summaryrefslogtreecommitdiffstats
path: root/krebs/2configs/shack/gitlab-runner.nix
diff options
context:
space:
mode:
Diffstat (limited to 'krebs/2configs/shack/gitlab-runner.nix')
-rw-r--r--krebs/2configs/shack/gitlab-runner.nix50
1 files changed, 50 insertions, 0 deletions
diff --git a/krebs/2configs/shack/gitlab-runner.nix b/krebs/2configs/shack/gitlab-runner.nix
new file mode 100644
index 00000000..d525e798
--- /dev/null
+++ b/krebs/2configs/shack/gitlab-runner.nix
@@ -0,0 +1,50 @@
+{ pkgs,lib, ... }:
+{
+ boot.kernel.sysctl."net.ipv4.ip_forward" = true;
+ services.gitlab-runner = {
+ enable = true;
+ services= {
+ # runner for building in docker via host's nix-daemon
+ # nix store will be readable in runner, might be insecure
+ nix = with lib;{
+ # File should contain at least these two variables:
+ # `CI_SERVER_URL`
+ # `REGISTRATION_TOKEN`
+ registrationConfigFile = toString <secrets/shackspace-gitlab-ci>;
+ dockerImage = "alpine";
+ dockerVolumes = [
+ "/nix/store:/nix/store:ro"
+ "/nix/var/nix/db:/nix/var/nix/db:ro"
+ "/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro"
+ ];
+ dockerDisableCache = true;
+ # TODO: use the channel from <stockholm/krebs/nixpkgs.json>
+ preBuildScript = pkgs.writeScript "setup-container" ''
+ mkdir -p -m 0755 /nix/var/log/nix/drvs
+ mkdir -p -m 0755 /nix/var/nix/gcroots
+ mkdir -p -m 0755 /nix/var/nix/profiles
+ mkdir -p -m 0755 /nix/var/nix/temproots
+ mkdir -p -m 0755 /nix/var/nix/userpool
+ mkdir -p -m 1777 /nix/var/nix/gcroots/per-user
+ mkdir -p -m 1777 /nix/var/nix/profiles/per-user
+ mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root
+ mkdir -p -m 0700 "$HOME/.nix-defexpr"
+ . ${pkgs.nix}/etc/profile.d/nix.sh
+ ${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixos-20.09 nixpkgs
+ ${pkgs.nix}/bin/nix-channel --update nixpkgs
+ ${pkgs.nix}/bin/nix-env -i ${concatStringsSep " " (with pkgs; [ nix cacert git openssh ])}
+ '';
+ environmentVariables = {
+ ENV = "/etc/profile";
+ USER = "root";
+ NIX_REMOTE = "daemon";
+ PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin";
+ NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt";
+ };
+ tagList = [ "nix" "shacklan" ];
+ };
+ };
+ };
+ systemd.services.gitlab-runner.restartIfChanged = false;
+ systemd.services.docker.restartIfChanged = false;
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-03 06:23:06 +0000