first commit

.gitignore

@@ -0,0 +1 @@
+kubtoken

cluster-admin.kubeconfig

@@ -0,0 +1 @@
+{"apiVersion":"v1","clusters":[{"cluster":{"certificate-authority":"/var/lib/kubernetes/secrets/ca.pem","server":"https://10.243.29.174:8443"},"name":"local"}],"contexts":[{"context":{"cluster":"local","user":"cluster-admin"},"current-context":"local"}],"kind":"Config","users":[{"name":"cluster-admin","user":{"client-certificate":"/var/lib/kubernetes/secrets/cluster-admin.pem","client-key":"/var/lib/kubernetes/secrets/cluster-admin-key.pem"}}]}

default-policy.json

@@ -0,0 +1,8 @@
+{
+    "default": [{ "type": "insecureAcceptAnything" }],
+    "transports": {
+        "docker-daemon": {
+            "": [{ "type": "insecureAcceptAnything" }]
+        }
+    }
+}

default.nix

@@ -0,0 +1,18 @@
+{ kubenix, registry ? "docker.io/mic92" }:
+
+rec {
+  # evaluated configuration
+  inherit (kubenix.evalModules {
+    modules = [
+      ./module.nix
+      { docker.registry.url = registry; }
+    ];
+  }) config;
+
+  # generated: kubernetes List object
+  # result: JSON file you can deploy to kubernetes
+  inherit (config.kubernetes) generated result;
+  # export: Exported docker images
+  # copyScript: script to push docker images to registry
+  inherit (config.docker) export copyScript;
+}

flake.lock

@@ -0,0 +1,93 @@
+{
+  "nodes": {
+    "flake-utils": {
+      "locked": {
+        "lastModified": 1610051610,
+        "narHash": "sha256-U9rPz/usA1/Aohhk7Cmc2gBrEEKRzcW4nwPWMPwja4Y=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "3982c9903e93927c2164caa727cd3f6a0e6d14cc",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils_2": {
+      "locked": {
+        "lastModified": 1605370193,
+        "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "5021eac20303a61fafe17224c087f5519baed54d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "kubenix": {
+      "inputs": {
+        "flake-utils": "flake-utils_2",
+        "nixpkgs": "nixpkgs"
+      },
+      "locked": {
+        "lastModified": 1609236987,
+        "narHash": "sha256-XluRu59pnTxLgTmKSIsb60quYF2n06H0Q+0iHdD7dUg=",
+        "owner": "Mic92",
+        "repo": "kubenix",
+        "rev": "cba0fd941094e79c8a10a529cc6e2a1514886a48",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Mic92",
+        "ref": "flake",
+        "repo": "kubenix",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1609233094,
+        "narHash": "sha256-Ltzng3h4LDNjYAvmoX0kQ3023TvdupwuMvm1D7hZkyY=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "2b556ea6712cd4fa76a433093df0cb375a267e3d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1610091690,
+        "narHash": "sha256-roNY/PYNMzqCnyusT0AQwCWvKDXahZxxf/m7A03VNOM=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "4786388803d0a44c53749163550857eab26a92cd",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "kubenix": "kubenix",
+        "nixpkgs": "nixpkgs_2"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

flake.nix

@@ -0,0 +1,27 @@
+{
+  description = "Kubernetes resource builder using nix";
+
+  # $ kubectl apply -f <(nix eval --json .#mumble-web.generated)
+  # $ kubectl destroy -f <(nix eval --json .#mumble-web.generated)
+  # $ nix run .#mumble-web.copyScript
+
+  inputs.flake-utils.url = "github:numtide/flake-utils";
+  inputs.nixpkgs.url = "github:NixOS/nixpkgs";
+  inputs.kubenix.url = "github:Mic92/kubenix/flake";
+
+  outputs = { self
+            , nixpkgs
+            , flake-utils
+            , kubenix
+            }:
+    flake-utils.lib.eachDefaultSystem (system:
+      let
+        pkgs = nixpkgs.legacyPackages.${system};
+      in rec {
+        packages.mumble-web = pkgs.callPackage ./default.nix {
+          kubenix = kubenix.defaultPackage.${system};
+        };
+        defaultPackage = packages.mumble-web;
+        devShell = pkgs.callPackage ./shell.nix {};
+      });
+}

image.nix

@@ -0,0 +1,18 @@
+{ dockerTools, nginx }:
+
+dockerTools.buildLayeredImage {
+  name = "nginx";
+  contents = [ nginx ];
+  extraCommands = ''
+    mkdir -p etc
+    chmod u+w etc
+    echo "nginx:x:1000:1000::/:" > etc/passwd
+    echo "nginx:x:1000:nginx" > etc/group
+  '';
+  config = {
+    Cmd = ["nginx" "-c" "/etc/nginx/nginx.conf"];
+    ExposedPorts = {
+      "8383/tcp" = {};
+    };
+  };
+}

module.nix

@@ -0,0 +1,68 @@
+{ config, lib, pkgs, kubenix, ... }:
+
+with lib;
+
+let
+  nginx = pkgs.callPackage ./image.nix { };
+in {
+  imports = with kubenix.modules; [ k8s docker ];
+
+  docker.images.nginx.image = nginx;
+
+  kubernetes.resources.deployments.nginx = {
+    spec = {
+      replicas = 10;
+      selector.matchLabels.app = "nginx";
+      template = {
+        metadata.labels.app = "nginx";
+        spec = {
+          securityContext.fsGroup = 1000;
+          containers.nginx = {
+            image = config.docker.images.nginx.path;
+            imagePullPolicy = "IfNotPresent";
+            volumeMounts."/etc/nginx".name = "config";
+            volumeMounts."/var/lib/html".name = "static";
+            volumeMounts."/var/log/nginx".name = "logs";
+            volumeMounts."/var/log/cache".name = "cache";
+          };
+          volumes.config.configMap.name = "nginx-config";
+          volumes.static.configMap.name = "nginx-static";
+          volumes.logs.configMap.name = "nginx-logs";
+          volumes.cache.configMap.name = "nginx-cache";
+        };
+      };
+    };
+  };
+
+  kubernetes.resources.configMaps.nginx-config.data."nginx.conf" = ''
+    user nginx nginx;
+    daemon off;
+    error_log /dev/stdout info;
+    pid /dev/null;
+    events {}
+    http {
+      access_log /dev/stdout;
+      server {
+        listen 8383;
+        index index.html;
+        location / {
+          root /var/lib/html;
+        }
+      }
+    }
+  '';
+
+  kubernetes.resources.configMaps.nginx-static.data."index.html" = ''
+    <html><body><h1>Hello from NGINX</h1></body></html>
+  '';
+
+  kubernetes.resources.services.nginx = {
+    spec = {
+      ports = [{
+        name = "http";
+        port = 8383;
+      }];
+      selector.app = "nginx";
+    };
+  };
+}

shell.nix

@@ -0,0 +1,11 @@
+{ pkgs ? import <nixpkgs> {} }:
+
+pkgs.mkShell {
+  nativeBuildInputs = [
+    pkgs.bashInteractive
+    pkgs.kubectl
+  ];
+  shellHook = ''
+    export KUBECONFIG=$PWD/cluster-admin.kubeconfig
+  '';
+}