build should work now
This commit is contained in:
parent
8961278acb
commit
ff503e0978
12
flake.lock
12
flake.lock
|
@ -5,11 +5,11 @@
|
||||||
"systems": "systems"
|
"systems": "systems"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1701680307,
|
"lastModified": 1705309234,
|
||||||
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
|
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
|
||||||
"owner": "numtide",
|
"owner": "numtide",
|
||||||
"repo": "flake-utils",
|
"repo": "flake-utils",
|
||||||
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
|
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -20,11 +20,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1704722960,
|
"lastModified": 1705133751,
|
||||||
"narHash": "sha256-mKGJ3sPsT6//s+Knglai5YflJUF2DGj7Ai6Ynopz0kI=",
|
"narHash": "sha256-rCIsyE80jgiOU78gCWN3A0wE0tR2GI5nH6MlS+HaaSQ=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "317484b1ead87b9c1b8ac5261a8d2dd748a0492d",
|
"rev": "9b19f5e77dd906cb52dade0b7bd280339d2a1f3d",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
69
flake.nix
69
flake.nix
|
@ -30,7 +30,7 @@
|
||||||
};
|
};
|
||||||
packages.default = packages.kyouma-www;
|
packages.default = packages.kyouma-www;
|
||||||
nixosModules.default =
|
nixosModules.default =
|
||||||
{ config, options, pkgs, ... }: with lib;
|
{ config, options, pkgs, lib, ... }: with lib;
|
||||||
let
|
let
|
||||||
cfg = config.services.vyosBld;
|
cfg = config.services.vyosBld;
|
||||||
bldFlags = (attrsets.mapAttrsToList (flag: opt: "--" + flag + " " + opt) cfg.buildFlags);
|
bldFlags = (attrsets.mapAttrsToList (flag: opt: "--" + flag + " " + opt) cfg.buildFlags);
|
||||||
|
@ -70,8 +70,31 @@
|
||||||
{ build-by = 'mail@server.tld' }";
|
{ build-by = 'mail@server.tld' }";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
config = with lib; mkIf cfg.enable rec {
|
config = with lib; mkIf cfg.enable {
|
||||||
bldScript = writeShellScrip "build-vyos" ''
|
users = {
|
||||||
|
users.vyos-bld = {
|
||||||
|
isSystemUser = true;
|
||||||
|
group = "vyos-bld";
|
||||||
|
};
|
||||||
|
groups.vyos-bld = {};
|
||||||
|
};
|
||||||
|
virtualisation.docker = {
|
||||||
|
daemon.settings = {
|
||||||
|
ipv6 = true;
|
||||||
|
fixed-cidr-v6 = "fd00::/80";
|
||||||
|
};
|
||||||
|
autoPrune = {
|
||||||
|
enable = true;
|
||||||
|
flags = [ "--all" "--filter until=24h" ];
|
||||||
|
};
|
||||||
|
rootless = {
|
||||||
|
enable = true;
|
||||||
|
setSocketVariable = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
networking.firewall.extraCommands = ''ip6tables -t nat -A POSTROUTING -s fd00::/80 ! -o docker0 -j MASQUERADE'';
|
||||||
|
|
||||||
|
cfg.bldScript = pkgs.writeShellScrip "build-vyos" ''
|
||||||
cleanup() {
|
cleanup() {
|
||||||
rmdir "$root"
|
rmdir "$root"
|
||||||
}
|
}
|
||||||
|
@ -79,39 +102,39 @@
|
||||||
trap cleanup EXIT
|
trap cleanup EXIT
|
||||||
iso_name="vyos-${cfg.buildFlags.version}-${cfg.buildFlags.architecture}.iso"
|
iso_name="vyos-${cfg.buildFlags.version}-${cfg.buildFlags.architecture}.iso"
|
||||||
bld_dir="$root/vyos-build"
|
bld_dir="$root/vyos-build"
|
||||||
|
docker_cmd="${pkgs.docker}/bin/docker run --rm -it --privileged -v $bld_dir:/vyos -w /vyos vyos/vyos-build:current"
|
||||||
|
|
||||||
git clone -b current --single-branch https://github.com/vyos/vyos-build $root
|
git clone -b current --single-branch https://github.com/vyos/vyos-build $root
|
||||||
docker run --rm -it --privileged -v $bld_dir:/vyos -w /vyos vyos/vyos-build:current /usr/bin/sudo ./build-vyos-image ${flavor} ${builtins.concatStringsSep " " bldFlags}
|
$docker_cmd sudo ./build-vyos-image ${flavor} ${builtins.concatStringsSep " " bldFlags}
|
||||||
docker run --rm -it --privileged -v $bld_dir:/vyos -w /vyos vyos/vyos-build:current sudo chown -R ${config.users.users.vyos-bld.uid}:${config.users.groups.vyos-bld.uid}
|
$docker_cmd sudo chown -R ${config.users.users.vyos-bld.uid}:${config.users.groups.vyos-bld.gid} /vyos
|
||||||
|
|
||||||
cp $bld_dir/build/$iso_name ${cfg.output}
|
cp $bld_dir/build/$iso_name ${cfg.output}
|
||||||
mapfile -t old_isos < <(ls ${cfg.output} | head -n -${cfg.keep})
|
mapfile -t old_isos < <(ls ${cfg.output} | head -n -${builtins.toString cfg.keep})
|
||||||
for i in $\{old_isos[@]}; do
|
for i in $\{old_isos[@]}; do
|
||||||
rm -r ${cfg.output}/$\{old_iso[$i]}
|
rm -r ${cfg.output}/$\{old_iso[$i]}
|
||||||
done
|
done
|
||||||
'';
|
'';
|
||||||
|
systemd = {
|
||||||
|
services.docker.after = [ "firewall.service" ];
|
||||||
|
services.vyosBld = {
|
||||||
|
serviceConfig = {
|
||||||
|
User = "vyos-bld";
|
||||||
|
Group = "vyos-bld";
|
||||||
|
ExecStart = cfg.bldScript;
|
||||||
|
|
||||||
virtualisation.docker.rootless = {
|
PrivateTmp = true;
|
||||||
enable = true;
|
ProtectHome = true;
|
||||||
setSocketVariable = true;
|
};
|
||||||
};
|
|
||||||
|
|
||||||
systemd.services.vyosBld = {
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
serviceConfig = {
|
|
||||||
ExecStart = "${pkgs.nix-shell} ${bldScript} -p docker git"
|
|
||||||
Type = "onshot";
|
|
||||||
};
|
};
|
||||||
};
|
timers.vyosBld = {
|
||||||
systemd.timer.vyosBld-time = {
|
wantedBy = [ "timers.target" ];
|
||||||
wantedBy = [ "timers.target" ];
|
timerConfig = {
|
||||||
timerConfig = {
|
OnCalendar = cfg.buildFreq;
|
||||||
Unit = "vyosBld.service";
|
};
|
||||||
OnCalendar = cfg.buildFreq;
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
}
|
||||||
;
|
;
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue