2023-08-20 12:29:50 +08:00
|
|
|
inputs:
|
|
|
|
|
{
|
2023-09-18 06:47:49 +08:00
|
|
|
options.nixos.services.docker = let inherit (inputs.lib) mkOption types; in mkOption
|
2023-09-01 21:05:26 +08:00
|
|
|
{
|
|
|
|
|
type = types.attrsOf (types.submodule (inputs: { options =
|
|
|
|
|
{
|
|
|
|
|
user = mkOption { type = types.nonEmptyStr; default = inputs.config._module.args.name; };
|
|
|
|
|
image = mkOption { type = types.package; };
|
|
|
|
|
ports = mkOption
|
|
|
|
|
{
|
|
|
|
|
type = types.listOf (types.oneOf
|
|
|
|
|
[
|
|
|
|
|
types.ints.unsigned
|
|
|
|
|
types.submodule (inputs: { options =
|
|
|
|
|
{
|
|
|
|
|
hostIp = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
|
|
|
|
|
hostPort = mkOption { type = types.ints.unsigned; };
|
|
|
|
|
containerPort = mkOption { type = types.ints.unsigned; };
|
|
|
|
|
protocol = mkOption { type = types.enum [ "tcp" "udp" ]; default = "tcp"; };
|
|
|
|
|
};})
|
|
|
|
|
]);
|
|
|
|
|
default = [];
|
|
|
|
|
};
|
|
|
|
|
environmentFile = mkOption { type = types.oneOf [ types.bool types.nonEmptyStr ]; default = false; };
|
|
|
|
|
};}));
|
|
|
|
|
default = {};
|
|
|
|
|
};
|
|
|
|
|
config =
|
|
|
|
|
let
|
2023-09-18 06:47:49 +08:00
|
|
|
inherit (inputs.lib) mkIf;
|
|
|
|
|
inherit (builtins) listToAttrs map;
|
2023-09-01 21:05:26 +08:00
|
|
|
inherit (inputs.localLib) attrsToList;
|
|
|
|
|
inherit (inputs.config.nixos.services) docker;
|
2023-09-18 06:47:49 +08:00
|
|
|
users = inputs.lib.lists.unique (map (container: container.value.user) (attrsToList docker));
|
|
|
|
|
# users = map
|
|
|
|
|
# (user: builtins.filter (container: container.user == user) (builtins.attrValues docker))
|
|
|
|
|
# (inputs.lib.lists.unique (map (container: container.value.user) (attrsToList docker)));
|
|
|
|
|
in mkIf (docker != {})
|
|
|
|
|
{
|
|
|
|
|
nixos =
|
|
|
|
|
{
|
|
|
|
|
virtualization.docker.enable = true;
|
|
|
|
|
users.linger = users;
|
|
|
|
|
};
|
|
|
|
|
users =
|
2023-09-16 19:21:05 +08:00
|
|
|
{
|
2023-09-18 06:47:49 +08:00
|
|
|
users = listToAttrs (map
|
|
|
|
|
(user:
|
2023-09-17 12:48:11 +08:00
|
|
|
{
|
2023-09-18 06:47:49 +08:00
|
|
|
name = user;
|
2023-09-17 12:48:11 +08:00
|
|
|
value =
|
|
|
|
|
{
|
2023-09-18 06:47:49 +08:00
|
|
|
isSystemUser = true;
|
|
|
|
|
group = user;
|
|
|
|
|
autoSubUidGidRange = true;
|
|
|
|
|
home = "/run/docker-rootless/${user}";
|
|
|
|
|
createHome = true;
|
2023-09-17 12:48:11 +08:00
|
|
|
};
|
|
|
|
|
})
|
2023-09-18 06:47:49 +08:00
|
|
|
users);
|
|
|
|
|
groups = listToAttrs (map (user: { name = user; value = {}; }) users);
|
|
|
|
|
};
|
|
|
|
|
home-manager.users = listToAttrs (map
|
|
|
|
|
(user:
|
|
|
|
|
{
|
|
|
|
|
name = user;
|
|
|
|
|
value.config.systemd.user.services = listToAttrs (map
|
|
|
|
|
(container:
|
2023-09-01 21:05:26 +08:00
|
|
|
{
|
2023-09-18 06:47:49 +08:00
|
|
|
inherit (container) name;
|
2023-09-17 12:48:11 +08:00
|
|
|
value =
|
2023-09-01 21:05:26 +08:00
|
|
|
{
|
2023-09-18 06:47:49 +08:00
|
|
|
Unit =
|
2023-09-01 21:05:26 +08:00
|
|
|
{
|
2023-09-18 06:47:49 +08:00
|
|
|
After = [ "dbus.socket" ];
|
|
|
|
|
Wants = [ "dbus.socket" ];
|
|
|
|
|
};
|
|
|
|
|
Install.WantedBy = [ "default.target" ];
|
|
|
|
|
Service =
|
|
|
|
|
{
|
|
|
|
|
Type = "simple";
|
|
|
|
|
RemainAfterExit = true;
|
|
|
|
|
ExecStart = inputs.pkgs.writeShellScript "docker-${container.name}.start"
|
|
|
|
|
''
|
|
|
|
|
docker rm -f ${container.name} || true
|
|
|
|
|
echo "loading image"
|
|
|
|
|
docker load -i ${container.value.image}
|
|
|
|
|
echo "load finish"
|
|
|
|
|
docker image ls
|
|
|
|
|
${
|
|
|
|
|
builtins.concatStringsSep " \\\n"
|
|
|
|
|
(
|
|
|
|
|
[
|
|
|
|
|
"docker run --rm --name=${container.name}"
|
|
|
|
|
"--add-host=host.docker.internal:host-gateway"
|
|
|
|
|
]
|
|
|
|
|
++ (
|
|
|
|
|
if (builtins.typeOf container.value.environmentFile) == "string"
|
|
|
|
|
then [ "--env-file ${container.value.environmentFile}" ]
|
|
|
|
|
else if container.value.environmentFile
|
|
|
|
|
then [ "--env-file ${inputs.config.sops.templates."${container.name}.env".path}" ]
|
|
|
|
|
else []
|
|
|
|
|
)
|
|
|
|
|
++ (map
|
|
|
|
|
(port: "-p ${port}")
|
|
|
|
|
(map
|
|
|
|
|
(port:
|
|
|
|
|
if builtins.typeOf port == "int" then toString port
|
|
|
|
|
else "${port.value.hostIp}:${toString port.value.hostPort}"
|
|
|
|
|
+ ":${toString port.value.containerPort}/${port.value.protocol}"
|
|
|
|
|
)
|
|
|
|
|
container.value.ports))
|
|
|
|
|
++ [ "${container.value.image.imageName}:${container.value.image.imageTag}" ]
|
|
|
|
|
)
|
|
|
|
|
}
|
|
|
|
|
'';
|
|
|
|
|
ExecStop = inputs.pkgs.writeShellScript "docker-${container.name}.stop"
|
|
|
|
|
''
|
|
|
|
|
docker stop ${container.name}
|
|
|
|
|
docker system prune --volumes --force
|
|
|
|
|
'';
|
2023-09-01 21:05:26 +08:00
|
|
|
};
|
|
|
|
|
};
|
2023-09-18 06:47:49 +08:00
|
|
|
})
|
|
|
|
|
(builtins.filter (container: container.value.user == user) (attrsToList docker)));
|
|
|
|
|
})
|
|
|
|
|
users);
|
|
|
|
|
};
|
2023-08-20 12:29:50 +08:00
|
|
|
}
|
