mirror of
https://github.com/CHN-beta/nixos.git
synced 2024-10-23 04:58:44 +08:00
删除 docker huginn linger
太难搞了,一年之内不再搞
This commit is contained in:
parent
fb8c3cf89d
commit
3850b9bc05
@ -19,8 +19,6 @@ inputs:
|
||||
./sshd.nix
|
||||
./vaultwarden.nix
|
||||
./frp.nix
|
||||
./docker.nix
|
||||
# ./huginn.nix
|
||||
];
|
||||
options.nixos.services = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
|
@ -1,127 +0,0 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.docker = let inherit (inputs.lib) mkOption types; in mkOption
|
||||
{
|
||||
type = types.attrsOf (types.submodule (inputs: { options =
|
||||
{
|
||||
user = mkOption { type = types.nonEmptyStr; default = inputs.config._module.args.name; };
|
||||
image = mkOption { type = types.package; };
|
||||
ports = mkOption
|
||||
{
|
||||
type = types.listOf (types.oneOf
|
||||
[
|
||||
types.ints.unsigned
|
||||
types.submodule (inputs: { options =
|
||||
{
|
||||
hostIp = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
|
||||
hostPort = mkOption { type = types.ints.unsigned; };
|
||||
containerPort = mkOption { type = types.ints.unsigned; };
|
||||
protocol = mkOption { type = types.enum [ "tcp" "udp" ]; default = "tcp"; };
|
||||
};})
|
||||
]);
|
||||
default = [];
|
||||
};
|
||||
environmentFile = mkOption { type = types.oneOf [ types.bool types.nonEmptyStr ]; default = false; };
|
||||
};}));
|
||||
default = {};
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.lib) mkIf;
|
||||
inherit (builtins) listToAttrs map;
|
||||
inherit (inputs.localLib) attrsToList;
|
||||
inherit (inputs.config.nixos.services) docker;
|
||||
users = inputs.lib.lists.unique (map (container: container.value.user) (attrsToList docker));
|
||||
in mkIf (docker != {})
|
||||
{
|
||||
systemd.tmpfiles.rules = [ "d /run/docker-rootless 0755 root root" ];
|
||||
nixos =
|
||||
{
|
||||
virtualization.docker.enable = true;
|
||||
users.linger = users;
|
||||
};
|
||||
users =
|
||||
{
|
||||
users = listToAttrs (map
|
||||
(user:
|
||||
{
|
||||
name = user;
|
||||
value =
|
||||
{
|
||||
isNormalUser = true;
|
||||
group = user;
|
||||
autoSubUidGidRange = true;
|
||||
home = "/run/docker-rootless/${user}";
|
||||
createHome = true;
|
||||
};
|
||||
})
|
||||
users);
|
||||
groups = listToAttrs (map (user: { name = user; value = {}; }) users);
|
||||
};
|
||||
home-manager.users = listToAttrs (map
|
||||
(user:
|
||||
{
|
||||
name = user;
|
||||
value.config.systemd.user.services = listToAttrs (map
|
||||
(container:
|
||||
{
|
||||
inherit (container) name;
|
||||
value =
|
||||
{
|
||||
Unit =
|
||||
{
|
||||
After = [ "dbus.socket" "docker.service" ];
|
||||
Wants = [ "dbus.socket" "docker.service" ];
|
||||
};
|
||||
Install.WantedBy = [ "default.target" ];
|
||||
Service =
|
||||
{
|
||||
Type = "simple";
|
||||
RemainAfterExit = true;
|
||||
ExecStart = inputs.pkgs.writeShellScript "docker-${container.name}.start"
|
||||
''
|
||||
docker rm -f ${container.name} || true
|
||||
echo "loading image"
|
||||
docker load -i ${container.value.image}
|
||||
echo "load finish"
|
||||
docker image ls
|
||||
${
|
||||
builtins.concatStringsSep " \\\n"
|
||||
(
|
||||
[
|
||||
"docker run --rm --name=${container.name}"
|
||||
"--add-host=host.docker.internal:host-gateway"
|
||||
]
|
||||
++ (
|
||||
if (builtins.typeOf container.value.environmentFile) == "string"
|
||||
then [ "--env-file ${container.value.environmentFile}" ]
|
||||
else if container.value.environmentFile
|
||||
then [ "--env-file ${inputs.config.sops.templates."${container.name}.env".path}" ]
|
||||
else []
|
||||
)
|
||||
++ (map
|
||||
(port: "-p ${port}")
|
||||
(map
|
||||
(port:
|
||||
if builtins.typeOf port == "int" then toString port
|
||||
else "${port.value.hostIp}:${toString port.value.hostPort}"
|
||||
+ ":${toString port.value.containerPort}/${port.value.protocol}"
|
||||
)
|
||||
container.value.ports))
|
||||
++ [ "${container.value.image.imageName}:${container.value.image.imageTag}" ]
|
||||
)
|
||||
}
|
||||
'';
|
||||
ExecStop = inputs.pkgs.writeShellScript "docker-${container.name}.stop"
|
||||
''
|
||||
docker stop ${container.name}
|
||||
docker system prune --volumes --force
|
||||
'';
|
||||
};
|
||||
};
|
||||
})
|
||||
(builtins.filter (container: container.value.user == user) (attrsToList docker)));
|
||||
})
|
||||
users);
|
||||
};
|
||||
}
|
@ -1,58 +0,0 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.huginn = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.lib) mkIf;
|
||||
inherit (inputs.config.nixos.services) huginn;
|
||||
inherit (builtins) listToAttrs;
|
||||
in mkIf huginn.enable
|
||||
{
|
||||
nixos.services =
|
||||
{
|
||||
docker.huginn =
|
||||
{
|
||||
image = inputs.pkgs.dockerTools.pullImage
|
||||
{
|
||||
imageName = "huginn/huginn";
|
||||
imageDigest = "sha256:dbe871597d43232add81d1adfc5ad9f5cf9dcb5e1f1ba3d669598c20b96ab6c1";
|
||||
sha256 = "sha256-P8bfzjW5gHCVv0kaEAi9xAe5c0aQXypJkYUfFtE8SVM=";
|
||||
finalImageName = "huginn/huginn";
|
||||
finalImageTag = "2d5fcafc507da3e8c115c3479e9116a0758c5375";
|
||||
};
|
||||
ports = [ 3000 ];
|
||||
environmentFile = true;
|
||||
};
|
||||
postgresql = { enable = true; instances.huginn = {}; };
|
||||
};
|
||||
sops =
|
||||
{
|
||||
templates."huginn.env" =
|
||||
{
|
||||
content = let placeholder = inputs.config.sops.placeholder; in
|
||||
''
|
||||
MYSQL_PORT_3306_TCP_ADDR=host.docker.internal
|
||||
HUGINN_DATABASE_NAME=huginn
|
||||
HUGINN_DATABASE_USERNAME=huginn
|
||||
HUGINN_DATABASE_PASSWORD=${placeholder."postgresql/huginn"}
|
||||
DOMAIN=huginn.chn.moe
|
||||
RAILS_ENV=production
|
||||
FORCE_SSL=true
|
||||
INVITATION_CODE=${placeholder."huginn/invitation_code"}
|
||||
SMTP_DOMAIN=mail.chn.moe
|
||||
SMTP_USER_NAME=bot@chn.moe
|
||||
SMTP_PASSWORD="${placeholder."mail/bot"}"
|
||||
SMTP_SERVER=mail.chn.moe
|
||||
SMTP_SSL=true
|
||||
EMAIL_FROM_ADDRESS=bot@chn.moe
|
||||
TIMEZONE=Beijing
|
||||
'';
|
||||
owner = inputs.config.users.users.huginn.name;
|
||||
};
|
||||
secrets = listToAttrs (map (secret: { name = secret; value = {}; }) [ "huginn/invitation_code" "mail/bot" ]);
|
||||
};
|
||||
};
|
||||
}
|
@ -202,7 +202,6 @@ inputs:
|
||||
{
|
||||
users = mkOption { type = types.listOf (types.enum (builtins.attrNames allUsers)); default = [ "root" "chn" ]; };
|
||||
sharedModules = mkOption { type = types.listOf types.anything; default = []; };
|
||||
linger = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
|
||||
};
|
||||
config =
|
||||
let
|
||||
@ -212,10 +211,6 @@ inputs:
|
||||
in mkMerge
|
||||
[
|
||||
(mkMerge (map (user: mkIf (builtins.elem user users.users) allUsers.${user}) (attrNames allUsers)))
|
||||
{
|
||||
system.activationScripts.linger = builtins.concatStringsSep "\n" (map
|
||||
(user: "${inputs.pkgs.systemd}/bin/loginctl enable-linger ${user}") users.linger);
|
||||
}
|
||||
];
|
||||
}
|
||||
|
||||
|
@ -7,22 +7,15 @@ frp:
|
||||
store:
|
||||
signingKey: ENC[AES256_GCM,data:TsB1nA0Rf2AsYyH59WpUK53pTCX2JdrGQjkJ9A9BfWLLmw3EMnPoaLHG12rv1R2/xRU7rP+iVhXb77g60I/Kn4ehun3ogMmK1oEAKyQcxudBUJFk+SeijaQLr2A=,iv:e2rdGBVOPS1nyC3pXhs5r0WyEkqxcpCnX3eAcBCj93M=,tag:HwccjH2Wms5/TevU2IuzNw==,type:str]
|
||||
nginx:
|
||||
#ENC[AES256_GCM,data:sHSfWhEO9PHWTY0r,iv:XSyOSkzEVOjMF/9vjEVpcuKH6B2mdE5D7l9VKrSILO0=,tag:2YkAoPW5GqOjFpPF5IvApg==,type:comment]
|
||||
#ENC[AES256_GCM,data:Oaxg1nXYHLNOAF2V8lNF+4OtJz5bXOdEleXi89AW+dQvDgj0HMAAlxLiixlfhFW48Clcu+C+4opFZUk+4Q3GBePTQWeabgEFAZi+MgnVoiXzfizQpmve,iv:/NyV6W0vaXvS5qFKPw+7Iqe9po1VKQDLbHaC9Fa8Mto=,tag:JiCKJxhpAI9k11N9WxfZew==,type:comment]
|
||||
maxmind-license: ENC[AES256_GCM,data:PVV4VAvB22KoA8EM8Honb+KWYhydXdmTAVlDw/XnTcbaIY+5Km2gGA==,iv:7PfytRbpW4G2iDNqysvZnB0YsQFVUL5Kr1DNsBzuhCA=,tag:z2J14fdD7AUNabN+6kUojA==,type:str]
|
||||
postgresql:
|
||||
misskey: ENC[AES256_GCM,data:KiJ2smpRwJ1pzauCgVsmFH4aCiw4sEkCQ9JSTao5NdI=,iv:jIc0a797dokfByN2vJcYcAFfPC8MP7wCV5qsxoCDxcE=,tag:L5n1/xszwB0lhqYcbLqp2Q==,type:str]
|
||||
huginn: ENC[AES256_GCM,data:80mdzQ==,iv:MUwRBA9ZIHjBu7gy0/N3HnHHPe07sC491pqoab94Bnc=,tag:5QMoawGHLp95yKdNN5ikyg==,type:str]
|
||||
redis:
|
||||
misskey: ENC[AES256_GCM,data:SAcZsRrhNB+CjpcvUcWLi5nhEA49bFM+HYHEkszNdZs=,iv:fOLletIWzCrhHZrgwl5dpdCnwUbcEeTaKNosXna8pfU=,tag:EpdBW/RexAoJ0z1G2Emvww==,type:str]
|
||||
meilisearch:
|
||||
misskey: ENC[AES256_GCM,data:oBYIwQyfPyjsp1dfveVGqO7mY9LO7jaD+Mpe9nTm8Sd8XKgRPJWkce4tnBXBRzkdLURvDDD25uODUekdkkO1gA==,iv:/Gw3PX1w7dWWzEMCWrETGees8CjONwzIpTZSCkQsZXc=,tag:59GHYNPRTv3KFqhpUDXBLg==,type:str]
|
||||
nebula:
|
||||
key: ENC[AES256_GCM,data:kNm9hwMa/EhDeOCeZw1jEnroolTkeEeAxpSEDko6tHSDHwHbhfjr01ZzHKE=,iv:q2qCi99XgZJvRuF1dm16sK6BFIoa9QUN8p4LSiZq28o=,tag:ApOKdA91LBiWHv6TuXMkpA==,type:str]
|
||||
huginn:
|
||||
invitation_code: ENC[AES256_GCM,data:P0Pg0w==,iv:Dqy4bZWdrvrH2szSnvlQKL2LV2TZ3qMrAq6WcRfcL/E=,tag:yGQEsv7fNAvLKpinI1srew==,type:str]
|
||||
mail:
|
||||
bot: ENC[AES256_GCM,data:C5Johg==,iv:vxjUYj453qory46P9GpPQ/2zy0jow0+G+bsmNY3lcEI=,tag:qo0beNuuFtrig8WBb9Njxg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
@ -47,8 +40,8 @@ sops:
|
||||
OUlxNjdQaXdXMkZ6bnV1ek4yZ2dpbkEKpKGOAxo5Eef2jtGrg4iSzmGCeg+vTgvu
|
||||
+K8b+O19MIkGMDBm6UbYUPtc/7eqoEZRiTUzNMTmfkLVS4ul5zou9A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-09-17T22:46:46Z"
|
||||
mac: ENC[AES256_GCM,data:cuolK4pqi0W7NPmAPFaOU9Y4E1U7ALXu21hjLX+YiVT1E78IRbFpwWFJ7dYE74Y2Exx27VKnFiA8rfhtr/OdUx6w/ZcerISMULxYmYiuvYn3X28yAxk4jGH4u7fBHdAUNcsGrtCPdwfMK3BmFajAYIGikvxEi5dpXcIFrTpFTFM=,iv:TXhnM4jnn+nW0qzA8Jezlwb5kh1bDLVXAn1Fpmj2AJ0=,tag:Y6OJcHzTB/Xlzb3bSvqyhg==,type:str]
|
||||
lastmodified: "2023-09-18T12:02:13Z"
|
||||
mac: ENC[AES256_GCM,data:cO1AngVyJaj+M91wUCG4mGLRjYDF57CdV1UyYeWBXozNl1VxgTWlUFfQJFC5gIGKohAXhGT0SERLGPRVIkacd0hvuHdeHHyp7kzrwQGZTkfxu6oknlvXEXNUdrIiwoers5aJQbbdlEHI6jKL794VRtkykp3bJs0tSeI+v4EA6kI=,iv:YE+oJN+ZJ+1zmze0+GOYG/G8UI7VrVGO1Iwut6mrBfg=,tag:gF8EQSIbVoAzbb4kmWB/uA==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
||||
|
Loading…
Reference in New Issue
Block a user