julian/fdroid-frajul
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Move docker creation over to devenv

Browse Source 
This is not ideal, since devenv is more for creating development
environments, but it works
This commit is contained in:
Julian Mutter
2026-06-13 14:55:37 +02:00
parent 86d390f621
commit 64b2588dd2
8 changed files with 99 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files
devenv.lock
+37
View File
@@ -17,6 +17,41 @@
"type": "github" "type": "github"
} }
}, },
"mk-shell-bin": {
"locked": {
"lastModified": 1677004959,
"narHash": "sha256-/uEkr1UkJrh11vD02aqufCxtbF5YnhRTIKlx5kyvf+I=",
"owner": "rrbutani",
"repo": "nix-mk-shell-bin",
"rev": "ff5d8bd4d68a347be5042e2f16caee391cd75887",
"type": "github"
},
"original": {
"owner": "rrbutani",
"repo": "nix-mk-shell-bin",
"type": "github"
}
},
"nix2container": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1775487831,
"narHash": "sha256-2lguQpLPQaxpQCJjXhmEEAfabwsAhkP29Z7fgLzHARA=",
"owner": "nlewo",
"repo": "nix2container",
"rev": "76be9608a7f4d6c985d28b0e7be903ae2547df3e",
"type": "github"
},
"original": {
"owner": "nlewo",
"repo": "nix2container",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"inputs": { "inputs": {
"nixpkgs-src": "nixpkgs-src" "nixpkgs-src": "nixpkgs-src"
@@ -56,6 +91,8 @@
"root": { "root": {
"inputs": { "inputs": {
"devenv": "devenv", "devenv": "devenv",
"mk-shell-bin": "mk-shell-bin",
"nix2container": "nix2container",
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
} }
} }
devenv.nix
+31 -3
View File
@@ -1,13 +1,41 @@
{pkgs, ...}: { {pkgs, ...}: {
packages = with pkgs; [ packages = with pkgs; [
coreutils
curl
fdroidserver fdroidserver
sops sops
git
cacert
jq
]; ];
scripts = { scripts = {
decrypt.exec = '' deploy-docker.exec = ''
sops -d fdroid/encrypted-config.yml > fdroid/config.yml devenv container copy processes
sops -d fdroid/encrypted-keystore.p12 > fdroid/keystore.p12
''; '';
}; };
services.nginx = {
enable = true;
httpConfig = builtins.readFile ./hosting/nginx-http.conf;
};
processes.updater.exec = ''
while true; do
${pkgs.writeShellScript "run-updater" (builtins.readFile ./hosting/update.sh)}
echo "Sleeping for 30 minutes..."
sleep 1800
done
'';
# environment variables for sops
# SOPS_PGP_FP
containers."processes" = {
name = "gitlab.julian-mutter.de/julian/fdroid-frajul";
registry = "docker://";
copyToRoot = []; # avoid copying this repo
maxLayers = 10;
};
} }
devenv.yaml
+7 -12
View File
@@ -1,15 +1,10 @@
# yaml-language-server: $schema=https://devenv.sh/devenv.schema.json inputs:
mk-shell-bin:
url: github:rrbutani/nix-mk-shell-bin
nix2container:
url: github:nlewo/nix2container
inputs: inputs:
nixpkgs:
follows: nixpkgs
nixpkgs: nixpkgs:
url: github:cachix/devenv-nixpkgs/rolling url: github:cachix/devenv-nixpkgs/rolling
# If you're using non-OSS software, you can set allowUnfree to true.
# allowUnfree: true
# If you're willing to use a package that's vulnerable
# permittedInsecurePackages:
# - "openssl-1.1.1w"
# If you have more than one devenv you can merge them
#imports:
# - ./backend
hosting/Dockerfile
-18
View File
@@ -1,18 +0,0 @@
# environment variables necessary to run:
# REPO_URL the url of this repo
# BRANCH the branch to work at
FROM nginx:alpine
RUN apk add --no-cache git bash
COPY nginx.conf /etc/nginx/nginx.conf
COPY update.sh /update.sh
RUN chmod +x /update.sh
# Add the cron job to run every 30 minutes
# Redirecting to /proc/1/fd/1 ensures the script's echo statements show up in `docker logs`
RUN echo "*/30 * * * * bash /update.sh > /proc/1/fd/1 2>&1" > /etc/crontabs/root
# Start the cron daemon in the background (-b) and nginx in the foreground
CMD crond -b && nginx -g 'daemon off;'
hosting/nginx-http.conf
+13
View File
@@ -0,0 +1,13 @@
server {
listen 8080;
server_name = fdroid.julian-mutter.de;
location = / {
return 302 /fdroid/repo;
}
location /fdroid/repo {
alias /repo/fdroid/repo/;
autoindex on;
}
}
hosting/nginx.conf
-17
View File
@@ -1,17 +0,0 @@
events {}
http {
server {
listen 80;
server_name = fdroid.julian-mutter.de;
location = / {
return 302 /fdroid/repo;
}
location /fdroid/repo {
alias /repo/fdroid/repo/;
autoindex on;
}
}
}
hosting/update.sh
Regular → Executable
+11 -6
View File
@@ -1,12 +1,17 @@
#! /bin/bash #!/usr/bin/env bash
if [ ! -d "/code/.git" ]; then # Config
REPO_URL="https://gitlab.julian-mutter.de/julian/fdroid-frajul"
BRANCH="master"
if [ ! -d "./code/.git" ]; then
echo "Performing initial setup!" echo "Performing initial setup!"
mkdir /code echo "Current working directory: $(pwd)"
mkdir ./code
echo "Cloning repository..." echo "Cloning repository..."
git clone --branch "$BRANCH" "$REPO_URL" "/code" git clone --branch "$BRANCH" "$REPO_URL" "./code"
echo "Decrypting secrets..." echo "Decrypting secrets..."
cd /code cd ./code
./scripts/decrypt.sh ./scripts/decrypt.sh
echo "Done" echo "Done"
fi fi
@@ -14,7 +19,7 @@ fi
echo "Running regular repo update..." echo "Running regular repo update..."
echo "" echo ""
cd "/code" cd "./code"
git fetch origin git fetch origin
LOCAL=$(git rev-parse HEAD) LOCAL=$(git rev-parse HEAD)
REMOTE=$(git rev-parse "origin/$BRANCH") REMOTE=$(git rev-parse "origin/$BRANCH")
scripts/apk-update-scripts/sheetless.sh
-1
View File
@@ -56,7 +56,6 @@ while IFS=$'\t' read -r TAG DOWNLOAD_URL; do
curl -sL -o "$LOCAL_FILE" "$DOWNLOAD_URL" curl -sL -o "$LOCAL_FILE" "$DOWNLOAD_URL"
echo "Set var to true"
UPDATE_TRIGGERED=true UPDATE_TRIGGERED=true
fi fi