-
Notifications
You must be signed in to change notification settings - Fork 0
/
deploy.nix
65 lines (60 loc) · 2.07 KB
/
deploy.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
{
nixipfs = { pkgs, ... }: let
nixipfs-scripts = import (pkgs.fetchFromGitHub {
owner = "nixipfs";
repo = "nixipfs-scripts";
rev = "4021e7db8436625122e388d0c5d6cc5d30a13309";
sha256 = "1fqaq7k1q4f55q7rd2dlyxjm8dv4r4675dnqmywydddlvnmrmlkk";
}) { inherit pkgs; };
folder = "/srv";
in {
deployment.targetEnv = "container";
#deployment.container.host = "your.host.if.not.localhost";
environment.systemPackages = [ pkgs.ipfs pkgs.tmux pkgs.iftop pkgs.atop ];
users.extraUsers.nixipfs = { home = folder; group = "nixipfs"; };
users.extraGroups.nixipfs = {};
networking.firewall = {
allowedTCPPorts = [ 4001 ];
};
services.ipfs = {
enable = true;
emptyRepo = true;
};
systemd.tmpfiles.rules = [ "d ${folder} 0755 nixipfs nixipfs -" ];
systemd.services."update-nixos-release" = {
path = [ pkgs.bash pkgs.ipfs nixipfs-scripts.generate_programs_index ];
environment.SHELL = "${pkgs.bash}/bin/bash";
serviceConfig = {
Type = "oneshot";
PermissionsStartOnly = true;
User = "nixipfs";
Group = "nixipfs";
ExecStart = let
releaseCfg = pkgs.writeText "nixos_release.json" (builtins.toJSON {
hydra = "https://hydra.nixos.org";
cache = "https://cache.nixos.org";
target_cache = "http://cache.nixos.community";
max_threads = 69;
releases = [
{
"channel" = "nixos-17.03-small";
"project" = "nixos";
"jobset" = "release-17.03-small";
"keep" = 7;
}
{
"channel" = "nixos-17.03";
"project" = "nixos";
"jobset" = "release-17.03";
"keep" = 7;
}
];
});
in "${nixipfs-scripts.nixipfs}/bin/release_nixos --config ${releaseCfg} --ipfsapi 127.0.0.1 5001 --dir ${folder} --tmpdir /tmp";
PrivateTmp = true;
PrivateDevices = true;
WorkingDirectory = folder;
};
};
};
}