diff options
| author | Alex Auvolat <alex@adnab.me> | 2022-11-28 22:58:39 +0100 |
|---|---|---|
| committer | Alex Auvolat <alex@adnab.me> | 2022-11-28 22:58:39 +0100 |
| commit | 105c08172827499504816106ffe1b61d76c2d4c8 (patch) | |
| tree | 1a9f7472fa03c45089191e8e3167e3e9d5533297 /cluster/staging/cluster.nix | |
| parent | a327876e253b464c049faeafeb24ab2687425014 (diff) | |
| download | nixcfg-105c08172827499504816106ffe1b61d76c2d4c8.tar.gz nixcfg-105c08172827499504816106ffe1b61d76c2d4c8.zip | |
Staging: ability to run Nix jobs using exec2 driver
Diffstat (limited to 'cluster/staging/cluster.nix')
| -rw-r--r-- | cluster/staging/cluster.nix | 49 |
1 files changed, 42 insertions, 7 deletions
diff --git a/cluster/staging/cluster.nix b/cluster/staging/cluster.nix index cbabdc9..79e3cf0 100644 --- a/cluster/staging/cluster.nix +++ b/cluster/staging/cluster.nix @@ -74,18 +74,53 @@ ## ----- - ## EXPERIMENTAL ON STAGING: NIX NOMAD DRIVER + ## EXPERIMENTAL ON STAGING: NIX NOMAD JOBS services.nomad.dropPrivileges = false; + + # ----- nomad-driver-nix & nomad-driver-exec2 ----- + services.nomad.extraSettingsPlugins = + let nomad_driver_nix = import ./nomad-driver-nix.nix { inherit pkgs; }; + nomad_driver_exec2 = import ./nomad-driver-exec2.nix { inherit pkgs; }; + in [ + (pkgs.symlinkJoin { + name = "nomad-drivers"; + paths = [ + nomad_driver_nix + nomad_driver_exec2 + ]; + }) + ]; + # the nix driver requires flakes to be enabled and some commands to be available + nix.settings.experimental-features = [ "nix-command" "flakes" ]; services.nomad.extraPackages = [ pkgs.nix pkgs.git ]; - services.nomad.extraSettingsPlugins = - let nomad_driver_nix = import ./nomad-driver-nix.nix { inherit pkgs; }; - in [ nomad_driver_nix ]; - - # the nix driver requires flakes to be enabled - nix.settings.experimental-features = [ "nix-command" "flakes" ]; + # default config for the exec2 driver + services.nomad.settings.plugin = [ + { + "exec2-driver" = [ + { + config = [ + { + bind_read_only = { + "/etc/static" = "/etc/static"; + "/etc/passwd" = "/etc/passwd"; + "/etc/resolv.conf" = "/etc/resolv.conf"; + "/etc/nix/nix.conf" = "/etc/nix/nix.conf"; + "/etc/ssl" = "/etc/ssl"; + "/etc/nsswitch.conf" = "/etc/nsswitch.conf"; + "/nix" = "/nix"; + "/bin" = "/bin"; + "/usr" = "/usr"; + "/run/current-system/sw" = "/run/current-system/sw"; + }; + } + ]; + } + ]; + } + ]; # use our cache as additionnal substituer (we put precompiled packages there, # like we used to do on the docker hub) |