try add arion example

This commit is contained in:
philip-peterson 2024-12-06 23:05:42 -09:00
parent 4ce4742668
commit 0817c730c7
2 changed files with 60 additions and 0 deletions

View file

@ -0,0 +1,50 @@
/*
DISCLAIMER
This uses a somewhat hidden feature in NixOS, which is the
"runner". It's a script that's available on systemd services
that lets you run the service independently from systemd.
However, it was clearly not intended for public consumption
so please use it with care.
It does not support all features of systemd so you are on
your own if you use it in production.
One known issue is that the script does not respond to docker's
SIGTERM shutdown signal.
*/
{
project.name = "nixos-unit";
services.webserver = { config, pkgs, ... }: {
nixos.configuration = {config, lib, options, pkgs, ...}: {
boot.isContainer = true;
services.nginx = {
enable = true;
virtualHosts.localhost.root = "${pkgs.nix.doc}/share/doc/nix/manual";
} // lib.optionalAttrs (options?services.nginx.stateDir) {
# Work around a problem in NixOS 20.03
stateDir = "/var/lib/nginx";
};
system.build.run-nginx = pkgs.writeScript "run-nginx" ''
#!${pkgs.bash}/bin/bash
PATH='${config.systemd.services.nginx.environment.PATH}'
echo nginx:x:${toString config.users.users.nginx.uid}:${toString config.users.groups.nginx.gid}:nginx web server user:/var/empty:/bin/sh >>/etc/passwd
echo nginx:x:${toString config.users.groups.nginx.gid}:nginx >>/etc/group
echo 'nobody:x:65534:65534:Unprivileged account do not use:/var/empty:/run/current-system/sw/bin/nologin' >>/etc/passwd
echo 'nogroup:x:65534:' >>/etc/group
mkdir -p /var/log/nginx /run/nginx/ /var/cache/nginx /var/lib/nginx/{,logs,proxy_temp,client_body_temp,fastcgi_temp,scgi_temp,uwsgi_temp} /tmp/nginx_client_body
chown nginx /var/log/nginx /run/nginx/ /var/cache/nginx /var/lib/nginx/{,logs,proxy_temp,client_body_temp,fastcgi_temp,scgi_temp,uwsgi_temp} /tmp/nginx_client_body
${config.systemd.services.nginx.runner}
'';
};
service.command = [ config.nixos.build.run-nginx ];
service.useHostStore = true;
service.ports = [
"8000:80" # host:container
];
};
}

View file

@ -0,0 +1,10 @@
## This file is the default location for Arion to look for Nixpkgs when
## bootstrapping a deployment configuration.
#import ../ {}
# Instead of pinning Nixpkgs, we can opt to use the one in NIX_PATH
import <nixpkgs> {
# We specify the architecture explicitly. Use a Linux remote builder when
# calling arion from other platforms.
system = "x86_64-linux";
}