lelgenio/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests Projects 2 Releases Packages Wiki Activity Actions
nixos-config/system/monolith-gitlab-runner.nix

60 lines
2 KiB
Nix
Raw Blame History

{
config,
pkgs,
inputs,
...
}:
let
inherit (pkgs.callPackage ./gitlab-runner.nix { inherit inputs; }) mkNixRunner mkNixRunnerFull;
in
{
boot.kernel.sysctl."net.ipv4.ip_forward" = true;
virtualisation.docker.enable = true;
services.gitlab-runner = {
enable = true;
settings.concurrent = 8;
services = {
# runner for building in docker via host's nix-daemon
# nix store will be readable in runner, might be insecure
thoreb-telemetria-nix = mkNixRunner config.sops.secrets."gitlab-runners/thoreb-telemetria-nix".path;
thoreb-itinerario-nix = mkNixRunner config.sops.secrets."gitlab-runners/thoreb-itinerario-nix".path;
wopus-gitlab-nix = mkNixRunnerFull {
authenticationTokenConfigFile = config.sops.secrets."gitlab-runners/wopus-gitlab-nix".path;
nixCacheSshPrivateKeyPath = config.sops.secrets."gitlab-runners/wopus-ssh-nix-cache-pk".path;
nixCacheSshPublicKeyPath = config.sops.secrets."gitlab-runners/wopus-ssh-nix-cache-pub".path;
};
default = {
# File should contain at least these two variables:
# `CI_SERVER_URL`
# `CI_SERVER_TOKEN`
authenticationTokenConfigFile = config.sops.secrets."gitlab-runners/docker-images-token".path;
dockerImage = "debian:stable";
dockerPullPolicy = "if-not-present";
};
};
};
systemd.services.gitlab-runner.serviceConfig.Nice = 10;
sops.secrets = {
"gitlab-runners/thoreb-telemetria-nix" = {
sopsFile = ../secrets/monolith/default.yaml;
};
"gitlab-runners/thoreb-itinerario-nix" = {
sopsFile = ../secrets/monolith/default.yaml;
};
"gitlab-runners/docker-images-token" = {
sopsFile = ../secrets/monolith/default.yaml;
};
"gitlab-runners/wopus-gitlab-nix" = {
sopsFile = ../secrets/monolith/default.yaml;
};
"gitlab-runners/wopus-ssh-nix-cache-pk" = {
sopsFile = ../secrets/monolith/default.yaml;
};
"gitlab-runners/wopus-ssh-nix-cache-pub" = {
sopsFile = ../secrets/monolith/default.yaml;
};
};
}
Reference in a new issue View git blame Copy permalink