuration = {config, pkgs, ...}: {
boot.isContainer = true;
services.nginx.enable = true;
services.nginx.virtualHosts.localhost.root = "${pkgs.nix.doc}/share/doc/nix/manual";
system.build.run-nginx = pkgs.writeScript "run-nginx" ''
#!${pkgs.bash}/bin/bash
PATH='${config.systemd.services.nginx.environment.PATH}'
echo nginx:x:${toString config.users.users.nginx.uid}:${toString config.users.groups.nginx.gid}:nginx web server user:/var/empty:/bin/sh >>/etc/passwd
echo nginx:x:${toString config.users.groups.nginx.gid}:nginx >>/etc/group
${config.systemd.services.nginx.runner}
'';
};
service.command = [ config.nixos.build.run-nginx ];
service.useHostStore = true;
service.ports = [
"8000:80" # host:container
];
};
}
```
==== NixOS: run full OS
`examples/full-nixos/arion-compose.nix`:
```nix
{
docker-compose.services.webserver = { pkgs, ... }: {
nixos.useSystemd = true;
nixos.configuration.boot.tmpOnTmpfs = true;
nixos.configuration.services.nginx.enable = true;
nixos.configuration.services.nginx.virtualHosts.localhost.root = "${pkgs.nix.doc}/share/doc/nix/manual";
service.useHostStore = true;
service.ports = [
"8000:80" # host:container
];
};
}
```
==== Docker image from DockerHub
```nix
{
docker-compose.services.postgres = {
service.image = "postgres:10";
service.volumes = [ "${toString ./.}/postgres-data:/var/lib/postgresql/data" ];
service.environment.POSTGRES_PASSWORD = "mydefaultpass";
};
}
```
=== Run
Start containers and watch their logs:
```bash
$ arion up -d
$ arion logs -f
```
You can go to `examples/*/` and run these commands to give it a quick try.
== A full featured Nix command example
To see how Arion can be used in a project, have a look at
https://github.com/nix-community/todomvc-nix/tree/master/deploy/arion[todomvc-nix].
```bash
$ git clone https://github.com/nix-community/todomvc-nix
$ cd todomvc-nix/deploy/arion
$ arion up
```
== Project Status
This project was born out of a process supervision need for local
development environments while working on
https://www.hercules-ci.com[Hercules CI]. (It was also born out of
ancient Greek deities disguised as horses. More on that later.)
If you do want to use Arion for production environments, youll probably
want to either build normal container images or manage garbage
collection roots if you control the deployment host. Neither scenario is
made easier by arion at this time.
Arion has run successfully on Linux distributions other than NixOS, but we only perform CI for Arion on NixOS.
== How it works
Arion is essentially a thin wrapper around Nix and docker-compose. When
it runs, it does the following:
* Evaluate the configuration using Nix, producing a
`docker-compose.yaml` and a garbage collection root
* Invoke `docker-compose`
* Clean up the garbage collection root
Most of the interesting stuff happens in Arions Nix expressions, where
it runs the module system (known from NixOS) and provides the
configuration that makes the Docker Compose file do the things it needs
to do.
One of the more interesting built-in modules is the
link:src/nix/modules/service/host-store.nix[host-store.nix module] which
performs the bind mounts to make the host Nix store available in the
container.
== FAQ
=== Do I need to use Hercules CI?
Nope, its just Nix and Docker Compose under the hood.
=== What about garbage collection?
Arion removes the need for garbage collecting docker images, delegating
this task to Nix.
Arion creates a garbage collection root and cleans it up after
completing the command. This means that `arion up` without `-d` is safe
with respect to garbage collection. A deployment that is more serious
than local development must leave a GC root on the deployment host. This
use case is not supported as of now.
=== Why is my container not running latest code?
Restart it with `arion restart <name>` or if you've changed the image rebuild
them using `arion up -d --always-recreate-deps <name>`.
=== What is messing with my environment variables?
Docker Compose performs its own environment variable substitution. This
can be a little annoying in `services.command` for example. Either
reference a script from `pkgs.writeScript` or escape the dollar sign as
`$$`.
=== Why name it ``Arion``?
Arion comes from Greek mythology. Poseidon, the god of ~Docker~ the seas
had his eye on Demeter. Demeter tried to trick him by disguising as a
horse, but Poseidon saw through the deception and they had Arion.
So Arion is a super fast divine horse; the result of some weird mixing.
Also it talks.
(And we feel morally obliged to name our stuff after Greek mythology)

2
Setup.hs Normal file
View file

@ -0,0 +1,2 @@
import Distribution.Simple
main = defaultMain

13
antora-playbook.yml Normal file
View file

@ -0,0 +1,13 @@
# This is not used when the docs are imported into the docs site.
# It is only here for development preview.
content:
sources:
- url: .
start_path: docs
branches: HEAD
ui:
bundle:
url: ./docs/ui-bundle.zip
output:
dir: ./public

90
arion-compose.cabal Normal file
View file

@ -0,0 +1,90 @@
cabal-version: 2.4
name: arion-compose
version: 0.2.1.0
synopsis: Run docker-compose with help from Nix/NixOS
description: Arion is a tool for building and running applications that consist of multiple docker containers using NixOS modules. It has special support for docker images that are built with Nix, for a smooth development experience and improved performance.
homepage: https://github.com/hercules-ci/arion#readme
-- bug-reports:
license: Apache-2.0
license-file: LICENSE
author: Robert Hensing
maintainer: robert@hercules-ci.com
-- copyright:
category: Distribution, Network, Cloud, Distributed Computing
extra-source-files: CHANGELOG.md, README.asciidoc,
src/haskell/testdata/**/*.nix
src/haskell/testdata/**/*.json
data-files: nix/*.nix
, nix/modules/composition/*.nix
, nix/modules/networks/*.nix
, nix/modules/nixos/*.nix
, nix/modules/service/*.nix
, nix/modules/lib/*.nix
-- all data is verbatim from some sources
data-dir: src
source-repository head
type: git
location: https://github.com/hercules-ci/arion
common common
build-depends: base >=4.12.0.0 && <4.99
, aeson >=2
, aeson-pretty
, async
, bytestring
, directory
, lens
, lens-aeson
, process
, temporary
, text
, protolude >= 0.2
, unix
ghc-options: -Wall
flag ghci
default: False
manual: True
library
import: common
exposed-modules: Arion.Nix
Arion.Aeson
Arion.DockerCompose
Arion.ExtendedInfo
Arion.Images
Arion.Services
other-modules: Paths_arion_compose
autogen-modules: Paths_arion_compose
-- other-extensions:
hs-source-dirs: src/haskell/lib
default-language: Haskell2010
executable arion
import: common
main-is: Main.hs
-- other-modules:
-- other-extensions:
build-depends: optparse-applicative
, arion-compose
hs-source-dirs: src/haskell/exe
default-language: Haskell2010
test-suite arion-unit-tests
import: common
if flag(ghci)
hs-source-dirs: src/haskell/lib
ghc-options: -Wno-missing-home-modules
type: exitcode-stdio-1.0
main-is: TestMain.hs
other-modules: Spec
, Arion.NixSpec
-- other-extensions:
build-depends: arion-compose
, hspec
, QuickCheck
hs-source-dirs: src/haskell/test
default-language: Haskell2010

View file

@ -1,38 +0,0 @@
{ stdenv, lib
, coreutils, docker_compose, jq
}:
let
arion = stdenv.mkDerivation {
name = "arion";
src = ./src;
unpackPhase = "";
buildPhase = "";
installPhase = ''
mkdir -p $out/bin $out/share/arion
cp -a nix $out/share/arion/
cp -a arion-image $out/share/arion/
tar -czf $out/share/arion/arion-image/tarball.tar.gz -C arion-image/tarball .
substitute arion $out/bin/arion \
--subst-var-by path ${lib.makeBinPath [jq coreutils docker_compose]} \
--subst-var-by nix_dir $out/share/arion/nix \
;
chmod a+x $out/bin/arion
'';
inherit passthru;
};
passthru = {
inherit eval build;
};
eval = import "${nix_dir}/eval-composition.nix";
build = args@{...}:
let composition = eval args;
in composition.config.build.dockerComposeYaml;
nix_dir = "${arion.outPath}/share/arion/nix";
in
arion

5
bors.toml Normal file
View file

@ -0,0 +1,5 @@
status = [
"ci/hercules/onPush/default",
"ci/hercules/evaluation",
]
delete_merged_branches = true

6
build Executable file
View file

@ -0,0 +1,6 @@
#!/usr/bin/env nix-shell
#!nix-shell -i bash
# Build the Haskell package via cabal, outside Nix
cabal new-build --write-ghc-environment-files=never

1
cabal.project Normal file
View file

@ -0,0 +1 @@
packages: .

View file

@ -1,6 +1,11 @@
args@{ pkgs ? import ./nix args, ... }: let flake = import ./nix/compat.nix;
in
{ pkgs ? import flake.inputs.nixpkgs { }
, haskellPackages ? pkgs.haskellPackages
}:
let
pkgsWithArion = pkgs.extend flake.overlays.default;
in
{ {
inherit (pkgs) arion tests; inherit (pkgsWithArion) arion;
doc = pkgs.recurseIntoAttrs (import ./doc { inherit pkgs; });
} }

View file

@ -1,8 +0,0 @@
{ pkgs ? import ../nix {} }:
let
inherit (pkgs) recurseIntoAttrs callPackage;
in
recurseIntoAttrs {
manual = callPackage ./manual {};
}

View file

@ -1,3 +0,0 @@
manual.html
options-composition.xml
options-service.xml

View file

@ -1,35 +0,0 @@
xsltproc = xsltproc --nonet \
--param section.autolabel 0 \
--param section.label.includes.component.label 0 \
--param chapter.autolabel 0 \
--param chapter.label.includes.component.label 0 \
--param appendix.autolabel 0 \
--param appendix.label.includes.component.label 0 \
--param generate.toc "'book toc,title chapter nop section nop sect1 nop sect2 nop sect3 nop sect4 nop sect5 nop'" \
--param html.stylesheet \'style.css\' \
--param xref.with.number.and.title 0 \
--param toc.section.depth 3 \
--param admon.style \'\' \
--param callout.graphics.extension \'.gif\' \
--param contrib.inline.enabled 0
docbookxsl = http://docbook.sourceforge.net/release/xsl/current
all: manual.html
manual.html: manual.xml options-composition.xml options-service.xml
$(xsltproc) --xinclude --stringparam profile.condition manual \
$(docbookxsl)/profiling/profile.xsl manual.xml | \
$(xsltproc) --output manual.html $(docbookxsl)/xhtml/docbook.xsl -
# -e 's_<book lang="en">__' -e 's_</book>__'
%.xml: %.asciidoc
asciidoctor --backend docbook45 --doctype article $<
sed -e 's/<!DOCTYPE.*//' -e 's/<?asciidoc-[a-z]*?>//' -i $@
options-composition.xml options-service.xml:
echo "options-composition.xml and options-service.xml should be written by the derivation. Are you running in 'nix-shell -A manual'?"; exit 1; fi
install: all
mkdir -p $(docdir)
cp manual.html style.css $(docdir)

View file

@ -1,2 +0,0 @@
#!/usr/bin/env bash
nix-shell -A manual --run 'patchPhase && make'

View file

@ -1,132 +0,0 @@
{ pkgs ? import ../../nix {}
, version ? "none"
# Default sourceUrl is for local development. Works with
# nix-build -A doc.manual
# For release, use: https://github.com/hercules-ci/arion/blob/${version}
, sourceUrl ? "../../.."
}:
let
inherit (pkgs) recurseIntoAttrs callPackage runCommand lib stdenv ;
nixosManualPath = s: "${pkgs.path}/nixos/doc/manual/${s}";
# NixOS module system options in JSON format.
options = { moduleType, description, /*optionsList*/ optionsExpr }: recurseIntoAttrs rec {
optionsXML =
# builtins.toFile "options.xml" (builtins.toXML optionsList);
pkgs.runCommand "options.xml" {
buildInputs = [pkgs.nix pkgs.jq];
inherit optionsExpr;
} ''
export NIX_LOG_DIR=$PWD
export NIX_STATE_DIR=$PWD
nix-instantiate \
--option sandbox false \
--readonly-mode \
--eval \
--expr "$optionsExpr" \
--xml \
--strict \
--show-trace \
>$out
'';
optionsDocBook = runCommand "options-db.xml" {} ''
optionsXML=${optionsXML}
${pkgs.buildPackages.libxslt.bin}/bin/xsltproc \
--stringparam revision '${version}' \
--stringparam sourceUrl '${sourceUrl}' \
-o intermediate.xml ${./options-to-docbook.xsl} $optionsXML
${pkgs.buildPackages.libxslt.bin}/bin/xsltproc \
-o "$out" ${nixosManualPath "postprocess-option-descriptions.xsl"} intermediate.xml
'';
};
compositionOptions = options {
moduleType = "composition";
description = "List of Arion composition-level options in JSON format";
optionsExpr = let
src = ../../src/nix;
in ''
let pkgs = import ${pkgs.path} {};
fixPaths = opt: opt // {
declarations = map (d: "src/nix" + (lib.strings.removePrefix (toString ${src}) (toString d))) opt.declarations;
};
inherit (pkgs) lib;
composition = import ${src}/eval-composition.nix { inherit pkgs; };
in map fixPaths (lib.filter (opt: opt.visible && !opt.internal) (lib.optionAttrSetToDocList composition.options))
'';
};
serviceOptions = options {
moduleType = "service";
description = "List of Arion service-level options in JSON format";
optionsExpr = let
src = ../../src/nix;
in ''
let pkgs = import ${pkgs.path} {};
fixPaths = opt: opt // {
declarations = map (d: "src/nix" + (lib.strings.removePrefix (toString ${src}) (toString d))) opt.declarations;
};
inherit (pkgs) lib;
composition = pkgs.callPackage ${src}/eval-service.nix {} { modules = []; host = {}; name = abort "The manual's service options section must not depend on the service name."; };
in map fixPaths (lib.filter (opt: opt.visible && !opt.internal) (lib.optionAttrSetToDocList composition.options))
'';
};
generatedDocBook = runCommand "generated-docbook" {} ''
mkdir $out
ln -s ${compositionOptions.optionsDocBook} $out/options-composition.xml
ln -s ${serviceOptions.optionsDocBook} $out/options-service.xml
'';
manual = stdenv.mkDerivation {
src = lib.sourceByRegex ./. [
"Makefile$"
".*\.asciidoc$"
".*\.xsl$"
".*\.css$"
"^manual.xml$"
"^manual.xml$"
];
name = "arion-manual";
version = version;
buildInputs = [
(pkgs.libxslt.bin or pkgs.libxslt)
pkgs.asciidoctor
];
XML_CATALOG_FILES = "${pkgs.docbook_xsl}/xml/xsl/docbook/catalog.xml";
inherit generatedDocBook;
configurePhase = ''
export docdir=$out/doc
'';
postPatch = ''
substituteInPlace manual.xml --subst-var version
'';
prePatch = ''
cp ${generatedDocBook}/* .
substituteInPlace options-service.xml \
--replace 'xml:id="appendix-configuration-options"' 'xml:id="appendix-service-options"' \
--replace '<title>Configuration Options</title>' '<title>Service Options</title>' \
--replace 'xml:id="configuration-variable-list"' 'xml:id="service-variable-list"' \
;
substituteInPlace options-composition.xml \
--replace 'xml:id="appendix-configuration-options"' 'xml:id="appendix-composition-options"' \
--replace '<title>Configuration Options</title>' '<title>Composition Options</title>' \
--replace 'xml:id="configuration-variable-list"' 'xml:id="composition-variable-list"' \
;
'';
shellHook = ''
live-build() {
patchPhase
inotifywait -e MODIFY -m -r . | while read; do
make
done
}
'';
passthru = {
inherit generatedDocBook;
};
};
in
manual

View file

@ -1,3 +0,0 @@
#!/usr/bin/env nix-shell
#!nix-shell -A manual
#!nix-shell --run live-build

View file

@ -1,22 +0,0 @@
<book xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude">
<info>
<title>Arion Manual</title>
<subtitle>Version none</subtitle>
<author>
<affiliation>
<orgname>Hercules Labs and other Arion contributors</orgname>
</affiliation>
<contrib>Author</contrib>
</author>
</info>
<xi:include href="options-composition.xml" />
<xi:include href="options-service.xml" />
</book>

View file

@ -1,224 +0,0 @@
<?xml version="1.0"?>
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:str="http://exslt.org/strings"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:nixos="tag:nixos.org"
xmlns="http://docbook.org/ns/docbook"
extension-element-prefixes="str"
>
<xsl:output method='xml' encoding="UTF-8" />
<xsl:param name="revision" />
<xsl:param name="program" />
<xsl:param name="sourceUrl" />
<xsl:param name="nixPathKey" />
<xsl:template match="/expr/list">
<appendix xml:id="appendix-configuration-options">
<title>Configuration Options</title>
<variablelist xml:id="configuration-variable-list">
<xsl:for-each select="attrs">
<xsl:variable name="id" select="concat('opt-', str:replace(str:replace(str:replace(str:replace(attr[@name = 'name']/string/@value, '*', '_'), '&lt;', '_'), '>', '_'), '?', '_'))" />
<varlistentry>
<term xlink:href="#{$id}">
<xsl:attribute name="xml:id"><xsl:value-of select="$id"/></xsl:attribute>
<option>
<xsl:value-of select="attr[@name = 'name']/string/@value" />
</option>
</term>
<listitem>
<nixos:option-description>
<para>
<xsl:value-of disable-output-escaping="yes"
select="attr[@name = 'description']/string/@value" />
</para>
</nixos:option-description>
<xsl:if test="attr[@name = 'type']">
<para>
<emphasis>Type:</emphasis>
<xsl:text> </xsl:text>
<xsl:value-of select="attr[@name = 'type']/string/@value"/>
<xsl:if test="attr[@name = 'readOnly']/bool/@value = 'true'">
<xsl:text> </xsl:text>
<emphasis>(read only)</emphasis>
</xsl:if>
</para>
</xsl:if>
<xsl:if test="attr[@name = 'default']">
<para>
<emphasis>Default:</emphasis>
<xsl:text> </xsl:text>
<xsl:apply-templates select="attr[@name = 'default']" mode="top" />
</para>
</xsl:if>
<xsl:if test="attr[@name = 'example']">
<para>
<emphasis>Example:</emphasis>
<xsl:text> </xsl:text>
<xsl:choose>
<xsl:when test="attr[@name = 'example']/attrs[attr[@name = '_type' and string[@value = 'literalExample']]]">
<programlisting><xsl:value-of select="attr[@name = 'example']/attrs/attr[@name = 'text']/string/@value" /></programlisting>
</xsl:when>
<xsl:otherwise>
<xsl:apply-templates select="attr[@name = 'example']" mode="top" />
</xsl:otherwise>
</xsl:choose>
</para>
</xsl:if>
<xsl:if test="attr[@name = 'relatedPackages']">
<para>
<emphasis>Related packages:</emphasis>
<xsl:text> </xsl:text>
<xsl:value-of disable-output-escaping="yes"
select="attr[@name = 'relatedPackages']/string/@value" />
</para>
</xsl:if>
<xsl:if test="count(attr[@name = 'declarations']/list/*) != 0">
<para>
<emphasis>Declared by:</emphasis>
</para>
<xsl:apply-templates select="attr[@name = 'declarations']" />
</xsl:if>
<xsl:if test="count(attr[@name = 'definitions']/list/*) != 0">
<para>
<emphasis>Defined by:</emphasis>
</para>
<xsl:apply-templates select="attr[@name = 'definitions']" />
</xsl:if>
</listitem>
</varlistentry>
</xsl:for-each>
</variablelist>
</appendix>
</xsl:template>
<xsl:template match="*" mode="top">
<xsl:choose>
<xsl:when test="string[contains(@value, '&#010;')]">
<programlisting>
<xsl:text>''
</xsl:text><xsl:value-of select='str:replace(string/@value, "${", "&apos;&apos;${")' /><xsl:text>''</xsl:text></programlisting>
</xsl:when>
<xsl:otherwise>
<literal><xsl:apply-templates /></literal>
</xsl:otherwise>
</xsl:choose>
</xsl:template>
<xsl:template match="null">
<xsl:text>null</xsl:text>
</xsl:template>
<xsl:template match="string">
<xsl:choose>
<xsl:when test="(contains(@value, '&quot;') or contains(@value, '\')) and not(contains(@value, '&#010;'))">
<xsl:text>''</xsl:text><xsl:value-of select='str:replace(@value, "${", "&apos;&apos;${")' /><xsl:text>''</xsl:text>
</xsl:when>
<xsl:otherwise>
<xsl:text>"</xsl:text><xsl:value-of select="str:replace(str:replace(str:replace(str:replace(@value, '\', '\\'), '&quot;', '\&quot;'), '&#010;', '\n'), '$', '\$')" /><xsl:text>"</xsl:text>
</xsl:otherwise>
</xsl:choose>
</xsl:template>
<xsl:template match="int">
<xsl:value-of select="@value" />
</xsl:template>
<xsl:template match="bool[@value = 'true']">
<xsl:text>true</xsl:text>
</xsl:template>
<xsl:template match="bool[@value = 'false']">
<xsl:text>false</xsl:text>
</xsl:template>
<xsl:template match="list">
[
<xsl:for-each select="*">
<xsl:apply-templates select="." />
<xsl:text> </xsl:text>
</xsl:for-each>
]
</xsl:template>
<xsl:template match="attrs[attr[@name = '_type' and string[@value = 'literalExample']]]">
<xsl:value-of select="attr[@name = 'text']/string/@value" />
</xsl:template>
<xsl:template match="attrs">
{
<xsl:for-each select="attr">
<xsl:value-of select="@name" />
<xsl:text> = </xsl:text>
<xsl:apply-templates select="*" /><xsl:text>; </xsl:text>
</xsl:for-each>
}
</xsl:template>
<xsl:template match="derivation">
<replaceable>(build of <xsl:value-of select="attr[@name = 'name']/string/@value" />)</replaceable>
</xsl:template>
<xsl:template match="attr[@name = 'declarations' or @name = 'definitions']">
<simplelist>
<xsl:for-each select="list/string">
<member><filename>
<!-- Hyperlink the filename either to the NixOS Subversion
repository (if its a module and we have a revision number),
or to the local filesystem. -->
<xsl:choose>
<xsl:when test="not(starts-with(@value, '/'))">
<xsl:attribute name="xlink:href"><xsl:value-of select="$sourceUrl"/>/<xsl:value-of select="@value"/></xsl:attribute>
</xsl:when>
<xsl:otherwise>
<xsl:attribute name="xlink:href">file://<xsl:value-of select="@value"/></xsl:attribute>
</xsl:otherwise>
</xsl:choose>
<!-- Print the filename and make it user-friendly by replacing the
/nix/store/<hash> prefix by the default location of nixos
sources. -->
<xsl:choose>
<xsl:when test="$nixPathKey != ''">
&lt;<xsl:value-of select="$nixPathKey"/>/<xsl:value-of select="@value"/>&gt;
</xsl:when>
<xsl:otherwise>
<xsl:value-of select="@value" />
</xsl:otherwise>
</xsl:choose>
</filename></member>
</xsl:for-each>
</simplelist>
</xsl:template>
<xsl:template match="function">
<xsl:text>λ</xsl:text>
</xsl:template>
</xsl:stylesheet>

View file

@ -1,159 +0,0 @@
hr { color: #ddd; margin-top: 3ex; }
h1, h2, h3, h4 { font-weight: bold; }
h1 { font-size: 200%; margin-top: 5ex; }
h2 { font-size: 160%; margin-top: 4ex; }
h3,h4 { font-size: 120%; margin-top: 3ex; }
/* From Semantic UI */
body {
font-family: Lato,'Helvetica Neue',Arial,Helvetica,sans-serif;
font-size: 14px;
line-height: 1.4285em;
color: rgba(0,0,0,.87);
}
code.literal {
background-color: #f7f7f7;
}
a {
background-color:transparent;
-webkit-text-decoration-skip:objects
}
a {
color:#4183c4;
text-decoration:none
}
a:hover {
color:#1e70bf;
text-decoration:none
}
::-webkit-selection {
background-color:#cce2ff;
color:rgba(0,0,0,.87)
}
::-moz-selection {
background-color:#cce2ff;
color:rgba(0,0,0,.87)
}
::selection {
background-color:#cce2ff;
color:rgba(0,0,0,.87)
}
/* toc menu */
@media screen and (min-width: 60em) {
body {
margin-left: 16.5em;
}
div.toc {
position: fixed;
top: 0pt;
left: 1em;
height: 100%;
overflow-y: auto;
width: 15.5em;
}
}
@media screen and (min-width: 90em) {
div.toc {
left: 5em;
}
}
/* hide per chapter toc */
div.chapter div.toc {
display: none;
}
/* From Nixpkgs: */
div.book
{
text-align: center;
}
div.book > div
{
/*
* based on https://medium.com/@zkareemz/golden-ratio-62b3b6d4282a
* we do 70 characters per line to fit code listings better
* 70 * (font-size / 1.618)
* expression for emacs:
* (* 70 (/ 1 1.618))
*/
max-width: 43.2em;
text-align: left;
margin: auto;
}
/***************************************************************************
Special elements:
***************************************************************************/
.term
{
font-weight: bold;
}
div.variablelist dd p, div.glosslist dd p
{
margin-top: 0em;
}
div.variablelist dd, div.glosslist dd
{
margin-left: 1.5em;
}
div.glosslist dt
{
font-style: italic;
}
.varname
{
color: #004000;
}
span.command strong
{
font-weight: normal;
color: #004000;
}
div.calloutlist table
{
box-shadow: none;
}
table
{
border-collapse: collapse;
box-shadow: 0.4em 0.4em 0.5em #e0e0e0;
}
table.simplelist
{
text-align: left;
color: #005aa0;
border: 0;
padding: 5px;
background: #fffff5;
font-weight: normal;
font-style: italic;
box-shadow: none;
margin-bottom: 1em;
}
div.navheader table, div.navfooter table {
box-shadow: none;
}
div.affiliation
{
font-style: italic;
}

4
docs/README.md Normal file
View file

@ -0,0 +1,4 @@
# Documentation
Please refer to the [**rendered documentation**](https://docs.hercules-ci.com/arion), which includes the [**options.**](https://docs.hercules-ci.com/arion/options/)

7
docs/antora.yml Normal file
View file

@ -0,0 +1,7 @@
name: arion
title: Arion Documentation
version: 'master'
nav:
- modules/ROOT/nav.adoc
- modules/reference/nav.adoc
nix: true

31
docs/flake-module.nix Normal file
View file

@ -0,0 +1,31 @@
{
perSystem = { config, pkgs, lib, ... }: {
packages.generated-option-doc-arion =
# TODO: use the render pipeline in flake-parts,
# which has support for things like {options}`foo`.
let
eval = lib.evalModules {
modules = import ../src/nix/modules.nix;
};
in
(pkgs.nixosOptionsDoc
{
options = eval.options;
}).optionsCommonMark;
packages.generated-antora-files =
pkgs.runCommand "generated-antora-files"
{
nativeBuildInputs = [ pkgs.pandoc ];
doc_arion = config.packages.generated-option-doc-arion;
}
# TODO: use the render pipeline in flake-parts,
# which has support for things like {options}`foo`.
''
mkdir -p $out/modules/ROOT/partials
pandoc --from=markdown --to=asciidoc \
< $doc_arion \
> $out/modules/ROOT/partials/arion-options.adoc
'';
};
}

View file

@ -0,0 +1 @@
../../../../../examples/full-nixos/arion-compose.nix

View file

@ -0,0 +1 @@
../../../../../examples/minimal/arion-compose.nix

View file

@ -0,0 +1 @@
../../../../../examples/nixos-unit/arion-compose.nix

View file

@ -0,0 +1,3 @@
* xref:index.adoc[Getting Started]
* xref:options.adoc[Arion Options]
* xref:deployment.adoc[Deployment]

View file

@ -0,0 +1,71 @@
= Deployment with Arion
Arion projects can be deployed in Nix-like or Docker-like ways.
== Docker images
When you disable `useHostStore`, arion will build images, which can be deployed
to any Docker host, including non-NixOS hosts.
=== Remote Docker socket
NOTE: Access to a Docker socket is equivalent to root access on the host.
Docker supports authentication via TLS client certificates.
The xref:hercules-ci-effects:ROOT:reference/nix-functions/runArion.adoc[runArion Effect] uses this technique.
Because this technique works with a single Docker host, it does not need a registry.
=== Upload to registry
You can either use `arion push` or write custom push logic using the `arion cat`
command, the `eval` function on the `arion` package, or the `lib.eval` function
on the flake to retrieve the images defined in a project.
== NixOS module
Arion projects can be deployed as part of a NixOS configuration. This ties the
project revision to the system configuration revision, which can be good or bad
thing, depending on your deployment strategy. At a low level, a benefit is that
no store paths need to be copied locally and remote NixOS deployments can use
Nix's copy-closure algorithm for efficient transfers, and transparent binary
caches rather than an inherently stateful Docker registry solution.
Extend your NixOS configuration by adding the configuration elements to an
existing configuration. You could create a new module file for it, if your
choice of `imports` allows it.
NOTE: This deployment method does NOT use an `arion-pkgs.nix` file, but reuses
the host `pkgs`.
```nix
{
imports = [
# Pick one of:
# - niv
((import ./nix/sources.nix).arion + "/nixos-module.nix")
# - or flakes (where arion is a flake input)
arion.nixosModules.arion
# - or other: copy commit hash of arion and replace HASH in:
(builtins.fetchTarball "https://github.com/hercules-ci/arion/archive/HASH.tar.gz") + "/nixos-module.nix")
];
virtualisation.arion = {
backend = "podman-socket"; # or "docker"
projects.example = {
serviceName = "example"; # optional systemd service name, defaults to arion-example in this case
settings = {
# Specify you project here, or import it from a file.
# NOTE: This does NOT use ./arion-pkgs.nix, but defaults to NixOS' pkgs.
imports = [ ./arion-compose.nix ];
};
};
};
}
```
See also:
- xref:hercules-ci-effects:ROOT:reference/nix-functions/runNixOS.adoc[runNixOS Effect]
- xref:hercules-ci-effects:ROOT:reference/nix-functions/runNixOps2.adoc[runNixOps2 Effect]

View file

@ -0,0 +1,312 @@
= Welcome to Arion documentation
== Introduction
Arion is a tool for building and running applications that
consist of multiple docker containers using NixOS modules.
It has special support for docker images that are built with Nix,
for a smooth development experience and improved performance.
It is built on top of https://docs.docker.com/compose/overview/[Docker
Compose], which implements the container orchestration functionality.
Instead of configuring the compositions in YAML files like
`docker-compose.yaml`, Arion uses the https://nixos.org/nix/[Nix]
language to declare the compositions. Because of this, Arion gives you
the ability to declare your deployments, configuration and packaging
in the same language. By replacing multiple tools with a single
language, you decrease your mental load and you can more easily
refactor and maintain your configurations.
Although Arion can be used as a Docker Compose with an improved
configuration front end, there is more to be gained from integrating
with Nix. In particular, the more structured approach of Nix compared
to Dockerfiles allows the following:
* Build components of your image in *parallel, automatically*
* *Share packages between images*, regardless of the order they were
added
* Improve performance by *skipping container
image creation*
* Work with *structured data instead of strings*,
templates and a multitude of expression languages
* Refactor across deployments, configuration and packaging
Arion allows to compose containers with different granularity:
* <<Minimal: Plain command using nixpkgs>>
* <<NixOS: run only one systemd service>>
* <<NixOS: run full OS>>
* <<Docker image from DockerHub>>
Full NixOS is supported on
* docker-compose + podman with docker socket (NixOS >= 21.05)
* docker-compose + docker, before cgroupsv2 (NixOS < 21.05)
`podman-compose` support is currently WIP on a separate branch.
== Installation
=== Nix
```bash
$ nix-env -iA arion -f https://github.com/hercules-ci/arion/tarball/master
```
=== NixOS
Add this module to your NixOS configuration:
```nix
{ pkgs, ... }: {
environment.systemPackages = [
pkgs.arion
# Do install the docker CLI to talk to podman.
# Not needed when virtualisation.docker.enable = true;
pkgs.docker-client
];
# Arion works with Docker, but for NixOS-based containers, you need Podman
# since NixOS 21.05.
virtualisation.docker.enable = false;
virtualisation.podman.enable = true;
virtualisation.podman.dockerSocket.enable = true;
virtualisation.podman.defaultNetwork.dnsname.enable = true;
# Use your username instead of `myuser`
users.extraUsers.myuser.extraGroups = ["podman"];
}
```
////
== Not installing: use it in a project
TODO: describe: using nix-shell or in a script, building images as
part of nix-build, pinning, see also todomvc-nix.
TODO: exposed Nix functions: arion.build, arion.eval (a bit of IFD)
////
== Usage
Arion is configured declaratively with two files:
=== arion-pkgs.nix
Arion needs `arion-pkgs.nix` to import nixpkgs, for example:
```nix
import <nixpkgs> { system = "x86_64-linux"; }
```
or more sophisticated (recommended) setup with https://github.com/nmattia/niv[Niv].
=== arion-compose.nix
Describe containers using NixOS-style modules. There are a few options:
==== Minimal: Plain command using nixpkgs
`examples/minimal/arion-compose.nix`
[,nix]
----
{ pkgs, ... }:
{
project.name = "webapp";
services = {
webserver = {
image.enableRecommendedContents = true;
service.useHostStore = true;
service.command = [ "sh" "-c" ''
cd "$$WEB_ROOT"
${pkgs.python3}/bin/python -m http.server
'' ];
service.ports = [
"8000:8000" # host:container
];
service.environment.WEB_ROOT = "${pkgs.nix.doc}/share/doc/nix/manual";
service.stop_signal = "SIGINT";
};
};
}
----
==== NixOS: run full OS
`examples/full-nixos/arion-compose.nix`:
[,nix]
----
{
project.name = "full-nixos";
services.webserver = { pkgs, lib, ... }: {
nixos.useSystemd = true;
nixos.configuration.boot.tmp.useTmpfs = true;
nixos.configuration.services.nginx.enable = true;
nixos.configuration.services.nginx.virtualHosts.localhost.root = "${pkgs.nix.doc}/share/doc/nix/manual";
nixos.configuration.services.nscd.enable = false;
nixos.configuration.system.nssModules = lib.mkForce [];
nixos.configuration.systemd.services.nginx.serviceConfig.AmbientCapabilities =
lib.mkForce [ "CAP_NET_BIND_SERVICE" ];
service.useHostStore = true;
service.ports = [
"8000:80" # host:container
];
};
}
----
==== Docker image from DockerHub
```nix
{
services.postgres = {
service.image = "postgres:10";
service.volumes = [ "${toString ./.}/postgres-data:/var/lib/postgresql/data" ];
service.environment.POSTGRES_PASSWORD = "mydefaultpass";
};
}
```
==== NixOS: run only one systemd service
Running individual units from NixOS is possible using an experimental script.
See `examples/nixos-unit/arion-compose.nix`.
=== Run
Start containers and watch their logs:
```bash
$ arion up -d
$ arion logs -f
```
You can go to `examples/*/` and run these commands to give it a quick try.
=== Inspect the config
While developing an arion project, you can make use of `arion repl`, which launches
a `nix repl` on the project configuration.
```
$ arion repl
Launching a repl for you. To get started:
To see deployment-wide configuration
type config. and use tab completion
To bring the top-level Nixpkgs attributes into scope
type :a (config._module.args.pkgs) // { inherit config; }
Welcome to Nix. Type :? for help.
Loading '../../src/nix/eval-composition.nix'...
Added 5 variables.
nix-repl> config.services.webserver.service.command
[ "sh" "-c" "cd \"$$WEB_ROOT\"\n/nix/store/66fbv9mmx1j4hrn9y06kcp73c3yb196r-python3-3.8.9/bin/python -m http.server\n" ]
nix-repl>
```
== Build with Nix
You can build a project with `nix-build` using an expression like
```nix
arion.build { modules = [ ./arion-compose.nix ]; pkgs = import ./arion-pkgs.nix; }
```
If you deploy with xref:hercules-ci-effects:ROOT:reference/nix-functions/runArion.adoc[runArion],
and your `pkgs` variable is equivalent to `import ./arion-pkgs.nix`, you can use:
```nix
let
deployment = pkgs.effects.runArion { /* ... */ });
in deployment.prebuilt
```
== Project Status
This project was born out of a process supervision need for local
development environments while working on
https://www.hercules-ci.com[Hercules CI]. (It was also born out of
ancient Greek deities disguised as horses. More on that later.)
Arion can be used for simple single host deployments, using Docker's TLS
client verification, or https://search.nixos.org/options?channel=unstable&show=virtualisation.podman.networkSocket.enable&query=virtualisation.podman[`virtualisation.podman.networkSocket` options].
Remote deployments do not support `useHostStore`, although an SSH-based deployment method could support this.
Docker Swarm is not currently supported.
Arion has run successfully on Linux distributions other than NixOS, but we only perform CI for Arion on NixOS.
== How it works
Arion is essentially a thin wrapper around Nix and docker-compose. When
it runs, it does the following:
* Evaluate the configuration using Nix, producing a
`docker-compose.yaml` and a garbage collection root
* Invoke `docker-compose`
* Clean up the garbage collection root
Most of the interesting stuff happens in Arions Nix expressions, where
it runs the module system (known from NixOS) and provides the
configuration that makes the Docker Compose file do the things it needs
to do.
One of the more interesting built-in modules is the
https://github.com/hercules-ci/arion/blob/master/src/nix/modules/service/host-store.nix[host-store.nix module] which
performs the bind mounts to make the host Nix store available in the
container.
== FAQ
=== Do I need to use Hercules CI?
Nope, its just Nix and Docker Compose under the hood.
It does xref:hercules-ci-effects:ROOT:reference/nix-functions/runArion.adoc[integrate] nicely though.
=== What about garbage collection?
Arion removes the need for garbage collecting docker images, delegating
this task to Nix when using `service.useHostStore`.
Arion creates a garbage collection root that it cleans up after completing
the command. This means that `arion up -d` should not be used with `useHostStore`
in production. Instead, disable `useHostStore`, which will use `dockerTools` to
generate images that can be used in production.
=== Why is my container not running latest code?
Rebuild the image using `arion up -d --always-recreate-deps <name>` or simply `arion up -d`.
Like `docker-compose restart`, `arion restart` does not update the image before starting.
=== What is messing with my environment variables?
Docker Compose performs its own environment variable substitution. This
can be a little annoying in `services.command` for example. Either
reference a script from `pkgs.writeScript` or escape the dollar sign as
`$$`.
=== Why name it ``Arion``?
Arion comes from Greek mythology. Poseidon, the god of Docker -- I mean the seas --
had his eye on Demeter. Demeter tried to trick him by disguising as a
horse, but Poseidon saw through the deception and they had Arion.
So Arion is a super fast divine horse; the result of some weird mixing.
Also it talks.
(And we felt morally obliged to name our stuff after Greek mythology)

View file

@ -0,0 +1,3 @@
# Arion Options
include::partial$arion-options.adoc[]

20
docs/options.nix Normal file
View file

@ -0,0 +1,20 @@
{ pkgs ? import ../nix {} }:
let
eval = pkgs.lib.evalModules {
modules = import ../src/nix/modules.nix;
};
options = pkgs.nixosOptionsDoc {
options = eval.options;
};
in (pkgs.runCommand "agent-options.adoc" { } ''
cat >$out <<EOF
= Arion options
EOF
cat ${options.optionsAsciiDoc} >>$out
'').overrideAttrs (o: {
# Work around https://github.com/hercules-ci/hercules-ci-agent/issues/168
allowSubstitutes = true;
})

BIN
docs/ui-bundle.zip Normal file

Binary file not shown.

View file

@ -0,0 +1,30 @@
{ pkgs, ... }:
let
sh = pkgs.stdenv.mkDerivation {
name = "sh";
phases = [ "installPhase" ];
installPhase = ''
mkdir -p "$out"/bin
ln -s ${pkgs.bash}/bin/sh "$out"/bin/sh
'';
};
in{
config.project.name = "webapp";
config.services = {
webserver = {
image.contents = [ sh ];
service.useHostStore = true;
service.command = [ "sh" "-c" ''
cd "$$WEB_ROOT"
${pkgs.python3}/bin/python -m http.server
'' ];
service.ports = [
"8000:8000" # host:container
];
service.environment.WEB_ROOT = "${pkgs.nix.doc}/share/doc/nix/manual";
service.stop_signal = "SIGINT";
};
};
}

View file

@ -0,0 +1,13 @@
let
flake = if builtins ? getFlake
then (builtins.getFlake (toString ./.)).pkgs
else (import flake-compat { src = ./.; }).defaultNix;
# NB: this is lazy
lock = builtins.fromJSON (builtins.readFile ./flake.lock);
inherit (lock.nodes.flake-compat.locked) owner repo rev narHash;
flake-compat = builtins.fetchTarball {
url = "https://github.com/${owner}/${repo}/archive/${rev}.tar.gz";
sha256 = narHash;
};
in
flake.pkgs

44
examples/flake/flake.lock Normal file
View file

@ -0,0 +1,44 @@
{
"nodes": {
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1606424373,
"narHash": "sha256-oq8d4//CJOrVj+EcOaSXvMebvuTkmBJuT5tzlfewUnQ=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "99f1c2157fba4bfe6211a321fd0ee43199025dbf",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1618853290,
"narHash": "sha256-K4fddnrGOcKL+6CEchRrVmepiwvwvHxB87goqBTI5Bs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9a1672105db0eebe8ef59f310397435f2d0298d0",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-20.09",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

19
examples/flake/flake.nix Normal file
View file

@ -0,0 +1,19 @@
{
description = "A very basic flake";
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-20.09";
inputs.flake-compat.url = "github:edolstra/flake-compat";
inputs.flake-compat.flake = false;
outputs = { self, nixpkgs, ... }: {
pkgs = nixpkgs.legacyPackages.x86_64-linux;
# # alternative:
# pkgs = import nixpkgs { config = { }; overlays = [ ]; system = "x86_64-linux"; };
packages.x86_64-linux.hello = nixpkgs.legacyPackages.x86_64-linux.hello;
defaultPackage.x86_64-linux = self.packages.x86_64-linux.hello;
};
}

View file

@ -1,9 +1,15 @@
{ {
docker-compose.services.webserver = { pkgs, ... }: { project.name = "full-nixos";
services.webserver = { pkgs, lib, ... }: {
nixos.useSystemd = true; nixos.useSystemd = true;
nixos.configuration.boot.tmpOnTmpfs = true; nixos.configuration.boot.tmp.useTmpfs = true;
nixos.configuration.networking.useDHCP = false;
nixos.configuration.services.nginx.enable = true; nixos.configuration.services.nginx.enable = true;
nixos.configuration.services.nginx.virtualHosts.localhost.root = "${pkgs.nix.doc}/share/doc/nix/manual"; nixos.configuration.services.nginx.virtualHosts.localhost.root = "${pkgs.nix.doc}/share/doc/nix/manual";
nixos.configuration.services.nscd.enable = false;
nixos.configuration.system.nssModules = lib.mkForce [];
nixos.configuration.systemd.services.nginx.serviceConfig.AmbientCapabilities =
lib.mkForce [ "CAP_NET_BIND_SERVICE" ];
service.useHostStore = true; service.useHostStore = true;
service.ports = [ service.ports = [
"8000:80" # host:container "8000:80" # host:container

View file

@ -1,2 +1,6 @@
# Instead of pinning Nixpkgs, we can opt to use the one in NIX_PATH # Instead of pinning Nixpkgs, we can opt to use the one in NIX_PATH
import <nixpkgs> {} import <nixpkgs> {
# We specify the architecture explicitly. Use a Linux remote builder when
# calling arion from other platforms.
system = "x86_64-linux";
}

View file

@ -1,8 +1,10 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
config.docker-compose.services = { project.name = "webapp";
services = {
webserver = { webserver = {
image.enableRecommendedContents = true;
service.useHostStore = true; service.useHostStore = true;
service.command = [ "sh" "-c" '' service.command = [ "sh" "-c" ''
cd "$$WEB_ROOT" cd "$$WEB_ROOT"
@ -12,6 +14,7 @@
"8000:8000" # host:container "8000:8000" # host:container
]; ];
service.environment.WEB_ROOT = "${pkgs.nix.doc}/share/doc/nix/manual"; service.environment.WEB_ROOT = "${pkgs.nix.doc}/share/doc/nix/manual";
service.stop_signal = "SIGINT";
}; };
}; };
} }

View file

@ -1,2 +1,6 @@
# Instead of pinning Nixpkgs, we can opt to use the one in NIX_PATH # Instead of pinning Nixpkgs, we can opt to use the one in NIX_PATH
import <nixpkgs> {} import <nixpkgs> {
# We specify the architecture explicitly. Use a Linux remote builder when
# calling arion from other platforms.
system = "x86_64-linux";
}

View file

@ -17,17 +17,27 @@
*/ */
{ {
docker-compose.services.webserver = { config, pkgs, ... }: { project.name = "nixos-unit";
services.webserver = { config, pkgs, ... }: {
nixos.configuration = {config, pkgs, ...}: { nixos.configuration = {config, lib, options, pkgs, ...}: {
boot.isContainer = true; boot.isContainer = true;
services.nginx.enable = true; services.nginx = {
services.nginx.virtualHosts.localhost.root = "${pkgs.nix.doc}/share/doc/nix/manual"; enable = true;
virtualHosts.localhost.root = "${pkgs.nix.doc}/share/doc/nix/manual";
} // lib.optionalAttrs (options?services.nginx.stateDir) {
# Work around a problem in NixOS 20.03
stateDir = "/var/lib/nginx";
};
system.build.run-nginx = pkgs.writeScript "run-nginx" '' system.build.run-nginx = pkgs.writeScript "run-nginx" ''
#!${pkgs.bash}/bin/bash #!${pkgs.bash}/bin/bash
PATH='${config.systemd.services.nginx.environment.PATH}' PATH='${config.systemd.services.nginx.environment.PATH}'
echo nginx:x:${toString config.users.users.nginx.uid}:${toString config.users.groups.nginx.gid}:nginx web server user:/var/empty:/bin/sh >>/etc/passwd echo nginx:x:${toString config.users.users.nginx.uid}:${toString config.users.groups.nginx.gid}:nginx web server user:/var/empty:/bin/sh >>/etc/passwd
echo nginx:x:${toString config.users.groups.nginx.gid}:nginx >>/etc/group echo nginx:x:${toString config.users.groups.nginx.gid}:nginx >>/etc/group
echo 'nobody:x:65534:65534:Unprivileged account do not use:/var/empty:/run/current-system/sw/bin/nologin' >>/etc/passwd
echo 'nogroup:x:65534:' >>/etc/group
mkdir -p /var/log/nginx /run/nginx/ /var/cache/nginx /var/lib/nginx/{,logs,proxy_temp,client_body_temp,fastcgi_temp,scgi_temp,uwsgi_temp} /tmp/nginx_client_body
chown nginx /var/log/nginx /run/nginx/ /var/cache/nginx /var/lib/nginx/{,logs,proxy_temp,client_body_temp,fastcgi_temp,scgi_temp,uwsgi_temp} /tmp/nginx_client_body
${config.systemd.services.nginx.runner} ${config.systemd.services.nginx.runner}
''; '';
}; };

View file

@ -1,2 +1,6 @@
# Instead of pinning Nixpkgs, we can opt to use the one in NIX_PATH # Instead of pinning Nixpkgs, we can opt to use the one in NIX_PATH
import <nixpkgs> {} import <nixpkgs> {
# We specify the architecture explicitly. Use a Linux remote builder when
# calling arion from other platforms.
system = "x86_64-linux";
}

View file

@ -0,0 +1,64 @@
/*
An example of
- traefik HTTP reverse proxy
- minimal images
- routing via docker labels
Run `arion up -d` and open http://nix-docs.localhost/
*/
{ lib, pkgs, ... }: {
config.project.name = "traefik";
config.networks = {
traefik-custom = {
name = "traefik-custom";
ipam = {
config = [{
subnet = "172.32.0.0/16";
gateway = "172.32.0.1";
}];
};
};
};
config.services = {
traefik = {
image.command = [
"${pkgs.traefik}/bin/traefik"
"--api.insecure=true"
"--providers.docker=true"
"--providers.docker.exposedbydefault=false"
"--entrypoints.web.address=:80"
];
service = {
container_name = "traefik";
stop_signal = "SIGINT";
ports = [ "80:80" "8080:8080" ];
volumes = [ "/var/run/docker.sock:/var/run/docker.sock:ro" ];
networks = [ "traefik-custom" ];
};
};
nix-docs = {
image.command = ["${pkgs.writeScript "entrypoint" ''
#!${pkgs.bash}/bin/bash
cd ${pkgs.nix.doc}/share/doc/nix/manual
${pkgs.python3}/bin/python -m http.server
''}"];
service.container_name = "simple-service";
service.stop_signal = "SIGINT";
service.labels = {
"traefik.enable" = "true";
"traefik.http.routers.nix-docs.rule" = "Host(`nix-docs.localhost`)";
"traefik.http.routers.nix-docs.entrypoints" = "web";
"traefik.http.services.nix-docs.loadBalancer.server.port" = "8000";
};
service.networks = {
traefik-custom = {
ipv4_address = "172.32.0.5";
};
};
};
};
}

View file

@ -0,0 +1,6 @@
# Instead of pinning Nixpkgs, we can opt to use the one in NIX_PATH
import <nixpkgs> {
# We specify the architecture explicitly. Use a Linux remote builder when
# calling arion from other platforms.
system = "x86_64-linux";
}

107
flake.lock Normal file
View file

@ -0,0 +1,107 @@
{
"nodes": {
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1722555600,
"narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"hercules-ci-effects",
"nixpkgs"
]
},
"locked": {
"lastModified": 1712014858,
"narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "9126214d0a59633752a136528f5f3b9aa8565b7d",
"type": "github"
},
"original": {
"id": "flake-parts",
"type": "indirect"
}
},
"haskell-flake": {
"locked": {
"lastModified": 1675296942,
"narHash": "sha256-u1X1sblozi5qYEcLp1hxcyo8FfDHnRUVX3dJ/tW19jY=",
"owner": "srid",
"repo": "haskell-flake",
"rev": "c2cafce9d57bfca41794dc3b99c593155006c71e",
"type": "github"
},
"original": {
"owner": "srid",
"ref": "0.1.0",
"repo": "haskell-flake",
"type": "github"
}
},
"hercules-ci-effects": {
"inputs": {
"flake-parts": "flake-parts_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1719226092,
"narHash": "sha256-YNkUMcCUCpnULp40g+svYsaH1RbSEj6s4WdZY/SHe38=",
"owner": "hercules-ci",
"repo": "hercules-ci-effects",
"rev": "11e4b8dc112e2f485d7c97e1cee77f9958f498f5",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "hercules-ci-effects",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1722630782,
"narHash": "sha256-hMyG9/WlUi0Ho9VkRrrez7SeNlDzLxalm9FwY7n/Noo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d04953086551086b44b6f3c6b7eeb26294f207da",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"flake-parts": "flake-parts",
"haskell-flake": "haskell-flake",
"hercules-ci-effects": "hercules-ci-effects",
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

98
flake.nix Normal file
View file

@ -0,0 +1,98 @@
{
description = "Arion - use Docker Compose via Nix";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
haskell-flake.url = "github:srid/haskell-flake/0.1.0";
flake-parts.url = "github:hercules-ci/flake-parts";
flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
hercules-ci-effects.url = "github:hercules-ci/hercules-ci-effects";
hercules-ci-effects.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = inputs@{ self, flake-parts, ... }:
flake-parts.lib.mkFlake { inherit inputs; } ({ config, lib, extendModules, ... }: {
imports = [
inputs.haskell-flake.flakeModule
inputs.hercules-ci-effects.flakeModule
inputs.flake-parts.flakeModules.easyOverlay
./docs/flake-module.nix
./tests/flake-module.nix
];
systems = inputs.nixpkgs.lib.systems.flakeExposed;
perSystem = { config, self', inputs', pkgs, system, final, ... }:
let h = pkgs.haskell.lib.compose; in
{
overlayAttrs = {
inherit (config.packages) arion;
arionTestingFlags = {
dockerSupportsSystemd = false;
};
};
packages.default = config.packages.arion;
packages.overlay-test = final.arion;
packages.arion = import ./nix/arion.nix { inherit pkgs; };
haskellProjects.haskell-package = {
# not autodetected: https://github.com/srid/haskell-flake/issues/49
packages.arion-compose.root = ./.;
overrides =
self: super: {
arion-compose =
lib.pipe super.arion-compose [
(h.addBuildTools [ pkgs.nix ])
(h.overrideCabal (o: {
src = pkgs.lib.sourceByRegex ./. [
".*[.]cabal"
"LICENSE"
"src/?.*"
"README.asciidoc"
"CHANGELOG.md"
];
preCheck = ''
export NIX_LOG_DIR=$TMPDIR
export NIX_STATE_DIR=$TMPDIR
export NIX_PATH=nixpkgs=${pkgs.path}
'';
}))
];
};
};
devShells.default = config.devShells.haskell-package.overrideAttrs (o: {
nativeBuildInputs = o.nativeBuildInputs or [ ] ++ [
pkgs.docker-compose
pkgs.nixpkgs-fmt
config.haskellProjects.haskell-package.haskellPackages.releaser
];
});
};
hercules-ci.flake-update = {
enable = true;
autoMergeMethod = "merge";
when = {
hour = [ 2 ];
dayOfMonth = [ 5 ];
};
};
herculesCI.ciSystems = [
# "aarch64-darwin"
# "aarch64-linux"
"x86_64-darwin"
"x86_64-linux"
];
flake = {
debug = { inherit inputs config lib; };
lib = {
eval = import ./src/nix/eval-composition.nix;
build = args@{ ... }:
let composition = self.lib.eval args;
in composition.config.out.dockerComposeYaml;
};
nixosModules.arion = ./nixos-module.nix;
};
});
}

13
live-unit-tests Executable file
View file

@ -0,0 +1,13 @@
#!/usr/bin/env nix-shell
#!nix-shell ./shell.nix
#!nix-shell -i bash
set -eux -o pipefail
cd "$(dirname "${BASH_SOURCE[0]}")"
ghcid \
--command 'cabal v2-repl arion-compose:arion-unit-tests --flags ghci --write-ghc-environment-files=never' \
--test=Main.main \
--reload=src/haskell \
--restart=arion-compose.cabal \
;

13
nix/arion.nix Normal file
View file

@ -0,0 +1,13 @@
# Like the upstreamable expression but wired up for the local arion.
{ pkgs ? import ./. {}
, lib ? pkgs.lib
, haskell ? pkgs.haskell
, haskellPackages ? pkgs.haskellPackages
, arion-compose ? import ./haskell-arion-compose.nix { inherit pkgs haskellPackages; }
, runCommand ? pkgs.runCommand
}:
import ./upstreamable/default.nix {
inherit pkgs lib haskell runCommand;
haskellPackages = haskellPackages // { inherit arion-compose; };
evalSrc = ./..;
}

10
nix/compat.nix Normal file
View file

@ -0,0 +1,10 @@
(import
(
let lock = builtins.fromJSON (builtins.readFile ./flake.lock); in
fetchTarball {
url = "https://github.com/edolstra/flake-compat/archive/009399224d5e398d03b22badca40a37ac85412a1.tar.gz";
sha256 = "sha256:0xcr9fibnapa12ywzcnlf54wrmbqqb96fmmv8043zhsycws7bpqy";
}
)
{ src = ../.; }
).defaultNix

View file

@ -1,13 +0,0 @@
/**
* This is the entry-point for all nix execution in this project.
*/
{ nixpkgsSrc ? ./nixpkgs.nix, ... }:
import (import ./nixpkgs.nix) {
# Makes the config pure as well. See <nixpkgs>/top-level/impure.nix:
config = {
};
overlays = [
# all the packages are defined there:
(import ./overlay.nix)
];
}

View file

@ -0,0 +1,20 @@
# NOTE: This file produces a haskell library, not the arion package!
{ pkgs ? import ./default.nix {}, haskellPackages ? pkgs.haskellPackages }:
let
inherit (pkgs.haskell.lib) overrideCabal addBuildTools;
in
overrideCabal (addBuildTools (haskellPackages.callCabal2nix "arion-compose" ./.. {}) [pkgs.nix]) (o: o // {
src = pkgs.lib.sourceByRegex ../. [
".*[.]cabal"
"LICENSE"
"src/?.*"
"README.asciidoc"
];
preCheck = ''
export NIX_LOG_DIR=$TMPDIR
export NIX_STATE_DIR=$TMPDIR
export NIX_PATH=nixpkgs=${pkgs.path}
'';
})

View file

@ -1,5 +0,0 @@
# to update: $ nix-prefetch-url --unpack url
builtins.fetchTarball {
url = "https://github.com/NixOS/nixpkgs/archive/be445a9074f139d63e704fa82610d25456562c3d.tar.gz";
sha256 = "15dc7gdspimavcwyw9nif4s59v79gk18rwsafylffs9m1ld2dxwa";
}

View file

@ -1,5 +0,0 @@
self: super: {
arion = super.callPackage ../arion.nix {};
tests = super.callPackage ../tests {};
doc = super.callPackage ../doc {};
}

View file

@ -0,0 +1,88 @@
args@
{ pkgs
, lib
, haskellPackages
, haskell
, runCommand
# Allow this expression file to be used more efficiently in situations where
# the sources are more readily available. Unpacking haskellPackages.arion-compose.src
# is not always the best choice for arion.eval.
, evalSrc ? null
}:
let
/* This derivation builds the arion tool.
It is based on the arion-compose Haskell package, but adapted and extended to
- have the correct name
- have a smaller closure size
- have functions to use Arion from inside Nix: arion.eval and arion.build
- make it self-contained by including docker-compose
*/
arion =
justStaticExecutables (
overrideCabal
arion-compose
cabalOverrides
);
inherit (haskell.lib) justStaticExecutables overrideCabal;
inherit (haskellPackages) arion-compose;
cabalOverrides = o: {
buildTools = (o.buildTools or []) ++ [pkgs.makeWrapper];
passthru = (o.passthru or {}) // {
inherit eval build;
};
# Patch away the arion-compose name. Unlike the Haskell library, the program
# is called arion (arion was already taken on hackage).
pname = "arion";
src = arion-compose.src;
# PYTHONPATH
#
# We close off the python module search path!
#
# Accepting directories from the environment into the search path
# tends to break things. Docker Compose does not have a plugin
# system as far as I can tell, so I don't expect this to break a
# feature, but rather to make the program more robustly self-
# contained.
postInstall = ''${o.postInstall or ""}
mkdir -p $out/libexec
mv $out/bin/arion $out/libexec
makeWrapper $out/libexec/arion $out/bin/arion \
--unset PYTHONPATH \
--prefix PATH : ${lib.makeBinPath [ pkgs.docker-compose ]} \
;
'';
};
# Unpacked sources for evaluation by `eval`
evalSrc' = args.evalSrc or (runCommand "arion-src" {}
"mkdir $out; tar -C $out --strip-components=1 -xf ${arion-compose.src}");
/* Function for evaluating a composition
Re-uses this Nixpkgs evaluation instead of `arion-pkgs.nix`.
Returns the module system's `config` and `options` variables.
*/
eval = args@{...}:
import (evalSrc' + "/src/nix/eval-composition.nix")
({ inherit pkgs; } // args);
/* Function to derivation of the docker compose yaml file
NOTE: The output will change: https://github.com/hercules-ci/arion/issues/82
This function is particularly useful on CI.
*/
build = args@{...}:
let composition = eval args;
in composition.config.out.dockerComposeYaml;
in arion

118
nixos-module.nix Normal file
View file

@ -0,0 +1,118 @@
{ config, lib, options, pkgs, ... }:
let
inherit (lib)
attrValues
mkIf
mkOption
mkMerge
types
;
cfg = config.virtualisation.arion;
projectType = types.submoduleWith {
modules = [ projectModule ];
};
projectModule = { config, name, ... }: {
options = {
settings = mkOption {
description = ''
Arion project definition, otherwise known as arion-compose.nix contents.
See <link xlink:href="https://docs.hercules-ci.com/arion/options/">https://docs.hercules-ci.com/arion/options/</link>.
'';
type = arionSettingsType name;
visible = "shallow";
};
_systemd = mkOption { internal = true; };
serviceName = mkOption {
description = "The name of the Arion project's systemd service";
type = types.str;
default = "arion-${name}";
};
};
config = {
_systemd.services.${config.serviceName} = {
wantedBy = [ "multi-user.target" ];
after = [ "sockets.target" ];
path = [
cfg.package
cfg.docker.client.package
];
environment.ARION_PREBUILT = config.settings.out.dockerComposeYaml;
script = ''
echo 1>&2 "docker compose file: $ARION_PREBUILT"
arion --prebuilt-file "$ARION_PREBUILT" up
'';
};
};
};
arionSettingsType = name:
(cfg.package.eval { modules = [{ project.name = lib.mkDefault name; }]; }).type or (
throw "lib.evalModules did not produce a type. Please upgrade Nixpkgs to nixos-unstable or >=nixos-21.11"
);
in
{
disabledModules = [ "virtualisation/arion.nix" ];
options = {
virtualisation.arion = {
backend = mkOption {
type = types.enum [ "podman-socket" "docker" ];
description = ''
Which container implementation to use.
'';
};
package = mkOption {
type = types.package;
default = (import ./. { inherit pkgs; }).arion;
description = ''
Arion package to use. This will provide <literal>arion</literal>
executable that starts the project.
It also must provide the arion <literal>eval</literal> function as
an attribute.
'';
};
docker.client.package = mkOption {
type = types.package;
internal = true;
};
projects = mkOption {
type = types.attrsOf projectType;
default = { };
description = ''
Arion projects to be run as a service.
'';
};
};
};
config = mkIf (cfg.projects != { }) (
mkMerge [
{
systemd = mkMerge (map (p: p._systemd) (attrValues cfg.projects));
}
(mkIf (cfg.backend == "podman-socket") {
virtualisation.docker.enable = false;
virtualisation.podman.enable = true;
virtualisation.podman.dockerSocket.enable = true;
virtualisation.podman.defaultNetwork =
if options?virtualisation.podman.defaultNetwork.settings
then { settings.dns_enabled = true; } # since 2023-01 https://github.com/NixOS/nixpkgs/pull/199965
else { dnsname.enable = true; }; # compat <2023
virtualisation.arion.docker.client.package = pkgs.docker-client;
})
(mkIf (cfg.backend == "docker") {
virtualisation.docker.enable = true;
virtualisation.arion.docker.client.package = pkgs.docker;
})
]
);
}

6
repl Executable file
View file

@ -0,0 +1,6 @@
#!/usr/bin/env nix-shell
#!nix-shell -i bash
# A Haskell REPL for hacking on the Haskell code
cabal new-repl --write-ghc-environment-files=never

15
run-arion Executable file
View file

@ -0,0 +1,15 @@
#!/usr/bin/env nix-shell
#!nix-shell -i bash
#!nix-shell ./shell.nix
# For quick manual testing of a hacked arion
# NB: Only works inside the project directory
cabal \
new-run \
--write-ghc-environment-files=never \
:pkg:arion-compose:exe:arion \
-- \
"$@" \
;

15
run-arion-quick Executable file
View file

@ -0,0 +1,15 @@
#!/usr/bin/env bash
projectRoot="$(dirname ${BASH_SOURCE[0]})"
resultLink="$projectRoot/result-run-arion-quick"
[[ -e "$resultLink" ]] || {
echo 1>&2 "You don't have a prebuilt arion yet; building it."
nix-build "$projectRoot" -A arion --out-link "$resultLink"
}
echo 1>&2 "Note that you will need to rm '$resultLink' to rebuild the arion executable when needed."
export arion_compose_datadir="$projectRoot/src"
exec "$resultLink/bin/arion" "$@"

6
run-arion-via-nix Executable file
View file

@ -0,0 +1,6 @@
#!/usr/bin/env bash
# For manual testing of a hacked arion built via Nix.
# Works when called from outside the project directory.
exec nix run -f "$(dirname ${BASH_SOURCE[0]})" arion "$@"

1
shell.nix Normal file
View file

@ -0,0 +1 @@
(builtins.getFlake ("git+file://" + toString ./.)).devShells.${builtins.currentSystem}.default

339
src/arion
View file

@ -1,339 +0,0 @@
#!/usr/bin/env bash
# Close off the python module search path
#
# Accepting directories from the environment into the search path
# tends to break things. Docker Compose does not have a plugin
# system as far as I can tell, so I don't expect this to break a
# feature, but rather to make the program more robustly self-
# contained.
unset PYTHONPATH
set -euo pipefail
export PATH="@path@:$PATH"
nix_dir="@nix_dir@"
docker_compose_args=()
files=()
command="docker-compose"
pkgs_argument="./arion-pkgs.nix"
debug() {
# echo "$@"
:
}
while test $# != 0; do
case "$1" in
-f|--file)
shift
files+=("$1")
;;
-f*)
files+=("${1/#-f/}")
;;
--file=*)
files+=("${1/#--file=}")
;;
--pkgs)
shift
pkgs_argument="$1"
;;
-h|--help|help)
command="help"
shift
break
;;
cat)
command="$1"
shift
break
;;
repl)
command="$1"
shift
break
;;
exec)
command="$1"
shift
break
;;
docker-compose)
command="docker-compose"
shift
break
;;
*)
break
;;
esac
shift
done
while test $# != 0; do
docker_compose_args+=("$1")
shift
done
case "$command" in
help)
cat <<EOF
Arion wraps your system's docker-compose, providing a NixOps-like
experience for simple container deployments.
Usage:
arion up|logs|... - execute docker-compose commands
arion cat - display raw docker-compose.yaml
arion config - validate and display the config file
arion repl - explore the config interactively
arion help
arion docker-compose help
arion docker-compose help up|logs|...
Top-level arion options
These must be provided before the command.
--file FILE Use FILE instead of the default ./arion-compose.nix
Can be specified multiple times for a merged configuration.
--pkgs EXPR Use EXPR instead of ./arion-pkgs.nix to get the
Nixpkgs attrset used for bootstrapping and evaluating
the configuration.
EOF
exit 0
;;
*)
;;
esac
if [[ ${#files[@]} == 0 ]]; then
files=("./arion-compose.nix")
fi
debug docker_compose_args: "${docker_compose_args[@]}"
debug files: "${files[@]}"
docker_system_id="$(docker info --format '{{.Name}}-{{.ID}}')"
docker_compose_yaml=.tmp-arion-$$-$RANDOM.yaml
cleanup() {
rm -f $docker_compose_yaml
}
trap cleanup EXIT
modules="["
for file in "${files[@]}"; do
case "$file" in
/*)
modules="$modules (/. + $(printf '"%q"' "$file"))"
;;
*)
modules="$modules (./. + $(printf '"/%q"' "$file"))"
;;
esac
done
modules="$modules ]"
debug modules: "$modules"
old_IFS="$IFS"
IFS=""
args=(
)
IFS="$old_IFS"
for arg in "${args[@]}"; do
echo "arg: $arg"
done
do_eval() {
echo 1>&2 "Evaluating configuration..."
# read-write-mode is required for import from derivation
nix-instantiate \
"$nix_dir/eval-composition.nix" \
--eval \
--read-write-mode \
--json \
--argstr uid "$UID" \
--arg modules "$modules" \
--arg pkgs "$pkgs_argument" \
--show-trace \
--attr 'config.build.dockerComposeYamlText' \
| jq -r . >$docker_compose_yaml;
}
do_build() {
echo 1>&2 "Building configuration..."
nix-build \
"$nix_dir/eval-composition.nix" \
--out-link $docker_compose_yaml \
--argstr uid "$UID" \
--arg modules "$modules" \
--arg pkgs "$pkgs_argument" \
--show-trace \
--attr 'config.build.dockerComposeYaml' \
>/dev/null ;
echo 1>&2 "Ensuring required images are loaded..."
jq -r <"$docker_compose_yaml" \
'.["x-arion"].images | map(" - " + .imageName + ":" + .imageTag) | join("\n")'
eval "$(
jq -r '.["docker-compose"]["x-arion"].images as $images
| .["existing-images"] as $loaded
| $images
| map(
if $loaded[.imageName + ":" + .imageTag]
then ""
else "docker load <" + .image + ";" end
)
| join("\n")
' <<EOF
{
"docker-compose": $(cat $docker_compose_yaml),
"existing-images": {
$(docker images \
--filter "dangling=false" \
--format '"{{.Repository}}:{{.Tag}}": true,')
"": false
}
}
EOF
)"
# FIXME: Do something else for swarm
# FIXME: Include project name
export ARION_SECRETS_DIR="arion-secrets/$docker_system_id"
if [[ true = "$(jq <"$docker_compose_yaml" '.["x-arion"].hasTextSecrets')" ]]; then
echo 1>&2 "Evaluating configuration read-only for secrets..."
eval "$(nix-instantiate \
"$nix_dir/eval-composition.nix" \
--eval \
--readonly-mode \
--json \
--argstr uid "$UID" \
--arg modules "$modules" \
--arg pkgs "$pkgs_argument" \
--arg writableStore false \
--show-trace \
--attr 'config.build.writeSecretsScript' \
| jq -r)"
fi
}
do_repl() {
# nix repl doesn't autocall its <FILES> arguments
# so we improvise. We need a file in this directory
# to make sure that all paths are as expected :(
trap do_repl_cleanup EXIT;
REPL_TMP=.tmp-repl-$$-$RANDOM
cat <<EOF
Launch a repl for you, using a temporary file: $REPL_TMP.
This loads the configuration from the modules
${files[*]}
To get started:
To see deployment-wide configuration
type config. and hit TAB
To see the services
type config.docker-compose.evaluatedServices TAB or ENTER
To bring the top-level Nixpkgs attributes into scope
type :a (config._module.args.pkgs) // { inherit config; }
EOF
cat >"$REPL_TMP" <<EOF
import $nix_dir/eval-composition.nix {
uid = "$UID";
modules = $modules;
pkgs = $pkgs_argument;
}
EOF
nix repl \
"$REPL_TMP" \
;
}
do_repl_cleanup() {
rm -f $REPL_TMP
}
run_exec() {
case "${#docker_compose_args[@]}" in
0)
echo "As an argument to exec, please specify a service"
exit 1
;;
1)
case "${docker_compose_args[0]}" in
-*|--*)
echo "As an argument to exec, please specify a service"
echo "Note that executing the default command currently does not support"
echo "docker-compose options."
# This requires parsing the options, in order to figure out
# which service to invoke.
exit 1
;;
*)
serviceName="${docker_compose_args[0]}"
do_eval
default_args=()
while read arg; do
default_args+=("$arg")
done < <(
jq < "$docker_compose_yaml" \
--arg serviceName "$serviceName" \
-r \
'.["x-arion"].serviceInfo[$serviceName].defaultExec | tostream | .[1] | select(.)'
)
docker-compose -f $docker_compose_yaml exec "$serviceName" "${default_args[@]}"
;;
esac
;;
*)
do_eval
docker-compose -f $docker_compose_yaml exec "${docker_compose_args[@]}"
;;
esac
}
case "$command" in
cat)
do_eval
jq . < "$docker_compose_yaml"
;;
repl)
do_repl
;;
exec)
run_exec "$@"
;;
docker-compose)
if [[ ${#docker_compose_args[@]} != 0
&& ${docker_compose_args[0]} != "help"
&& ${docker_compose_args[0]} != "version"
]]; then
case "${docker_compose_args[0]}" in
help|version)
:
;;
config|down|events|exec|images|kill|logs|pause|port|ps|rm|stop|top|unpause)
do_eval
;;
*)
do_build
;;
esac
fi
docker-compose -f $docker_compose_yaml "${docker_compose_args[@]}"
;;
esac

View file

@ -1,3 +1,5 @@
FROM scratch FROM scratch
COPY passwd /etc/passwd # scratch itself can't be run.
ADD tarball.tar.gz /
# This seems like a no-op:
CMD []

View file

@ -1,2 +0,0 @@
root:x:0:0:System administrator:/root:/bin/sh
nobody:x:65534:65534:Unprivileged account (don't use!):/var/empty:/run/current-system/sw/bin/nologin

View file

@ -1 +0,0 @@
/run/system/bin/sh

View file

@ -1 +0,0 @@
/run/system/usr/bin/env

324
src/haskell/exe/Main.hs Normal file
View file

@ -0,0 +1,324 @@
{-# LANGUAGE NoImplicitPrelude #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE ApplicativeDo #-}
{-# LANGUAGE OverloadedStrings #-}
import Protolude hiding (Down, option)
import Arion.Nix
import Arion.Aeson
import Arion.Images (loadImages)
import qualified Arion.DockerCompose as DockerCompose
import Arion.Services (getDefaultExec)
import Arion.ExtendedInfo (loadExtendedInfoFromPath, ExtendedInfo(images, projectName))
import Options.Applicative
import Control.Monad.Fail
import qualified Data.Text as T
import qualified Data.Text.IO as T
import Data.Aeson(Value)
import System.Posix.User (getRealUserID)
data CommonOptions =
CommonOptions
{ files :: NonEmpty FilePath
, pkgs :: Text
, nixArgs :: [Text]
, prebuiltComposeFile :: Maybe FilePath
, noAnsi :: Bool
, compatibility :: Bool
, logLevel :: Maybe Text
}
deriving (Show)
newtype DockerComposeArgs =
DockerComposeArgs { unDockerComposeArgs :: [Text] }
ensureConfigFile :: [FilePath] -> NonEmpty FilePath
ensureConfigFile [] = "./arion-compose.nix" :| []
ensureConfigFile (x:xs) = x :| xs
parseOptions :: Parser CommonOptions
parseOptions = do
files <-
ensureConfigFile <$>
many (strOption
( short 'f'
<> long "file"
<> metavar "FILE"
<> help "Use FILE instead of the default ./arion-compose.nix. \
\Can be specified multiple times for a merged configuration" ))
pkgs <- T.pack <$> strOption
( short 'p'
<> long "pkgs"
<> metavar "EXPR"
<> showDefault
<> value "./arion-pkgs.nix"
<> help "Use Nix expression EXPR to get the Nixpkgs attrset used for bootstrapping \
\and evaluating the configuration." )
showTrace <- flag False True (long "show-trace"
<> help "Causes Nix to print out a stack trace in case of Nix expression evaluation errors. Specify before command.")
-- TODO --option support (https://github.com/pcapriotti/optparse-applicative/issues/284)
userNixArgs <- many (T.pack <$> strOption (long "nix-arg" <> metavar "ARG" <> help "Pass an extra argument to nix. Example: --nix-arg --option --nix-arg substitute --nix-arg false"))
prebuiltComposeFile <- optional $ strOption
( long "prebuilt-file"
<> metavar "JSONFILE"
<> help "Do not evaluate and use the prebuilt JSONFILE instead. Causes other evaluation-related options to be ignored." )
noAnsi <- flag False True (long "no-ansi"
<> help "Avoid ANSI control sequences")
compatibility <- flag False True (long "no-ansi"
<> help "If set, Docker Compose will attempt to convert deploy keys in v3 files to their non-Swarm equivalent")
logLevel <- optional $ fmap T.pack $ strOption (long "log-level" <> metavar "LEVEL" <> help "Set log level (DEBUG, INFO, WARNING, ERROR, CRITICAL)")
pure $
let nixArgs = userNixArgs <|> "--show-trace" <$ guard showTrace
in CommonOptions{..}
textArgument :: Mod ArgumentFields [Char] -> Parser Text
textArgument = fmap T.pack . strArgument
parseCommand :: Parser (CommonOptions -> IO ())
parseCommand =
hsubparser
( command "cat" (info (pure runCat) (progDesc "Spit out the docker compose file as JSON" <> fullDesc))
<> command "repl" (info (pure runRepl) (progDesc "Start a nix repl for the whole composition" <> fullDesc))
<> command "exec" (info (parseExecCommand) (progDesc "Execute a command in a running container" <> fullDesc))
)
<|>
hsubparser
( commandDC runBuildAndDC "build" "Build or rebuild services"
<> commandDC runBuildAndDC "bundle" "Generate a Docker bundle from the Compose file"
<> commandDC runEvalAndDC "config" "Validate and view the Compose file"
<> commandDC runBuildAndDC "create" "Create services"
<> commandDC runEvalAndDC "down" "Stop and remove containers, networks, images, and volumes"
<> commandDC runEvalAndDC "events" "Receive real time events from containers"
<> commandDC runDC "help" "Get help on a command"
<> commandDC runEvalAndDC "images" "List images"
<> commandDC runEvalAndDC "kill" "Kill containers"
<> commandDC runEvalAndDC "logs" "View output from containers"
<> commandDC runEvalAndDC "pause" "Pause services"
<> commandDC runEvalAndDC "port" "Print the public port for a port binding"
<> commandDC runEvalAndDC "ps" "List containers"
<> commandDC runBuildAndDC "pull" "Pull service images"
<> commandDC runBuildAndDC "push" "Push service images"
<> commandDC runBuildAndDC "restart" "Restart services"
<> commandDC runEvalAndDC "rm" "Remove stopped containers"
<> commandDC runBuildAndDC "run" "Run a one-off command"
<> commandDC runBuildAndDC "scale" "Set number of containers for a service"
<> commandDC runBuildAndDC "start" "Start services"
<> commandDC runEvalAndDC "stop" "Stop services"
<> commandDC runEvalAndDC "top" "Display the running processes"
<> commandDC runEvalAndDC "unpause" "Unpause services"
<> commandDC runBuildAndDC "up" "Create and start containers"
<> commandDC runDC "version" "Show the Docker-Compose version information"
<> metavar "DOCKER-COMPOSE-COMMAND"
<> commandGroup "Docker Compose Commands:"
)
parseAll :: Parser (IO ())
parseAll =
flip ($) <$> parseOptions <*> parseCommand
parseDockerComposeArgs :: Parser DockerComposeArgs
parseDockerComposeArgs =
DockerComposeArgs <$>
many (argument (T.pack <$> str) (metavar "DOCKER-COMPOSE ARGS..."))
commandDC
:: (Text -> DockerComposeArgs -> CommonOptions -> IO ())
-> Text
-> Text
-> Mod CommandFields (CommonOptions -> IO ())
commandDC run cmdStr helpText =
command
(T.unpack cmdStr)
(info
(run cmdStr <$> parseDockerComposeArgs)
(progDesc (T.unpack helpText) <> fullDesc <> forwardOptions))
--------------------------------------------------------------------------------
runDC :: Text -> DockerComposeArgs -> CommonOptions -> IO ()
runDC cmd (DockerComposeArgs args) _opts = do
DockerCompose.run DockerCompose.Args
{ files = []
, otherArgs = [cmd] ++ args
}
runBuildAndDC :: Text -> DockerComposeArgs -> CommonOptions -> IO ()
runBuildAndDC cmd dopts opts = do
withBuiltComposeFile opts $ callDC cmd dopts opts True
runEvalAndDC :: Text -> DockerComposeArgs -> CommonOptions -> IO ()
runEvalAndDC cmd dopts opts = do
withComposeFile opts $ callDC cmd dopts opts False
callDC :: Text -> DockerComposeArgs -> CommonOptions -> Bool -> FilePath -> IO ()
callDC cmd dopts opts shouldLoadImages path = do
extendedInfo <- loadExtendedInfoFromPath path
when shouldLoadImages $ loadImages (images extendedInfo)
let firstOpts = projectArgs extendedInfo <> commonArgs opts
DockerCompose.run DockerCompose.Args
{ files = [path]
, otherArgs = firstOpts ++ [cmd] ++ unDockerComposeArgs dopts
}
projectArgs :: ExtendedInfo -> [Text]
projectArgs extendedInfo =
do
n <- toList (projectName extendedInfo)
["--project-name", n]
commonArgs :: CommonOptions -> [Text]
commonArgs opts = do
guard (noAnsi opts)
["--no-ansi"]
<> do
guard (compatibility opts)
["--compatibility"]
<> do
l <- toList (logLevel opts)
["--log-level", l]
withBuiltComposeFile :: CommonOptions -> (FilePath -> IO r) -> IO r
withBuiltComposeFile opts cont = case prebuiltComposeFile opts of
Just prebuilt -> do
cont prebuilt
Nothing -> do
args <- defaultEvaluationArgs opts
Arion.Nix.withBuiltComposition args cont
withComposeFile :: CommonOptions -> (FilePath -> IO r) -> IO r
withComposeFile opts cont = case prebuiltComposeFile opts of
Just prebuilt -> do
cont prebuilt
Nothing -> do
args <- defaultEvaluationArgs opts
Arion.Nix.withEvaluatedComposition args cont
getComposeValue :: CommonOptions -> IO Value
getComposeValue opts = case prebuiltComposeFile opts of
Just prebuilt -> do
decodeFile prebuilt
Nothing -> do
args <- defaultEvaluationArgs opts
Arion.Nix.evaluateComposition args
defaultEvaluationArgs :: CommonOptions -> IO EvaluationArgs
defaultEvaluationArgs co = do
uid <- getRealUserID
pure EvaluationArgs
{ evalUid = fromIntegral uid
, evalModules = files co
, evalPkgs = pkgs co
, evalWorkDir = Nothing
, evalMode = ReadWrite
, evalUserArgs = nixArgs co
}
runCat :: CommonOptions -> IO ()
runCat co = do
v <- getComposeValue co
T.hPutStrLn stdout (pretty v)
runRepl :: CommonOptions -> IO ()
runRepl co = do
putErrText
"Launching a repl for you. To get started:\n\
\\n\
\To see deployment-wide configuration\n\
\ type config. and use tab completion\n\
\To bring the top-level Nixpkgs attributes into scope\n\
\ type :a (config._module.args.pkgs) // { inherit config; }\n\
\"
Arion.Nix.replForComposition =<< defaultEvaluationArgs co
detachFlag :: Parser Bool
detachFlag = flag False True (long "detach" <> short 'd' <> help "Detached mode: Run command in the background.")
privilegedFlag :: Parser Bool
privilegedFlag = flag False True (long "privileged" <> help "Give extended privileges to the process.")
userOption :: Parser Text
userOption = strOption (long "user" <> short 'u' <> help "Run the command as this user.")
noTTYFlag :: Parser Bool
noTTYFlag = flag False True (short 'T' <> help "Disable pseudo-tty allocation. By default `exec` allocates a TTY.")
indexOption :: Parser Int
indexOption = option
(auto >>= \i -> i <$ unless (i >= 1) (fail "container index must be >= 1"))
(long "index" <> value 1 <> help "Index of the container if there are multiple instances of a service.")
envOption :: Parser (Text, Text)
envOption = option (auto >>= spl) (long "env" <> short 'e' <> help "Set environment variables (can be used multiple times, not supported in Docker API < 1.25)")
where spl s = case T.break (== '=') s of
(_, "") -> fail "--env parameter needs to combine key and value with = sign"
(k, ev) -> pure (k, T.drop 1 ev)
workdirOption :: Parser Text
workdirOption = strOption (long "workdir" <> short 'w' <> metavar "DIR" <> help "Working directory in which to start the command in the container.")
parseExecCommand :: Parser (CommonOptions -> IO ())
parseExecCommand = runExec
<$> detachFlag
<*> privilegedFlag
<*> optional userOption
<*> noTTYFlag
<*> indexOption
<*> many envOption
<*> optional workdirOption
<*> textArgument (metavar "SERVICE")
<*> orEmpty' (
(:) <$> argument (T.pack <$> str) (metavar "COMMAND")
<*> many (argument (T.pack <$> str) (metavar "ARG"))
)
orEmpty' :: (Alternative f, Monoid a) => f a -> f a
orEmpty' m = fromMaybe mempty <$> optional m
runExec :: Bool -> Bool -> Maybe Text -> Bool -> Int -> [(Text, Text)] -> Maybe Text -> Text -> [Text] -> CommonOptions -> IO ()
runExec detach privileged user noTTY index envs workDir service commandAndArgs opts =
withComposeFile opts $ \path -> do
extendedInfo <- loadExtendedInfoFromPath path
commandAndArgs'' <- case commandAndArgs of
[] -> do
cmd <- getDefaultExec path service
case cmd of
[] -> do
putErrText "You must provide a command via service.defaultExec or on the command line."
exitFailure
_ ->
pure cmd
x -> pure x
let commandAndArgs' = case commandAndArgs'' of
[] -> ["/bin/sh"]
x -> x
let args = concat
[ ["exec"]
, ("--detach" <$ guard detach :: [Text])
, "--privileged" <$ guard privileged
, "-T" <$ guard noTTY
, (\(k, v) -> ["--env", k <> "=" <> v]) =<< envs
, join $ toList (user <&> \u -> ["--user", u])
, ["--index", show index]
, join $ toList (workDir <&> \w -> ["--workdir", w])
, [service]
, commandAndArgs'
]
DockerCompose.run DockerCompose.Args
{ files = [path]
, otherArgs = projectArgs extendedInfo <> commonArgs opts <> args
}
main :: IO ()
main =
(join . arionExecParser) (info (parseAll <**> helper) fullDesc)
where
arionExecParser = customExecParser (prefs showHelpOnEmpty)

View file

@ -0,0 +1,27 @@
module Arion.Aeson where
import Prelude ()
import Data.Aeson
import qualified Data.ByteString.Lazy as BL
import qualified Data.Text.Lazy as TL
import qualified Data.Text.Lazy.Builder as TB
import qualified Data.Aeson.Encode.Pretty
import Data.Aeson.Encode.Pretty ( defConfig
, confCompare
, confTrailingNewline
)
import Protolude
pretty :: ToJSON a => a -> Text
pretty =
TL.toStrict
. TB.toLazyText
. Data.Aeson.Encode.Pretty.encodePrettyToTextBuilder' config
where config = defConfig { confCompare = compare, confTrailingNewline = True }
decodeFile :: FromJSON a => FilePath -> IO a
decodeFile fp = do
b <- BL.readFile fp
case eitherDecode b of
Left e -> panic (toS e)
Right v -> pure v

View file

@ -0,0 +1,30 @@
{-# LANGUAGE OverloadedStrings #-}
module Arion.DockerCompose where
import Prelude ( )
import Protolude
import System.Process
data Args = Args
{ files :: [FilePath]
, otherArgs :: [Text]
}
run :: Args -> IO ()
run args = do
let fileArgs = files args >>= \f -> ["--file", f]
allArgs = fileArgs ++ map toS (otherArgs args)
procSpec = proc "docker-compose" allArgs
-- hPutStrLn stderr ("Running docker-compose with " <> show allArgs :: Text)
withCreateProcess procSpec $ \_in _out _err procHandle -> do
exitCode <- waitForProcess procHandle
case exitCode of
ExitSuccess -> pass
ExitFailure 1 -> exitFailure
ExitFailure {} -> do
throwIO $ FatalError $ "docker-compose failed with " <> show exitCode

View file

@ -0,0 +1,37 @@
{-# LANGUAGE DeriveAnyClass #-}
{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE OverloadedStrings #-}
{-
Parses the x-arion field in the generated compose file.
-}
module Arion.ExtendedInfo where
import Prelude()
import Protolude
import Data.Aeson as Aeson
import Arion.Aeson
import Control.Lens
import Data.Aeson.Lens
data Image = Image
{ image :: Maybe Text -- ^ image tar.gz file path
, imageExe :: Maybe Text -- ^ path to exe producing image tar
, imageName :: Text
, imageTag :: Text
} deriving (Eq, Show, Generic, Aeson.ToJSON, Aeson.FromJSON)
data ExtendedInfo = ExtendedInfo {
projectName :: Maybe Text,
images :: [Image]
} deriving (Eq, Show)
loadExtendedInfoFromPath :: FilePath -> IO ExtendedInfo
loadExtendedInfoFromPath fp = do
v <- decodeFile fp
pure ExtendedInfo {
-- TODO: use aeson derived instance?
projectName = v ^? key "x-arion" . key "project" . key "name" . _String,
images = (v :: Aeson.Value) ^.. key "x-arion" . key "images" . _Array . traverse . _JSON
}

View file

@ -0,0 +1,72 @@
{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DeriveAnyClass #-}
{-# LANGUAGE OverloadedStrings #-}
module Arion.Images
( loadImages
) where
import Prelude()
import Protolude hiding (to)
import qualified System.Process as Process
import qualified Data.Text as T
import Arion.ExtendedInfo (Image(..))
type TaggedImage = Text
-- | Subject to change
loadImages :: [Image] -> IO ()
loadImages requestedImages = do
loaded <- getDockerImages
let
isNew i =
-- On docker, the image name is unmodified
(imageName i <> ":" <> imageTag i) `notElem` loaded
-- On podman, you used to automatically get a localhost prefix
-- however, since NixOS 22.05, this expected to be part of the name instead
&& ("localhost/" <> imageName i <> ":" <> imageTag i) `notElem` loaded
traverse_ loadImage . filter isNew $ requestedImages
loadImage :: Image -> IO ()
loadImage Image { image = Just imgPath, imageName = name } =
withFile (toS imgPath) ReadMode $ \fileHandle -> do
let procSpec = (Process.proc "docker" [ "load" ]) {
Process.std_in = Process.UseHandle fileHandle
}
Process.withCreateProcess procSpec $ \_in _out _err procHandle -> do
e <- Process.waitForProcess procHandle
case e of
ExitSuccess -> pass
ExitFailure code ->
panic $ "docker load failed with exit code " <> show code <> " for image " <> name <> " from path " <> imgPath
loadImage Image { imageExe = Just imgExe, imageName = name } = do
let loadSpec = (Process.proc "docker" [ "load" ]) { Process.std_in = Process.CreatePipe }
Process.withCreateProcess loadSpec $ \(Just inHandle) _out _err loadProcHandle -> do
let streamSpec = Process.proc (toS imgExe) []
Process.withCreateProcess streamSpec { Process.std_out = Process.UseHandle inHandle } $ \_ _ _ streamProcHandle ->
withAsync (Process.waitForProcess loadProcHandle) $ \loadExitAsync ->
withAsync (Process.waitForProcess streamProcHandle) $ \streamExitAsync -> do
r <- waitEither loadExitAsync streamExitAsync
case r of
Right (ExitFailure code) -> panic $ "image producer for image " <> name <> " failed with exit code " <> show code <> " from executable " <> imgExe
Right ExitSuccess -> pass
Left _ -> pass
loadExit <- wait loadExitAsync
case loadExit of
ExitFailure code -> panic $ "docker load failed with exit code " <> show code <> " for image " <> name <> " produced by executable " <> imgExe
_ -> pass
pass
loadImage Image { imageName = name } = do
panic $ "image " <> name <> " doesn't specify an image file or imageExe executable"
getDockerImages :: IO [TaggedImage]
getDockerImages = do
let procSpec = Process.proc "docker" [ "images", "--filter", "dangling=false", "--format", "{{.Repository}}:{{.Tag}}" ]
map toS . T.lines . toS <$> Process.readCreateProcess procSpec ""

View file

@ -0,0 +1,183 @@
{-# LANGUAGE OverloadedStrings #-}
module Arion.Nix
( evaluateComposition
, withEvaluatedComposition
, buildComposition
, withBuiltComposition
, replForComposition
, EvaluationArgs(..)
, EvaluationMode(..)
) where
import Prelude ( )
import Protolude
import Arion.Aeson ( pretty )
import Data.Aeson
import qualified Data.String
import qualified System.Directory as Directory
import System.Process
import qualified Data.ByteString.Lazy as BL
import Paths_arion_compose
import qualified Data.Text.IO as T
import qualified Data.List.NonEmpty as NE
import Control.Arrow ( (>>>) )
import System.IO.Temp ( withTempFile )
import System.IO ( hClose )
data EvaluationMode =
ReadWrite | ReadOnly
data EvaluationArgs = EvaluationArgs
{ evalUid :: Int
, evalModules :: NonEmpty FilePath
, evalPkgs :: Text
, evalWorkDir :: Maybe FilePath
, evalMode :: EvaluationMode
, evalUserArgs :: [Text]
}
evaluateComposition :: EvaluationArgs -> IO Value
evaluateComposition ea = do
evalComposition <- getEvalCompositionFile
let commandArgs =
[ "--eval"
, "--strict"
, "--json"
, "--attr"
, "config.out.dockerComposeYamlAttrs"
]
args =
[ evalComposition ]
++ commandArgs
++ modeArguments (evalMode ea)
++ argArgs ea
++ map toS (evalUserArgs ea)
procSpec = (proc "nix-instantiate" args)
{ cwd = evalWorkDir ea
, std_out = CreatePipe
}
withCreateProcess procSpec $ \_in outHM _err procHandle -> do
let outHandle = fromMaybe (panic "stdout missing") outHM
out <- BL.hGetContents outHandle
v <- Protolude.evaluate (eitherDecode out)
exitCode <- waitForProcess procHandle
case exitCode of
ExitSuccess -> pass
ExitFailure 1 -> exitFailure
ExitFailure {} -> do
throwIO $ FatalError $ "evaluation failed with " <> show exitCode
case v of
Right r -> pure r
Left e -> throwIO $ FatalError ("Couldn't parse nix-instantiate output" <> show e)
-- | Run with docker-compose.yaml tmpfile
withEvaluatedComposition :: EvaluationArgs -> (FilePath -> IO r) -> IO r
withEvaluatedComposition ea f = do
v <- evaluateComposition ea
withTempFile "." ".tmp-arion-docker-compose.yaml" $ \path yamlHandle -> do
T.hPutStrLn yamlHandle (pretty v)
hClose yamlHandle
f path
buildComposition :: FilePath -> EvaluationArgs -> IO ()
buildComposition outLink ea = do
evalComposition <- getEvalCompositionFile
let commandArgs =
[ "--attr"
, "config.out.dockerComposeYaml"
, "--out-link"
, outLink
]
args =
[ evalComposition ]
++ commandArgs
++ argArgs ea
++ map toS (evalUserArgs ea)
procSpec = (proc "nix-build" args) { cwd = evalWorkDir ea }
withCreateProcess procSpec $ \_in _out _err procHandle -> do
exitCode <- waitForProcess procHandle
case exitCode of
ExitSuccess -> pass
ExitFailure 1 -> exitFailure
ExitFailure {} -> do
throwIO $ FatalError $ "nix-build failed with " <> show exitCode
-- | Do something with a docker-compose.yaml.
withBuiltComposition :: EvaluationArgs -> (FilePath -> IO r) -> IO r
withBuiltComposition ea f = do
withTempFile "." ".tmp-arion-docker-compose.yaml" $ \path emptyYamlHandle -> do
hClose emptyYamlHandle
-- Known problem: kills atomicity of withTempFile; won't fix because we should manage gc roots,
-- impl of which will probably avoid this "problem". It seems unlikely to cause issues.
Directory.removeFile path
buildComposition path ea
f path
replForComposition :: EvaluationArgs -> IO ()
replForComposition ea = do
evalComposition <- getEvalCompositionFile
let args =
[ "repl", evalComposition ]
++ argArgs ea
++ map toS (evalUserArgs ea)
procSpec = (proc "nix" args) { cwd = evalWorkDir ea }
withCreateProcess procSpec $ \_in _out _err procHandle -> do
exitCode <- waitForProcess procHandle
case exitCode of
ExitSuccess -> pass
ExitFailure 1 -> exitFailure
ExitFailure {} -> do
throwIO $ FatalError $ "nix repl failed with " <> show exitCode
argArgs :: EvaluationArgs -> [[Char]]
argArgs ea =
[ "--argstr"
, "uid"
, show $ evalUid ea
, "--arg"
, "modules"
, modulesNixExpr $ evalModules ea
, "--arg"
, "pkgs"
, toS $ evalPkgs ea
]
getEvalCompositionFile :: IO FilePath
getEvalCompositionFile = getDataFileName "nix/eval-composition.nix"
modeArguments :: EvaluationMode -> [[Char]]
modeArguments ReadWrite = [ "--read-write-mode" ]
modeArguments ReadOnly = [ "--readonly-mode" ]
modulesNixExpr :: NonEmpty FilePath -> [Char]
modulesNixExpr =
NE.toList >>> fmap pathExpr >>> Data.String.unwords >>> wrapList
where
pathExpr :: FilePath -> [Char]
pathExpr path | isAbsolute path = "(/. + \"/${" <> toNixStringLiteral path <> "}\")"
| otherwise = "(./. + \"/${" <> toNixStringLiteral path <> "}\")"
isAbsolute ('/' : _) = True
isAbsolute _ = False
wrapList s = "[ " <> s <> " ]"
toNixStringLiteral :: [Char] -> [Char]
toNixStringLiteral = show -- FIXME: custom escaping including '$'

View file

@ -0,0 +1,37 @@
{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DeriveAnyClass #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE CPP #-}
module Arion.Services
( getDefaultExec
) where
import Prelude()
import Protolude hiding (to)
import qualified Data.Aeson as Aeson
#if MIN_VERSION_lens_aeson(1,2,0)
import qualified Data.Aeson.Key as AK
#endif
import Arion.Aeson (decodeFile)
import Control.Lens
import Data.Aeson.Lens
#if MIN_VERSION_lens_aeson(1,2,0)
type Key = AK.Key
mkKey :: Text -> Key
mkKey = AK.fromText
#else
type Key = Text
mkKey :: Text -> Key
mkKey = identity
#endif
-- | Subject to change
getDefaultExec :: FilePath -> Text -> IO [Text]
getDefaultExec fp service = do
v <- decodeFile fp
pure ((v :: Aeson.Value) ^.. key "x-arion" . key "serviceInfo" . key (mkKey service) . key "defaultExec" . _Array . traverse . _String)

View file

@ -0,0 +1,74 @@
{-# LANGUAGE OverloadedStrings #-}
module Arion.NixSpec
( spec
)
where
import Protolude
import Test.Hspec
import qualified Data.List.NonEmpty as NEL
import Arion.Aeson
import Arion.Nix
import qualified Data.Text as T
import qualified Data.Text.IO as T
spec :: Spec
spec = describe "evaluateComposition" $ do
it "matches an example" $ do
x <- Arion.Nix.evaluateComposition EvaluationArgs
{ evalUid = 123
, evalModules = NEL.fromList
["src/haskell/testdata/Arion/NixSpec/arion-compose.nix"]
, evalPkgs = "import <nixpkgs> { system = \"x86_64-linux\"; }"
, evalWorkDir = Nothing
, evalMode = ReadOnly
, evalUserArgs = ["--show-trace"]
}
let actual = pretty x
expected <- T.readFile "src/haskell/testdata/Arion/NixSpec/arion-compose.json"
censorPaths actual `shouldBe` censorPaths expected
it "matches an build.context example" $ do
x <- Arion.Nix.evaluateComposition EvaluationArgs
{ evalUid = 1234
, evalModules = NEL.fromList
["src/haskell/testdata/Arion/NixSpec/arion-context-compose.nix"]
, evalPkgs = "import <nixpkgs> { system = \"x86_64-linux\"; }"
, evalWorkDir = Nothing
, evalMode = ReadOnly
, evalUserArgs = ["--show-trace"]
}
let actual = pretty x
expected <- T.readFile "src/haskell/testdata/Arion/NixSpec/arion-context-compose.json"
censorPaths actual `shouldBe` censorPaths expected
censorPaths :: Text -> Text
censorPaths = censorImages . censorStorePaths
censorStorePaths :: Text -> Text
censorStorePaths x = case T.breakOn "/nix/store/" x of
(prefix, tl) | (tl :: Text) == "" -> prefix
(prefix, tl) -> prefix <> "<STOREPATH>" <> censorPaths
(T.dropWhile isNixNameChar $ T.drop (T.length "/nix/store/") tl)
-- Probably slow, due to not O(1) <>
censorImages :: Text -> Text
censorImages x = case T.break (\c -> c == ':' || c == '"') x of
(prefix, tl) | tl == "" -> prefix
(prefix, tl) | let imageId = T.take 33 (T.drop 1 tl)
, T.last imageId == '\"'
-- Approximation of nix hash validation
, T.all (\c -> (c >= '0' && c <= '9') || (c >= 'a' && c <= 'z')) (T.take 32 imageId)
-> prefix <> T.take 1 tl <> "<HASH>" <> censorImages (T.drop 33 tl)
(prefix, tl) -> prefix <> T.take 1 tl <> censorImages (T.drop 1 tl)
-- | WARNING: THIS IS LIKELY WRONG: DON'T REUSE
isNixNameChar :: Char -> Bool
isNixNameChar c | c >= '0' && c <= '9' = True
isNixNameChar c | c >= 'a' && c <= 'z' = True
isNixNameChar c | c >= 'A' && c <= 'Z' = True
isNixNameChar c | c == '-' = True
isNixNameChar c | c == '.' = True
isNixNameChar c | c == '_' = True -- WRONG?
isNixNameChar _ = False -- WRONG?

12
src/haskell/test/Spec.hs Normal file
View file

@ -0,0 +1,12 @@
module Spec
( spec
)
where
import Test.Hspec
import qualified Arion.NixSpec
spec :: Spec
spec = do
describe "Arion.Nix" Arion.NixSpec.spec

View file

@ -0,0 +1,10 @@
module Main where
import Prelude()
import Protolude
import Test.Hspec.Runner
import qualified Spec
main :: IO ()
main = hspecWith config Spec.spec
where config = defaultConfig { configColorMode = ColorAlways }

View file

@ -0,0 +1,57 @@
{
"networks": {
"default": {
"name": "unit-test-data"
}
},
"services": {
"webserver": {
"command": [
"/usr/sbin/init"
],
"environment": {
"NIX_REMOTE": "",
"PATH": "/usr/bin:/run/current-system/sw/bin/",
"container": "docker"
},
"image": "localhost/webserver:<HASH>",
"ports": [
"8000:80"
],
"stop_signal": "SIGRTMIN+3",
"sysctls": {},
"tmpfs": [
"/run",
"/run/wrappers",
"/tmp:exec,mode=777"
],
"tty": true,
"volumes": [
"/sys/fs/cgroup:/sys/fs/cgroup:ro",
"/nix/store:/nix/store:ro"
]
}
},
"version": "3.4",
"volumes": {},
"x-arion": {
"images": [
{
"imageExe": "<STOREPATH>",
"imageName": "localhost/webserver",
"imageTag": "<HASH>"
}
],
"project": {
"name": "unit-test-data"
},
"serviceInfo": {
"webserver": {
"defaultExec": [
"/run/current-system/sw/bin/bash",
"-l"
]
}
}
}
}

View file

@ -1,17 +1,13 @@
{ {
docker-compose.services.webserver = { pkgs, ... }: { project.name = "unit-test-data";
services.webserver = { pkgs, ... }: {
nixos.useSystemd = true; nixos.useSystemd = true;
nixos.configuration.boot.tmpOnTmpfs = true; nixos.configuration.boot.tmp.useTmpfs = true;
nixos.configuration.services.nginx.enable = true; nixos.configuration.services.nginx.enable = true;
nixos.configuration.services.nginx.virtualHosts.localhost.root = "${pkgs.nix.doc}/share/doc/nix/manual";
# Please don't do this
nixos.configuration.services.nginx.virtualHosts.localhost.root = "/run/secrets";
service.useHostStore = true; service.useHostStore = true;
service.ports = [ service.ports = [
"8000:80" # host:container "8000:80" # host:container
]; ];
service.secrets."foo.txt".source = "foo";
}; };
docker-compose.secrets.foo.file = ./foo.key;
} }

View file

@ -0,0 +1,41 @@
{
"networks": {
"default": {
"name": "unit-test-data"
}
},
"services": {
"webserver": {
"build": {
"context": "<STOREPATH>"
},
"environment": {},
"ports": [
"8080:80"
],
"sysctls": {},
"volumes": []
}
},
"version": "3.4",
"volumes": {},
"x-arion": {
"images": [
{
"imageExe": "<STOREPATH>",
"imageName": "localhost/webserver",
"imageTag": "<HASH>"
}
],
"project": {
"name": "unit-test-data"
},
"serviceInfo": {
"webserver": {
"defaultExec": [
"/bin/sh"
]
}
}
}
}

View file

@ -0,0 +1,9 @@
{
project.name = "unit-test-data";
services.webserver.service = {
build.context = "${./build-context}";
ports = [
"8080:80"
];
};
}

View file

@ -0,0 +1,4 @@
FROM nginx
RUN echo this is a dockerfile to be built

View file

@ -0,0 +1,45 @@
{
"services": {
"webserver": {
"environment": {
"container": "docker"
},
"image": "webserver:xr4ljmz3qfcwlq9rl4mr4qdrzw93rl70",
"ports": [
"8000:80"
],
"stop_signal": "SIGRTMIN+3",
"sysctls": {},
"tmpfs": [
"/run",
"/run/wrappers",
"/tmp:exec,mode=777"
],
"tty": true,
"volumes": [
"/sys/fs/cgroup:/sys/fs/cgroup:ro"
]
}
},
"version": "3.4",
"x-arion": {
"images": [
{
"image": "/nix/store/xr4ljmz3qfcwlq9rl4mr4qdrzw93rl70-docker-image-webserver.tar.gz",
"imageName": "webserver",
"imageTag": "xr4ljmz3qfcwlq9rl4mr4qdrzw93rl70"
}
],
"project": {
"name": null
},
"serviceInfo": {
"webserver": {
"defaultExec": [
"/run/current-system/sw/bin/bash",
"-l"
]
}
}
}
}

View file

@ -1,9 +1,4 @@
{ modules ? [] { modules ? [], uid ? "0", pkgs, hostNixStorePrefix ? "", }:
, uid ? "0"
, pkgs
, hostNixStorePrefix ? ""
, writableStore ? true
}:
let _pkgs = pkgs; let _pkgs = pkgs;
in in
@ -17,28 +12,26 @@ let
inherit (pkgs) lib; inherit (pkgs) lib;
composition = lib.evalModules { composition = lib.evalModules {
check = true;
modules = builtinModules ++ modules; modules = builtinModules ++ modules;
}; };
builtinModules = [ builtinModules = [
argsModule argsModule
./modules/composition/docker-compose.nix ] ++ import ./modules.nix;
./modules/composition/host-environment.nix
./modules/composition/images.nix
./modules/composition/service-info.nix
./modules/composition/text-secrets.nix
];
argsModule = { argsModule = {
_file = ./eval-composition.nix; _file = ./eval-composition.nix;
key = ./eval-composition.nix; key = ./eval-composition.nix;
config._module.args.pkgs = lib.mkIf (pkgs != null) (lib.mkForce pkgs); config._module.args.pkgs = lib.mkIf (pkgs != null) (lib.mkForce pkgs);
config._module.args.check = true;
config.host.nixStorePrefix = hostNixStorePrefix; config.host.nixStorePrefix = hostNixStorePrefix;
config.host.uid = lib.toInt uid; config.host.uid = lib.toInt uid;
config.host.writableStore = writableStore;
}; };
in in
# Typically you need composition.config.build.dockerComposeYaml # Typically you need composition.config.out.dockerComposeYaml
composition composition // {
# throw in lib and pkgs for repl convenience
inherit lib;
inherit (composition._module.args) pkgs;
}

View file

@ -1,31 +0,0 @@
{ lib, pkgs, ... }:
{ modules, host, name }:
let
composite = lib.evalModules {
check = true;
modules = builtinModules ++ modules;
};
builtinModules = [
argsModule
./modules/service/default-exec.nix
./modules/service/docker-compose-service.nix
./modules/service/extended-info.nix
./modules/service/host-store.nix
./modules/service/host.nix
./modules/service/image.nix
./modules/service/nixos.nix
./modules/service/nixos-init.nix
];
argsModule = {
_file = ./eval-service.nix;
key = ./eval-service.nix;
config._module.args.pkgs = lib.mkForce pkgs;
config.host = host;
config.service.name = name;
};
in
composite

21
src/nix/lib.nix Normal file
View file

@ -0,0 +1,21 @@
{ lib }:
let
link = url: text: ''[${text}](${url})'';
composeSpecRev = "55b450aee50799a2f33cc99e1d714518babe305e";
serviceRef = fragment:
''See ${link "https://github.com/compose-spec/compose-spec/blob/${composeSpecRev}/05-services.md#${fragment}" "Compose Spec Services #${fragment}"}'';
networkRef = fragment:
''See ${link "https://github.com/compose-spec/compose-spec/blob/${composeSpecRev}/06-networks.md#${fragment}" "Compose Spec Networks #${fragment}"}'';
in
{
inherit
link
networkRef
serviceRef
;
}

8
src/nix/modules.nix Normal file
View file

@ -0,0 +1,8 @@
[
./modules/composition/docker-compose.nix
./modules/composition/host-environment.nix
./modules/composition/images.nix
./modules/composition/networks.nix
./modules/composition/service-info.nix
./modules/composition/composition.nix
]

View file

@ -0,0 +1,28 @@
{ config, lib, ... }:
let
inherit (lib) types mkOption;
link = url: text:
''[${text}](${url})'';
in
{
options = {
_module.args = mkOption {
internal = true;
};
project.name = mkOption {
description = ''
Name of the project.
See ${link "https://docs.docker.com/compose/reference/envvars/#compose_project_name" "COMPOSE_PROJECT_NAME"}
This is not optional, because getting the project name from a directory name tends to produce different results for different repo checkout location names.
'';
type = types.str;
};
};
config = {
docker-compose.extended.project.name = config.project.name;
};
}

View file

@ -3,54 +3,53 @@
This is a composition-level module. This is a composition-level module.
It defines the low-level options that are read by arion, like It defines the low-level options that are read by arion, like
- build.dockerComposeYaml - out.dockerComposeYaml
It declares options like It declares options like
- docker-compose.services - services
*/ */
{ pkgs, lib, config, ... }: compositionArgs@{ lib, config, options, pkgs, ... }:
let let
cfg = config.docker-compose; inherit (lib) types;
inherit (lib) mkOption optionalAttrs mapAttrs;
inherit (lib.types) submodule attrsOf nullOr either str path bool;
evalService = name: modules: pkgs.callPackage ../../eval-service.nix {} { inherit name modules; inherit (config) host; };
dockerComposeRef = fragment: service = {
''See <link xlink:href="https://docs.docker.com/compose/compose-file/#${fragment}">Docker Compose#${fragment}</link>''; imports = [ argsModule ] ++ import ../service/all-modules.nix;
secretType = submodule {
options = {
file = mkOption {
type = either path str;
description = ''
Sets the secret's value to this file.
${dockerComposeRef "secrets"}
'';
}; };
external = mkOption { argsModule =
type = bool; { name, # injected by types.submodule
default = false; ...
description = '' }: {
Whether the value of this secret is set via other means. _file = ./docker-compose.nix;
key = ./docker-compose.nix;
${dockerComposeRef "secrets"} config._module.args.pkgs = lib.mkDefault compositionArgs.pkgs;
''; config.host = compositionArgs.config.host;
}; config.composition = compositionArgs.config;
}; config.service.name = name;
}; };
in in
{ {
imports = [
../lib/assert.nix
(lib.mkRenamedOptionModule ["docker-compose" "services"] ["services"])
];
options = { options = {
build.dockerComposeYaml = lib.mkOption { out.dockerComposeYaml = lib.mkOption {
type = lib.types.package; type = lib.types.package;
description = "A derivation that produces a docker-compose.yaml file for this composition."; description = "A derivation that produces a docker-compose.yaml file for this composition.";
readOnly = true;
}; };
build.dockerComposeYamlText = lib.mkOption { out.dockerComposeYamlText = lib.mkOption {
type = lib.types.string; type = lib.types.str;
description = "The text of build.dockerComposeYaml."; description = "The text of out.dockerComposeYaml.";
readOnly = true;
};
out.dockerComposeYamlAttrs = lib.mkOption {
type = lib.types.attrsOf lib.types.unspecified;
description = "The text of out.dockerComposeYaml.";
readOnly = true;
}; };
docker-compose.raw = lib.mkOption { docker-compose.raw = lib.mkOption {
type = lib.types.attrs; type = lib.types.attrs;
@ -60,38 +59,26 @@ in
type = lib.types.attrs; type = lib.types.attrs;
description = "Attribute set that will be turned into the x-arion section of the docker-compose.yaml file."; description = "Attribute set that will be turned into the x-arion section of the docker-compose.yaml file.";
}; };
docker-compose.services = lib.mkOption { services = lib.mkOption {
default = {}; type = lib.types.attrsOf (lib.types.submodule service);
type = with lib.types; attrsOf (coercedTo unspecified (a: [a]) (listOf unspecified)); description = "An attribute set of service configurations. A service specifies how to run an image as a container.";
description = "A attribute set of service configurations. A service specifies how to run an image. Each of these service configurations is specified using modules whose options are described in the Service Options section.";
}; };
docker-compose.evaluatedServices = lib.mkOption { docker-compose.volumes = lib.mkOption {
type = lib.types.attrsOf lib.types.attrs; type = lib.types.attrsOf lib.types.unspecified;
description = "Attribute set of evaluated service configurations."; description = "A attribute set of volume configurations.";
readOnly = true;
};
docker-compose.secrets = lib.mkOption {
type = attrsOf secretType;
description = dockerComposeRef "secrets";
default = {}; default = {};
}; };
}; };
config = { config = {
build.dockerComposeYaml = pkgs.writeText "docker-compose.yaml" config.build.dockerComposeYamlText; out.dockerComposeYaml = pkgs.writeText "docker-compose.yaml" config.out.dockerComposeYamlText;
build.dockerComposeYamlText = builtins.toJSON (config.docker-compose.raw); out.dockerComposeYamlText = builtins.toJSON (config.out.dockerComposeYamlAttrs);
out.dockerComposeYamlAttrs = config.assertWarn config.docker-compose.raw;
docker-compose.evaluatedServices = lib.mapAttrs evalService config.docker-compose.services;
docker-compose.raw = { docker-compose.raw = {
version = "3.4"; version = "3.4";
services = lib.mapAttrs (k: c: c.config.build.service) config.docker-compose.evaluatedServices; services = lib.mapAttrs (k: c: c.out.service) config.services;
x-arion = config.docker-compose.extended; x-arion = config.docker-compose.extended;
} // optionalAttrs (cfg.secrets != {}) { volumes = config.docker-compose.volumes;
secrets = mapAttrs (_k: s: optionalAttrs (s.external != false) {
inherit (s) external;
} // optionalAttrs (s.file != null) {
file = toString s.file;
}
) cfg.secrets;
}; };
}; };
} }

View file

@ -15,7 +15,7 @@
}; };
host.nixStorePrefix = lib.mkOption { host.nixStorePrefix = lib.mkOption {
type = lib.types.string; type = lib.types.str;
default = ""; default = "";
example = "/mnt/foo"; example = "/mnt/foo";
description = '' description = ''
@ -23,18 +23,9 @@
stored at an alternate location without altering the format of stored at an alternate location without altering the format of
store paths. store paths.
For example: instead of mounting the host's /nix/store as the For example: instead of mounting the host's `/nix/store` as the
container's /nix/store, this will mount /mnt/foo/nix/store container's `/nix/store`, this will mount `/mnt/foo/nix/store`
as the container's /nix/store. as the container's `/nix/store`.
'';
};
host.writableStore = lib.mkOption {
type = lib.types.bool;
description = ''
Whether the Nix store is writable. Normally it is, but when extracting
secrets, it must not be writable in order to prevent secrets from
accidentally leaking into the Nix store.
''; '';
}; };

View file

@ -4,31 +4,39 @@ let
serviceImages = serviceImages =
lib.mapAttrs addDetails ( lib.mapAttrs addDetails (
lib.filterAttrs filterFunction config.docker-compose.evaluatedServices lib.filterAttrs filterFunction config.services
); );
filterFunction = serviceName: service: filterFunction = serviceName: service:
builtins.addErrorContext "while evaluating whether the service ${serviceName} defines an image" builtins.addErrorContext "while evaluating whether the service ${serviceName} defines an image"
service.config.image.nixBuild; service.image.nixBuild;
addDetails = serviceName: service: addDetails = serviceName: service:
builtins.addErrorContext "while evaluating the image for service ${serviceName}" builtins.addErrorContext "while evaluating the image for service ${serviceName}"
(let (let
inherit (service.config) build; inherit (service) build;
in { in {
image = build.image.outPath;
imageName = build.imageName or service.image.name; imageName = build.imageName or service.image.name;
imageTag = imageTag =
if build.image.imageTag != "" if build.image.imageTag != ""
then build.image.imageTag then build.image.imageTag
else lib.head (lib.strings.splitString "-" (baseNameOf build.image.outPath)); else lib.head (lib.strings.splitString "-" (baseNameOf build.image.outPath));
}); } // (if build.image.isExe or false
then {
imageExe = build.image.outPath;
}
else {
image = build.image.outPath;
}
)
);
in in
{ {
options = { options = {
build.imagesToLoad = lib.mkOption { build.imagesToLoad = lib.mkOption {
type = listOf unspecified; type = listOf unspecified;
description = "List of dockerTools image derivations."; internal = true;
description = "List of `dockerTools` image derivations.";
}; };
}; };
config = { config = {

View file

@ -0,0 +1,53 @@
{ config, lib, ... }:
let
inherit (lib)
mkOption
optionalAttrs
types
;
inherit (import ../../lib.nix { inherit lib; })
link
;
in
{
options = {
networks = mkOption {
type = types.lazyAttrsOf (types.submoduleWith {
modules = [
../networks/network.nix
];
});
description = ''
See ${link "https://docs.docker.com/compose/compose-file/06-networks/" "Docker Compose Networks"}
'';
};
enableDefaultNetwork = mkOption {
type = types.bool;
description = ''
Whether to define the default network:
```nix
networks.default = {
name = config.project.name;
};
```
'';
default = true;
};
};
config = {
networks = optionalAttrs config.enableDefaultNetwork {
default = {
name = config.project.name;
};
};
docker-compose.raw.networks =
lib.mapAttrs (k: v: v.out) config.networks;
};
}

View file

@ -5,17 +5,14 @@
*/ */
{ config, lib, ... }: { config, lib, ... }:
let let
inherit (lib) mapAttrs filterAttrs;
serviceInfo = serviceInfo =
lib.mapAttrs getInfo ( filterAttrs (_k: v: v != {})
lib.filterAttrs filterFunction config.docker-compose.evaluatedServices (mapAttrs (_serviceName: service: service.out.extendedInfo)
config.services
); );
filterFunction = _serviceName: service:
# shallow equality suffices for emptiness test
builtins.attrNames service.config.build.extendedInfo != [];
getInfo = _serviceName: service: service.config.build.extendedInfo;
in in
{ {
config = { config = {

View file

@ -1,29 +0,0 @@
{ config, lib, ... }:
let
inherit (lib) mkOption mapAttrsToList concatStrings escapeShellArg;
inherit (lib.types) attrsOf unspecified;
in
{
options = {
textSecrets = mkOption {
type = attrsOf unspecified; # unspecified for laziness
default = {};
description = "Secrets to write to files.";
};
build.writeSecretsScript = mkOption {
type = unspecified; # unspecified for laziness
readOnly = true;
internal = true;
description = "Generated script that writes the textSecrets.";
};
};
config = {
docker-compose.extended.hasTextSecrets = config.textSecrets != {};
build.writeSecretsScript = concatStrings (mapAttrsToList (k: v: ''
mkdir -p "$ARION_SECRETS_DIR"
echo ${escapeShellArg v} >$ARION_SECRETS_DIR/${escapeShellArg k}
'') config.textSecrets);
};
}

View file

@ -0,0 +1,2 @@
`assertions.nix`: Nixpkgs
`assert.nix`: extracted from Nixpkgs, adapted

View file

@ -0,0 +1,33 @@
{ config, lib, pkgs, ... }:
# based on nixpkgs/nixos/modules/system/activation/top-level.nix
let
inherit (lib)
concatStringsSep
filter
mkOption
showWarnings
types
;
# Handle assertions and warnings
failedAssertions = map (x: x.message) (filter (x: !x.assertion) config.assertions);
assertWarn = if failedAssertions != []
then throw "\nFailed assertions:\n${concatStringsSep "\n" (map (x: "- ${x}") failedAssertions)}"
else showWarnings config.warnings;
in
{
imports = [ ./assertions.nix ];
options.assertWarn = mkOption {
type = types.unspecified; # a function
# It's for the wrapping program to know about this. User need not care.
internal = true;
readOnly = true;
};
config = { inherit assertWarn; };
}

View file

@ -0,0 +1,34 @@
{ lib, ... }:
with lib;
{
options = {
assertions = mkOption {
type = types.listOf types.unspecified;
internal = true;
default = [];
example = [ { assertion = false; message = "you can't enable this for that reason"; } ];
description = ''
This option allows modules to express conditions that must
hold for the evaluation of the system configuration to
succeed, along with associated error messages for the user.
'';
};
warnings = mkOption {
internal = true;
default = [];
type = types.listOf types.str;
example = [ "The `foo' service is deprecated and will go away soon!" ];
description = ''
This option allows modules to show warnings to users during
the evaluation of the system configuration.
'';
};
};
# impl of assertions is in <nixpkgs/nixos/modules/system/activation/top-level.nix>
}

View file

@ -0,0 +1,131 @@
{ config, lib, options, ... }:
let
inherit (lib)
mkOption
optionalAttrs
types
;
inherit (import ../../lib.nix { inherit lib; })
networkRef
;
in
{
options = {
driver = mkOption {
description = ''
`"none"`, `"host"`, or a platform-specific value.
${networkRef "driver"}
'';
type = types.str;
};
driver_opts = mkOption {
description = ''
${networkRef "driver_opts"}
'';
type = types.lazyAttrsOf types.raw or types.unspecified;
};
attachable = mkOption {
description = ''
${networkRef "attachable"}
'';
type = types.bool;
example = true;
};
enable_ipv6 = mkOption {
description = ''
Whether we've entered the 21st century yet.
${networkRef "enable_ipv6"}
'';
type = types.bool;
};
ipam = mkOption {
# TODO model sub-options
description = ''
Manage IP addresses.
${networkRef "ipam"}
'';
type = types.raw or types.unspecified;
};
internal = mkOption {
description = ''
Achieves "external isolation".
${networkRef "internal"}
'';
defaultText = false;
type = types.bool;
};
labels = mkOption {
description = ''
Metadata.
${networkRef "labels"}
'';
# no list support, because less expressive wrt overriding
type = types.attrsOf types.str;
};
external = mkOption {
description = ''
When `true`, don't create or destroy the network, but assume that it
exists.
${networkRef "external"}
'';
type = types.bool;
};
name = mkOption {
description = ''
Set a custom name for the network.
It shares a namespace with other projects' networks. `name` is used as-is.
Note the `default` network's default `name` is set to `project.name` by Arion.
${networkRef "name"}
'';
type = types.str;
};
out = mkOption {
internal = true;
description = ''
This network's contribution to the docker compose yaml file
under the `networks.''${name}` key.
'';
type = lib.types.attrsOf lib.types.raw or lib.types.unspecified;
};
};
config = {
out =
lib.mapAttrs
(k: opt: opt.value)
(lib.filterAttrs
(k: opt: opt.isDefined)
{
inherit (options)
driver
driver_opts
attachable
enable_ipv6
ipam
internal
labels
external
name
;
}
);
};
}

View file

@ -0,0 +1,13 @@
[
./default-exec.nix
./docker-compose-service.nix
./extended-info.nix
./host-store.nix
./context.nix
./image.nix
./image-recommended.nix
./nixos.nix
./nixos-init.nix
../lib/assert.nix
./check-sys_admin.nix
]

Some files were not shown because too many files have changed in this diff Show more