From 970c447a39b19a2e14f0e18b4407de141165ffa0 Mon Sep 17 00:00:00 2001 From: stubbfel Date: Mon, 26 Nov 2018 00:35:07 +0100 Subject: [PATCH] update20181126 --- module/dockerHelper/loadAndRunContainer.nix | 24 +++++++++++++---- module/dockerHelper/privatePullImage.nix | 28 ++++++++++++++++++++ services/dockerregistry.nix | 11 ++++++++ services/dockerregistryui.nix | 19 ++++++++++++++ services/enabled.nix | 2 ++ services/sonarqubedocker.nix | 2 +- services/sqb.nix | 15 +++++++++++ sonarqubeDocker.nix | 29 +++++++++++++++++++++ 8 files changed, 124 insertions(+), 6 deletions(-) create mode 100644 module/dockerHelper/privatePullImage.nix create mode 100644 services/dockerregistry.nix create mode 100644 services/dockerregistryui.nix create mode 100644 services/sqb.nix create mode 100644 sonarqubeDocker.nix diff --git a/module/dockerHelper/loadAndRunContainer.nix b/module/dockerHelper/loadAndRunContainer.nix index 1cd6760..6529c15 100644 --- a/module/dockerHelper/loadAndRunContainer.nix +++ b/module/dockerHelper/loadAndRunContainer.nix @@ -1,15 +1,29 @@ -{dockerPgks, name, image, tag, extraRunConfig}: +{pkgs, imageName, image, tag, extraRunConfig, containerName? "${imageName}-${tag}"}: +let + imageId= "${imageName}:${tag}"; + dockerBin = "${pkgs.docker}/bin/docker"; + loggerBin = "${pkgs.logger}/bin/logger"; +in { - systemd.services."docker-load-run-${name}-${tag}-container" = { - description = "Docker load and run ${name}-${tag}-container"; + systemd.services."docker-load-run-${containerName}-container" = { + description = "Docker load and run ${containerName}-container"; wantedBy = [ "multi-user.target" ]; wants = [ "docker.service" "local-fs.target" ]; after = [ "docker.service" "local-fs.target" ]; script = '' - ${dockerPgks}/bin/docker load < ${image} - ${dockerPgks}/bin/docker run -d --name ${name}-${tag} ${extraRunConfig} ${name}:${tag} + if [[ "$(${dockerBin} images -aq ${imageId} 2> /dev/null)" == "" ]]; then + ${dockerBin} load < ${image} + else + ${loggerBin} -pdaemon.warning "an image with name ${imageId} already exists. Please use an other name or rename/remove the existing image, if you want use the new one." + fi + + if [[ "$(${dockerBin} ps -qaf "name=${containerName}" 2> /dev/null)" == "" ]]; then + ${dockerBin} run -d --name ${containerName} ${extraRunConfig} ${imageId} + else + ${loggerBin} -pdaemon.warning "a container with name ${containerName} already exists. Please use an other name or rename/remove the existing containerName, if you want use the new one." + fi ''; serviceConfig = { diff --git a/module/dockerHelper/privatePullImage.nix b/module/dockerHelper/privatePullImage.nix new file mode 100644 index 0000000..a981146 --- /dev/null +++ b/module/dockerHelper/privatePullImage.nix @@ -0,0 +1,28 @@ +{pkgs, lib, imageName, imageDigest, sha256, + registry ? "", + os ? "linux", + arch ? "amd64", + finalImageTag ? "latest", + name ? builtins.replaceStrings ["/" ":"] ["-" "-"] "docker-image-${imageName}-${finalImageTag}.tar", + copyFlags ? []}: + +let + fixRegistry = lib.removePrefix "https://" (lib.removePrefix "http://" registry); +in +pkgs.runCommand name { + inherit imageName imageDigest; + imageTag = finalImageTag; + impureEnvVars = pkgs.stdenv.lib.fetchers.proxyImpureEnvVars; + outputHashMode = "flat"; + outputHashAlgo = "sha256"; + outputHash = sha256; + + nativeBuildInputs = lib.singleton (pkgs.skopeo); + SSL_CERT_FILE = "${pkgs.cacert.out}/etc/ssl/certs/ca-bundle.crt"; + + sourceURL = "docker://${fixRegistry}${lib.optionalString (registry!="") "/"}${imageName}@${imageDigest}"; + destNameTag = "${imageName}:${finalImageTag}"; + cpFlags = copyFlags; + } '' + skopeo --override-os ${os} --override-arch ${arch} copy $cpFlags "$sourceURL" "docker-archive://$out:$destNameTag" + '' diff --git a/services/dockerregistry.nix b/services/dockerregistry.nix new file mode 100644 index 0000000..769737c --- /dev/null +++ b/services/dockerregistry.nix @@ -0,0 +1,11 @@ +{ config, pkgs, ... }: + +let + dockerRegistryImg = pkgs.dockerTools.pullImage { + imageName = "library/registry"; + imageDigest = "sha256:5a156ff125e5a12ac7fdec2b90b7e2ae5120fa249cf62248337b6d04abc574c8"; + sha256 = "1rz308i0ba5224nys2z48idpfwpw131wg3nzbyl26a6vdqbrx3lq"; + finalImageTag = "2.6.2"; + }; +in +import ./../module/dockerHelper/loadAndRunContainer.nix { pkgs = pkgs; imageName = "registry"; image = dockerRegistryImg; tag = "2.6.2"; extraRunConfig = "--restart always -p 5000:5000";} diff --git a/services/dockerregistryui.nix b/services/dockerregistryui.nix new file mode 100644 index 0000000..bfc720f --- /dev/null +++ b/services/dockerregistryui.nix @@ -0,0 +1,19 @@ +{ config, pkgs, ... }: + +let + dockerRegistryUiImg = pkgs.dockerTools.pullImage { + imageName = "joxit/docker-registry-ui"; + imageDigest = "sha256:b146b0ce32f467b94799556f9efaa177603daf12e59c0754f91db87c6eaa60d6"; + sha256 = "0bn4r102rg0bk9j6f8b841hmqwagvlz24njjj68nx8w91qmqzz2w"; + finalImageTag = "0.5-static"; + }; + +in +import ./../module/dockerHelper/loadAndRunContainer.nix { + pkgs = pkgs; + imageName = "joxit/docker-registry-ui"; + containerName = "docker-registry-ui-0.5-static"; + image = dockerRegistryUiImg; + tag = "0.5-static"; + extraRunConfig = ''--restart always -p 9000:80 --link registry-2.6.2 -e REGISTRY_URL=http://registry-2.6.2:5000 -e DELETE_IMAGES=false -e REGISTRY_TITLE="My registry"''; +} diff --git a/services/enabled.nix b/services/enabled.nix index 3315d03..adf8d09 100644 --- a/services/enabled.nix +++ b/services/enabled.nix @@ -5,6 +5,8 @@ [ ./sshd.nix ./sonarqubedocker.nix + ./dockerregistry.nix + ./dockerregistryui.nix # ./sqq.nix ]; } diff --git a/services/sonarqubedocker.nix b/services/sonarqubedocker.nix index 4afe4c4..c5d216d 100644 --- a/services/sonarqubedocker.nix +++ b/services/sonarqubedocker.nix @@ -9,4 +9,4 @@ let }; in -import ./../module/dockerHelper/loadAndRunContainer.nix { dockerPgks = pkgs.docker; name = "sonarqube"; image = sonarqubeImg; tag = "7.1"; extraRunConfig = "--restart always -p 9000:9000 -p 9092:9092";} +import ./../module/dockerHelper/loadAndRunContainer.nix { pkgs = pkgs; imageName = "sonarqube"; image = sonarqubeImg; tag = "7.1"; extraRunConfig = "--restart always -p 9000:9000 -p 9092:9092";} diff --git a/services/sqb.nix b/services/sqb.nix new file mode 100644 index 0000000..2d8154d --- /dev/null +++ b/services/sqb.nix @@ -0,0 +1,15 @@ +{ config, pkgs, ... }: + +let + sonarqubeImg = import ./../module/dockerHelper/privatePullImage.nix { + pkgs = pkgs; + lib= lib; + registry = "http://localhost:5000"; + imageName = "sqqb"; + imageDigest = "sha256:acd85db6e4b18aafa7fcde5480872909bd8e6d5fbd4e5e790ecc09acc06a8b78"; + sha256 = "0md9mx7p21hyk7inqi0k44z2qi1p9ng0iv46g9qghf4v4jl77pri"; + finalImageTag = "1"; + copyFlags = ["--src-tls-verify=false" "--dest-tls-verify=false"]; + }; +in +import ./../module/dockerHelper/loadAndRunContainer.nix { pkgs = pkgs; imageName = "registry"; image = sonarqubeImg; tag = "1"; extraRunConfig = "--restart always -p 4200:4200";} diff --git a/sonarqubeDocker.nix b/sonarqubeDocker.nix new file mode 100644 index 0000000..1dc7b64 --- /dev/null +++ b/sonarqubeDocker.nix @@ -0,0 +1,29 @@ +with import {}; + +let + sonarqubeImg = dockerTools.pullImage { + imageName = "library/sonarqube"; + imageDigest = "sha256:cc57b262ee9e7145456dee8c7ae24622c82b22cabeaac4651e7dd642da806f2e"; + sha256 = "1cmx5p66c0639vkxp0hlfgfr4nyac4lcx0mcl25mkcwhcnlj1mrw"; + finalImageTag = "7.1"; + }; + +in + +{ + systemd.services.docker-load-sonarqube-image = { + description = "Docker load sonarqube-container"; + wantedBy = [ "multi-user.target" ]; + wants = [ "docker.service" "local-fs.target" ]; + after = [ "docker.service" "local-fs.target" ]; + + script = '' + ${docker}/bin/docker load < ${sonarqubeImg} + ${docker}/bin/docker run -d --restart always --name sonarqube-7.1 -p 9000:9000 -p 9092:9092 sonarqube:7.1 + ''; + + serviceConfig = { + Type = "oneshot"; + }; + }; +}