Erich Blume
ecded30073
## Summary Weekly "make one non-local container local" pickup: immich-ringtail still pulled `docker.io/valkey/valkey:8.1.6` because the existing `containers/valkey/container.py` build was arm64-only. - Adds `containers/valkey/default.nix` — nix-built amd64 valkey image, packaged by the ringtail nix-container-builder runner using `pkgs.dockerTools.buildLayeredImage`. Mirrors the existing `containers/authentik-redis/default.nix` pattern. - `containers/valkey/container.py` keeps building the Alpine arm64 image for paperless on indri. Bumped both builds to upstream valkey 8.1.7 (Alpine 3.22 now ships `8.1.7-r0`; nixpkgs has 8.1.7). - Splits `VERSION` (upstream app) from `ALPINE_PIN` (apk pin) in `container.py` so both build files can declare the same upstream version and pass `container-version-check`. - Updates `service-versions.yaml`: current-version 8.1.7, refreshed last-reviewed, upstream-source now points at the canonical valkey-io releases page. - Switches kustomizations: - `immich-ringtail/kustomization.yaml`: `docker.io/valkey/valkey:8.1.6` → `registry.ops.eblu.me/blumeops/valkey:v8.1.7-02859c5-nix`, comment updated. - `paperless/kustomization.yaml`: `v8.1.6-r0-fabca04` → `v8.1.7-02859c5`. ## Build build-container run #563 — both jobs succeeded after a transient runner crash on the first dispatch (#562 build-nix), which surfaced two separate bugs that landed in a separate C0 on main: - `runner-logs` silently returned 0 with no output when the log file didn't exist on indri - `ssh indri` swallowing remote exit codes (fish login shell), which the wrapper now works around via a stdout marker ## Test plan - [ ] `argocd app set immich-ringtail --revision valkey-nix && argocd app sync immich-ringtail` - [ ] `argocd app set paperless --revision valkey-nix && argocd app sync paperless` - [ ] Both valkey pods come Ready and start serving on :6379 - [ ] Immich app + paperless can read/write their respective cache - [ ] After merge: rebuild from squashed main commit + update kustomization tags (squash-tag follow-up) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: #362
30 lines
854 B
Nix
30 lines
854 B
Nix
# Nix-built Valkey for ringtail (amd64)
|
|
# Companion to container.py (Alpine 3.22, arm64 on indri).
|
|
# Used by immich-ringtail which needs an amd64 image; paperless on indri
|
|
# continues to use the Alpine container.py build.
|
|
#
|
|
# The version assertion ensures nix-build fails if a flake.lock update
|
|
# changes the Valkey version — forcing an explicit version acknowledgment
|
|
# here and in service-versions.yaml (enforced by container-version-check).
|
|
{ pkgs ? import <nixpkgs> { } }:
|
|
|
|
let
|
|
version = "8.1.7";
|
|
in
|
|
|
|
assert pkgs.valkey.version == version;
|
|
|
|
pkgs.dockerTools.buildLayeredImage {
|
|
name = "blumeops/valkey";
|
|
contents = [
|
|
pkgs.valkey
|
|
];
|
|
|
|
config = {
|
|
Entrypoint = [ "${pkgs.valkey}/bin/valkey-server" ];
|
|
Cmd = [ "--bind" "0.0.0.0" "--protected-mode" "no" "--dir" "/data" ];
|
|
ExposedPorts = {
|
|
"6379/tcp" = { };
|
|
};
|
|
};
|
|
}
|