From 49c079b623bbbf56cbab607b1008e3f537f50935 Mon Sep 17 00:00:00 2001 From: stuebinm Date: Wed, 12 May 2021 19:38:45 +0200 Subject: better nix-modules in oci container Short overview: - cleaner code - more comments - support for systemd services that are configured via `serviceConfig` - got rid of bash (using dash for everything now) --- nix-modules/docker-nixos-modules.nix | 77 ++++++++++++++++++++++-------------- nix-modules/example.nix | 2 - 2 files changed, 47 insertions(+), 32 deletions(-) diff --git a/nix-modules/docker-nixos-modules.nix b/nix-modules/docker-nixos-modules.nix index 47107a7..6ab2785 100644 --- a/nix-modules/docker-nixos-modules.nix +++ b/nix-modules/docker-nixos-modules.nix @@ -45,46 +45,63 @@ let ]; }; + + in pkgs.dockerTools.buildImage { inherit name; + # coreutils are included since we need them in startup scripts contents = pkgs.coreutils; + # create home directories of users (some services create + # their state paths using this, so even without having + # users it's important) runAsRoot = (with pkgs.lib; strings.concatStrings (mapAttrsToList (n: u: if u ? createHome && u.createHome then ("mkdir -p ${u.home}\n") else "") config.config.users.users)); - config = with pkgs.lib; { - Cmd = pkgs.writeShellScript "main-entrypoint" - (strings.concatStrings - (map (command: "${command}&") - (mapAttrsToList - (name: service: - (pkgs.writeShellScript - "systemd-script-${name}" - '' - #!${pkgs.dash.outPath}/bin/sh - set -ueo pipefail - ${if service ? preStart - then '' - echo ${escapeShellArg name}: running preStart script - ${service.preStart} - '' - else ""} - echo ${name}: starting ... - ${if service ? serviceConfig && service.serviceConfig ? WorkingDirectory - then "cd ${service.serviceConfig.WorkingDirectory}" - else ""} - ${if service ? environment - then (strings.concatStrings - (mapAttrsToList - (n: k: "export ${n}=${escapeShellArg k}\n") - service.environment)) - + service.script - else ""} - '').outPath) - config.config.systemd.services)) + "\n wait"); + # this maps all defined systemd services to simple shell + # scripts that are started when the docker container runs. + # Note that many features of the systemd.services config + # are just ignored (e.g. no auto-restarts yet) + config = with pkgs.lib; with pkgs.lib.strings; { + Cmd = pkgs.writeScript "main-entrypoint" + ("#!${pkgs.dash.outPath}/bin/dash\n" + concatStrings + (map (command: "${command}&\n") + (mapAttrsToList + (name: service: + (pkgs.writeScript "systemd-script-${name}" + '' + #!${pkgs.dash.outPath}/bin/dash + set -ue + + # run the prestart script + ${optionalString (service ? preStart) '' + echo ${escapeShellArg name}: running preStart script + ${service.preStart}''} + + echo ${name}: starting ... + + # set up working directory + ${optionalString (service ? serviceConfig + && service.serviceConfig ? WorkingDirectory) '' + mkdir -p ${service.serviceConfig.WorkingDirectory} + cd ${service.serviceConfig.WorkingDirectory} ''} + + # set up environment variables + ${optionalString (service ? environment) + (concatStrings + (mapAttrsToList + (n: k: "export ${n}=${escapeShellArg k}\n") + service.environment))} + + # start the service + ${if service ? script + then service.script + else service.serviceConfig.ExecStart} + '').outPath) + config.config.systemd.services)) + "\n wait"); }; } diff --git a/nix-modules/example.nix b/nix-modules/example.nix index 2596df6..cbffb4a 100644 --- a/nix-modules/example.nix +++ b/nix-modules/example.nix @@ -8,8 +8,6 @@ import ./docker-nixos-modules.nix { imports = [ - - ]; services.grafana = { -- cgit v1.2.3