diff options
| author | Alex Auvolat <alex@adnab.me> | 2022-11-15 23:13:55 +0100 |
|---|---|---|
| committer | Alex Auvolat <alex@adnab.me> | 2022-11-15 23:13:55 +0100 |
| commit | 2cd4bf1ee79b72881fe2f1d8a1160a390c7d837a (patch) | |
| tree | d8dd6553d800f3a48d18b6b12ddf2cacf150766f | |
| parent | 13fac2b4460218869eb3bad42af59940f931ac77 (diff) | |
| download | nixcfg-2cd4bf1ee79b72881fe2f1d8a1160a390c7d837a.tar.gz nixcfg-2cd4bf1ee79b72881fe2f1d8a1160a390c7d837a.zip | |
Demo running directly a service from the nix store
| -rw-r--r-- | cluster/staging/app/dummy/deploy/dummy-nginx.hcl | 91 | ||||
| -rw-r--r-- | cluster/staging/app/dummy/deploy/shell.nix | 5 | ||||
| -rw-r--r-- | cluster/staging/node/cariacou.nix | 13 |
3 files changed, 79 insertions, 30 deletions
diff --git a/cluster/staging/app/dummy/deploy/dummy-nginx.hcl b/cluster/staging/app/dummy/deploy/dummy-nginx.hcl index a8990c6..cf9ec94 100644 --- a/cluster/staging/app/dummy/deploy/dummy-nginx.hcl +++ b/cluster/staging/app/dummy/deploy/dummy-nginx.hcl @@ -1,35 +1,66 @@ job "dummy-nginx" { - datacenters = ["neptune"] - type = "service" - - group "nginx" { - count = 1 + datacenters = ["neptune"] + type = "service" + + group "nginx" { + count = 1 - network { - port "http" { - to = 80 - } - } + volume "nix-store" { + type = "host" + source = "nix-store" + read_only = true + } + volume "nix-current-system-bin" { + type = "host" + source = "nix-current-system-bin" + read_only = true + } - task "nginx" { - driver = "docker" - config { - image = "nginx" - ports = [ "http" ] - } - } + network { + port "http" { + to = 8080 + } + } - service { - port = "http" - tags = [ - "tricot home.adnab.me 100", - ] - check { - type = "http" - path = "/" - interval = "10s" - timeout = "2s" - } - } - } + task "not-actually-nginx" { + driver = "exec" + config { + command = "env" + args = [ + "/run/current-system/sw/bin/nix-shell", + "--run", "python3 -m http.server 8080" + ] + } + env = { + NIX_PATH = "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos" + } + + volume_mount { + volume = "nix-store" + destination = "/nix" + } + volume_mount { + volume = "nix-current-system-bin" + destination = "/run/current-system/sw/bin" + } + + template { + data = file("shell.nix") + destination = "shell.nix" + } + } + + service { + port = "http" + tags = [ + "tricot home.adnab.me 100", + ] + check { + type = "http" + path = "/" + interval = "10s" + timeout = "2s" + } + } + } } diff --git a/cluster/staging/app/dummy/deploy/shell.nix b/cluster/staging/app/dummy/deploy/shell.nix new file mode 100644 index 0000000..1323f1c --- /dev/null +++ b/cluster/staging/app/dummy/deploy/shell.nix @@ -0,0 +1,5 @@ +{ pkgs ? import <nixpkgs> {} }: +pkgs.mkShell { +# nativeBuildInputs is usually what you want -- tools you need to run + nativeBuildInputs = [ pkgs.python3 ]; +} diff --git a/cluster/staging/node/cariacou.nix b/cluster/staging/node/cariacou.nix index 61d3f28..5662422 100644 --- a/cluster/staging/node/cariacou.nix +++ b/cluster/staging/node/cariacou.nix @@ -21,4 +21,17 @@ deuxfleurs.cluster_ip = "10.14.1.1"; deuxfleurs.is_raft_server = true; + + # experimental: nomad as root, to enable exec driver + services.nomad.dropPrivileges = false; + services.nomad.settings.client.host_volume = { + "nix-store" = { + path = "/nix"; + read_only = true; + }; + "nix-current-system-bin" = { + path = "/run/current-system/sw/bin"; + read_only = true; + }; + }; } |