lelgenio/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests Projects 2 Releases Packages Wiki Activity Actions

monolith: fix gitlab-runner config to not override PATH

Browse source
This commit is contained in:
Leonardo Eugênio 2025-05-28 20:56:59 -03:00
parent 93c88db929
commit 53a3cb0a0e
No known key found for this signature in database
GPG key ID: 2F8F21CE8721456B
1 changed files with 51 additions and 49 deletions
Download patch file Download diff file Expand all files Collapse all files

100
system/gitlab-runner.nix
View file

@ -1,53 +1,55 @@
{ pkgs, lib, ... }: { pkgs, lib, ... }:
let
installNixScript = pkgs.writeScriptBin "install-nix" ''
mkdir -p -m 0755 /nix/var/log/nix/drvs
mkdir -p -m 0755 /nix/var/nix/gcroots
mkdir -p -m 0755 /nix/var/nix/profiles
mkdir -p -m 0755 /nix/var/nix/temproots
mkdir -p -m 0755 /nix/var/nix/userpool
mkdir -p -m 1777 /nix/var/nix/gcroots/per-user
mkdir -p -m 1777 /nix/var/nix/profiles/per-user
mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root
mkdir -p -m 0700 "$HOME/.nix-defexpr"
. ${pkgs.nix}/etc/profile.d/nix.sh
${pkgs.nix}/bin/nix-env -i ${
lib.concatStringsSep " " (
with pkgs;
[
nix
cacert
git
openssh
docker
]
)
}
'';
in
{ {
mkNixRunner = mkNixRunner = authenticationTokenConfigFile: {
authenticationTokenConfigFile: with lib; { # File should contain at least these two variables:
# File should contain at least these two variables: # `CI_SERVER_URL`
# `CI_SERVER_URL` # `REGISTRATION_TOKEN`
# `REGISTRATION_TOKEN` inherit authenticationTokenConfigFile; # 2
inherit authenticationTokenConfigFile; # 2 dockerImage = "alpine:3.18.2";
dockerImage = "alpine:3.18.2"; dockerVolumes = [
dockerVolumes = [ "/etc/nix/nix.conf:/etc/nix/nix.conf:ro"
"/etc/nix/nix.conf:/etc/nix/nix.conf:ro" "/nix/store:/nix/store:ro"
"/nix/store:/nix/store:ro" "/nix/var/nix/db:/nix/var/nix/db:ro"
"/nix/var/nix/db:/nix/var/nix/db:ro" "/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro"
"/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro" "/tmp:/tmp"
"/var/run/docker.sock:/var/run/docker.sock" "/var/run/docker.sock:/var/run/docker.sock"
"/cache" "/var/lib/docker/containers:/var/lib/docker/containers"
]; "/cache"
dockerDisableCache = true; ];
preBuildScript = pkgs.writeScript "setup-container" '' preBuildScript = "\". ${lib.getExe installNixScript}\"";
mkdir -p -m 0755 /nix/var/log/nix/drvs environmentVariables = {
mkdir -p -m 0755 /nix/var/nix/gcroots ENV = "/etc/profile";
mkdir -p -m 0755 /nix/var/nix/profiles USER = "root";
mkdir -p -m 0755 /nix/var/nix/temproots NIX_REMOTE = "daemon";
mkdir -p -m 0755 /nix/var/nix/userpool NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt";
mkdir -p -m 1777 /nix/var/nix/gcroots/per-user
mkdir -p -m 1777 /nix/var/nix/profiles/per-user
mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root
mkdir -p -m 0700 "$HOME/.nix-defexpr"
. ${pkgs.nix}/etc/profile.d/nix.sh
${pkgs.nix}/bin/nix-env -i ${
concatStringsSep " " (
with pkgs;
[
nix
cacert
git
openssh
docker
]
)
}
'';
environmentVariables = {
ENV = "/etc/profile";
USER = "root";
NIX_REMOTE = "daemon";
PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin";
NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt";
};
}; };
};
} }