Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add sysbox

Browse Source
This commit is contained in:
Dominik Polakovics Polakovics
2023-12-03 15:15:29 +01:00
parent 4b80ae9b9b
commit 02f73c8ee2
7 changed files with 90 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
hosts/fw.cloonar.com/configuration.nix
View File

@@ -39,6 +39,10 @@
./hardware-configuration.nix
];
nixpkgs.overlays = [
(import ./utils/overlays/packages.nix)
];
nixpkgs.config.permittedInsecurePackages = [
"openssl-1.1.1w"
];
@@ -57,6 +61,7 @@
ethtool # manage NIC settings (offload, NIC feeatures, ...)
tcpdump # view network traffic
conntrack-tools # view network connection states
sysbox
];
nix.gc = {

2
hosts/fw.cloonar.com/modules/gitea.nix
View File

@@ -69,8 +69,6 @@ in
"/var/lib/gitea:/data"
"/etc/gitea/app.ini:/data/custom/conf/app.ini:ro"
"/var/lib/acme/git.cloonar.com:/ssl:ro"
"/etc/timezone:/etc/timezone:ro"
"/etc/localtime:/etc/localtime:ro"
];
environment = {
USER_UID = builtins.toString config.users.users.gitea.uid;

6
hosts/fw.cloonar.com/modules/home-assistant.nix
View File

@@ -29,11 +29,5 @@
proxy_set_header Connection $connection_upgrade;
'';
};
# networking.firewall = {
# allowedUDPPorts = [
# 5683 # shelly coiot
# ];
# };
}

3
hosts/git.cloonar.com/modules/drone/runner.nix
View File

@@ -26,8 +26,7 @@
Restart = "always";
ExecStartPre= ''
-${pkgs.docker}/bin/docker stop %n \
-${pkgs.docker}/bin/docker rm %n \
${pkgs.docker}/bin/docker pull drone/drone:2.20.0
${pkgs.docker}/bin/docker rm %n
'';
ExecStart= ''
${pkgs.docker}/bin/docker run --rm --name %n \

3
hosts/git.cloonar.com/modules/drone/server.nix
View File

@@ -26,8 +26,7 @@
Restart = "always";
ExecStartPre= ''
-${pkgs.docker}/bin/docker stop %n \
-${pkgs.docker}/bin/docker rm %n \
${pkgs.docker}/bin/docker pull drone/drone:2.20.0
${pkgs.docker}/bin/docker rm %n
'';
ExecStart= ''
${pkgs.docker}/bin/docker run --rm --name %n \

1
utils/overlays/packages.nix
View File

@@ -1,5 +1,6 @@
self: super: {
bento = (super.callPackage ../pkgs/bento { });
ykfde = (super.callPackage ../pkgs/ykfde { });
sysbox = (super.callPackage ../pkgs/sysbox { });
wow-addon-manager = (super.callPackage ../pkgs/wow-addon-manager { });
}

82
utils/pkgs/sysbox.nix Normal file
View File

@@ -0,0 +1,82 @@
{ lib
, stdenv
, buildGoModule
, fetchurl
, makeWrapper
, git
, bash
, coreutils
, gitea
, gzip
, openssh
, pam
, sqliteSupport ? true
, pamSupport ? true
, runCommand
, brotli
, xorg
, nixosTests
}:
buildGoModule rec {
pname = "sysbox";
version = "0.6.2";
# not fetching directly from the git repo, because that lacks several vendor files for the web UI
src = fetchurl {
url = "https://github.com/nestybox/sysbox/archive/refs/tags/v${version}.tar.gz";
hash = "sha256-cH/AHsFXOdvfSfj9AZUd3l/RlYE06o1ByZu0vvGQuXw=";
};
vendorHash = null;
# subPackages = [ "." ];
nativeBuildInputs = [ makeWrapper ];
# buildInputs = lib.optional pamSupport pam;
# tags = lib.optional pamSupport "pam"
# ++ lib.optionals sqliteSupport [ "sqlite" "sqlite_unlock_notify" ];
# ldflags = [
# "-s"
# "-w"
# "-X main.Version=${version}"
# "-X 'main.Tags=${lib.concatStringsSep " " tags}'"
# ];
outputs = [ "out" ];
postInstall = ''
mkdir -p $out
# cp -R ./options/locale $out/locale
wrapProgram $out/bin/gitea \
--prefix PATH : ${lib.makeBinPath [ ]}
'';
# passthru = {
# data-compressed = runCommand "gitea-data-compressed" {
# nativeBuildInputs = [ brotli xorg.lndir ];
# } ''
# mkdir $out
# lndir ${gitea.data}/ $out/
#
# # Create static gzip and brotli files
# find -L $out -type f -regextype posix-extended -iregex '.*\.(css|html|js|svg|ttf|txt)' \
# -exec gzip --best --keep --force {} ';' \
# -exec brotli --best --keep --no-copy-stat {} ';'
# '';
#
# tests = nixosTests.gitea;
# };
meta = with lib; {
description = "Improves container isolation";
homepage = "https://github.com/nestybox/sysbox";
license = licenses.apache;
broken = stdenv.isDarwin;
mainProgram = "sysbox-runc";
};
}