Move docker creation over to devenv

This is not ideal, since devenv is more for creating development environments, but it works
2026-06-13 14:55:37 +02:00
parent 86d390f621
commit 64b2588dd2
8 changed files with 99 additions and 57 deletions
@@ -17,6 +17,41 @@
        "type": "github"
      }
    },
+    "mk-shell-bin": {
+      "locked": {
+        "lastModified": 1677004959,
+        "narHash": "sha256-/uEkr1UkJrh11vD02aqufCxtbF5YnhRTIKlx5kyvf+I=",
+        "owner": "rrbutani",
+        "repo": "nix-mk-shell-bin",
+        "rev": "ff5d8bd4d68a347be5042e2f16caee391cd75887",
+        "type": "github"
+      },
+      "original": {
+        "owner": "rrbutani",
+        "repo": "nix-mk-shell-bin",
+        "type": "github"
+      }
+    },
+    "nix2container": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1775487831,
+        "narHash": "sha256-2lguQpLPQaxpQCJjXhmEEAfabwsAhkP29Z7fgLzHARA=",
+        "owner": "nlewo",
+        "repo": "nix2container",
+        "rev": "76be9608a7f4d6c985d28b0e7be903ae2547df3e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nlewo",
+        "repo": "nix2container",
+        "type": "github"
+      }
+    },
    "nixpkgs": {
      "inputs": {
        "nixpkgs-src": "nixpkgs-src"
@@ -56,6 +91,8 @@
    "root": {
      "inputs": {
        "devenv": "devenv",
+        "mk-shell-bin": "mk-shell-bin",
+        "nix2container": "nix2container",
        "nixpkgs": "nixpkgs"
      }
    }
@@ -1,13 +1,41 @@
 {pkgs, ...}: {
  packages = with pkgs; [
+    coreutils
+    curl
    fdroidserver
    sops
+    git
+    cacert
+    jq
  ];

  scripts = {
-    decrypt.exec = ''
-      sops -d fdroid/encrypted-config.yml > fdroid/config.yml
-      sops -d fdroid/encrypted-keystore.p12 > fdroid/keystore.p12
+    deploy-docker.exec = ''
+      devenv container copy processes
    '';
  };
+
+  services.nginx = {
+    enable = true;
+    httpConfig = builtins.readFile ./hosting/nginx-http.conf;
+  };
+
+  processes.updater.exec = ''
+    while true; do
+      ${pkgs.writeShellScript "run-updater" (builtins.readFile ./hosting/update.sh)}
+
+      echo "Sleeping for 30 minutes..."
+      sleep 1800
+    done
+  '';
+
+  # environment variables for sops
+  # SOPS_PGP_FP
+  containers."processes" = {
+    name = "gitlab.julian-mutter.de/julian/fdroid-frajul";
+    registry = "docker://";
+
+    copyToRoot = []; # avoid copying this repo
+    maxLayers = 10;
+  };
 }
@@ -1,15 +1,10 @@
-# yaml-language-server: $schema=https://devenv.sh/devenv.schema.json
 inputs:
+  mk-shell-bin:
+    url: github:rrbutani/nix-mk-shell-bin
+  nix2container:
+    url: github:nlewo/nix2container
+    inputs:
+      nixpkgs:
+        follows: nixpkgs
  nixpkgs:
    url: github:cachix/devenv-nixpkgs/rolling
-
-# If you're using non-OSS software, you can set allowUnfree to true.
-# allowUnfree: true
-
-# If you're willing to use a package that's vulnerable
-# permittedInsecurePackages:
-#  - "openssl-1.1.1w"
-
-# If you have more than one devenv you can merge them
-#imports:
-# - ./backend
@@ -1,18 +0,0 @@
-# environment variables necessary to run:
-# REPO_URL  the url of this repo
-# BRANCH    the branch to work at
-
-FROM nginx:alpine
-
-RUN apk add --no-cache git bash
-COPY nginx.conf /etc/nginx/nginx.conf
-
-COPY update.sh /update.sh
-RUN chmod +x /update.sh
-
-# Add the cron job to run every 30 minutes
-# Redirecting to /proc/1/fd/1 ensures the script's echo statements show up in `docker logs`
-RUN echo "*/30 * * * * bash /update.sh > /proc/1/fd/1 2>&1" > /etc/crontabs/root
-
-# Start the cron daemon in the background (-b) and nginx in the foreground
-CMD crond -b && nginx -g 'daemon off;'
@@ -0,0 +1,13 @@
+server {
+    listen 8080;
+    server_name = fdroid.julian-mutter.de;
+
+    location = / {
+        return 302 /fdroid/repo;
+    }
+
+    location /fdroid/repo {
+        alias /repo/fdroid/repo/;
+        autoindex on;
+    }
+}
@@ -1,17 +0,0 @@
-events {}
-http {
-    server {
-        listen 80;
-        server_name = fdroid.julian-mutter.de;
-
-        location = / {
-            return 302 /fdroid/repo;
-        }
-
-        location /fdroid/repo {
-            alias /repo/fdroid/repo/;
-            autoindex on;
-        }
-    }
-}
-
@@ -1,12 +1,17 @@
-#! /bin/bash
+#!/usr/bin/env bash

-if [ ! -d "/code/.git" ]; then
+# Config
+REPO_URL="https://gitlab.julian-mutter.de/julian/fdroid-frajul"
+BRANCH="master"
+
+if [ ! -d "./code/.git" ]; then
    echo "Performing initial setup!"
-    mkdir /code
+    echo "Current working directory: $(pwd)"
+    mkdir ./code
    echo "Cloning repository..."
-    git clone --branch "$BRANCH" "$REPO_URL" "/code"
+    git clone --branch "$BRANCH" "$REPO_URL" "./code"
    echo "Decrypting secrets..."
-    cd /code
+    cd ./code
    ./scripts/decrypt.sh
    echo "Done"
 fi
@@ -14,7 +19,7 @@ fi
 echo "Running regular repo update..."
 echo ""

-cd "/code"
+cd "./code"
 git fetch origin
 LOCAL=$(git rev-parse HEAD)
 REMOTE=$(git rev-parse "origin/$BRANCH")
@@ -56,7 +56,6 @@ while IFS=$'\t' read -r TAG DOWNLOAD_URL; do

        curl -sL -o "$LOCAL_FILE" "$DOWNLOAD_URL"

-        echo "Set var to true"
        UPDATE_TRIGGERED=true
    fi