monolith: add declarative bitbucket runners

2025-03-07 18:33:59 -03:00 · 2025-03-07 18:33:59 -03:00 · 21d747cb71
commit 21d747cb71
parent b52a886806
3 changed files with 58 additions and 2 deletions
--- a/system/monolith-bitbucket-runner.nix
+++ b/system/monolith-bitbucket-runner.nix
@ -0,0 +1,50 @@
+{
+  config,
+  pkgs,
+  ...
+}:
+
+let
+  mkRunner = secret: {
+    image = "docker-public.packages.atlassian.com/sox/atlassian/bitbucket-pipelines-runner:latest";
+    volumes = [
+      "/tmp:/tmp"
+      "/var/run/docker.sock:/var/run/docker.sock"
+      "/var/lib/docker/containers:/var/lib/docker/containers:ro"
+    ];
+    environmentFiles = [ secret ];
+  };
+
+  secretConf = {
+    sopsFile = ../secrets/monolith/default.yaml;
+  };
+in
+{
+  virtualisation.docker = {
+    enable = true;
+    daemon.settings = {
+      # needed by bitbucket runner ???
+      log-driver = "json-file";
+      log-opts = {
+        max-size = "10m";
+        max-file = "3";
+      };
+    };
+  };
+
+  virtualisation.oci-containers.backend = "docker";
+
+  virtualisation.oci-containers.containers = {
+    bitbucket-runner-1 = mkRunner config.sops.secrets."bitbucket-runners/wopus-runner-1".path;
+    bitbucket-runner-2 = mkRunner config.sops.secrets."bitbucket-runners/wopus-runner-2".path;
+    bitbucket-runner-3 = mkRunner config.sops.secrets."bitbucket-runners/wopus-runner-3".path;
+    bitbucket-runner-4 = mkRunner config.sops.secrets."bitbucket-runners/wopus-runner-4".path;
+  };
+
+  sops.secrets = {
+    "bitbucket-runners/wopus-runner-1" = secretConf;
+    "bitbucket-runners/wopus-runner-2" = secretConf;
+    "bitbucket-runners/wopus-runner-3" = secretConf;
+    "bitbucket-runners/wopus-runner-4" = secretConf;
+  };
+}