# Regularly build and push container images. { config, pkgs, ... }: let dockerHubUsername = "p1st"; repo = (builtins.fetchGit { url = "https://codeberg.org/privacy1st/ContainerImages"; #rev = "5e510fb77a0ebbbe082b383e12be8daffc09064d"; #submodules = true; }); in { # Configure ContainerImages. # This creates file `/etc/ContainerImages/dockerhub-p1st`. # # `config.json` is created by running `docker login` for the correct user. # It has the following content # { # "auths": { # "https://index.docker.io/v1/": { # "auth": "REPLACE-ME-WITH-REAL-VALUE" # } # } # } deployment.keys."dockerhub-${dockerHubUsername}" = { # mkdir secrets/dockerhub-p1st # sudo install -m600 /dev/stdin secrets/dockerhub-p1st/config.json keyFile = ../secrets/dockerhub-${dockerHubUsername}/config.json; destDir = "/etc/ContainerImages/${dockerHubUsername}"; user = "root"; group = "root"; }; systemd.timers."ContainerImages" = { wantedBy = [ "timers.target" ]; partOf = [ "ContainerImages.service" ]; timerConfig = { OnBootSec = "1h"; OnUnitInactiveSec = "3h"; AccuracySec = "1m"; RandomizedDelaySec = "1m"; }; }; systemd.services."ContainerImages" = { path = with pkgs; [ docker (pkgs.callPackage ./docker-pushrm-pkg.nix { }) ]; serviceConfig = { Type = "oneshot"; PrivateTmp = true; User = "root"; Nice = 19; IOSchedulingClass = "idle"; ExecStart = "${pkgs.bash}/bin/bash ${repo}/run.sh"; }; }; }