diff options
| -rw-r--r-- | modules/foundation/services.nix | 19 | ||||
| -rw-r--r-- | pkgs/common.nix | 157 | ||||
| -rw-r--r-- | services/irc/soju.nix | 38 | ||||
| -rw-r--r-- | services/minecraft.nix | 15 |
4 files changed, 140 insertions, 89 deletions
diff --git a/modules/foundation/services.nix b/modules/foundation/services.nix index d4edcb3..ddc3263 100644 --- a/modules/foundation/services.nix +++ b/modules/foundation/services.nix @@ -27,7 +27,9 @@ let }; ports = mkOption { - type = with types; listOf (listOf ints.u16); + type = with types; listOf ( + either (listOf ints.u16) str + ); default = [ ]; }; @@ -132,12 +134,15 @@ in virtualisation.oci-containers.containers = let mkOciPort = - portTuple: - let - host = builtins.elemAt portTuple 0; - container = builtins.elemAt portTuple 1; - in - "127.0.0.1:${toString host}:${toString container}"; + portStrOrTuple: + if builtins.isList portStrOrTuple then + let + host = builtins.elemAt portStrOrTuple 0; + container = builtins.elemAt portStrOrTuple 1; + in + "127.0.0.1:${toString host}:${toString container}" + else + portStrOrTuple; mkOciVolume = volumeTuple: diff --git a/pkgs/common.nix b/pkgs/common.nix index 5110335..7493f41 100644 --- a/pkgs/common.nix +++ b/pkgs/common.nix @@ -1,62 +1,117 @@ -{ dockerTools, system, ... }: +{ + lib, + dockerTools, + system, + ... +}: let systemToArch = { - "x86_64-linux" = { short = "x86"; arch = "amd64"; }; - "aarch64-linux" = { short = "arm"; arch = "arm64"; }; + "x86_64-linux" = { + short = "x86"; + arch = "amd64"; + }; + "aarch64-linux" = { + short = "arm"; + arch = "arm64"; + }; }; - mkImage = { name, tag, digest, ... }@inputs: - let - arch = systemToArch.${system}; - - image = dockerTools.pullImage { - imageName = name; - imageDigest = digest; - finalImageName = name; - finalImageTag = tag; - os = "linux"; - inherit (inputs.${arch.short}) sha256; - inherit (arch) arch; + mkImage = + { + name, + tag, + digest, + ... + }@inputs: + let + arch = systemToArch.${system}; + + image = dockerTools.pullImage { + imageName = name; + imageDigest = digest; + finalImageName = name; + finalImageTag = tag; + os = "linux"; + inherit (inputs.${arch.short}) sha256; + inherit (arch) arch; + }; + in + { + image = "${name}:${tag}"; + imageFile = image; + base = image; }; - in - { - image = "${name}:${tag}"; - imageFile = image; - base = image; - }; -in -{ - alpine = mkImage { - name = "alpine"; - tag = "3.20.3"; - digest = "sha256:1e42bbe2508154c9126d48c2b8a75420c3544343bf86fd041fb7527e017a4b4a"; - x86.sha256 = "02fr1isg8s2h7j8n5rda7avswnh7vpfhrix3rmvqsjp8cx3qbkz3"; - arm.sha256 = "06c0q5kk60i89y1d83a28wk282ymp806xjcsmlca4cwwqp590j0q"; - }; - - postgres13 = mkImage { - name = "postgres"; - tag = "13-alpine"; - digest = "sha256:857aa00fc7e8541e3e5818b7bb8596182cb5c1b3ad964e4184e90682d5ca0d57"; - x86.sha256 = "1yc0576kdfsz55ybjaykki2mhr6w9yrby7wslx8pfmn7xkykzq9w"; - arm.sha256 = "0kjxk2sd03445mgf54x1ir9w2zmjn41zgmyns2h3k3cd7qazhkrx"; - }; + images = { + alpine = mkImage { + name = "alpine"; + tag = "3.20.3"; + digest = "sha256:1e42bbe2508154c9126d48c2b8a75420c3544343bf86fd041fb7527e017a4b4a"; + x86.sha256 = "02fr1isg8s2h7j8n5rda7avswnh7vpfhrix3rmvqsjp8cx3qbkz3"; + arm.sha256 = "06c0q5kk60i89y1d83a28wk282ymp806xjcsmlca4cwwqp590j0q"; + }; + + postgres13 = mkImage { + name = "postgres"; + tag = "13-alpine"; + digest = "sha256:857aa00fc7e8541e3e5818b7bb8596182cb5c1b3ad964e4184e90682d5ca0d57"; + x86.sha256 = "1yc0576kdfsz55ybjaykki2mhr6w9yrby7wslx8pfmn7xkykzq9w"; + arm.sha256 = "0kjxk2sd03445mgf54x1ir9w2zmjn41zgmyns2h3k3cd7qazhkrx"; + }; + + postgres14 = mkImage { + name = "postgres"; + tag = "14-alpine"; + digest = "sha256:3f5fc44eeb8e8b42448e218f05299105761a2c33b54a89d9fd06c87cd5f7b043"; + x86.sha256 = "1zpiv9d6mj9d3n2xhgz0wn8q7a4gzjrk0hp8vpm706wwh72q8nir"; + arm.sha256 = "1gh6f4frfilr5mp6smp1k00aijd9vh1kv711a64044yl9kqr2nci"; + }; - postgres14 = mkImage { - name = "postgres"; - tag = "14-alpine"; - digest = "sha256:3f5fc44eeb8e8b42448e218f05299105761a2c33b54a89d9fd06c87cd5f7b043"; - x86.sha256 = "1zpiv9d6mj9d3n2xhgz0wn8q7a4gzjrk0hp8vpm706wwh72q8nir"; - arm.sha256 = "1gh6f4frfilr5mp6smp1k00aijd9vh1kv711a64044yl9kqr2nci"; + postgres15 = mkImage { + name = "postgres"; + tag = "15-alpine"; + digest = "sha256:8b963ea3038c3b32182ee7f592ccde21242fa7c5fd9d1b72aa333c27f1bfc809"; + x86.sha256 = "0cfmp4v1a4b2m21ljsc3f3kn23rl9nki6z37ks9jclzxh9hy629n"; + arm.sha256 = "0wydmscp4znjdflycvjqwjfry9crizhav0wc2hnajbyvk4ql32h8"; + }; }; - postgres15 = mkImage { - name = "postgres"; - tag = "15-alpine"; - digest = "sha256:8b963ea3038c3b32182ee7f592ccde21242fa7c5fd9d1b72aa333c27f1bfc809"; - x86.sha256 = "0cfmp4v1a4b2m21ljsc3f3kn23rl9nki6z37ks9jclzxh9hy629n"; - arm.sha256 = "0wydmscp4znjdflycvjqwjfry9crizhav0wc2hnajbyvk4ql32h8"; + soloOrDuoPort = + p: + with builtins; + if isList p then + assert length p == 2; + { + host = elemAt p 0; + container = elemAt p 1; + } + else if isInt p then + { + host = p; + container = p; + } + else + throw "unknown port type given"; + + ports = { + globalPort = + p: + let + ports = soloOrDuoPort p; + host = toString ports.host; + container = toString ports.container; + in + "0.0.0.0:${host}:${container}"; + + tailnetPort = + me: p: + let + ports = soloOrDuoPort p; + host = toString ports.host; + container = toString ports.container; + in + "${me.tailscale.ip}:${host}:${container}"; }; -} +in +images // ports diff --git a/services/irc/soju.nix b/services/irc/soju.nix index f6c7ff0..e5c55c1 100644 --- a/services/irc/soju.nix +++ b/services/irc/soju.nix @@ -4,8 +4,8 @@ let inherit (pkgs) dockerTools soju; inherit (auxiliaryPkgs) common; - ircPort = "6667"; - socketPort = "3030"; + ircPort = 6667; + socketPort = 3030; sojuDir = "/srv/soju"; sojuImage = dockerTools.streamLayeredImage { @@ -22,24 +22,20 @@ let in { - virtualisation.oci-containers.containers = { - soju = { - imageStream = sojuImage; - image = "soju:${soju.version}"; - # TODO: allow tailscale ports in foundation - ports = [ - "${me.tailscale.ip}:${ircPort}:${ircPort}" - "${me.tailscale.ip}:${socketPort}:${socketPort}" - ]; - - volumes = [ - "${sojuDir}/config.in:/etc/soju/config.in" - "${sojuDir}/soju.db:/var/lib/soju/soju.db" - "${sojuDir}/logs:/var/lib/soju/logs" - ]; - - entrypoint = "${soju}/bin/soju"; - cmd = [ "-config" "/etc/soju/config.in" ]; - }; + foundation.services.soju = { + image = sojuImage; + ports = [ + (common.tailnetPort me ircPort) + (common.tailnetPort me socketPort) + ]; + + volumes = [ + [ "${sojuDir}/config.in" "/etc/soju/config.in" ] + [ "${sojuDir}/soju.db" "/var/lib/soju/soju.db" ] + [ "${sojuDir}/logs" "/var/lib/soju/logs" ] + ]; + + entrypoint = "${soju}/bin/soju"; + cmd = [ "-config" "/etc/soju/config.in" ]; }; } diff --git a/services/minecraft.nix b/services/minecraft.nix index cd04e31..0690f40 100644 --- a/services/minecraft.nix +++ b/services/minecraft.nix @@ -28,16 +28,11 @@ in { networking.firewall.allowedTCPPorts = [ minecraftPort ]; - # TODO: put global ports into foundation - virtualisation.oci-containers.containers.minecraft = { - imageStream = minecraftImage; - image = "minecraft:${minecraft.version}"; - # expose minecraft service port globally. - ports = [ "0.0.0.0:${toString minecraftPort}:${toString minecraftPort}" ]; - - volumes = [ - "${minecraftDir}:/server" - ]; + foundation.services.minecraft = { + image = minecraftImage; + ports = [ (common.globalPort minecraftPort) ]; + + volumes = [ [ "${minecraftDir}" "/server" ] ]; workdir = "/server"; entrypoint = "${minecraft}/bin/minecraft-server"; |