diff --git a/hosts/yodaNas/configuration.nix b/hosts/yodaNas/configuration.nix index f608016..3da85a5 100644 --- a/hosts/yodaNas/configuration.nix +++ b/hosts/yodaNas/configuration.nix @@ -20,6 +20,7 @@ #../../modules/podman.nix ../../modules/docker.nix #../../modules/docker-pushrm.nix + ../../modules/ContainerImages.nix ../../modules/sendmail-mta.nix ../../modules/journalwatch.nix diff --git a/modules/ContainerImages.nix b/modules/ContainerImages.nix new file mode 100644 index 0000000..bac088d --- /dev/null +++ b/modules/ContainerImages.nix @@ -0,0 +1,51 @@ +# Regularly build and push container images. + +{ config, pkgs, ... }: +let + dockerHubUsername = "p1st"; + repo = (builtins.fetchGit { + url = "https://codeberg.org/privacy1st/ContainerImages"; + #rev = "5e510fb77a0ebbbe082b383e12be8daffc09064d"; + #submodules = true; + }); +in +{ + # Configure ContainerImages. + # This creates file `/etc/ContainerImages/dockerhub-p1st`. + deployment.keys."dockerhub-${dockerHubUsername}" = { + # mkdir secrets/dockerhub-p1st + # sudo install -m600 /dev/stdin secrets/dockerhub-p1st/config.json + keyFile = ../secrets/dockerhub-${dockerHubUsername}/config.json; + destDir = "/etc/ContainerImages/${dockerHubUsername}"; + user = "root"; + group = "root"; + }; + + systemd.timers."ContainerImages" = { + wantedBy = [ "timers.target" ]; + partOf = [ "ContainerImages.service" ]; + timerConfig = { + OnBootSec = "1h"; + OnUnitInactiveSec = "3h"; + + AccuracySec = "1m"; + RandomizedDelaySec = "1m"; + }; + }; + + systemd.services."ContainerImages" = { + path = with pkgs; [ + docker + (pkgs.callPackage ./docker-pushrm-pkg.nix { }) + ]; + serviceConfig = { + Type = "oneshot"; + PrivateTmp = true; + User = "root"; + Nice = 19; + IOSchedulingClass = "idle"; + + ExecStart = "${pkgs.bash}/bin/bash ${repo}/run.sh"; + }; + }; +}