diff --git a/flake.nix b/flake.nix index 54c9a44..e7f5813 100644 --- a/flake.nix +++ b/flake.nix @@ -154,7 +154,10 @@ }; double-rainbow = lib.nixosSystem { inherit system specialArgs; - modules = [ ./hosts/double-rainbow.nix ] ++ common_modules; + modules = [ + ./hosts/double-rainbow.nix + ./system/rainbow-gitlab-runner.nix + ] ++ common_modules; }; pixie = lib.nixosSystem { inherit system specialArgs; diff --git a/secrets/rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.age b/secrets/rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.age new file mode 100644 index 0000000..03118e3 --- /dev/null +++ b/secrets/rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.age @@ -0,0 +1,13 @@ +age-encryption.org/v1 +-> ssh-rsa BwwxHg +KCVF4Sy49stOeQs2uunYKkvadqeimmWlJ4ucEJxfXy2z+OkkZpixUnWgJEH2nCa4 +NL/F0Wezbqvh+Texl4FlHN8PT2w/d5gdg/L+fI4jBYCvbbiHA4sdUgmXWigY8zrU +5H7Y9mgb1Y174fA6zfTCk2fHmk+KARoV27YrS2fzGoVQiPhnvv8ZT51eF1E+Zs4I ++YtXehxEOqYljJKYJJnF9ElzfNa8nypACGtcjTE8eEq0DlZu2U7qV+QWwQudHbcs +MbFR2VtkHWQaNdK1vVBGND1CMlfshSCqbUzGcexownMiCVSal1RKA2uAWnYdOEc/ +QSR8cKn8QQ5dyPFCqZ8RnlCMUegCVLg5cC0/rlTUD0C/Ti2SRBYTH3HvJjmSNk8k +3LdcNwK4YtG4d1gkqLVjwCM1Yg8I/UICb5nQYclvBz5VQ2drvL/gU/+Vc7Z5KUFI +0G/7uNmeJ16Eky+X9c73ZZxVqm0TzDENE2GzkPhBHEfXBR+4j6m8KKEWxQmA2ZSg + +--- Oq9wU0h90iU/8g1XTNI+LuAg7t09hngj9DCK91V1+pg +χvP}N,Wl ?y0)eVwAiŐSm>DQC-B0V|=X6 W>~-qI% \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 5582393..7b5fdd8 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -2,6 +2,9 @@ let main_ssh_public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxR/w+38b2lX90yNBqhq3mUmkn1WGu6GAPhN1tVp2ZjYRJNV/+5gWCnTtOWYtDx35HmK/spQ2Qy8X9ttkzORa24fysNx1Iqn/TiXhD7eIJjbGPnrOpIKTkW5/uB3SD/P5NBSa06//BaqJU4sBlG79hoXRpod052hQtdpTVDiMCIV+iboWPKqopmJJfWdBtVnHXs9rep0htPRExxGslImFk7Z6xjcaHyCpIQZPlOGf+sGsmUU7jRqzvZFV8ucIdbnAlMHrU4pepNFhuraESyZVTa/bi9sw0iozXp5Q5+5thMebEslmT1Z771kI4sieDy+O4r8c0Sx2/VY1UAzcpq1faggc3YB01MTh+tiEC6xdMvZLrQGL1NBWjHleMyL53GU5ERluC0vXJF3Hv3BGGBDfXWbrEm5n06DHr2apRVJGC0LwiQ7Woud1X4V4X1pKSusxCVMjT2lmcOwV6YhKhB2sowJc1OdMx4+tL0UWE+YKSZgBHfolwk6ml0F4EO9nnUHc= lelgenio@i15"; in { + "rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.age".publicKeys = [ + main_ssh_public_key + ]; "monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.age".publicKeys = [ main_ssh_public_key ]; diff --git a/system/rainbow-gitlab-runner.nix b/system/rainbow-gitlab-runner.nix new file mode 100644 index 0000000..3230c8b --- /dev/null +++ b/system/rainbow-gitlab-runner.nix @@ -0,0 +1,22 @@ +{ + config, + pkgs, + lib, + ... +}: +let + inherit (pkgs.callPackage ./gitlab-runner.nix { }) mkNixRunner; +in +{ + boot.kernel.sysctl."net.ipv4.ip_forward" = true; + virtualisation.docker.enable = true; + services.gitlab-runner = { + enable = true; + settings.concurrent = 1; + services = { + thoreb-telemetria-nix = mkNixRunner config.age.secrets.gitlab-runner-thoreb-telemetria-registrationConfigFile.path; + thoreb-itinerario-nix = mkNixRunner config.age.secrets.rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.path; + }; + }; + systemd.services.gitlab-runner.serviceConfig.Nice = 10; +} diff --git a/system/secrets.nix b/system/secrets.nix index fdf14e8..ca11fb4 100644 --- a/system/secrets.nix +++ b/system/secrets.nix @@ -6,6 +6,7 @@ secrets.monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.file = ../secrets/monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.age; secrets.gitlab-runner-thoreb-telemetria-registrationConfigFile.file = ../secrets/gitlab-runner-thoreb-telemetria-registrationConfigFile.age; secrets.monolith-forgejo-runner-token.file = ../secrets/monolith-forgejo-runner-token.age; + secrets.rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.file = ../secrets/rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.age; secrets.monolith-nix-serve-privkey.file = ../secrets/monolith-nix-serve-privkey.age; secrets.phantom-forgejo-mailer-password.file = ../secrets/phantom-forgejo-mailer-password.age; };