add gitlab runner

2024-05-05 23:16:29 -04:00 · 2024-05-05 23:16:29 -04:00 · be6b023cf6
commit be6b023cf6
parent 858c4eb9dd
2 changed files with 56 additions and 0 deletions
--- a/hosts/pluto/services/gitlab.nix
+++ b/hosts/pluto/services/gitlab.nix
@ -1,6 +1,7 @@
 {
  config,
  pkgs,
  lib,
  ...
 }: let
  sec = config.age.secrets;
@ -33,6 +34,50 @@ in {
      owner = user;
      group = group;
    };
    gitlab_runner = {
      file = ../../../sec/gitlab_runner.age;
    };
  };
  boot.kernel.sysctl."net.ipv4.ip_forward" = true; # 1
  services.gitlab-runner = {
    enable = true;
    services = {
      nix = with lib; {
        registrationConfigFile = toString sec.gitlab_runner.path; # 2
        dockerImage = "alpine";
        dockerVolumes = [
          "/nix/store:/nix/store:ro"
          "/nix/var/nix/db:/nix/var/nix/db:ro"
          "/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro"
        ];
        dockerDisableCache = true;
        preBuildScript = pkgs.writeScript "setup-container" ''
          mkdir -p -m 0755 /nix/var/log/nix/drvs
          mkdir -p -m 0755 /nix/var/nix/gcroots
          mkdir -p -m 0755 /nix/var/nix/profiles
          mkdir -p -m 0755 /nix/var/nix/temproots
          mkdir -p -m 0755 /nix/var/nix/userpool
          mkdir -p -m 1777 /nix/var/nix/gcroots/per-user
          mkdir -p -m 1777 /nix/var/nix/profiles/per-user
          mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root
          mkdir -p -m 0700 "$HOME/.nix-defexpr"
          . ${pkgs.nix}/etc/profile.d/nix-daemon.sh
          ${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixos-20.09 nixpkgs # 3
          ${pkgs.nix}/bin/nix-channel --update nixpkgs
          ${pkgs.nix}/bin/nix-env -i ${concatStringsSep " " (with pkgs; [nix cacert git openssh])}
        '';
        environmentVariables = {
          ENV = "/etc/profile";
          USER = "root";
          NIX_REMOTE = "daemon";
          PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin";
          NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt";
        };
        tagList = ["nix"];
      };
    };
  };
  services.gitlab = {
--- a/sec/gitlab_runner.age
+++ b/sec/gitlab_runner.age
@ -0,0 +1,11 @@
 age-encryption.org/v1
 -> ssh-ed25519 gWMdNg ThgFlRapmGeAIyoDUQ2+tKv1q/b4Rgy7X3JOX4y7rB4
 ZICtha7UPSAUmiWmutknmXEBF7p2ZhFvPe7KLuFMx/Y
 -> ssh-ed25519 s+NXzQ zQLenQJvJrCdpvlJvtHPopKrQrqlFH0L/Y7jtvUDVhw
 xR2m63gVGI+jnh/hWUSKghu7j6bpj1KpqW4rvYFDqY8
 -> ssh-ed25519 yEtzbQ drQqQGrf/bc2QtBEI81yZ5kdwOq16sxANWm7+xqNZjc
 u5E1BGvzlTXUPZ1xgqjmCSnpf394NIjPFhgiZr3mwyk
 -> ssh-ed25519 RMNffg FsrnVqaaecYqmbMUud933IZrPB75BLvgRBrZzGN+VRQ
 8biX5ndZpebxQAEGHD/yNWAqa7v7HmdunsBDGZeefYY
 --- seSphJ/0UtLwFCgYFy0hT3EV88OmNALfnpANHuJE8Ow
 7LGÇwoUZíËïWtÁ	ÛÂÛnh²º»•DÂ6`Õ×=²ý+è}\ÞØÄ;WÒa5>oErn}e¤š‘¢ó<>{zeðÔÛ%ÎOíâZË:r#û’OUï<“ë<E2809C>©šä7ûÞåÓ¥…¢¦ÛŒDØ