From 337a0a211a4fa6e084d1db7bb4efdfcd9487d017 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Mon, 26 Jun 2023 20:31:57 -0300 Subject: [PATCH] gitlab: force a known good version for runners --- system/monolith-gitlab-runner.nix | 6 ++++-- system/rainbow-gitlab-runner.nix | 7 ++++--- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/system/monolith-gitlab-runner.nix b/system/monolith-gitlab-runner.nix index fa449b4..b0bc7fc 100644 --- a/system/monolith-gitlab-runner.nix +++ b/system/monolith-gitlab-runner.nix @@ -18,13 +18,15 @@ # runner for building in docker via host's nix-daemon # nix store will be readable in runner, might be insecure - nix = with lib;{ + nix = with lib; rec { # File should contain at least these two variables: # `CI_SERVER_URL` # `REGISTRATION_TOKEN` registrationConfigFile = config.age.secrets.gitlab-runner-thoreb-telemetria-registrationConfigFile.path; # 2 - dockerImage = "alpine"; + dockerImage = "alpine:3.18.2"; + dockerAllowedImages = [ dockerImage ]; dockerVolumes = [ + "/etc/nix/nix.conf:/etc/nix/nix.conf:ro" "/nix/store:/nix/store:ro" "/nix/var/nix/db:/nix/var/nix/db:ro" "/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro" diff --git a/system/rainbow-gitlab-runner.nix b/system/rainbow-gitlab-runner.nix index 20ea43b..e998bc5 100644 --- a/system/rainbow-gitlab-runner.nix +++ b/system/rainbow-gitlab-runner.nix @@ -18,13 +18,15 @@ # runner for building in docker via host's nix-daemon # nix store will be readable in runner, might be insecure - nix = with lib;{ + nix = with lib; rec { # File should contain at least these two variables: # `CI_SERVER_URL` # `REGISTRATION_TOKEN` registrationConfigFile = config.age.secrets.gitlab-runner-thoreb-telemetria-registrationConfigFile.path; # 2 - dockerImage = "alpine"; + dockerImage = "alpine:3.18.2"; + dockerAllowedImages = [ dockerImage ]; dockerVolumes = [ + "/etc/nix/nix.conf:/etc/nix/nix.conf:ro" "/nix/store:/nix/store:ro" "/nix/var/nix/db:/nix/var/nix/db:ro" "/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro" @@ -57,7 +59,6 @@ }; tagList = [ "nix" ]; }; - }; }; systemd.services.gitlab-runner.serviceConfig.Nice = 10;