Make valkey local on ringtail (nix amd64) + bump to 8.1.7 #362

Merged

eblume merged 2 commits from valkey-nix into main

2026-05-28 14:51:10 -07:00

eblume commented

2026-05-28 14:39:35 -07:00

Owner

Summary

Weekly "make one non-local container local" pickup: immich-ringtail still pulled docker.io/valkey/valkey:8.1.6 because the existing containers/valkey/container.py build was arm64-only.

Adds containers/valkey/default.nix — nix-built amd64 valkey image, packaged by the ringtail nix-container-builder runner using pkgs.dockerTools.buildLayeredImage. Mirrors the existing containers/authentik-redis/default.nix pattern.
containers/valkey/container.py keeps building the Alpine arm64 image for paperless on indri. Bumped both builds to upstream valkey 8.1.7 (Alpine 3.22 now ships 8.1.7-r0; nixpkgs has 8.1.7).
Splits VERSION (upstream app) from ALPINE_PIN (apk pin) in container.py so both build files can declare the same upstream version and pass container-version-check.
Updates service-versions.yaml: current-version 8.1.7, refreshed last-reviewed, upstream-source now points at the canonical valkey-io releases page.
Switches kustomizations:
- immich-ringtail/kustomization.yaml: docker.io/valkey/valkey:8.1.6 → registry.ops.eblu.me/blumeops/valkey:v8.1.7-02859c5-nix, comment updated.
- paperless/kustomization.yaml: v8.1.6-r0-fabca04 → v8.1.7-02859c5.

Build

build-container run #563 — both jobs succeeded after a transient runner crash on the first dispatch (#562 build-nix), which surfaced two separate bugs that landed in a separate C0 on main:

runner-logs silently returned 0 with no output when the log file didn't exist on indri
ssh indri swallowing remote exit codes (fish login shell), which the wrapper now works around via a stdout marker

Test plan

argocd app set immich-ringtail --revision valkey-nix && argocd app sync immich-ringtail
argocd app set paperless --revision valkey-nix && argocd app sync paperless
Both valkey pods come Ready and start serving on :6379
Immich app + paperless can read/write their respective cache
After merge: rebuild from squashed main commit + update kustomization tags (squash-tag follow-up)

🤖 Generated with Claude Code

## Summary Weekly "make one non-local container local" pickup: immich-ringtail still pulled `docker.io/valkey/valkey:8.1.6` because the existing `containers/valkey/container.py` build was arm64-only. - Adds `containers/valkey/default.nix` — nix-built amd64 valkey image, packaged by the ringtail nix-container-builder runner using `pkgs.dockerTools.buildLayeredImage`. Mirrors the existing `containers/authentik-redis/default.nix` pattern. - `containers/valkey/container.py` keeps building the Alpine arm64 image for paperless on indri. Bumped both builds to upstream valkey 8.1.7 (Alpine 3.22 now ships `8.1.7-r0`; nixpkgs has 8.1.7). - Splits `VERSION` (upstream app) from `ALPINE_PIN` (apk pin) in `container.py` so both build files can declare the same upstream version and pass `container-version-check`. - Updates `service-versions.yaml`: current-version 8.1.7, refreshed last-reviewed, upstream-source now points at the canonical valkey-io releases page. - Switches kustomizations: - `immich-ringtail/kustomization.yaml`: `docker.io/valkey/valkey:8.1.6` → `registry.ops.eblu.me/blumeops/valkey:v8.1.7-02859c5-nix`, comment updated. - `paperless/kustomization.yaml`: `v8.1.6-r0-fabca04` → `v8.1.7-02859c5`. ## Build build-container run #563 — both jobs succeeded after a transient runner crash on the first dispatch (#562 build-nix), which surfaced two separate bugs that landed in a separate C0 on main: - `runner-logs` silently returned 0 with no output when the log file didn't exist on indri - `ssh indri` swallowing remote exit codes (fish login shell), which the wrapper now works around via a stdout marker ## Test plan - [ ] `argocd app set immich-ringtail --revision valkey-nix && argocd app sync immich-ringtail` - [ ] `argocd app set paperless --revision valkey-nix && argocd app sync paperless` - [ ] Both valkey pods come Ready and start serving on :6379 - [ ] Immich app + paperless can read/write their respective cache - [ ] After merge: rebuild from squashed main commit + update kustomization tags (squash-tag follow-up) 🤖 Generated with [Claude Code](https://claude.com/claude-code)

eblume added 2 commits

2026-05-28 14:39:36 -07:00

C1(valkey-nix): add nix-built amd64 variant for ringtail/immich 02859c55d1

`containers/valkey/container.py` builds Alpine 3.22 arm64 on the indri
k8s runner (used by paperless). Adding `containers/valkey/default.nix`
gives us an amd64 image built via nix on the ringtail
nix-container-builder, so immich-ringtail can stop pulling the upstream
`docker.io/valkey/valkey` multi-arch image.

Both builds track upstream valkey 8.1.x; bumping to 8.1.7 (Alpine 3.22
ships 8.1.7-r0, nixpkgs ships 8.1.7) — version-check now reports
`container.py=8.1.7, nix=8.1.7, service-versions=8.1.7`.

A follow-up commit on this branch will swap the immich-ringtail and
paperless kustomization tags once both builds succeed.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

C1(valkey-nix): point immich-ringtail and paperless at new valkey tags 607ea75e0a

- immich-ringtail: docker.io/valkey/valkey:8.1.6 →
  registry.ops.eblu.me/blumeops/valkey:v8.1.7-02859c5-nix
  (nix-built amd64 from containers/valkey/default.nix on ringtail's
  nix-container-builder).
- paperless: v8.1.6-r0-fabca04 → v8.1.7-02859c5 (Alpine arm64 from
  the updated container.py, valkey package bumped to 8.1.7-r0).

Both built by build-container workflow run #563.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>