sora/nixconfig
1
0
Fork 1
Code Issues 2 Pull Requests Actions Releases Activity

Refactor

Browse Source
This commit is contained in:
soraefir
2026-06-04 00:30:29 +02:00
parent b82393272c
commit 9a89479f66
26 changed files with 1385 additions and 1380 deletions
Download Patch File Download Diff File Expand all files Collapse all files

83
modules/server/containers/builder.nix
View File

@@ -1,16 +1,32 @@
{ config, lib, pkgs, serverCfg }:
let
mkRouterName = { subdomain, subpath ? null }:
if subpath != null
then "${subdomain}-${lib.strings.sanitizeDerivationName subpath}"
else subdomain;
getOr = attrs: path: default: lib.attrByPath path default attrs;
mkTmpfsOption = size: "--tmpfs=/tmp:rw,noexec,nosuid,size=${size}";
mkAuthentikLabels =
{ subdomain
, subpath ? null
, routerName ? mkRouterName { inherit subdomain subpath; }
, middleware ? "authentik"
}:
lib.optionalAttrs (serverCfg.containers ? authentik) {
"traefik.http.routers.${routerName}.middlewares" = middleware;
};
contBuilder =
{ image ? null, imageStream ? null, imageFile ? null
, secret ? null
, subdomain ? null, subpath?null, port ? null
, authentik ? false
, tmpfs ? false
, tmpfsSize ? "512m"
, extraEnv ? { }, extraLabels ? { }, extraOptions ? [ ]
, overrides ? { }
}:
let
routerName = if subpath != null
then "${subdomain}-${lib.strings.sanitizeDerivationName subpath}"
else subdomain;
routerName = mkRouterName { inherit subdomain subpath; };
base = {
image = if imageStream != null then "${imageStream.imageName}:${imageStream.imageTag}"
else if imageFile != null then "${imageFile.imageName}:${imageFile.imageTag}" else image;
@@ -33,11 +49,15 @@ let
"traefik.http.services.${routerName}.loadbalancer.server.port" = toString port;
}) else {
"traefik.enable" = "false";
}) // extraLabels;
})
// lib.optionalAttrs authentik (mkAuthentikLabels { inherit subdomain subpath routerName; })
// extraLabels;
extraOptions = [
"--add-host=host.containers.internal:host-gateway"
] ++ extraOptions;
]
++ lib.optional tmpfs (mkTmpfsOption tmpfsSize)
++ extraOptions;
};
in lib.recursiveUpdate base overrides;
vmBuilder = { name, vm }: ((import "${pkgs.path}/nixos/lib/eval-config.nix" {
@@ -70,54 +90,27 @@ in {
mkContainer = contBuilder;
mkVm = vmBuilder;
mkApp = name: app:
let
# Keep legacy app modules working while storing a stricter internal contract.
legacySetup =
if app ? setup then app.setup else null;
in {
{
inherit name;
requires = {
secrets =
if app ? requires && app.requires ? secrets then app.requires.secrets
else if app ? sops && app.sops then [ name ]
else [ ];
databases =
if app ? requires && app.requires ? databases then app.requires.databases
else if app ? db && app.db then [ name ]
else [ ];
secrets = getOr app [ "requires" "secrets" ] [ ];
databases = getOr app [ "requires" "databases" ] [ ];
};
exports = {
authentik = {
blueprints =
if app ? exports && app.exports ? authentik && app.exports.authentik ? blueprints
then app.exports.authentik.blueprints
else [ ];
blueprints = getOr app [ "exports" "authentik" "blueprints" ] [ ];
};
};
runtime = {
paths =
if app ? runtime && app.runtime ? paths then app.runtime.paths
else if app ? paths then app.paths
else [ ];
containers =
if app ? runtime && app.runtime ? containers then app.runtime.containers
else if app ? containers then app.containers
else { };
vm =
if app ? runtime && app.runtime ? vm then app.runtime.vm
else if app ? vm then app.vm
else null;
cron =
if app ? runtime && app.runtime ? cron then app.runtime.cron
else if app ? cron then app.cron
else [ ];
setup =
if app ? runtime && app.runtime ? setup then app.runtime.setup
else ({
trigger = "";
script = null;
envFile = [ ];
} // (if legacySetup != null then legacySetup else { }));
paths = getOr app [ "runtime" "paths" ] [ ];
containers = getOr app [ "runtime" "containers" ] { };
vm = getOr app [ "runtime" "vm" ] null;
cron = getOr app [ "runtime" "cron" ] [ ];
setup = {
trigger = "";
script = null;
envFile = [ ];
} // getOr app [ "runtime" "setup" ] { };
};
};
mkData = { name, dir, vars?{} }: pkgs.runCommand name vars ''