diff options
Diffstat (limited to 'programs')
| -rw-r--r-- | programs/colima.nix | 53 | ||||
| -rw-r--r-- | programs/docker.nix | 77 |
2 files changed, 130 insertions, 0 deletions
diff --git a/programs/colima.nix b/programs/colima.nix new file mode 100644 index 0000000..44c86f9 --- /dev/null +++ b/programs/colima.nix @@ -0,0 +1,53 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.programs.colima; + yamlFormat = pkgs.formats.yaml { }; + settingsType = lib.types.submodule { + freeformType = yamlFormat.type; + }; +in +{ + options.programs.colima = { + enable = lib.mkEnableOption "Container runtimes on macOS"; + + package = lib.mkOption { + type = lib.types.package; + default = pkgs.colima; + defaultText = lib.literalExpression "pkgs.colima"; + description = "Package providing {command}`colima`."; + }; + + settings = lib.mkOption { + type = settingsType; + default = { }; + description = + "Configuration written to {file}`$XDG_CONFIG_HOME/.colima/default/colima.yaml`."; + example = lib.literalExpression '' + { + cpu = 2; + disk = 60; + memory = 2; + }; + ''; + }; + }; + + config = + let + colimaConfig = pkgs.writeTextFile { + name = "colima.yaml"; + text = (lib.generators.toYAML { } cfg.settings); + }; + in + lib.mkIf cfg.enable { + home.packages = [ cfg.package ]; + + # because Colima writes to this file on startup + home.activation.colimaConfig = lib.hm.dag.entryAfter [ "writeBoundary" ] '' + mkdir -p ~/.colima/default + cp -f "${colimaConfig}" ~/.colima/default/colima.yaml + chmod 644 ~/.colima/default/colima.yaml + ''; + }; +} diff --git a/programs/docker.nix b/programs/docker.nix new file mode 100644 index 0000000..62bdc77 --- /dev/null +++ b/programs/docker.nix @@ -0,0 +1,77 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.programs.docker; + jsonFormat = pkgs.formats.json { }; + settingsType = lib.types.submodule { + freeformType = jsonFormat.type; + }; +in +{ + options.programs.docker = { + enable = lib.mkEnableOption "Container runtime client"; + + package = lib.mkOption { + type = lib.types.package; + default = pkgs.docker-client; + defaultText = lib.literalExpression "pkgs.docker-client"; + description = "Package providing {command}`docker`."; + }; + + settings = lib.mkOption { + type = settingsType; + default = { }; + description = '' + This is written to {file}`$XDG_CONFIG_HOME/.docker/config.json`. + + For security reasons, never store cleartext passwords here. Instead use + `credHelpersWrap` option to retrieve credentials from your favorite + password manager at runtime. + ''; + example = lib.literalExpression '' + { + currentContext = "colima"; + }; + ''; + }; + + # why not use the pass credstore directly? you do you, I don't want docker + # messing with my bigbrain password-store layout + credHelpersWrap = lib.mkOption { + type = lib.types.attrsOf lib.types.str; + default = { }; + description = '' + A mapping of registry URLs to commands to use as credential helpers. + ''; + example = lib.literalExpression '' + { "docker.io": "$${pkgs.pass}/bin/pass show docker.io"; }; + ''; + }; + }; + + config = + let + genWrapperId = name: builtins.hashString "sha1" name; + genWrapperName = name: + "docker-credential-" + (genWrapperId name); + + wrappers = lib.mapAttrsToList + (registry: wrapper: + pkgs.writeShellScriptBin (genWrapperName registry) wrapper + ) + cfg.credHelpersWrap; + + finalSettings = lib.recursiveUpdate cfg.settings { + credHelpers = lib.mapAttrs + (registry: _: genWrapperId registry) + cfg.credHelpersWrap; + }; + + in + lib.mkIf cfg.enable + { + home.packages = [ cfg.package ] ++ wrappers; + home.file.".docker/config.json".source = + jsonFormat.generate "config.json" finalSettings; + }; +} |