From b620dbdf8747e888c86e25237fbd736e7f443069 Mon Sep 17 00:00:00 2001
From: Mel <einebeere@gmail.com>
Date: Fri, 15 Nov 2024 01:26:50 +0100
Subject: Factor out base images and postgres images with fixed hashes

Signed-off-by: Mel <einebeere@gmail.com>
---
 pkgs/common.nix             | 62 +++++++++++++++++++++++++++++++++++++++++++++
 pkgs/default.nix            |  4 +--
 services/akkoma/default.nix | 19 ++++----------
 services/cgit.nix           | 14 +++-------
 services/dendrite.nix       | 19 ++++----------
 services/soju.nix           | 14 +++-------
 6 files changed, 81 insertions(+), 51 deletions(-)
 create mode 100644 pkgs/common.nix

diff --git a/pkgs/common.nix b/pkgs/common.nix
new file mode 100644
index 0000000..5110335
--- /dev/null
+++ b/pkgs/common.nix
@@ -0,0 +1,62 @@
+{ dockerTools, system, ... }:
+
+let
+  systemToArch = {
+    "x86_64-linux" = { short = "x86"; arch = "amd64"; };
+    "aarch64-linux" = { short = "arm"; arch = "arm64"; };
+  };
+
+  mkImage = { name, tag, digest, ... }@inputs:
+  let
+    arch = systemToArch.${system};
+  
+    image = dockerTools.pullImage {
+      imageName = name;
+      imageDigest = digest;
+      finalImageName = name;
+      finalImageTag = tag;
+      os = "linux";
+      inherit (inputs.${arch.short}) sha256;
+      inherit (arch) arch;
+    };
+  in
+  {
+    image = "${name}:${tag}";
+    imageFile = image;
+    base = image;
+  };
+
+in
+{
+  alpine = mkImage {
+    name = "alpine";
+    tag = "3.20.3";
+    digest = "sha256:1e42bbe2508154c9126d48c2b8a75420c3544343bf86fd041fb7527e017a4b4a";
+    x86.sha256 = "02fr1isg8s2h7j8n5rda7avswnh7vpfhrix3rmvqsjp8cx3qbkz3";
+    arm.sha256 = "06c0q5kk60i89y1d83a28wk282ymp806xjcsmlca4cwwqp590j0q";
+  };
+  
+  postgres13 = mkImage {
+    name = "postgres";
+    tag = "13-alpine";
+    digest = "sha256:857aa00fc7e8541e3e5818b7bb8596182cb5c1b3ad964e4184e90682d5ca0d57";
+    x86.sha256 = "1yc0576kdfsz55ybjaykki2mhr6w9yrby7wslx8pfmn7xkykzq9w";
+    arm.sha256 = "0kjxk2sd03445mgf54x1ir9w2zmjn41zgmyns2h3k3cd7qazhkrx";
+  };
+
+  postgres14 = mkImage {
+    name = "postgres";
+    tag = "14-alpine";
+    digest = "sha256:3f5fc44eeb8e8b42448e218f05299105761a2c33b54a89d9fd06c87cd5f7b043";
+    x86.sha256 = "1zpiv9d6mj9d3n2xhgz0wn8q7a4gzjrk0hp8vpm706wwh72q8nir";
+    arm.sha256 = "1gh6f4frfilr5mp6smp1k00aijd9vh1kv711a64044yl9kqr2nci";
+  };
+
+  postgres15 = mkImage {
+    name = "postgres";
+    tag = "15-alpine";
+    digest = "sha256:8b963ea3038c3b32182ee7f592ccde21242fa7c5fd9d1b72aa333c27f1bfc809";
+    x86.sha256 = "0cfmp4v1a4b2m21ljsc3f3kn23rl9nki6z37ks9jclzxh9hy629n";
+    arm.sha256 = "0wydmscp4znjdflycvjqwjfry9crizhav0wc2hnajbyvk4ql32h8";
+  };
+}
diff --git a/pkgs/default.nix b/pkgs/default.nix
index c7d053b..5df7bc8 100644
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@@ -1,5 +1,5 @@
-{ ... }:
+{ pkgs, ... }:
 
 {
-  # nothing here for now :)
+  common = with pkgs; lib.recurseIntoAttrs (callPackage ./common.nix { });
 }
diff --git a/services/akkoma/default.nix b/services/akkoma/default.nix
index 84c1bff..4cd4022 100644
--- a/services/akkoma/default.nix
+++ b/services/akkoma/default.nix
@@ -1,7 +1,8 @@
-{ lib, pkgs, unstablePkgs, ... }:
+{ lib, pkgs, unstablePkgs, auxiliaryPkgs, ... }:
 
 let
   inherit (pkgs) dockerTools;
+  inherit (auxiliaryPkgs) common;
 
   akkomaLocalPort = "1111";
   akkomaDir = "/srv/akkoma";
@@ -13,20 +14,10 @@ let
     '';
   };
 
-  baseImageArm = dockerTools.pullImage {
-    imageName = "alpine";
-    imageDigest = "sha256:1e42bbe2508154c9126d48c2b8a75420c3544343bf86fd041fb7527e017a4b4a";
-    sha256 = "06c0q5kk60i89y1d83a28wk282ymp806xjcsmlca4cwwqp590j0q";
-    finalImageName = "alpine";
-    finalImageTag = "3.20.3";
-    os = "linux";
-    arch = "arm64";
-  };
-
   akkomaImage = dockerTools.buildLayeredImage {
     name = "akkoma";
     tag = akkoma.version;
-    fromImage = baseImageArm;
+    fromImage = common.alpine.base;
 
     contents = with unstablePkgs; [
       exiftool imagemagick ffmpeg_7-headless postgresql elixir
@@ -73,8 +64,8 @@ in
     };
 
     akkoma-db = {
-      # TODO: pull through `dockerTools`.
-      image = "postgres:14-alpine";
+      inherit (common.postgres14) image imageFile;
+
       volumes = [ "${akkomaDir}/pgdata:/var/lib/postgresql/data" ];
 
       environment = {
diff --git a/services/cgit.nix b/services/cgit.nix
index 1f7b637..aeb7115 100644
--- a/services/cgit.nix
+++ b/services/cgit.nix
@@ -1,28 +1,22 @@
-{ pkgs, ... }:
+{ pkgs, auxiliaryPkgs, ... }:
 
 # TODO: bring in cgit text configuration in `/srv` into nixos repository.
 let
   inherit (pkgs) dockerTools;
+  inherit (auxiliaryPkgs) common;
+
   cgit = pkgs.cgit-pink;
 
   cgitLocalPort = "3792";
   cgitDir = "/srv/cgit";
   gitDir = "/srv/git";
 
-  baseImage = dockerTools.pullImage {
-    imageName = "alpine";
-    imageDigest = "sha256:beefdbd8a1da6d2915566fde36db9db0b524eb737fc57cd1367effd16dc0d06d";
-    sha256 = "0fzqhqvvb0pzkwvjwyqjfv3rw2w8006xz4mhk0dk5clmyb08hqwc";
-    finalImageName = "alpine";
-    finalImageTag = "3.20.3";
-  };
-
   # TODO: replace `buildLayeredImage` with `streamLayeredImage`
   # in the upcoming 24.11 release.
   cgitImage = dockerTools.buildLayeredImage {
     name = "cgit";
     tag = cgit.version;
-    fromImage = baseImage;
+    fromImage = common.alpine.base;
 
     contents = with pkgs; [
       lighttpd zstd
diff --git a/services/dendrite.nix b/services/dendrite.nix
index 5eecfd6..2987762 100644
--- a/services/dendrite.nix
+++ b/services/dendrite.nix
@@ -1,26 +1,17 @@
-{ lib, pkgs, unstablePkgs, ... }:
+{ lib, pkgs, unstablePkgs, auxiliaryPkgs, ... }:
 
 let
   inherit (pkgs) dockerTools;
+  inherit (auxiliaryPkgs) common;
 
   dendriteDir = "/srv/dendrite";
 
   dendrite = unstablePkgs.dendrite;
 
-  baseImageArm = dockerTools.pullImage {
-    imageName = "alpine";
-    imageDigest = "sha256:1e42bbe2508154c9126d48c2b8a75420c3544343bf86fd041fb7527e017a4b4a";
-    sha256 = "06c0q5kk60i89y1d83a28wk282ymp806xjcsmlca4cwwqp590j0q";
-    finalImageName = "alpine";
-    finalImageTag = "3.20.3";
-    os = "linux";
-    arch = "arm64";
-  };
-
   dendriteImage = dockerTools.buildLayeredImage {
     name = "dendrite";
     tag = dendrite.version;
-    fromImage = baseImageArm;
+    fromImage = common.alpine.base;
 
     contents = [ dendrite ];
   };
@@ -53,8 +44,8 @@ in
     };
 
     dendrite-db = {
-      # TODO: pull through `dockerTools`.
-      image = "postgres:15-alpine";
+      inherit (common.postgres15) image imageFile;
+
       volumes = [ "${dendriteDir}/pgdata:/var/lib/postgresql/data" ];
 
       environment = {
diff --git a/services/soju.nix b/services/soju.nix
index 2ee336d..75adfaa 100644
--- a/services/soju.nix
+++ b/services/soju.nix
@@ -1,25 +1,17 @@
-{ me, pkgs, ... }:
+{ me, pkgs, auxiliaryPkgs, ... }:
 
 let
   inherit (pkgs) dockerTools soju;
+  inherit (auxiliaryPkgs) common;
 
   ircPort = "6667";
   socketPort = "3030";
   sojuDir = "/srv/soju";
 
-  # TODO: move this outside.
-  baseImage = dockerTools.pullImage {
-    imageName = "alpine";
-    imageDigest = "sha256:beefdbd8a1da6d2915566fde36db9db0b524eb737fc57cd1367effd16dc0d06d";
-    sha256 = "0fzqhqvvb0pzkwvjwyqjfv3rw2w8006xz4mhk0dk5clmyb08hqwc";
-    finalImageName = "alpine";
-    finalImageTag = "3.20.3";
-  };
-
   sojuImage = dockerTools.buildLayeredImage {
     name = soju.pname;
     tag = soju.version;
-    fromImage = baseImage;
+    fromImage = common.alpine.base;
 
     contents = [ soju ];
 
-- 
cgit 1.4.1