nixos-config/develnix
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: nixos-config:master
Branches Tags
nixos-config:master nixos-config:sqq
..
compare: nixos-config:sqq
Branches Tags
nixos-config:sqq nixos-config:master

7 Commits
master ... sqq

Author SHA1 Message Date
stubbfel
92b7fa5bbf „module/dockerHelper/loadAndRunContainer.nix“ ändern 2018-11-27 21:42:13 +01:00
stubbfel
05a7e7c19e update20181126-2 2018-11-26 00:50:48 +01:00
stubbfel
970c447a39 update20181126 2018-11-26 00:35:07 +01:00
stubbfel
ae0700ab2d update20181125 2018-11-25 02:38:17 +01:00
stubbfel
a4fb9091c7 add sonarq pgk 2018-11-21 21:01:15 +01:00
stubbfel
88f9e0bcc4 add sqq docker 2018-11-21 20:34:24 +01:00
stubbfel
0ab1a1455d add docker and sqq 2018-11-20 23:31:52 +01:00
13 changed files with 190 additions and 1 deletions
Expand all files Collapse all files

6
configuration.nix
View File

@@ -18,6 +18,12 @@
./setup.nix ./setup.nix
]; ];
virtualisation.docker.enable = true;
virtualisation.docker.enableOnBoot = true;
#services.dockerRegistry.enable = true;
#services.dockerRegistry.listenAddress = "0.0.0.0";
networking.firewall.allowedTCPPorts = [5000 8080 8081 4200 80 ];
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
nix.gc.automatic = true; nix.gc.automatic = true;
nix.gc.dates = "03:15"; nix.gc.dates = "03:15";

33
module/dockerHelper/loadAndRunContainer.nix Normal file
View File

@@ -0,0 +1,33 @@
{pkgs, imageName, image, tag, extraRunConfig, containerName? "${imageName}-${tag}", wants ? [], after ? [], serviceType ? "oneshot"}:
let
imageId= "${imageName}:${tag}";
dockerBin = "${pkgs.docker}/bin/docker";
loggerBin = "${pkgs.logger}/bin/logger";
in
{
systemd.services."docker-load-run-${containerName}-container" = {
description = "Docker load and run ${containerName}-container";
wantedBy = [ "multi-user.target" ];
wants = [ "docker.service" "local-fs.target" ] ++ wants;
after = [ "docker.service" "local-fs.target" ] ++ after;
script = ''
if [[ "$(${dockerBin} images -aq ${imageId} 2> /dev/null)" == "" ]]; then
${dockerBin} load < ${image}
else
${loggerBin} -pdaemon.warning "an image with name ${imageId} already exists. Please use an other name or rename/remove the existing image, if you want use the new one."
fi
if [[ "$(${dockerBin} ps -qaf "name=${containerName}" 2> /dev/null)" == "" ]]; then
${dockerBin} run -d --name ${containerName} ${extraRunConfig} ${imageId}
else
${loggerBin} -pdaemon.warning "a container with name ${containerName} already exists. Please use an other name or rename/remove the existing containerName, if you want use the new one."
fi
'';
serviceConfig = {
Type = serviceType;
};
};
}

28
module/dockerHelper/privatePullImage.nix Normal file
View File

@@ -0,0 +1,28 @@
{pkgs, lib, imageName, imageDigest, sha256,
registry ? "",
os ? "linux",
arch ? "amd64",
finalImageTag ? "latest",
name ? builtins.replaceStrings ["/" ":"] ["-" "-"] "docker-image-${imageName}-${finalImageTag}.tar",
copyFlags ? []}:
let
fixRegistry = lib.removePrefix "https://" (lib.removePrefix "http://" registry);
in
pkgs.runCommand name {
inherit imageName imageDigest;
imageTag = finalImageTag;
impureEnvVars = pkgs.stdenv.lib.fetchers.proxyImpureEnvVars;
outputHashMode = "flat";
outputHashAlgo = "sha256";
outputHash = sha256;
nativeBuildInputs = lib.singleton (pkgs.skopeo);
SSL_CERT_FILE = "${pkgs.cacert.out}/etc/ssl/certs/ca-bundle.crt";
sourceURL = "docker://${fixRegistry}${lib.optionalString (registry!="") "/"}${imageName}@${imageDigest}";
destNameTag = "${imageName}:${finalImageTag}";
cpFlags = copyFlags;
} ''
skopeo --override-os ${os} --override-arch ${arch} copy $cpFlags "$sourceURL" "docker-archive://$out:$destNameTag"
''

2
programs/installed.nix
View File

@@ -2,7 +2,7 @@
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
wget curl vim nano zsh fzf wget curl vim nano zsh fzf docker_compose jre
]; ];
imports = imports =

25
programs/sonarqube.nix Normal file
View File

@@ -0,0 +1,25 @@
with import <nixpkgs> {};
{ version }:
let
buildSonarQube = stdenv.mkDerivation rec {
name = "sonarqube-${version}";
src = fetchzip {
url = "https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-${version}.zip";
sha256="0rsfplylqxg7is73qv0w6jaiybixpdx2avmsfirpnn5pxill45pj";
};
phases = [ "unpackPhase" "installPhase"];
installPhase = ''
cp -R . $out
substitute bin/linux-x86-64/sonar.sh $out/bin/linux-x86-64/sonar.sh --replace /usr/bin/ps ${ps}/bin/ps
'';
postFixup = ''
patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" $ou/bin/linux-x86-64/wrapper
'';
};
in
buildSonarQube

11
services/dockerregistry.nix Normal file
View File

@@ -0,0 +1,11 @@
{ config, pkgs, ... }:
let
dockerRegistryImg = pkgs.dockerTools.pullImage {
imageName = "library/registry";
imageDigest = "sha256:5a156ff125e5a12ac7fdec2b90b7e2ae5120fa249cf62248337b6d04abc574c8";
sha256 = "1rz308i0ba5224nys2z48idpfwpw131wg3nzbyl26a6vdqbrx3lq";
finalImageTag = "2.6.2";
};
in
import ./../module/dockerHelper/loadAndRunContainer.nix { pkgs = pkgs; imageName = "registry"; image = dockerRegistryImg; tag = "2.6.2"; extraRunConfig = "--restart always -p 5000:5000";}

19
services/dockerregistryui.nix Normal file
View File

@@ -0,0 +1,19 @@
{ config, pkgs, ... }:
let
dockerRegistryUiImg = pkgs.dockerTools.pullImage {
imageName = "joxit/docker-registry-ui";
imageDigest = "sha256:b146b0ce32f467b94799556f9efaa177603daf12e59c0754f91db87c6eaa60d6";
sha256 = "0bn4r102rg0bk9j6f8b841hmqwagvlz24njjj68nx8w91qmqzz2w";
finalImageTag = "0.5-static";
};
in
import ./../module/dockerHelper/loadAndRunContainer.nix {
pkgs = pkgs;
imageName = "joxit/docker-registry-ui";
containerName = "docker-registry-ui-0.5-static";
image = dockerRegistryUiImg;
tag = "0.5-static";
extraRunConfig = ''--restart always -p 9000:80 --link registry-2.6.2 -e REGISTRY_URL=http://registry-2.6.2:5000 -e DELETE_IMAGES=false -e REGISTRY_TITLE="My registry"'';
}

5
services/enabled.nix
View File

@@ -4,5 +4,10 @@
imports = imports =
[ [
./sshd.nix ./sshd.nix
./sonarqubedocker.nix
./sqb.nix
./dockerregistry.nix
./dockerregistryui.nix
# ./sqq.nix
]; ];
} }

12
services/sonarqubedocker.nix Normal file
View File

@@ -0,0 +1,12 @@
{ config, pkgs, ... }:
let
sonarqubeImg = pkgs.dockerTools.pullImage {
imageName = "library/sonarqube";
imageDigest = "sha256:cc57b262ee9e7145456dee8c7ae24622c82b22cabeaac4651e7dd642da806f2e";
sha256 = "1cmx5p66c0639vkxp0hlfgfr4nyac4lcx0mcl25mkcwhcnlj1mrw";
finalImageTag = "7.1";
};
in
import ./../module/dockerHelper/loadAndRunContainer.nix { pkgs = pkgs; imageName = "sonarqube"; image = sonarqubeImg; tag = "7.1"; extraRunConfig = "--restart always -p 9000:9000 -p 9092:9092";}

15
services/sqb.nix Normal file
View File

@@ -0,0 +1,15 @@
{ config, pkgs, lib,... }:
let
sonarqubeImg = import ./../module/dockerHelper/privatePullImage.nix {
pkgs = pkgs;
lib= lib;
registry = "http://localhost:5000";
imageName = "sonarquest_backend";
imageDigest = "sha256:a9dcc6d72c4880a7110d987ff60566b8f30d0b9aa1a792ca5cee6d15bf116ecd";
sha256 = "18ghfqli101x35xzjlhnvzvx30bbxp06chmpm3cdr0956mnxvbxj";
finalImageTag = "1";
copyFlags = ["--src-tls-verify=false" "--dest-tls-verify=false"];
};
in
import ./../module/dockerHelper/loadAndRunContainer.nix { pkgs = pkgs; imageName = "sonarquest_backend"; image = sonarqubeImg; tag = "1"; extraRunConfig = "--restart always -p 4200:4200";}

5
services/sqq.nix Normal file
View File

@@ -0,0 +1,5 @@
{ config, pkgs, ... }:
{
networking.firewall.allowedTCPPorts = [4200 8080];
}

29
sonarqubeDocker.nix Normal file
View File

@@ -0,0 +1,29 @@
with import <nixpkgs> {};
let
sonarqubeImg = dockerTools.pullImage {
imageName = "library/sonarqube";
imageDigest = "sha256:cc57b262ee9e7145456dee8c7ae24622c82b22cabeaac4651e7dd642da806f2e";
sha256 = "1cmx5p66c0639vkxp0hlfgfr4nyac4lcx0mcl25mkcwhcnlj1mrw";
finalImageTag = "7.1";
};
in
{
systemd.services.docker-load-sonarqube-image = {
description = "Docker load sonarqube-container";
wantedBy = [ "multi-user.target" ];
wants = [ "docker.service" "local-fs.target" ];
after = [ "docker.service" "local-fs.target" ];
script = ''
${docker}/bin/docker load < ${sonarqubeImg}
${docker}/bin/docker run -d --restart always --name sonarqube-7.1 -p 9000:9000 -p 9092:9092 sonarqube:7.1
'';
serviceConfig = {
Type = "oneshot";
};
};
}

1
users.nix
View File

@@ -9,5 +9,6 @@ in
users = { users = {
defaultUserShell = pkgs.zsh; defaultUserShell = pkgs.zsh;
extraUsers.devel = myPublicSshKeys // { isNormalUser = true; home = "/home/devel"; extraGroups = [ "wheel"]; password = "devel";}; extraUsers.devel = myPublicSshKeys // { isNormalUser = true; home = "/home/devel"; extraGroups = [ "wheel"]; password = "devel";};
extraUsers.sqq = myPublicSshKeys // { isNormalUser = true; home = "/home/sqq"; extraGroups = [ "wheel" "docker"]; password = "sqq";};
}; };
} }