add ContainerImages

2024-11-21 22:03:19 +01:00 · 2024-09-28 22:25:36 +02:00 · 2024-09-28 22:25:36 +02:00 · 38b9001629
commit 38b9001629
parent 0e6504c54b
2 changed files with 52 additions and 0 deletions
--- a/hosts/yodaNas/configuration.nix
+++ b/hosts/yodaNas/configuration.nix
@ -20,6 +20,7 @@
      #../../modules/podman.nix
      ../../modules/docker.nix
      #../../modules/docker-pushrm.nix
+      ../../modules/ContainerImages.nix

      ../../modules/sendmail-mta.nix
      ../../modules/journalwatch.nix
--- a/modules/ContainerImages.nix
+++ b/modules/ContainerImages.nix
@ -0,0 +1,51 @@
+# Regularly build and push container images.
+
+{ config, pkgs, ... }:
+let
+  dockerHubUsername = "p1st";
+  repo = (builtins.fetchGit {
+    url = "https://codeberg.org/privacy1st/ContainerImages";
+    #rev = "5e510fb77a0ebbbe082b383e12be8daffc09064d";
+    #submodules = true;
+  });
+in
+{
+  # Configure ContainerImages.
+  # This creates file `/etc/ContainerImages/dockerhub-p1st`.
+  deployment.keys."dockerhub-${dockerHubUsername}" = {
+    # mkdir secrets/dockerhub-p1st
+    # sudo install -m600 /dev/stdin secrets/dockerhub-p1st/config.json
+    keyFile = ../secrets/dockerhub-${dockerHubUsername}/config.json;
+    destDir = "/etc/ContainerImages/${dockerHubUsername}";
+    user = "root";
+    group = "root";
+  };
+
+  systemd.timers."ContainerImages" = {
+    wantedBy = [ "timers.target" ];
+    partOf = [ "ContainerImages.service" ];
+    timerConfig = {
+      OnBootSec = "1h";
+      OnUnitInactiveSec = "3h";
+
+      AccuracySec = "1m";
+      RandomizedDelaySec = "1m";
+    };
+  };
+
+  systemd.services."ContainerImages" = {
+    path = with pkgs; [
+      docker
+      (pkgs.callPackage ./docker-pushrm-pkg.nix { })
+    ];
+    serviceConfig = {
+      Type = "oneshot";
+      PrivateTmp = true;
+      User = "root";
+      Nice = 19;
+      IOSchedulingClass = "idle";
+
+      ExecStart = "${pkgs.bash}/bin/bash ${repo}/run.sh";
+    };
+  };
+}