mirror of
https://github.com/dump-dvb/nix-config.git
synced 2024-06-02 14:29:24 +02:00
link sops secrets through the volume
This commit is contained in:
parent
d3ee8a6525
commit
86ecdf2a4f
|
@ -42,8 +42,6 @@ pkgs.dockerTools.buildImage {
|
|||
c.Spawner.default_url='/lab'
|
||||
'';
|
||||
|
||||
copy-passwords = lib.concatStringsSep "\n" (builtins.map (u: "cp ${u.userPasswordFile} /pw/") jupyterUsers);
|
||||
|
||||
entrypoint = pkgs.writeScriptBin "entrypoint.sh" ''
|
||||
#!${cont-interpreter}
|
||||
set -ex
|
||||
|
@ -60,9 +58,6 @@ pkgs.dockerTools.buildImage {
|
|||
# create all the users
|
||||
${create-all-users-script}
|
||||
|
||||
# remove supplied passwords
|
||||
rm -r /pw
|
||||
|
||||
# install the python environ
|
||||
conda install -c conda-forge mamba
|
||||
|
||||
|
@ -82,10 +77,6 @@ pkgs.dockerTools.buildImage {
|
|||
# make temp store for pw hashes
|
||||
mkdir -p /pw
|
||||
|
||||
${copy-passwords}
|
||||
|
||||
# populate with temp pw's
|
||||
|
||||
cp ${jupyterhub-config} /jupyterhub-config.py
|
||||
cp ${entrypoint}/bin/entrypoint.sh /entrypoint.sh
|
||||
'';
|
||||
|
|
|
@ -9,7 +9,9 @@ let
|
|||
];
|
||||
in
|
||||
{
|
||||
sops.secrets.hashed-password-0xa = { };
|
||||
sops.secrets.hashed-password-0xa = {
|
||||
path = "/var/lib/pw/hashed-password-0xa";
|
||||
};
|
||||
|
||||
virtualisation.docker = {
|
||||
enable = true;
|
||||
|
@ -29,7 +31,7 @@ in
|
|||
volumes = [
|
||||
"/var/lib/jupyter-volume:/workdir"
|
||||
"/var/lib/root-home:/root"
|
||||
# "/var/lib/conda-persist:/opt/conda"
|
||||
"/var/lib/pw:/pw"
|
||||
];
|
||||
imageFile =
|
||||
let
|
||||
|
|
Loading…
Reference in New Issue
Block a user