Remove init containers
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
@@ -159,38 +159,14 @@ in
|
|||||||
};
|
};
|
||||||
|
|
||||||
containers = {
|
containers = {
|
||||||
authelia-init = {
|
|
||||||
containerConfig = {
|
|
||||||
image = "docker-archive:${selfPkgs.docker-yq}";
|
|
||||||
volumes =
|
|
||||||
let
|
|
||||||
entrypoint = pkgs.writeTextFile {
|
|
||||||
name = "entrypoint.sh";
|
|
||||||
executable = true;
|
|
||||||
text = builtins.readFile ./init-entrypoint.sh;
|
|
||||||
};
|
|
||||||
in
|
|
||||||
[
|
|
||||||
"${volumes.authelia.ref}:/etc/authelia"
|
|
||||||
"${hmConfig.sops.templates.authelia-users.path}:/etc/authelia/users.yaml.default:ro"
|
|
||||||
"${hmConfig.sops.templates.authelia.path}:/etc/authelia/conf.d/authelia.yaml:ro"
|
|
||||||
"${entrypoint}:/entrypoint.sh:ro"
|
|
||||||
];
|
|
||||||
entrypoint = "/entrypoint.sh";
|
|
||||||
};
|
|
||||||
|
|
||||||
serviceConfig = {
|
|
||||||
Type = "oneshot";
|
|
||||||
Restart = "on-failure";
|
|
||||||
};
|
|
||||||
|
|
||||||
unitConfig.After = [ "sops-nix.service" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
authelia = {
|
authelia = {
|
||||||
containerConfig = {
|
containerConfig = {
|
||||||
image = "docker-archive:${selfPkgs.docker-authelia}";
|
image = "docker-archive:${selfPkgs.docker-authelia}";
|
||||||
volumes = [ "${volumes.authelia.ref}:/etc/authelia" ];
|
volumes = [
|
||||||
|
"${volumes.authelia.ref}:/etc/authelia"
|
||||||
|
"${hmConfig.sops.templates.authelia-users.path}:/etc/authelia/users.yaml.default:ro"
|
||||||
|
"${hmConfig.sops.templates.authelia.path}:/etc/authelia/conf.d/authelia.yaml:ro"
|
||||||
|
];
|
||||||
networks = [
|
networks = [
|
||||||
networks.authelia.ref
|
networks.authelia.ref
|
||||||
networks.traefik.ref
|
networks.traefik.ref
|
||||||
@@ -207,7 +183,6 @@ in
|
|||||||
};
|
};
|
||||||
|
|
||||||
unitConfig.After = [
|
unitConfig.After = [
|
||||||
"${containers.authelia-init._serviceName}.service"
|
|
||||||
"${containers.authelia-postgresql._serviceName}.service"
|
"${containers.authelia-postgresql._serviceName}.service"
|
||||||
"${containers.authelia-redis._serviceName}.service"
|
"${containers.authelia-redis._serviceName}.service"
|
||||||
"sops-nix.service"
|
"sops-nix.service"
|
||||||
@@ -236,7 +211,7 @@ in
|
|||||||
exec = [ "--save 60 1" ];
|
exec = [ "--save 60 1" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
prometheus-init.containerConfig.volumes =
|
prometheus.containerConfig.volumes =
|
||||||
let
|
let
|
||||||
autheliaConfig = (pkgs.formats.yaml { }).generate "authelia.yaml" {
|
autheliaConfig = (pkgs.formats.yaml { }).generate "authelia.yaml" {
|
||||||
scrape_configs =
|
scrape_configs =
|
||||||
|
|||||||
@@ -1,10 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
set -o errexit
|
|
||||||
set -o nounset
|
|
||||||
|
|
||||||
touch /etc/authelia/users.yaml
|
|
||||||
# shellcheck disable=SC2016
|
|
||||||
yq eval-all '. as $item ireduce ({}; . * $item)' /etc/authelia/users.yaml /etc/authelia/users.yaml.default -i
|
|
||||||
# shellcheck disable=SC2016
|
|
||||||
yq eval-all '. as $item ireduce ({}; . *+ $item)' /etc/authelia/conf.d/*.yaml > /etc/authelia/configuration.yaml
|
|
||||||
@@ -258,7 +258,7 @@ in
|
|||||||
unitConfig.After = [ "sops-nix.service" ];
|
unitConfig.After = [ "sops-nix.service" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
authelia-init.containerConfig.volumes = [
|
authelia.containerConfig.volumes = [
|
||||||
"${hmConfig.sops.templates.authelia-gitea.path}:/etc/authelia/conf.d/gitea.yaml:ro"
|
"${hmConfig.sops.templates.authelia-gitea.path}:/etc/authelia/conf.d/gitea.yaml:ro"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|||||||
@@ -147,7 +147,7 @@ in
|
|||||||
networks = [ networks.grafana.ref ];
|
networks = [ networks.grafana.ref ];
|
||||||
};
|
};
|
||||||
|
|
||||||
authelia-init.containerConfig.volumes = [
|
authelia.containerConfig.volumes = [
|
||||||
"${hmConfig.sops.templates.authelia-grafana.path}:/etc/authelia/conf.d/grafana.yaml:ro"
|
"${hmConfig.sops.templates.authelia-grafana.path}:/etc/authelia/conf.d/grafana.yaml:ro"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|||||||
@@ -123,7 +123,7 @@ in
|
|||||||
unitConfig.After = [ "sops-nix.service" ];
|
unitConfig.After = [ "sops-nix.service" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
authelia-init.containerConfig.volumes = [
|
authelia.containerConfig.volumes = [
|
||||||
"${hmConfig.sops.templates.authelia-jellyfin.path}:/etc/authelia/conf.d/jellyfin.yaml:ro"
|
"${hmConfig.sops.templates.authelia-jellyfin.path}:/etc/authelia/conf.d/jellyfin.yaml:ro"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|||||||
@@ -222,7 +222,7 @@ in
|
|||||||
unitConfig.After = [ "sops-nix.service" ];
|
unitConfig.After = [ "sops-nix.service" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
authelia-init.containerConfig.volumes = [
|
authelia.containerConfig.volumes = [
|
||||||
"${hmConfig.sops.templates.authelia-nextcloud.path}:/etc/authelia/conf.d/nextcloud.yaml:ro"
|
"${hmConfig.sops.templates.authelia-nextcloud.path}:/etc/authelia/conf.d/nextcloud.yaml:ro"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|||||||
@@ -122,7 +122,7 @@ in
|
|||||||
unitConfig.After = [ "sops-nix.service" ];
|
unitConfig.After = [ "sops-nix.service" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
prometheus-init.containerConfig.volumes =
|
prometheus.containerConfig.volumes =
|
||||||
let
|
let
|
||||||
ntfyConfig = (pkgs.formats.yaml { }).generate "ntfy.yaml" {
|
ntfyConfig = (pkgs.formats.yaml { }).generate "ntfy.yaml" {
|
||||||
scrape_configs =
|
scrape_configs =
|
||||||
|
|||||||
@@ -160,7 +160,7 @@ in
|
|||||||
exec = [ "--save 60 1" ];
|
exec = [ "--save 60 1" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
authelia-init.containerConfig.volumes = [
|
authelia.containerConfig.volumes = [
|
||||||
"${hmConfig.sops.templates.authelia-outline.path}:/etc/authelia/conf.d/outline.yaml:ro"
|
"${hmConfig.sops.templates.authelia-outline.path}:/etc/authelia/conf.d/outline.yaml:ro"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|||||||
@@ -80,7 +80,7 @@ in
|
|||||||
|
|
||||||
home-manager.users.${user} =
|
home-manager.users.${user} =
|
||||||
let
|
let
|
||||||
inherit (hmConfig.virtualisation.quadlet) volumes containers networks;
|
inherit (hmConfig.virtualisation.quadlet) volumes networks;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
virtualisation.quadlet = {
|
virtualisation.quadlet = {
|
||||||
@@ -119,165 +119,140 @@ in
|
|||||||
exec = [ "--collector.enable-all" ];
|
exec = [ "--collector.enable-all" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
prometheus-init =
|
prometheus.containerConfig = {
|
||||||
let
|
image = "docker-archive:${selfPkgs.docker-prometheus}";
|
||||||
prometheusConfig = (pkgs.formats.yaml { }).generate "prometheus.yaml" {
|
volumes =
|
||||||
global.scrape_interval = "15s";
|
let
|
||||||
|
prometheusConfig = (pkgs.formats.yaml { }).generate "prometheus.yaml" {
|
||||||
|
global.scrape_interval = "15s";
|
||||||
|
|
||||||
scrape_configs =
|
scrape_configs =
|
||||||
let
|
let
|
||||||
hostname = config.networking.hostName;
|
hostname = config.networking.hostName;
|
||||||
jupiterVpsHostname = jupiterVpsConfig.networking.hostName;
|
jupiterVpsHostname = jupiterVpsConfig.networking.hostName;
|
||||||
in
|
in
|
||||||
[
|
[
|
||||||
{
|
{
|
||||||
job_name = "${hostname}-node-exporter";
|
job_name = "${hostname}-node-exporter";
|
||||||
static_configs = [
|
static_configs = [
|
||||||
{
|
{
|
||||||
targets = [ "host.containers.internal:9100" ];
|
targets = [ "host.containers.internal:9100" ];
|
||||||
labels = {
|
labels = {
|
||||||
app = "node-exporter";
|
app = "node-exporter";
|
||||||
user = "root";
|
user = "root";
|
||||||
inherit hostname;
|
inherit hostname;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
targets = [ "prometheus-node-exporter:9100" ];
|
targets = [ "prometheus-node-exporter:9100" ];
|
||||||
labels = {
|
labels = {
|
||||||
app = "node-exporter";
|
app = "node-exporter";
|
||||||
inherit user hostname;
|
inherit user hostname;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
job_name = "${hostname}-podman-exporter";
|
job_name = "${hostname}-podman-exporter";
|
||||||
static_configs = [
|
static_configs = [
|
||||||
{
|
{
|
||||||
targets = [ "host.containers.internal:9882" ];
|
targets = [ "host.containers.internal:9882" ];
|
||||||
labels = {
|
labels = {
|
||||||
app = "podman-exporter";
|
app = "podman-exporter";
|
||||||
user = "root";
|
user = "root";
|
||||||
inherit hostname;
|
inherit hostname;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
targets = [ "prometheus-podman-exporter:9882" ];
|
targets = [ "prometheus-podman-exporter:9882" ];
|
||||||
labels = {
|
labels = {
|
||||||
app = "podman-exporter";
|
app = "podman-exporter";
|
||||||
inherit user hostname;
|
inherit user hostname;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
job_name = "${hostname}-fail2ban-exporter";
|
job_name = "${hostname}-fail2ban-exporter";
|
||||||
static_configs = [
|
static_configs = [
|
||||||
{
|
{
|
||||||
targets = [ "host.containers.internal:9191" ];
|
targets = [ "host.containers.internal:9191" ];
|
||||||
labels = {
|
labels = {
|
||||||
app = "fail2ban-exporter";
|
app = "fail2ban-exporter";
|
||||||
user = "root";
|
user = "root";
|
||||||
inherit hostname;
|
inherit hostname;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
job_name = "${hostname}-smartctl-exporter";
|
job_name = "${hostname}-smartctl-exporter";
|
||||||
static_configs = [
|
static_configs = [
|
||||||
{
|
{
|
||||||
targets = [ "host.containers.internal:9633" ];
|
targets = [ "host.containers.internal:9633" ];
|
||||||
labels = {
|
labels = {
|
||||||
app = "smartctl-exporter";
|
app = "smartctl-exporter";
|
||||||
user = "root";
|
user = "root";
|
||||||
inherit hostname;
|
inherit hostname;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
job_name = "${jupiterVpsHostname}-node-exporter";
|
job_name = "${jupiterVpsHostname}-node-exporter";
|
||||||
static_configs = [
|
static_configs = [
|
||||||
{
|
{
|
||||||
targets = [ "10.0.0.1:9100" ];
|
targets = [ "10.0.0.1:9100" ];
|
||||||
labels = {
|
labels = {
|
||||||
app = "node-exporter";
|
app = "node-exporter";
|
||||||
user = "root";
|
user = "root";
|
||||||
hostname = jupiterVpsHostname;
|
hostname = jupiterVpsHostname;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
job_name = "${jupiterVpsHostname}-podman-exporter";
|
job_name = "${jupiterVpsHostname}-podman-exporter";
|
||||||
static_configs = [
|
static_configs = [
|
||||||
{
|
{
|
||||||
targets = [ "10.0.0.1:9882" ];
|
targets = [ "10.0.0.1:9882" ];
|
||||||
labels = {
|
labels = {
|
||||||
app = "podman-exporter";
|
app = "podman-exporter";
|
||||||
user = "root";
|
user = "root";
|
||||||
hostname = jupiterVpsHostname;
|
hostname = jupiterVpsHostname;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
job_name = "${jupiterVpsHostname}-fail2ban-exporter";
|
job_name = "${jupiterVpsHostname}-fail2ban-exporter";
|
||||||
static_configs = [
|
static_configs = [
|
||||||
{
|
{
|
||||||
targets = [ "10.0.0.1:9191" ];
|
targets = [ "10.0.0.1:9191" ];
|
||||||
labels = {
|
labels = {
|
||||||
app = "fail2ban-exporter";
|
app = "fail2ban-exporter";
|
||||||
user = "root";
|
user = "root";
|
||||||
hostname = jupiterVpsHostname;
|
hostname = jupiterVpsHostname;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
{
|
[
|
||||||
containerConfig = {
|
"${prometheusConfig}:/etc/prometheus/conf.d/prometheus.yaml"
|
||||||
image = "docker-archive:${selfPkgs.docker-yq}";
|
|
||||||
volumes = [
|
|
||||||
"${volumes.prometheus-config.ref}:/etc/prometheus"
|
|
||||||
"${prometheusConfig}:/etc/prometheus/conf.d/prometheus.yaml"
|
|
||||||
];
|
|
||||||
entrypoint = "/bin/bash";
|
|
||||||
exec = [
|
|
||||||
"-c"
|
|
||||||
"yq eval-all '. as $item ireduce ({}; . *+ $item)' /etc/prometheus/conf.d/*.yaml > /etc/prometheus/prometheus.yaml"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
serviceConfig = {
|
|
||||||
Type = "oneshot";
|
|
||||||
Restart = "on-failure";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
prometheus = {
|
|
||||||
containerConfig = {
|
|
||||||
image = "docker-archive:${selfPkgs.docker-prometheus}";
|
|
||||||
volumes = [
|
|
||||||
"${volumes.prometheus-config.ref}:/etc/prometheus"
|
"${volumes.prometheus-config.ref}:/etc/prometheus"
|
||||||
"${volumes.prometheus-data.ref}:/var/lib/prometheus"
|
"${volumes.prometheus-data.ref}:/var/lib/prometheus"
|
||||||
];
|
];
|
||||||
networks = [
|
networks = [
|
||||||
networks.prometheus.ref
|
networks.prometheus.ref
|
||||||
networks.grafana.ref
|
networks.grafana.ref
|
||||||
];
|
];
|
||||||
exec = [
|
exec = [
|
||||||
"--log.level=warn"
|
"--log.level=warn"
|
||||||
"--config.file=/etc/prometheus/prometheus.yaml"
|
"--storage.tsdb.retention.time=1y"
|
||||||
"--storage.tsdb.path=/var/lib/prometheus"
|
];
|
||||||
"--storage.tsdb.retention.time=1y"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
unitConfig.After = [ "${containers.prometheus-init._serviceName}.service" ];
|
|
||||||
};
|
};
|
||||||
|
|
||||||
grafana.containerConfig.volumes =
|
grafana.containerConfig.volumes =
|
||||||
|
|||||||
@@ -122,7 +122,7 @@ in
|
|||||||
unitConfig.After = [ "sops-nix.service" ];
|
unitConfig.After = [ "sops-nix.service" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
authelia-init.containerConfig.volumes =
|
authelia.containerConfig.volumes =
|
||||||
let
|
let
|
||||||
config = (pkgs.formats.yaml { }).generate "shlink.yaml" {
|
config = (pkgs.formats.yaml { }).generate "shlink.yaml" {
|
||||||
access_control.rules = [
|
access_control.rules = [
|
||||||
|
|||||||
@@ -133,7 +133,7 @@ in
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
authelia-init.containerConfig.volumes =
|
authelia.containerConfig.volumes =
|
||||||
let
|
let
|
||||||
config = (pkgs.formats.yaml { }).generate "traefik.yaml" {
|
config = (pkgs.formats.yaml { }).generate "traefik.yaml" {
|
||||||
access_control.rules = [
|
access_control.rules = [
|
||||||
@@ -147,7 +147,7 @@ in
|
|||||||
in
|
in
|
||||||
[ "${config}:/etc/authelia/conf.d/traefik.yaml:ro" ];
|
[ "${config}:/etc/authelia/conf.d/traefik.yaml:ro" ];
|
||||||
|
|
||||||
prometheus-init.containerConfig.volumes =
|
prometheus.containerConfig.volumes =
|
||||||
let
|
let
|
||||||
traefikConfig = (pkgs.formats.yaml { }).generate "traefik.yaml" {
|
traefikConfig = (pkgs.formats.yaml { }).generate "traefik.yaml" {
|
||||||
scrape_configs =
|
scrape_configs =
|
||||||
|
|||||||
@@ -63,7 +63,7 @@ in
|
|||||||
unitConfig.After = [ "sops-nix.service" ];
|
unitConfig.After = [ "sops-nix.service" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
authelia-init.containerConfig.volumes =
|
authelia.containerConfig.volumes =
|
||||||
let
|
let
|
||||||
config = (pkgs.formats.yaml { }).generate "transmission.yaml" {
|
config = (pkgs.formats.yaml { }).generate "transmission.yaml" {
|
||||||
access_control.rules = [
|
access_control.rules = [
|
||||||
|
|||||||
@@ -144,7 +144,7 @@ in
|
|||||||
unitConfig.After = [ "sops-nix.service" ];
|
unitConfig.After = [ "sops-nix.service" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
authelia-init.containerConfig.volumes = [
|
authelia.containerConfig.volumes = [
|
||||||
"${hmConfig.sops.templates.authelia-vaultwarden.path}:/etc/authelia/conf.d/vaultwarden.yaml:ro"
|
"${hmConfig.sops.templates.authelia-vaultwarden.path}:/etc/authelia/conf.d/vaultwarden.yaml:ro"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|||||||
@@ -39,7 +39,6 @@
|
|||||||
docker-traefik = import ./docker/traefik { inherit pkgs; };
|
docker-traefik = import ./docker/traefik { inherit pkgs; };
|
||||||
docker-transmission-protonvpn = import ./docker/transmission-protonvpn { inherit pkgs; };
|
docker-transmission-protonvpn = import ./docker/transmission-protonvpn { inherit pkgs; };
|
||||||
docker-whoami = import ./docker/whoami { inherit pkgs; };
|
docker-whoami = import ./docker/whoami { inherit pkgs; };
|
||||||
docker-yq = import ./docker/yq { inherit pkgs; };
|
|
||||||
|
|
||||||
jellyfin-plugin-bookshelf = import ./jellyfin/plugins/bookshelf { inherit pkgs; };
|
jellyfin-plugin-bookshelf = import ./jellyfin/plugins/bookshelf { inherit pkgs; };
|
||||||
jellyfin-plugin-intro-skipper = import ./jellyfin/plugins/intro-skipper { inherit pkgs; };
|
jellyfin-plugin-intro-skipper = import ./jellyfin/plugins/intro-skipper { inherit pkgs; };
|
||||||
|
|||||||
@@ -1,20 +1,28 @@
|
|||||||
{ pkgs, ... }:
|
{ pkgs, ... }:
|
||||||
|
let
|
||||||
|
entrypoint = pkgs.writeTextFile {
|
||||||
|
name = "entrypoint";
|
||||||
|
executable = true;
|
||||||
|
destination = "/bin/entrypoint";
|
||||||
|
text = builtins.readFile ./entrypoint.sh;
|
||||||
|
};
|
||||||
|
in
|
||||||
pkgs.dockerTools.buildImage {
|
pkgs.dockerTools.buildImage {
|
||||||
name = "authelia";
|
name = "authelia";
|
||||||
fromImage = import ../base { inherit pkgs; };
|
fromImage = import ../base { inherit pkgs; };
|
||||||
|
|
||||||
copyToRoot = pkgs.buildEnv {
|
copyToRoot = pkgs.buildEnv {
|
||||||
name = "root";
|
name = "root";
|
||||||
paths = with pkgs; [ authelia ];
|
paths = with pkgs; [
|
||||||
|
entrypoint
|
||||||
|
authelia
|
||||||
|
yq-go
|
||||||
|
];
|
||||||
pathsToLink = [ "/bin" ];
|
pathsToLink = [ "/bin" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
config = {
|
config = {
|
||||||
Entrypoint = [ "authelia" ];
|
Entrypoint = [ "entrypoint" ];
|
||||||
Cmd = [
|
|
||||||
"--config"
|
|
||||||
"/etc/authelia/configuration.yaml"
|
|
||||||
];
|
|
||||||
ExposedPorts = {
|
ExposedPorts = {
|
||||||
"9091/tcp" = { };
|
"9091/tcp" = { };
|
||||||
};
|
};
|
||||||
|
|||||||
19
packages/docker/authelia/entrypoint.sh
Normal file
19
packages/docker/authelia/entrypoint.sh
Normal file
@@ -0,0 +1,19 @@
|
|||||||
|
#!/usr/bin/env sh
|
||||||
|
|
||||||
|
set -o errexit
|
||||||
|
set -o nounset
|
||||||
|
|
||||||
|
if [ -f /etc/authelia/users.yaml.default ]; then
|
||||||
|
touch /etc/authelia/users.yaml
|
||||||
|
# shellcheck disable=SC2016
|
||||||
|
yq eval-all '. as $item ireduce ({}; . * $item)' /etc/authelia/users.yaml /etc/authelia/users.yaml.default -i
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -d /etc/authelia/conf.d ]; then
|
||||||
|
# shellcheck disable=SC2016
|
||||||
|
yq eval-all '. as $item ireduce ({}; . *+ $item)' /etc/authelia/conf.d/*.yaml > /etc/authelia/configuration.yaml
|
||||||
|
fi
|
||||||
|
|
||||||
|
exec authelia \
|
||||||
|
--config /etc/authelia/configuration.yaml \
|
||||||
|
"$@"
|
||||||
@@ -1,21 +1,34 @@
|
|||||||
{ pkgs, ... }:
|
{ pkgs, ... }:
|
||||||
|
let
|
||||||
|
entrypoint = pkgs.writeTextFile {
|
||||||
|
name = "entrypoint";
|
||||||
|
executable = true;
|
||||||
|
destination = "/bin/entrypoint";
|
||||||
|
text = builtins.readFile ./entrypoint.sh;
|
||||||
|
};
|
||||||
|
in
|
||||||
pkgs.dockerTools.buildImage {
|
pkgs.dockerTools.buildImage {
|
||||||
name = "prometheus";
|
name = "prometheus";
|
||||||
fromImage = import ../base { inherit pkgs; };
|
fromImage = import ../base { inherit pkgs; };
|
||||||
|
|
||||||
copyToRoot = pkgs.buildEnv {
|
copyToRoot = pkgs.buildEnv {
|
||||||
name = "root";
|
name = "root";
|
||||||
paths = with pkgs; [ prometheus ];
|
paths = with pkgs; [
|
||||||
|
entrypoint
|
||||||
|
prometheus
|
||||||
|
yq-go
|
||||||
|
];
|
||||||
pathsToLink = [ "/bin" ];
|
pathsToLink = [ "/bin" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
config = {
|
config = {
|
||||||
Entrypoint = [ "prometheus" ];
|
Entrypoint = [ "entrypoint" ];
|
||||||
ExposedPorts = {
|
ExposedPorts = {
|
||||||
"9090/tcp" = { };
|
"9090/tcp" = { };
|
||||||
};
|
};
|
||||||
WorkingDir = "/var/lib/prometheus";
|
WorkingDir = "/var/lib/prometheus";
|
||||||
Volumes = {
|
Volumes = {
|
||||||
|
"/etc/prometheus" = { };
|
||||||
"/var/lib/prometheus" = { };
|
"/var/lib/prometheus" = { };
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|||||||
14
packages/docker/prometheus/entrypoint.sh
Normal file
14
packages/docker/prometheus/entrypoint.sh
Normal file
@@ -0,0 +1,14 @@
|
|||||||
|
#!/usr/bin/env sh
|
||||||
|
|
||||||
|
set -o errexit
|
||||||
|
set -o nounset
|
||||||
|
|
||||||
|
if [ -d /etc/prometheus/conf.d ]; then
|
||||||
|
# shellcheck disable=SC2016
|
||||||
|
yq eval-all '. as $item ireduce ({}; . *+ $item)' /etc/prometheus/conf.d/*.yaml > /etc/prometheus/prometheus.yaml
|
||||||
|
fi
|
||||||
|
|
||||||
|
exec prometheus \
|
||||||
|
--config.file=/etc/prometheus/prometheus.yaml \
|
||||||
|
--storage.tsdb.path=/var/lib/prometheus \
|
||||||
|
"$@"
|
||||||
@@ -1,15 +0,0 @@
|
|||||||
{ pkgs, ... }:
|
|
||||||
pkgs.dockerTools.buildImage {
|
|
||||||
name = "yq";
|
|
||||||
fromImage = import ../base { inherit pkgs; };
|
|
||||||
|
|
||||||
copyToRoot = pkgs.buildEnv {
|
|
||||||
name = "root";
|
|
||||||
paths = with pkgs; [ yq-go ];
|
|
||||||
pathsToLink = [ "/bin" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
config = {
|
|
||||||
Entrypoint = [ "yq" ];
|
|
||||||
};
|
|
||||||
}
|
|
||||||
Reference in New Issue
Block a user