diff options
author | Karel Kočí <cynerd@email.cz> | 2022-10-18 16:08:43 +0200 |
---|---|---|
committer | Karel Kočí <cynerd@email.cz> | 2022-10-18 16:08:43 +0200 |
commit | ad84020ba4c3dc60ac9d4a28cd81a32576af5bb3 (patch) | |
tree | f5775559375341c8904be946233ebc808641bc32 /nixos | |
parent | 457120e85acd089f8f734aa6465be01eec3f8943 (diff) | |
download | nixos-personal-ad84020ba4c3dc60ac9d4a28cd81a32576af5bb3.tar.gz nixos-personal-ad84020ba4c3dc60ac9d4a28cd81a32576af5bb3.tar.bz2 nixos-personal-ad84020ba4c3dc60ac9d4a28cd81a32576af5bb3.zip |
nixos/machine/mrpump: Gitlab CI
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/default.nix | 6 | ||||
-rw-r--r-- | nixos/machine/default.nix | 4 | ||||
-rw-r--r-- | nixos/machine/mrpump.nix | 118 | ||||
-rw-r--r-- | nixos/modules/develop.nix | 2 | ||||
-rw-r--r-- | nixos/modules/generic.nix | 5 |
5 files changed, 117 insertions, 18 deletions
diff --git a/nixos/default.nix b/nixos/default.nix index 72eae65..64593bb 100644 --- a/nixos/default.nix +++ b/nixos/default.nix @@ -1,9 +1,9 @@ -nixpkgs: +self: let - modules = import ./modules nixpkgs; - machines = import ./machine; + modules = import ./modules self.inputs.nixpkgs; + machines = import ./machine self; in modules // machines // { default = { imports = builtins.attrValues modules; }; diff --git a/nixos/machine/default.nix b/nixos/machine/default.nix index 2efe2da..801d0a4 100644 --- a/nixos/machine/default.nix +++ b/nixos/machine/default.nix @@ -1,4 +1,4 @@ -{ +self: { machine-albert = import ./albert.nix; machine-binky = import ./binky.nix; machine-dean = import ./dean.nix; @@ -7,7 +7,7 @@ machine-susan = import ./susan.nix; machine-lipwig = import ./lipwig.nix; - machine-mrpump = import ./mrpump.nix; + machine-mrpump = import ./mrpump.nix self; machine-gaspode = import ./gaspode.nix; diff --git a/nixos/machine/mrpump.nix b/nixos/machine/mrpump.nix index 99ce26d..97853d4 100644 --- a/nixos/machine/mrpump.nix +++ b/nixos/machine/mrpump.nix @@ -1,22 +1,118 @@ -{ config, lib, pkgs, ... }: +self: { config, lib, pkgs, ... }: +with builtins; with lib; { - config = { - # Gitlab worker - services.gitlab-runner = { + config = let + + localNix = import (self.inputs.nix.outPath + "/docker.nix") { + pkgs = pkgs; + name = "local/nix"; + tag = "latest"; + bundleNixpkgs = false; + nixConf = { + cores = "0"; + experimental-features = [ "nix-command" "flakes" ]; + }; + }; + localNixDaemon = pkgs.dockerTools.buildLayeredImage { + fromImage = localNix; + name = "local/nix-daemon"; + tag = "latest"; + config = { + Volumes = { + "/nix/store" = { }; + "/nix/var/nix/db" = { }; + "/nix/var/nix/daemon-socket" = { }; + }; + }; + maxLayers = 125; + }; + + in { + + # Docker for the gitlab runner + virtualisation.docker = { enable = true; - services.docker = { - registrationConfigFile = "/run/secrets/gitlab-runner-registration"; - tagList = ["docker"]; - runUntagged = true; - executor = "docker"; - dockerImage = "alpine"; - description = "Docker runner"; + autoPrune = { + enable = true; + dates = "daily"; + }; + }; + users.users.cynerd.extraGroups = [ "docker" ]; + + # Common container for the Gitlab Nix runner + virtualisation.oci-containers = { + backend = "docker"; + containers.gitlabnix = { + imageFile = localNixDaemon; + image = "local/nix-daemon:latest"; + cmd = ["nix" "daemon"]; + }; + }; + + # Gitlab runner + systemd.services.gitlab-runner.serviceConfig = let + config = (pkgs.formats.toml{}).generate "gitlab-runner.toml" { + concurent = 1; + session_server = { + session_timeout = 1800; + }; + runners = [ + { + name = "MrPump Docker (LogC)"; + url = "https://gitlab.com"; + id = 18138767; + token = "@TOKEN_LOGC_DOCKER@"; + executor = "docker"; + docker = { + image = "alpine"; + }; + } + { + name = "MrPump Nix (LogC)"; + url = "https://gitlab.com"; + id = 18139391; + token = "@TOKEN_LOGC_NIX@"; + executor = "docker"; + docker = { + image = "local/nix:latest"; + allowed_images = ["local/nix:latest"]; + pull_policy = "never"; + allowed_pull_policies = ["never"]; + volumes_from = ["gitlabnix:ro"]; + }; + environment = [ + "NIX_REMOTE=daemon" + "ENV=/etc/profile.d/nix-daemon.sh" + "BASH_ENV=/etc/profile.d/nix-daemon.sh" + ]; + # TODO for some reason the /tmp seems to be missing + pre_build_script = '' + mkdir -p /tmp + ''; + } + ]; }; + configPath = "$HOME/.gitlab-runner/config.toml"; + configureScript = pkgs.writeShellScript "gitlab-runner-configure" '' + docker load < ${localNix} + mkdir -p $(dirname ${configPath}) + ${pkgs.gawk}/bin/awk '{ + for(varname in ENVIRON) + gsub("@"varname"@", ENVIRON[varname]) + print + }' "${config}" > "${configPath}" + chown -R --reference=$HOME $(dirname ${configPath}) + ''; + in { + EnvironmentFile = "/run/secrets/gitlab-runner.env"; + ExecStartPre = mkForce "!${configureScript}"; + ExecReload = mkForce "!${configureScript}"; }; + services.gitlab-runner.enable = true; }; diff --git a/nixos/modules/develop.nix b/nixos/modules/develop.nix index 76f0d71..2360cda 100644 --- a/nixos/modules/develop.nix +++ b/nixos/modules/develop.nix @@ -96,7 +96,7 @@ in { dfeet # Documentation - man-pages man-pages-posix + man-pages man-pages-posix linux-manual ]; documentation.dev.enable = true; diff --git a/nixos/modules/generic.nix b/nixos/modules/generic.nix index fb2879c..a7816ed 100644 --- a/nixos/modules/generic.nix +++ b/nixos/modules/generic.nix @@ -45,7 +45,7 @@ in { git # We need git for this repository to even work # Administration tools #coreutils moreutils binutils psmisc progress lshw file - coreutils binutils psmisc progress lshw file + coreutils binutils psmisc progress lshw file vde2 ldns wget gnumake exfat exfatprogs @@ -136,6 +136,9 @@ in { substituteAll ${./nixos-system.sh} $out/bin/nixos-system chmod +x $out/bin/nixos-system ''; + + programs.fuse.userAllowOther = true; + }; } |