99 lines
3.5 KiB
Nix
99 lines
3.5 KiB
Nix
{ config, pkgs, lib, ... }:
|
|
let
|
|
serverCfg = config.syscfg.server;
|
|
builder = import ./builder.nix { inherit config lib pkgs serverCfg; };
|
|
|
|
in{
|
|
config = lib.mkMerge [{
|
|
syscfg.server.loadedContainers = lib.mapAttrs (name: containerCfg:
|
|
(import (./apps + "/${name}.nix")) { inherit config pkgs lib containerCfg builder name; }
|
|
) config.syscfg.server.containers;
|
|
} (lib.mkIf ( serverCfg.containers != {} ) (
|
|
let
|
|
appsList = builtins.attrValues config.syscfg.server.loadedContainers;
|
|
mergedContainers = lib.concatMapAttrs (appName: app:
|
|
lib.mapAttrs' (cName: cCfg: lib.nameValuePair "${appName}-${cName}" cCfg) app.containers
|
|
) config.syscfg.server.loadedContainers;
|
|
allPathConfigs = lib.concatMap (app: app.paths) appsList;
|
|
allSetupConfigs = lib.concatMap (app: if app.setup?script then [({name = app.name; envFile="";} // app.setup)] else []) appsList;
|
|
allCronsConfigs = lib.concatMap (app: app.cron) appsList;
|
|
allVMConfigs = builtins.filter (app: app.vm != null) appsList;
|
|
in{
|
|
virtualisation.oci-containers = {
|
|
backend = "podman";
|
|
containers = mergedContainers;
|
|
};
|
|
system.activationScripts.container-setup-dirs = {
|
|
deps = [ "users" "groups" ];
|
|
text = lib.concatStringsSep "\n" (map (cfg:
|
|
let
|
|
effectiveCfg = {
|
|
owner = "root:root";
|
|
mode = "0400";
|
|
} // cfg;
|
|
in ''
|
|
${pkgs.coreutils}/bin/mkdir -p "${effectiveCfg.path}"
|
|
${pkgs.coreutils}/bin/chown ${effectiveCfg.owner} "${effectiveCfg.path}"
|
|
${pkgs.coreutils}/bin/chmod ${effectiveCfg.mode} "${effectiveCfg.path}"
|
|
'') allPathConfigs);
|
|
};
|
|
|
|
systemd.services = {
|
|
podman-gc = {
|
|
description = "Podman garbage collection";
|
|
serviceConfig.Type = "oneshot";
|
|
script = ''
|
|
${pkgs.podman}/bin/podman container prune -f
|
|
${pkgs.podman}/bin/podman image prune -f
|
|
'';
|
|
startAt = "weekly";
|
|
};
|
|
}
|
|
// lib.listToAttrs (lib.concatMap (e: [{
|
|
name = "${e.name}-vm";
|
|
value = {
|
|
description = "Isolated NixOS Guest VM for ${e.name}";
|
|
after = [ "network-online.target" ];
|
|
wants = [ "network-online.target" ];
|
|
wantedBy = [ "multi-user.target" ];
|
|
environment = {
|
|
QEMU_VM_REG_SND = "0";
|
|
NIX_DISK_IMAGE = "/media/data/kvm/${e.name}-guest.qcw2";
|
|
};
|
|
serviceConfig = {
|
|
Type = "simple";
|
|
Restart = "always";
|
|
RestartSec = "10s";
|
|
ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p /media/data/kvm";
|
|
ExecStart = ''
|
|
${builder.mkVm { name = e.name; vm = e.vm; }}/bin/run-${e.name}-vm -nographic
|
|
'';
|
|
};
|
|
};
|
|
}]) allVMConfigs)
|
|
// lib.listToAttrs (lib.concatMap (e: [{
|
|
name = "${e.name}-setup";
|
|
value = {
|
|
description = "Run ${e.name} setup";
|
|
after = [ "podman-${e.name}-${e.trigger}.service" ];
|
|
wants = [ "podman-${e.name}-${e.trigger}.service" ];
|
|
wantedBy = [ "multi-user.target" ];
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
TimeoutStartSec = "360s";
|
|
EnvironmentFile = e.envFile;
|
|
ExecStart = e.script;
|
|
RemainAfterExit = true;
|
|
User = "root";
|
|
};
|
|
};
|
|
}]) allSetupConfigs );
|
|
|
|
services.cron = {
|
|
enable = true;
|
|
systemCronJobs = allCronsConfigs;
|
|
};
|
|
|
|
}))];
|
|
|
|
} |