lelgenio/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests Projects 2 Releases Packages Wiki Activity Actions

stonehenge: add as gitlab runner

Browse source
This commit is contained in:
Leonardo Eugênio 2026-01-01 18:45:58 -03:00
parent bed85ce309
commit c36c1f618b
4 changed files with 91 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
hosts/stonehenge/default.nix
View file

@ -8,6 +8,7 @@
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./gitlab-runner.nix
];
# Bootloader.
@ -92,6 +93,8 @@
];
};
security.sudo.wheelNeedsPassword = false;
# Install firefox.
programs.firefox.enable = true;

36
hosts/stonehenge/gitlab-runner.nix Normal file
View file

@ -0,0 +1,36 @@
{
config,
pkgs,
...
}:
let
inherit (pkgs.callPackage ../../system/gitlab-runner.nix { }) mkNixRunnerFull;
in
{
boot.kernel.sysctl."net.ipv4.ip_forward" = true;
virtualisation.docker.enable = true;
services.gitlab-runner = {
enable = true;
settings.concurrent = 4;
services = {
wopus-gitlab-nix = mkNixRunnerFull {
authenticationTokenConfigFile = config.sops.secrets."gitlab-runners/wopus-gitlab-nix".path;
# nixCacheSshPrivateKeyPath = config.sops.secrets."gitlab-runners/wopus-ssh-nix-cache-pk".path;
# nixCacheSshPublicKeyPath = config.sops.secrets."gitlab-runners/wopus-ssh-nix-cache-pub".path;
};
};
};
systemd.services.gitlab-runner.serviceConfig.Nice = 10;
sops.secrets = {
"gitlab-runners/wopus-gitlab-nix" = {
sopsFile = ../../secrets/stonehenge/default.yaml;
};
"gitlab-runners/wopus-ssh-nix-cache-pk" = {
sopsFile = ../../secrets/stonehenge/default.yaml;
};
"gitlab-runners/wopus-ssh-nix-cache-pub" = {
sopsFile = ../../secrets/stonehenge/default.yaml;
};
};
}