mirror of
https://codeberg.org/privacy1st/nix-git
synced 2024-11-21 22:03:19 +01:00
add ContainerImages
This commit is contained in:
parent
0e6504c54b
commit
38b9001629
@ -20,6 +20,7 @@
|
|||||||
#../../modules/podman.nix
|
#../../modules/podman.nix
|
||||||
../../modules/docker.nix
|
../../modules/docker.nix
|
||||||
#../../modules/docker-pushrm.nix
|
#../../modules/docker-pushrm.nix
|
||||||
|
../../modules/ContainerImages.nix
|
||||||
|
|
||||||
../../modules/sendmail-mta.nix
|
../../modules/sendmail-mta.nix
|
||||||
../../modules/journalwatch.nix
|
../../modules/journalwatch.nix
|
||||||
|
51
modules/ContainerImages.nix
Normal file
51
modules/ContainerImages.nix
Normal file
@ -0,0 +1,51 @@
|
|||||||
|
# Regularly build and push container images.
|
||||||
|
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
let
|
||||||
|
dockerHubUsername = "p1st";
|
||||||
|
repo = (builtins.fetchGit {
|
||||||
|
url = "https://codeberg.org/privacy1st/ContainerImages";
|
||||||
|
#rev = "5e510fb77a0ebbbe082b383e12be8daffc09064d";
|
||||||
|
#submodules = true;
|
||||||
|
});
|
||||||
|
in
|
||||||
|
{
|
||||||
|
# Configure ContainerImages.
|
||||||
|
# This creates file `/etc/ContainerImages/dockerhub-p1st`.
|
||||||
|
deployment.keys."dockerhub-${dockerHubUsername}" = {
|
||||||
|
# mkdir secrets/dockerhub-p1st
|
||||||
|
# sudo install -m600 /dev/stdin secrets/dockerhub-p1st/config.json
|
||||||
|
keyFile = ../secrets/dockerhub-${dockerHubUsername}/config.json;
|
||||||
|
destDir = "/etc/ContainerImages/${dockerHubUsername}";
|
||||||
|
user = "root";
|
||||||
|
group = "root";
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.timers."ContainerImages" = {
|
||||||
|
wantedBy = [ "timers.target" ];
|
||||||
|
partOf = [ "ContainerImages.service" ];
|
||||||
|
timerConfig = {
|
||||||
|
OnBootSec = "1h";
|
||||||
|
OnUnitInactiveSec = "3h";
|
||||||
|
|
||||||
|
AccuracySec = "1m";
|
||||||
|
RandomizedDelaySec = "1m";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services."ContainerImages" = {
|
||||||
|
path = with pkgs; [
|
||||||
|
docker
|
||||||
|
(pkgs.callPackage ./docker-pushrm-pkg.nix { })
|
||||||
|
];
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
PrivateTmp = true;
|
||||||
|
User = "root";
|
||||||
|
Nice = 19;
|
||||||
|
IOSchedulingClass = "idle";
|
||||||
|
|
||||||
|
ExecStart = "${pkgs.bash}/bin/bash ${repo}/run.sh";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user