lelgenio/nixos-config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Add nix gitlab runner

Browse source
This commit is contained in:
Leonardo Eugênio 2023-02-24 12:37:35 -03:00
parent e81357e233
commit ab8b3d4a87
4 changed files with 61 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
secrets/gitlab-runner-thoreb-telemetria-registrationConfigFile.age Normal file
View file

@ -0,0 +1,16 @@
age-encryption.org/v1
-> ssh-rsa BwwxHg
KuJIQzvERsM1zAF4iikbaIMsi4e/vnyx1yq6h9Mzxf6FnXyFRcUgLPVe05krQhJX
0wjv18bI0jxRb8742Ww9i2nU5Tlrok9ol458iye5CPl63fAlVih4/Rkl3IkUIiIz
q/VayGVaIHmpRD2xiEa4L+NXS9N69vVXoubX0oZrB0nPdYJ83gFU9u+CBqqG2EWr
PBjyIvT5i5MDBnPZGOudadIoyeWGfjXEPsQWhQhL9ssi5QOzLXBnTDlxT53bNvHX
2yOFprLDZ+ZONedkxy8OXZpPDYNcgPAIHiqx1E87ftqPIucdeU49AqlPh46wrPC3
79E2hgSoPvn4poTlJtAD0tIADRGkcEV6wLCylN2lTOUJenUfhLNQ7ok4ITx8MOv3
IkbWiD9yTMExVBlhc+us+XfBHM8mlWs/zu+18YTy21RM03gzY6lHVZCQPxay2Rof
A505SeZ4Tyhoy0+oLaYv9b+7DJdlhUo/XMaKSibtgJ/2MCtRqmV5ZsnuUIWn1Qsc
-> Vg-grease `tLg-(2z
4EPuRnZmXpoB32r/0GCtskU3HU3h5ic
--- QmKr+zAXnMpWBBBqNm2u954fOu2Zt8Y/kPPdq4UHgZc
¤ì{çu|õæ u´Ó€]OmXÝP3µÆ²•4_±½Â_
q4<EFBFBD>Ð6mþm©<pLH+d.hîC<RDµq<1F>Oø}öô3ÁZ¤KJ¤DÉàj]ÈýÒ¯Ù ìá‚ØûCROË¥F;>‡

1
secrets/secrets.nix
View file

@ -4,6 +4,7 @@ in
{
"rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.age".publicKeys = [ main_ssh_public_key ];
"monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.age".publicKeys = [ main_ssh_public_key ];
"gitlab-runner-thoreb-telemetria-registrationConfigFile.age".publicKeys = [ main_ssh_public_key ];
"lelgenio-cachix.age".publicKeys = [ main_ssh_public_key ];
"monolith-nix-serve-privkey.age".publicKeys = [ main_ssh_public_key ];
}

42
system/monolith-gitlab-runner.nix
View file

@ -15,6 +15,48 @@
dockerImage = "debian";
dockerPrivileged = true;
};
# runner for building in docker via host's nix-daemon
# nix store will be readable in runner, might be insecure
nix = with lib;{
# File should contain at least these two variables:
# `CI_SERVER_URL`
# `REGISTRATION_TOKEN`
registrationConfigFile = config.age.secrets.gitlab-runner-thoreb-telemetria-registrationConfigFile.path; # 2
dockerImage = "alpine";
dockerVolumes = [
"/nix/store:/nix/store:ro"
"/nix/var/nix/db:/nix/var/nix/db:ro"
"/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro"
];
dockerDisableCache = true;
preBuildScript = pkgs.writeScript "setup-container" ''
mkdir -p -m 0755 /nix/var/log/nix/drvs
mkdir -p -m 0755 /nix/var/nix/gcroots
mkdir -p -m 0755 /nix/var/nix/profiles
mkdir -p -m 0755 /nix/var/nix/temproots
mkdir -p -m 0755 /nix/var/nix/userpool
mkdir -p -m 1777 /nix/var/nix/gcroots/per-user
mkdir -p -m 1777 /nix/var/nix/profiles/per-user
mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root
mkdir -p -m 0700 "$HOME/.nix-defexpr"
. ${pkgs.nix}/etc/profile.d/nix-daemon.sh
${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixos-20.09 nixpkgs # 3
${pkgs.nix}/bin/nix-channel --update nixpkgs
${pkgs.nix}/bin/nix-env -i ${concatStringsSep " " (with pkgs; [ nix cacert git openssh ])}
'';
environmentVariables = {
ENV = "/etc/profile";
USER = "root";
NIX_REMOTE = "daemon";
PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin";
NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt";
};
tagList = [ "nix" ];
};
};
};
systemd.services.gitlab-runner.serviceConfig.Nice = 10;

2
system/secrets.nix
View file

@ -4,6 +4,8 @@
secrets.lelgenio-cachix.file = ../secrets/lelgenio-cachix.age;
secrets.monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.file =
../secrets/monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.age;
secrets.gitlab-runner-thoreb-telemetria-registrationConfigFile.file =
../secrets/gitlab-runner-thoreb-telemetria-registrationConfigFile.age;
secrets.rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.file =
../secrets/rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.age;
secrets.monolith-nix-serve-privkey.file =