rainbow: add gitlab runner

2025-09-09 18:15:48 -03:00 · 2025-09-09 18:15:48 -03:00 · 2fa47a81a7
commit 2fa47a81a7
parent 74de7c937f
5 changed files with 103 additions and 2 deletions
--- a/hosts/double-rainbow/default.nix
+++ b/hosts/double-rainbow/default.nix
@ -0,0 +1,73 @@
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+let
+  btrfs_options = [
+    "compress=zstd:3"
+    "noatime"
+    "x-systemd.device-timeout=0"
+  ];
+  btrfs_ssd = [
+    "ssd"
+    "discard=async"
+  ];
+in
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+    ./gitlab-runner.nix
+  ];
+
+  my.nix-ld.enable = true;
+
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "ahci"
+    "nvme"
+    "usb_storage"
+    "usbhid"
+    "sd_mod"
+  ];
+  boot.initrd.kernelModules = [ "i915" ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/a072a77b-ca29-47df-be65-6d310d067d78";
+    fsType = "btrfs";
+    options = [ "subvol=@" ] ++ btrfs_options ++ btrfs_ssd;
+  };
+
+  boot.initrd.luks.devices."luks-d6573cf8-25f0-4ffc-8046-ac3a4db1e964".device =
+    "/dev/disk/by-uuid/d6573cf8-25f0-4ffc-8046-ac3a4db1e964";
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/97EB-7DB5";
+    fsType = "vfat";
+  };
+
+  swapDevices = [ { device = "/swapfile"; } ];
+
+  services.udev.extraRules = ''
+    # Force all disks to use mq-deadline scheduler
+    # For some reason "noop" is used by default which is kinda bad when io is saturated
+    ACTION=="add|change", KERNEL=="sd[a-z]*[0-9]*|mmcblk[0-9]*p[0-9]*|nvme[0-9]*n[0-9]*p[0-9]*", ATTR{../queue/scheduler}="mq-deadline"
+  '';
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+
+  networking.hostName = "double-rainbow"; # Define your hostname.
+}
--- a/hosts/double-rainbow/gitlab-runner.nix
+++ b/hosts/double-rainbow/gitlab-runner.nix
@ -0,0 +1,36 @@
+{
+  config,
+  pkgs,
+  ...
+}:
+let
+  inherit (pkgs.callPackage ../../system/gitlab-runner.nix { }) mkNixRunnerFull;
+in
+{
+  boot.kernel.sysctl."net.ipv4.ip_forward" = true;
+  virtualisation.docker.enable = true;
+  services.gitlab-runner = {
+    enable = true;
+    settings.concurrent = 4;
+    services = {
+      wopus-gitlab-nix = mkNixRunnerFull {
+        authenticationTokenConfigFile = config.sops.secrets."gitlab-runners/wopus-gitlab-nix".path;
+        nixCacheSshPrivateKeyPath = config.sops.secrets."gitlab-runners/wopus-ssh-nix-cache-pk".path;
+        nixCacheSshPublicKeyPath = config.sops.secrets."gitlab-runners/wopus-ssh-nix-cache-pub".path;
+      };
+    };
+  };
+  systemd.services.gitlab-runner.serviceConfig.Nice = 10;
+
+  sops.secrets = {
+    "gitlab-runners/wopus-gitlab-nix" = {
+      sopsFile = ../../secrets/double-rainbow/default.yaml;
+    };
+    "gitlab-runners/wopus-ssh-nix-cache-pk" = {
+      sopsFile = ../../secrets/double-rainbow/default.yaml;
+    };
+    "gitlab-runners/wopus-ssh-nix-cache-pub" = {
+      sopsFile = ../../secrets/double-rainbow/default.yaml;
+    };
+  };
+}