„module/dockerHelper/loadAndRunContainer.nix“ ändern

update20181126-2
update20181126
2018-11-27 21:42:13 +01:00 · 2018-11-26 00:50:48 +01:00 · 2018-11-26 00:35:07 +01:00 · 2018-11-25 02:38:17 +01:00 · 2018-11-21 21:01:15 +01:00 · 2018-11-21 20:34:24 +01:00
13 changed files with 190 additions and 1 deletions
--- a/configuration.nix
+++ b/configuration.nix
@@ -18,6 +18,12 @@
        ./setup.nix
    ];

+    virtualisation.docker.enable = true;
+    virtualisation.docker.enableOnBoot = true;
+    #services.dockerRegistry.enable = true;
+    #services.dockerRegistry.listenAddress = "0.0.0.0";
+    networking.firewall.allowedTCPPorts = [5000 8080 8081 4200 80 ];
+
    nixpkgs.config.allowUnfree = true;
    nix.gc.automatic = true;
    nix.gc.dates = "03:15";
--- a/module/dockerHelper/loadAndRunContainer.nix
+++ b/module/dockerHelper/loadAndRunContainer.nix
@@ -0,0 +1,33 @@
+{pkgs, imageName, image, tag, extraRunConfig, containerName? "${imageName}-${tag}", wants ? [], after ? [], serviceType ? "oneshot"}:
+
+let
+    imageId= "${imageName}:${tag}";
+    dockerBin = "${pkgs.docker}/bin/docker";
+    loggerBin = "${pkgs.logger}/bin/logger";
+in
+{
+    systemd.services."docker-load-run-${containerName}-container" = {
+        description = "Docker load and run ${containerName}-container";
+        wantedBy    = [ "multi-user.target" ];
+        wants       = [ "docker.service" "local-fs.target" ] ++ wants;
+        after       = [ "docker.service" "local-fs.target" ] ++ after;
+
+        script = ''
+        if [[ "$(${dockerBin} images -aq ${imageId} 2> /dev/null)" == "" ]]; then
+            ${dockerBin}  load < ${image}
+        else
+            ${loggerBin} -pdaemon.warning "an image with name ${imageId} already exists. Please use an other name or rename/remove the existing image, if you want use the new one."
+        fi
+
+        if [[ "$(${dockerBin} ps -qaf "name=${containerName}" 2> /dev/null)" == "" ]]; then
+            ${dockerBin} run -d --name ${containerName} ${extraRunConfig} ${imageId}
+        else
+            ${loggerBin} -pdaemon.warning "a container with name ${containerName} already exists. Please use an other name or rename/remove the existing containerName, if you want use the new one."
+        fi
+        '';
+
+        serviceConfig = {
+          Type = serviceType;
+        };
+    };
+}
--- a/module/dockerHelper/privatePullImage.nix
+++ b/module/dockerHelper/privatePullImage.nix
@@ -0,0 +1,28 @@
+{pkgs, lib, imageName, imageDigest, sha256,
+    registry ? "",
+    os ? "linux",
+    arch ? "amd64",
+    finalImageTag ? "latest",
+    name ? builtins.replaceStrings ["/" ":"] ["-" "-"] "docker-image-${imageName}-${finalImageTag}.tar",
+    copyFlags ? []}:
+
+let
+    fixRegistry  = lib.removePrefix "https://" (lib.removePrefix "http://" registry);
+in
+pkgs.runCommand name {
+     inherit imageName imageDigest;
+     imageTag = finalImageTag;
+     impureEnvVars = pkgs.stdenv.lib.fetchers.proxyImpureEnvVars;
+     outputHashMode = "flat";
+     outputHashAlgo = "sha256";
+     outputHash = sha256;
+
+     nativeBuildInputs = lib.singleton (pkgs.skopeo);
+     SSL_CERT_FILE = "${pkgs.cacert.out}/etc/ssl/certs/ca-bundle.crt";
+
+     sourceURL = "docker://${fixRegistry}${lib.optionalString (registry!="") "/"}${imageName}@${imageDigest}";
+     destNameTag = "${imageName}:${finalImageTag}";
+     cpFlags = copyFlags;
+    } ''
+     skopeo --override-os ${os} --override-arch ${arch} copy $cpFlags "$sourceURL" "docker-archive://$out:$destNameTag"
+    ''
--- a/programs/installed.nix
+++ b/programs/installed.nix
@@ -2,7 +2,7 @@

 {
    environment.systemPackages = with pkgs; [
-        wget curl vim nano zsh fzf
+        wget curl vim nano zsh fzf docker_compose jre
    ];

    imports =
--- a/programs/sonarqube.nix
+++ b/programs/sonarqube.nix
@@ -0,0 +1,25 @@
+with import <nixpkgs> {};
+
+{ version }:
+let
+    buildSonarQube = stdenv.mkDerivation rec {
+        name = "sonarqube-${version}";
+
+        src = fetchzip {
+            url = "https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-${version}.zip";
+            sha256="0rsfplylqxg7is73qv0w6jaiybixpdx2avmsfirpnn5pxill45pj";
+        };
+
+        phases = [ "unpackPhase" "installPhase"];
+
+        installPhase = ''
+	    cp -R . $out
+	    substitute bin/linux-x86-64/sonar.sh   $out/bin/linux-x86-64/sonar.sh --replace /usr/bin/ps ${ps}/bin/ps
+        '';
+
+	postFixup = ''
+		patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)"  $ou/bin/linux-x86-64/wrapper
+  '';
+    };
+in
+    buildSonarQube
--- a/services/dockerregistry.nix
+++ b/services/dockerregistry.nix
@@ -0,0 +1,11 @@
+{ config, pkgs, ... }:
+
+let
+    dockerRegistryImg = pkgs.dockerTools.pullImage {
+        imageName = "library/registry";
+        imageDigest = "sha256:5a156ff125e5a12ac7fdec2b90b7e2ae5120fa249cf62248337b6d04abc574c8";
+        sha256 = "1rz308i0ba5224nys2z48idpfwpw131wg3nzbyl26a6vdqbrx3lq";
+        finalImageTag = "2.6.2";
+    };
+in
+import ./../module/dockerHelper/loadAndRunContainer.nix { pkgs = pkgs; imageName = "registry"; image = dockerRegistryImg; tag = "2.6.2"; extraRunConfig = "--restart always -p 5000:5000";}
--- a/services/dockerregistryui.nix
+++ b/services/dockerregistryui.nix
@@ -0,0 +1,19 @@
+{ config, pkgs, ... }:
+
+let
+    dockerRegistryUiImg = pkgs.dockerTools.pullImage {
+        imageName = "joxit/docker-registry-ui";
+        imageDigest = "sha256:b146b0ce32f467b94799556f9efaa177603daf12e59c0754f91db87c6eaa60d6";
+        sha256 = "0bn4r102rg0bk9j6f8b841hmqwagvlz24njjj68nx8w91qmqzz2w";
+        finalImageTag = "0.5-static";
+    };
+
+in
+import ./../module/dockerHelper/loadAndRunContainer.nix {
+    pkgs = pkgs;
+    imageName = "joxit/docker-registry-ui";
+    containerName = "docker-registry-ui-0.5-static";
+    image = dockerRegistryUiImg;
+    tag = "0.5-static";
+    extraRunConfig = ''--restart always -p 9000:80 --link registry-2.6.2 -e REGISTRY_URL=http://registry-2.6.2:5000 -e DELETE_IMAGES=false -e REGISTRY_TITLE="My registry"'';
+}
--- a/services/enabled.nix
+++ b/services/enabled.nix
@@ -4,5 +4,10 @@
    imports =
    [
        ./sshd.nix
+        ./sonarqubedocker.nix
+        ./sqb.nix
+        ./dockerregistry.nix
+        ./dockerregistryui.nix
+#	./sqq.nix
    ];
 }
--- a/services/sonarqubedocker.nix
+++ b/services/sonarqubedocker.nix
@@ -0,0 +1,12 @@
+{ config, pkgs, ... }:
+
+let
+    sonarqubeImg = pkgs.dockerTools.pullImage {
+        imageName = "library/sonarqube";
+        imageDigest = "sha256:cc57b262ee9e7145456dee8c7ae24622c82b22cabeaac4651e7dd642da806f2e";
+        sha256 = "1cmx5p66c0639vkxp0hlfgfr4nyac4lcx0mcl25mkcwhcnlj1mrw";
+        finalImageTag = "7.1";
+    };
+
+in
+import ./../module/dockerHelper/loadAndRunContainer.nix { pkgs = pkgs; imageName = "sonarqube"; image = sonarqubeImg; tag = "7.1"; extraRunConfig = "--restart always -p 9000:9000 -p 9092:9092";}
--- a/services/sqb.nix
+++ b/services/sqb.nix
@@ -0,0 +1,15 @@
+{ config, pkgs, lib,... }:
+
+let
+    sonarqubeImg = import ./../module/dockerHelper/privatePullImage.nix {
+        pkgs = pkgs;
+        lib= lib;
+        registry = "http://localhost:5000";
+        imageName = "sonarquest_backend";
+        imageDigest = "sha256:a9dcc6d72c4880a7110d987ff60566b8f30d0b9aa1a792ca5cee6d15bf116ecd";
+        sha256 = "18ghfqli101x35xzjlhnvzvx30bbxp06chmpm3cdr0956mnxvbxj";
+        finalImageTag = "1";
+        copyFlags = ["--src-tls-verify=false" "--dest-tls-verify=false"];
+    };
+in
+import ./../module/dockerHelper/loadAndRunContainer.nix { pkgs = pkgs; imageName = "sonarquest_backend"; image = sonarqubeImg; tag = "1"; extraRunConfig = "--restart always -p 4200:4200";}
--- a/services/sqq.nix
+++ b/services/sqq.nix
@@ -0,0 +1,5 @@
+{ config, pkgs, ... }:
+
+{
+	networking.firewall.allowedTCPPorts = [4200 8080];
+}
--- a/sonarqubeDocker.nix
+++ b/sonarqubeDocker.nix
@@ -0,0 +1,29 @@
+with import <nixpkgs> {};
+
+let
+    sonarqubeImg = dockerTools.pullImage {
+        imageName = "library/sonarqube";
+        imageDigest = "sha256:cc57b262ee9e7145456dee8c7ae24622c82b22cabeaac4651e7dd642da806f2e";
+        sha256 = "1cmx5p66c0639vkxp0hlfgfr4nyac4lcx0mcl25mkcwhcnlj1mrw";
+        finalImageTag = "7.1";
+    };
+
+in
+
+{
+    systemd.services.docker-load-sonarqube-image = {
+        description = "Docker load sonarqube-container";
+        wantedBy    = [ "multi-user.target" ];
+        wants       = [ "docker.service" "local-fs.target" ];
+        after       = [ "docker.service" "local-fs.target" ];
+
+        script = ''
+            ${docker}/bin/docker load < ${sonarqubeImg}
+            ${docker}/bin/docker run -d  --restart always --name sonarqube-7.1 -p 9000:9000 -p 9092:9092 sonarqube:7.1
+        '';
+
+        serviceConfig = {
+          Type = "oneshot";
+        };
+    };
+}
--- a/users.nix
+++ b/users.nix
@@ -9,5 +9,6 @@ in
    users = {
        defaultUserShell = pkgs.zsh;
        extraUsers.devel = myPublicSshKeys //  { isNormalUser = true;  home = "/home/devel"; extraGroups = [ "wheel"]; password = "devel";};
+        extraUsers.sqq = myPublicSshKeys //  { isNormalUser = true;  home = "/home/sqq"; extraGroups = [ "wheel" "docker"]; password = "sqq";};
    };
 }
Author	SHA1	Message	Date
stubbfel	92b7fa5bbf	„module/dockerHelper/loadAndRunContainer.nix“ ändern	2018-11-27 21:42:13 +01:00
stubbfel	05a7e7c19e	update20181126-2	2018-11-26 00:50:48 +01:00
stubbfel	970c447a39	update20181126	2018-11-26 00:35:07 +01:00
stubbfel	ae0700ab2d	update20181125	2018-11-25 02:38:17 +01:00
stubbfel	a4fb9091c7	add sonarq pgk	2018-11-21 21:01:15 +01:00
stubbfel	88f9e0bcc4	add sqq docker	2018-11-21 20:34:24 +01:00
stubbfel	0ab1a1455d	add docker and sqq	2018-11-20 23:31:52 +01:00