nixos/machine/mrpump: Gitlab CI

2 files changed, 109 insertions, 13 deletions

diff --git a/nixos/machine/default.nix b/nixos/machine/default.nix
index 2efe2da..801d0a4 100644
--- a/nixos/machine/default.nix
+++ b/nixos/machine/default.nix
@@ -1,4 +1,4 @@
-{
+self: {
   machine-albert = import ./albert.nix;
   machine-binky = import ./binky.nix;
   machine-dean = import ./dean.nix;
@@ -7,7 +7,7 @@
   machine-susan = import ./susan.nix;
 
   machine-lipwig = import ./lipwig.nix;
-  machine-mrpump = import ./mrpump.nix;
+  machine-mrpump = import ./mrpump.nix self;
 
   machine-gaspode = import ./gaspode.nix;
 
diff --git a/nixos/machine/mrpump.nix b/nixos/machine/mrpump.nix
index 99ce26d..97853d4 100644
--- a/nixos/machine/mrpump.nix
+++ b/nixos/machine/mrpump.nix
@@ -1,22 +1,118 @@
-{ config, lib, pkgs, ... }:
+self: { config, lib, pkgs, ... }:
 
+with builtins;
 with lib;
 
 {
 
-  config = {
-    # Gitlab worker
-    services.gitlab-runner = {
+  config = let
+
+    localNix = import (self.inputs.nix.outPath + "/docker.nix") {
+      pkgs = pkgs;
+      name = "local/nix";
+      tag = "latest";
+      bundleNixpkgs = false;
+      nixConf = {
+        cores = "0";
+        experimental-features = [ "nix-command" "flakes" ];
+      };
+    };
+    localNixDaemon = pkgs.dockerTools.buildLayeredImage {
+      fromImage = localNix;
+      name = "local/nix-daemon";
+      tag = "latest";
+      config = {
+        Volumes = {
+          "/nix/store" = { };
+          "/nix/var/nix/db" = { };
+          "/nix/var/nix/daemon-socket" = { };
+        };
+      };
+      maxLayers = 125;
+    };
+
+  in {
+
+    # Docker for the gitlab runner
+    virtualisation.docker = {
       enable = true;
-      services.docker = {
-        registrationConfigFile = "/run/secrets/gitlab-runner-registration";
-        tagList = ["docker"];
-        runUntagged = true;
-        executor = "docker";
-        dockerImage = "alpine";
-        description = "Docker runner";
+      autoPrune = {
+        enable = true;
+        dates = "daily";
+      };
+    };
+    users.users.cynerd.extraGroups = [ "docker" ];
+
+    # Common container for the Gitlab Nix runner
+    virtualisation.oci-containers = {
+      backend = "docker";
+      containers.gitlabnix = {
+        imageFile = localNixDaemon;
+        image = "local/nix-daemon:latest";
+        cmd = ["nix" "daemon"];
+      };
+    };
+
+    # Gitlab runner
+    systemd.services.gitlab-runner.serviceConfig = let
+      config = (pkgs.formats.toml{}).generate "gitlab-runner.toml" {
+        concurent = 1;
+        session_server = {
+          session_timeout = 1800;
+        };
+        runners = [
+          {
+            name = "MrPump Docker (LogC)";
+            url = "https://gitlab.com";
+            id = 18138767;
+            token = "@TOKEN_LOGC_DOCKER@";
+            executor = "docker";
+            docker = {
+              image = "alpine";
+            };
+          }
+          {
+            name = "MrPump Nix (LogC)";
+            url = "https://gitlab.com";
+            id = 18139391;
+            token = "@TOKEN_LOGC_NIX@";
+            executor = "docker";
+            docker = {
+              image = "local/nix:latest";
+              allowed_images = ["local/nix:latest"];
+              pull_policy = "never";
+              allowed_pull_policies = ["never"];
+              volumes_from = ["gitlabnix:ro"];
+            };
+            environment = [
+              "NIX_REMOTE=daemon"
+              "ENV=/etc/profile.d/nix-daemon.sh"
+              "BASH_ENV=/etc/profile.d/nix-daemon.sh"
+            ];
+            # TODO for some reason the /tmp seems to be missing
+            pre_build_script = ''
+              mkdir -p /tmp
+            '';
+          }
+        ];
       };
+      configPath = "$HOME/.gitlab-runner/config.toml";
+      configureScript = pkgs.writeShellScript "gitlab-runner-configure" ''
+        docker load < ${localNix}
+        mkdir -p $(dirname ${configPath})
+        ${pkgs.gawk}/bin/awk '{
+          for(varname in ENVIRON)
+            gsub("@"varname"@", ENVIRON[varname])
+          print
+        }' "${config}" > "${configPath}"
+        chown -R --reference=$HOME $(dirname ${configPath})
+      '';
+    in {
+      EnvironmentFile = "/run/secrets/gitlab-runner.env";
+      ExecStartPre = mkForce "!${configureScript}";
+      ExecReload = mkForce "!${configureScript}";
     };
+    services.gitlab-runner.enable = true;
 
   };