2024-09-28 22:25:36 +02:00
|
|
|
# Regularly build and push container images.
|
|
|
|
|
|
|
|
{ config, pkgs, ... }:
|
|
|
|
let
|
|
|
|
dockerHubUsername = "p1st";
|
|
|
|
repo = (builtins.fetchGit {
|
|
|
|
url = "https://codeberg.org/privacy1st/ContainerImages";
|
|
|
|
#rev = "5e510fb77a0ebbbe082b383e12be8daffc09064d";
|
|
|
|
#submodules = true;
|
|
|
|
});
|
|
|
|
in
|
|
|
|
{
|
|
|
|
# Configure ContainerImages.
|
|
|
|
# This creates file `/etc/ContainerImages/dockerhub-p1st`.
|
2024-11-21 18:23:26 +01:00
|
|
|
#
|
|
|
|
# `config.json` is created by running `docker login` for the correct user.
|
|
|
|
# It has the following content
|
|
|
|
# {
|
|
|
|
# "auths": {
|
|
|
|
# "https://index.docker.io/v1/": {
|
|
|
|
# "auth": "REPLACE-ME-WITH-REAL-VALUE"
|
|
|
|
# }
|
|
|
|
# }
|
|
|
|
# }
|
|
|
|
|
2024-09-28 22:25:36 +02:00
|
|
|
deployment.keys."dockerhub-${dockerHubUsername}" = {
|
|
|
|
# mkdir secrets/dockerhub-p1st
|
|
|
|
# sudo install -m600 /dev/stdin secrets/dockerhub-p1st/config.json
|
|
|
|
keyFile = ../secrets/dockerhub-${dockerHubUsername}/config.json;
|
|
|
|
destDir = "/etc/ContainerImages/${dockerHubUsername}";
|
|
|
|
user = "root";
|
|
|
|
group = "root";
|
|
|
|
};
|
|
|
|
|
|
|
|
systemd.timers."ContainerImages" = {
|
|
|
|
wantedBy = [ "timers.target" ];
|
|
|
|
partOf = [ "ContainerImages.service" ];
|
|
|
|
timerConfig = {
|
|
|
|
OnBootSec = "1h";
|
|
|
|
OnUnitInactiveSec = "3h";
|
|
|
|
|
|
|
|
AccuracySec = "1m";
|
|
|
|
RandomizedDelaySec = "1m";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
systemd.services."ContainerImages" = {
|
|
|
|
path = with pkgs; [
|
|
|
|
docker
|
|
|
|
(pkgs.callPackage ./docker-pushrm-pkg.nix { })
|
|
|
|
];
|
|
|
|
serviceConfig = {
|
|
|
|
Type = "oneshot";
|
|
|
|
PrivateTmp = true;
|
|
|
|
User = "root";
|
|
|
|
Nice = 19;
|
|
|
|
IOSchedulingClass = "idle";
|
|
|
|
|
|
|
|
ExecStart = "${pkgs.bash}/bin/bash ${repo}/run.sh";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|