Oleks
067e55eb24
ci/woodpecker/push/woodpecker Pipeline was successful
cp from ${angie}/conf preserves read-only permissions from the nix
store, so cp -f failed when overlaying the custom main config.
90 lines
2.9 KiB
Nix
90 lines
2.9 KiB
Nix
{
|
|
description = "Angie web server (aarch64) — OCI image for Gitea registry";
|
|
|
|
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
|
|
|
|
outputs =
|
|
{ self, nixpkgs }:
|
|
let
|
|
system = "aarch64-linux";
|
|
pkgs = import nixpkgs { inherit system; };
|
|
|
|
# nixpkgs ships angie compiled against `--prefix=/etc/angie` and
|
|
# `--http-log-path=/var/log/angie/access.log`; the package's `bin/angie`
|
|
# already knows where to look for its main config (/etc/angie/angie.conf).
|
|
inherit (pkgs) angie;
|
|
|
|
# Stock main config: turns on http and includes whatever drop-ins the
|
|
# chart mounts at /etc/angie/http.d/*.conf — same idiom as the alpine
|
|
# nginx image's /etc/nginx/conf.d/.
|
|
mainConf = pkgs.writeText "angie.conf" ''
|
|
# Run as root in the container — fakeNss doesn't ship a "nogroup"
|
|
# group, which is the compiled-in default group for this angie build,
|
|
# and the worker would refuse to start otherwise.
|
|
user root;
|
|
worker_processes auto;
|
|
error_log /var/log/nginx/error.log notice;
|
|
pid /run/angie.pid;
|
|
|
|
events { worker_connections 1024; }
|
|
|
|
http {
|
|
include ${angie}/conf/mime.types;
|
|
default_type application/octet-stream;
|
|
|
|
sendfile on;
|
|
keepalive_timeout 65;
|
|
|
|
access_log /var/log/angie/access.log;
|
|
|
|
include /etc/angie/http.d/*.conf;
|
|
}
|
|
'';
|
|
|
|
image = pkgs.dockerTools.streamLayeredImage {
|
|
name = "angie";
|
|
tag = angie.version;
|
|
contents = with pkgs; [
|
|
angie
|
|
cacert
|
|
dockerTools.fakeNss
|
|
coreutils
|
|
bash
|
|
];
|
|
# Writable runtime dirs. /var/log/nginx is the compiled-in path for
|
|
# angie (matches nixpkgs' nginx build flags); the chart's main config
|
|
# also writes pid to /run.
|
|
extraCommands = ''
|
|
mkdir -p var/log/nginx var/cache/angie var/lib/angie run tmp etc/angie/http.d
|
|
chmod 1777 tmp run
|
|
# Ship the conf-dir bundled with angie (mime.types, fastcgi_params,
|
|
# scgi_params, uwsgi_params, koi-utf, koi-win, etc.) — chart configs
|
|
# `include fastcgi_params;` and similar resolve relative to /etc/angie.
|
|
cp ${angie}/conf/* etc/angie/
|
|
chmod -R u+w etc/angie
|
|
cp -f ${mainConf} etc/angie/angie.conf
|
|
'';
|
|
config = {
|
|
Entrypoint = [ "${angie}/bin/angie" ];
|
|
Cmd = [
|
|
"-c"
|
|
"/etc/angie/angie.conf"
|
|
"-g"
|
|
"daemon off;"
|
|
];
|
|
ExposedPorts = {
|
|
"80/tcp" = { };
|
|
};
|
|
WorkingDir = "/etc/angie";
|
|
};
|
|
};
|
|
in
|
|
{
|
|
packages.${system} = {
|
|
default = image;
|
|
};
|
|
# Plain string — read by CI via `nix eval --raw .#angieVersion`.
|
|
angieVersion = angie.version;
|
|
};
|
|
}
|