111 lines
4.0 KiB
Nix
111 lines
4.0 KiB
Nix
{ config, pkgs, lib, ... }:
|
|
let
|
|
serverCfg = config.syscfg.server;
|
|
builder = import ./builder.nix { inherit config lib pkgs serverCfg; };
|
|
|
|
in{
|
|
config = lib.mkMerge [{
|
|
syscfg.server.loadedContainers = lib.mapAttrs (name: containerCfg:
|
|
builder.mkApp name ((import (./apps + "/${name}.nix")) { inherit config pkgs lib containerCfg builder name; })
|
|
) config.syscfg.server.containers;
|
|
} (lib.mkIf ( serverCfg.containers != {} ) (
|
|
let
|
|
appsList = builtins.attrValues config.syscfg.server.loadedContainers;
|
|
mergedContainers = lib.concatMapAttrs (appName: app:
|
|
lib.mapAttrs' (cName: cCfg: lib.nameValuePair "${appName}-${cName}" cCfg) app.runtime.containers
|
|
) config.syscfg.server.loadedContainers;
|
|
serverPathConfigs = map (path: {
|
|
inherit path;
|
|
mode = "0755";
|
|
}) (lib.unique (builtins.attrValues serverCfg.path));
|
|
allPathConfigs = serverPathConfigs ++ lib.concatMap (app: app.runtime.paths) appsList;
|
|
allSetupConfigs = lib.concatMap (app:
|
|
if app.runtime.setup ? script
|
|
then [ ({ name = app.name; envFile = ""; } // app.runtime.setup) ]
|
|
else [ ]
|
|
) appsList;
|
|
allCronsConfigs = lib.concatMap (app: app.runtime.cron) appsList;
|
|
allVMConfigs = builtins.filter (app: app.runtime.vm != null) appsList;
|
|
in{
|
|
virtualisation.oci-containers = {
|
|
backend = "podman";
|
|
containers = mergedContainers;
|
|
};
|
|
system.activationScripts.container-setup-dirs = {
|
|
deps = [ "users" "groups" ];
|
|
text = lib.concatStringsSep "\n" (map (cfg:
|
|
let
|
|
effectiveCfg = {
|
|
owner = "root:root";
|
|
mode = "0400";
|
|
dirs = [];
|
|
} // cfg;
|
|
in ''
|
|
${pkgs.coreutils}/bin/mkdir -p "${effectiveCfg.path}"
|
|
${lib.concatMapStringsSep "\n" (dir: "${pkgs.coreutils}/bin/mkdir -p ${effectiveCfg.path}/${lib.escapeShellArg dir}") effectiveCfg.dirs}
|
|
${pkgs.coreutils}/bin/chown ${effectiveCfg.owner} "${effectiveCfg.path}"
|
|
${pkgs.coreutils}/bin/chmod ${effectiveCfg.mode} "${effectiveCfg.path}"
|
|
|
|
'') allPathConfigs);
|
|
};
|
|
|
|
systemd.services = {
|
|
podman-gc = {
|
|
description = "Podman garbage collection";
|
|
serviceConfig.Type = "oneshot";
|
|
script = ''
|
|
${pkgs.podman}/bin/podman container prune -f
|
|
${pkgs.podman}/bin/podman image prune -f
|
|
'';
|
|
startAt = "weekly";
|
|
};
|
|
}
|
|
// lib.listToAttrs (lib.concatMap (e: [{
|
|
name = "${e.name}-vm";
|
|
value = {
|
|
description = "Isolated NixOS Guest VM for ${e.name}";
|
|
after = [ "network-online.target" ];
|
|
wants = [ "network-online.target" ];
|
|
wantedBy = [ "multi-user.target" ];
|
|
environment = {
|
|
QEMU_VM_REG_SND = "0";
|
|
NIX_DISK_IMAGE = "/media/data/kvm/${e.name}-guest.qcw2";
|
|
};
|
|
serviceConfig = {
|
|
Type = "simple";
|
|
Restart = "always";
|
|
RestartSec = "10s";
|
|
ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p /media/data/kvm";
|
|
ExecStart = ''
|
|
${builder.mkVm { name = e.name; vm = e.runtime.vm; }}/bin/run-${e.name}-vm -nographic
|
|
'';
|
|
};
|
|
};
|
|
}]) allVMConfigs)
|
|
// lib.listToAttrs (lib.concatMap (e: [{
|
|
name = "${e.name}-setup";
|
|
value = {
|
|
description = "Run ${e.name} setup";
|
|
after = [ "podman-${e.name}-${e.trigger}.service" ];
|
|
wants = [ "podman-${e.name}-${e.trigger}.service" ];
|
|
wantedBy = [ "multi-user.target" ];
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
TimeoutStartSec = "360s";
|
|
EnvironmentFile = e.envFile;
|
|
ExecStart = e.script;
|
|
RemainAfterExit = true;
|
|
User = "root";
|
|
};
|
|
};
|
|
}]) allSetupConfigs );
|
|
|
|
services.cron = {
|
|
enable = true;
|
|
systemCronJobs = allCronsConfigs;
|
|
};
|
|
|
|
}))];
|
|
|
|
}
|