2020-04-24 23:36:52 +00:00
|
|
|
|
{ config, lib, pkgs, ... }:
|
2020-07-18 16:06:22 +00:00
|
|
|
|
with builtins;
|
2020-04-24 23:36:52 +00:00
|
|
|
|
with lib;
|
|
|
|
|
let
|
|
|
|
|
cfg = config.services.gitlab-runner;
|
|
|
|
|
hasDocker = config.virtualisation.docker.enable;
|
2023-01-11 07:51:40 +00:00
|
|
|
|
|
|
|
|
|
/* The whole logic of this module is to diff the hashes of the desired vs existing runners
|
|
|
|
|
The hash is recorded in the runner's name because we can't do better yet
|
|
|
|
|
See https://gitlab.com/gitlab-org/gitlab-runner/-/issues/29350 for more details
|
|
|
|
|
*/
|
|
|
|
|
genRunnerName = name: service: let
|
|
|
|
|
hash = substring 0 12 (hashString "md5" (unsafeDiscardStringContext (toJSON service)));
|
|
|
|
|
in if service ? description && service.description != null
|
|
|
|
|
then "${hash} ${service.description}"
|
|
|
|
|
else "${name}_${config.networking.hostName}_${hash}";
|
|
|
|
|
|
2020-07-18 16:06:22 +00:00
|
|
|
|
hashedServices = mapAttrs'
|
2023-01-11 07:51:40 +00:00
|
|
|
|
(name: service: nameValuePair (genRunnerName name service) service) cfg.services;
|
|
|
|
|
configPath = ''"$HOME"/.gitlab-runner/config.toml'';
|
|
|
|
|
configureScript = pkgs.writeShellApplication {
|
|
|
|
|
name = "gitlab-runner-configure";
|
|
|
|
|
runtimeInputs = with pkgs; [
|
|
|
|
|
bash
|
|
|
|
|
gawk
|
|
|
|
|
jq
|
|
|
|
|
moreutils
|
|
|
|
|
remarshal
|
|
|
|
|
util-linux
|
|
|
|
|
cfg.package
|
|
|
|
|
perl
|
|
|
|
|
python3
|
|
|
|
|
];
|
|
|
|
|
text = if (cfg.configFile != null) then ''
|
2020-05-03 17:38:23 +00:00
|
|
|
|
cp ${cfg.configFile} ${configPath}
|
|
|
|
|
# make config file readable by service
|
2023-02-22 10:55:15 +00:00
|
|
|
|
chown -R --reference="$HOME" "$(dirname ${configPath})"
|
2020-05-03 17:38:23 +00:00
|
|
|
|
'' else ''
|
|
|
|
|
export CONFIG_FILE=${configPath}
|
|
|
|
|
|
2023-01-11 07:51:40 +00:00
|
|
|
|
mkdir -p "$(dirname ${configPath})"
|
2022-08-12 12:06:08 +00:00
|
|
|
|
touch ${configPath}
|
|
|
|
|
|
|
|
|
|
# update global options
|
|
|
|
|
remarshal --if toml --of json ${configPath} \
|
|
|
|
|
| jq -cM 'with_entries(select([.key] | inside(["runners"])))' \
|
|
|
|
|
| jq -scM '.[0] + .[1]' - <(echo ${escapeShellArg (toJSON cfg.settings)}) \
|
|
|
|
|
| remarshal --if json --of toml \
|
|
|
|
|
| sponge ${configPath}
|
2020-05-03 17:38:23 +00:00
|
|
|
|
|
|
|
|
|
# remove no longer existing services
|
|
|
|
|
gitlab-runner verify --delete
|
|
|
|
|
|
2023-01-11 07:51:40 +00:00
|
|
|
|
${toShellVar "NEEDED_SERVICES" (lib.mapAttrs (name: value: 1) hashedServices)}
|
|
|
|
|
|
|
|
|
|
declare -A REGISTERED_SERVICES
|
|
|
|
|
|
|
|
|
|
while IFS="," read -r name token;
|
|
|
|
|
do
|
|
|
|
|
REGISTERED_SERVICES["$name"]="$token"
|
|
|
|
|
done < <(gitlab-runner --log-format json list 2>&1 | grep Token | jq -r '.msg +"," + .Token')
|
|
|
|
|
|
|
|
|
|
echo "NEEDED_SERVICES: " "''${!NEEDED_SERVICES[@]}"
|
|
|
|
|
echo "REGISTERED_SERVICES:" "''${!REGISTERED_SERVICES[@]}"
|
2020-05-03 17:38:23 +00:00
|
|
|
|
|
|
|
|
|
# difference between current and desired state
|
2023-01-11 07:51:40 +00:00
|
|
|
|
declare -A NEW_SERVICES
|
|
|
|
|
for name in "''${!NEEDED_SERVICES[@]}"; do
|
|
|
|
|
if [ ! -v 'REGISTERED_SERVICES[$name]' ]; then
|
|
|
|
|
NEW_SERVICES[$name]=1
|
|
|
|
|
fi
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
declare -A OLD_SERVICES
|
|
|
|
|
# shellcheck disable=SC2034
|
|
|
|
|
for name in "''${!REGISTERED_SERVICES[@]}"; do
|
|
|
|
|
if [ ! -v 'NEEDED_SERVICES[$name]' ]; then
|
|
|
|
|
OLD_SERVICES[$name]=1
|
|
|
|
|
fi
|
|
|
|
|
done
|
2020-05-03 17:38:23 +00:00
|
|
|
|
|
|
|
|
|
# register new services
|
|
|
|
|
${concatStringsSep "\n" (mapAttrsToList (name: service: ''
|
2023-01-11 07:51:40 +00:00
|
|
|
|
# TODO so here we should mention NEW_SERVICES
|
|
|
|
|
if [ -v 'NEW_SERVICES["${name}"]' ] ; then
|
2020-05-03 17:38:23 +00:00
|
|
|
|
bash -c ${escapeShellArg (concatStringsSep " \\\n " ([
|
|
|
|
|
"set -a && source ${service.registrationConfigFile} &&"
|
|
|
|
|
"gitlab-runner register"
|
|
|
|
|
"--non-interactive"
|
2023-01-11 07:51:40 +00:00
|
|
|
|
"--name '${name}'"
|
2020-05-03 17:38:23 +00:00
|
|
|
|
"--executor ${service.executor}"
|
|
|
|
|
"--limit ${toString service.limit}"
|
|
|
|
|
"--request-concurrency ${toString service.requestConcurrency}"
|
|
|
|
|
"--maximum-timeout ${toString service.maximumTimeout}"
|
|
|
|
|
] ++ service.registrationFlags
|
|
|
|
|
++ optional (service.buildsDir != null)
|
|
|
|
|
"--builds-dir ${service.buildsDir}"
|
2020-08-20 17:08:02 +00:00
|
|
|
|
++ optional (service.cloneUrl != null)
|
|
|
|
|
"--clone-url ${service.cloneUrl}"
|
2020-05-03 17:38:23 +00:00
|
|
|
|
++ optional (service.preCloneScript != null)
|
|
|
|
|
"--pre-clone-script ${service.preCloneScript}"
|
|
|
|
|
++ optional (service.preBuildScript != null)
|
|
|
|
|
"--pre-build-script ${service.preBuildScript}"
|
|
|
|
|
++ optional (service.postBuildScript != null)
|
|
|
|
|
"--post-build-script ${service.postBuildScript}"
|
|
|
|
|
++ optional (service.tagList != [ ])
|
|
|
|
|
"--tag-list ${concatStringsSep "," service.tagList}"
|
|
|
|
|
++ optional service.runUntagged
|
|
|
|
|
"--run-untagged"
|
|
|
|
|
++ optional service.protected
|
|
|
|
|
"--access-level ref_protected"
|
|
|
|
|
++ optional service.debugTraceDisabled
|
|
|
|
|
"--debug-trace-disabled"
|
|
|
|
|
++ map (e: "--env ${escapeShellArg e}") (mapAttrsToList (name: value: "${name}=${value}") service.environmentVariables)
|
2021-02-05 17:12:51 +00:00
|
|
|
|
++ optionals (hasPrefix "docker" service.executor) (
|
2020-05-03 17:38:23 +00:00
|
|
|
|
assert (
|
|
|
|
|
assertMsg (service.dockerImage != null)
|
2021-02-05 17:12:51 +00:00
|
|
|
|
"dockerImage option is required for ${service.executor} executor (${name})");
|
2020-05-03 17:38:23 +00:00
|
|
|
|
[ "--docker-image ${service.dockerImage}" ]
|
|
|
|
|
++ optional service.dockerDisableCache
|
|
|
|
|
"--docker-disable-cache"
|
|
|
|
|
++ optional service.dockerPrivileged
|
|
|
|
|
"--docker-privileged"
|
|
|
|
|
++ map (v: "--docker-volumes ${escapeShellArg v}") service.dockerVolumes
|
|
|
|
|
++ map (v: "--docker-extra-hosts ${escapeShellArg v}") service.dockerExtraHosts
|
|
|
|
|
++ map (v: "--docker-allowed-images ${escapeShellArg v}") service.dockerAllowedImages
|
|
|
|
|
++ map (v: "--docker-allowed-services ${escapeShellArg v}") service.dockerAllowedServices
|
|
|
|
|
)
|
2020-07-18 16:06:22 +00:00
|
|
|
|
))} && sleep 1 || exit 1
|
2020-05-03 17:38:23 +00:00
|
|
|
|
fi
|
|
|
|
|
'') hashedServices)}
|
|
|
|
|
|
2023-01-11 07:51:40 +00:00
|
|
|
|
# check key is in array https://stackoverflow.com/questions/30353951/how-to-check-if-dictionary-contains-a-key-in-bash
|
|
|
|
|
|
|
|
|
|
echo "NEW_SERVICES: ''${NEW_SERVICES[*]}"
|
|
|
|
|
echo "OLD_SERVICES: ''${OLD_SERVICES[*]}"
|
2020-05-03 17:38:23 +00:00
|
|
|
|
# unregister old services
|
2023-01-11 07:51:40 +00:00
|
|
|
|
for NAME in "''${!OLD_SERVICES[@]}"
|
2020-05-03 17:38:23 +00:00
|
|
|
|
do
|
2023-01-11 07:51:40 +00:00
|
|
|
|
[ -n "$NAME" ] && gitlab-runner unregister \
|
2020-05-03 17:38:23 +00:00
|
|
|
|
--name "$NAME" && sleep 1
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
# make config file readable by service
|
2023-01-11 07:51:40 +00:00
|
|
|
|
chown -R --reference="$HOME" "$(dirname ${configPath})"
|
|
|
|
|
'';
|
|
|
|
|
};
|
2020-05-03 17:38:23 +00:00
|
|
|
|
startScript = pkgs.writeShellScriptBin "gitlab-runner-start" ''
|
|
|
|
|
export CONFIG_FILE=${configPath}
|
|
|
|
|
exec gitlab-runner run --working-directory $HOME
|
|
|
|
|
'';
|
2023-01-11 07:51:40 +00:00
|
|
|
|
in {
|
2020-04-24 23:36:52 +00:00
|
|
|
|
options.services.gitlab-runner = {
|
2022-09-09 14:08:57 +00:00
|
|
|
|
enable = mkEnableOption (lib.mdDoc "Gitlab Runner");
|
2020-04-24 23:36:52 +00:00
|
|
|
|
configFile = mkOption {
|
2020-05-03 17:38:23 +00:00
|
|
|
|
type = types.nullOr types.path;
|
2020-04-24 23:36:52 +00:00
|
|
|
|
default = null;
|
2022-08-12 12:06:08 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2020-04-24 23:36:52 +00:00
|
|
|
|
Configuration file for gitlab-runner.
|
|
|
|
|
|
2022-08-12 12:06:08 +00:00
|
|
|
|
{option}`configFile` takes precedence over {option}`services`.
|
|
|
|
|
{option}`checkInterval` and {option}`concurrent` will be ignored too.
|
2020-04-24 23:36:52 +00:00
|
|
|
|
|
2022-08-12 12:06:08 +00:00
|
|
|
|
This option is deprecated, please use {option}`services` instead.
|
|
|
|
|
You can use {option}`registrationConfigFile` and
|
|
|
|
|
{option}`registrationFlags`
|
2020-05-03 17:38:23 +00:00
|
|
|
|
for settings not covered by this module.
|
2020-04-24 23:36:52 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
2022-08-12 12:06:08 +00:00
|
|
|
|
settings = mkOption {
|
2020-07-18 16:06:22 +00:00
|
|
|
|
type = types.submodule {
|
2022-08-12 12:06:08 +00:00
|
|
|
|
freeformType = (pkgs.formats.json { }).type;
|
2020-07-18 16:06:22 +00:00
|
|
|
|
};
|
|
|
|
|
default = { };
|
2022-08-12 12:06:08 +00:00
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
|
Global gitlab-runner configuration. See
|
|
|
|
|
<https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section>
|
|
|
|
|
for supported values.
|
2020-07-18 16:06:22 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
2020-04-24 23:36:52 +00:00
|
|
|
|
gracefulTermination = mkOption {
|
|
|
|
|
type = types.bool;
|
2020-05-03 17:38:23 +00:00
|
|
|
|
default = false;
|
2022-08-12 12:06:08 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2020-05-03 17:38:23 +00:00
|
|
|
|
Finish all remaining jobs before stopping.
|
2022-12-28 21:21:41 +00:00
|
|
|
|
If not set gitlab-runner will stop immediately without waiting
|
2020-05-03 17:38:23 +00:00
|
|
|
|
for jobs to finish, which will lead to failed builds.
|
2020-04-24 23:36:52 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
gracefulTimeout = mkOption {
|
|
|
|
|
type = types.str;
|
2020-05-03 17:38:23 +00:00
|
|
|
|
default = "infinity";
|
2020-04-24 23:36:52 +00:00
|
|
|
|
example = "5min 20s";
|
2022-08-12 12:06:08 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2020-05-03 17:38:23 +00:00
|
|
|
|
Time to wait until a graceful shutdown is turned into a forceful one.
|
|
|
|
|
'';
|
2020-04-24 23:36:52 +00:00
|
|
|
|
};
|
|
|
|
|
package = mkOption {
|
2020-05-03 17:38:23 +00:00
|
|
|
|
type = types.package;
|
2020-04-24 23:36:52 +00:00
|
|
|
|
default = pkgs.gitlab-runner;
|
2021-10-06 13:57:05 +00:00
|
|
|
|
defaultText = literalExpression "pkgs.gitlab-runner";
|
|
|
|
|
example = literalExpression "pkgs.gitlab-runner_1_11";
|
2022-08-12 12:06:08 +00:00
|
|
|
|
description = lib.mdDoc "Gitlab Runner package to use.";
|
2020-04-24 23:36:52 +00:00
|
|
|
|
};
|
2020-05-03 17:38:23 +00:00
|
|
|
|
extraPackages = mkOption {
|
2020-04-24 23:36:52 +00:00
|
|
|
|
type = types.listOf types.package;
|
2020-05-03 17:38:23 +00:00
|
|
|
|
default = [ ];
|
2022-08-12 12:06:08 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2020-05-03 17:38:23 +00:00
|
|
|
|
Extra packages to add to PATH for the gitlab-runner process.
|
2020-04-24 23:36:52 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
2020-05-03 17:38:23 +00:00
|
|
|
|
services = mkOption {
|
2022-08-12 12:06:08 +00:00
|
|
|
|
description = lib.mdDoc "GitLab Runner services.";
|
2020-05-03 17:38:23 +00:00
|
|
|
|
default = { };
|
2021-10-06 13:57:05 +00:00
|
|
|
|
example = literalExpression ''
|
2020-05-03 17:38:23 +00:00
|
|
|
|
{
|
|
|
|
|
# runner for building in docker via host's nix-daemon
|
|
|
|
|
# nix store will be readable in runner, might be insecure
|
|
|
|
|
nix = {
|
|
|
|
|
# File should contain at least these two variables:
|
|
|
|
|
# `CI_SERVER_URL`
|
|
|
|
|
# `REGISTRATION_TOKEN`
|
|
|
|
|
registrationConfigFile = "/run/secrets/gitlab-runner-registration";
|
|
|
|
|
dockerImage = "alpine";
|
|
|
|
|
dockerVolumes = [
|
|
|
|
|
"/nix/store:/nix/store:ro"
|
|
|
|
|
"/nix/var/nix/db:/nix/var/nix/db:ro"
|
|
|
|
|
"/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro"
|
|
|
|
|
];
|
|
|
|
|
dockerDisableCache = true;
|
|
|
|
|
preBuildScript = pkgs.writeScript "setup-container" '''
|
|
|
|
|
mkdir -p -m 0755 /nix/var/log/nix/drvs
|
|
|
|
|
mkdir -p -m 0755 /nix/var/nix/gcroots
|
|
|
|
|
mkdir -p -m 0755 /nix/var/nix/profiles
|
|
|
|
|
mkdir -p -m 0755 /nix/var/nix/temproots
|
|
|
|
|
mkdir -p -m 0755 /nix/var/nix/userpool
|
|
|
|
|
mkdir -p -m 1777 /nix/var/nix/gcroots/per-user
|
|
|
|
|
mkdir -p -m 1777 /nix/var/nix/profiles/per-user
|
|
|
|
|
mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root
|
|
|
|
|
mkdir -p -m 0700 "$HOME/.nix-defexpr"
|
2020-04-24 23:36:52 +00:00
|
|
|
|
|
2020-05-03 17:38:23 +00:00
|
|
|
|
. ''${pkgs.nix}/etc/profile.d/nix.sh
|
2020-04-24 23:36:52 +00:00
|
|
|
|
|
2020-05-03 17:38:23 +00:00
|
|
|
|
''${pkgs.nix}/bin/nix-env -i ''${concatStringsSep " " (with pkgs; [ nix cacert git openssh ])}
|
|
|
|
|
|
|
|
|
|
''${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixpkgs-unstable
|
|
|
|
|
''${pkgs.nix}/bin/nix-channel --update nixpkgs
|
|
|
|
|
''';
|
|
|
|
|
environmentVariables = {
|
|
|
|
|
ENV = "/etc/profile";
|
|
|
|
|
USER = "root";
|
|
|
|
|
NIX_REMOTE = "daemon";
|
|
|
|
|
PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin";
|
|
|
|
|
NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt";
|
|
|
|
|
};
|
|
|
|
|
tagList = [ "nix" ];
|
|
|
|
|
};
|
|
|
|
|
# runner for building docker images
|
|
|
|
|
docker-images = {
|
|
|
|
|
# File should contain at least these two variables:
|
|
|
|
|
# `CI_SERVER_URL`
|
|
|
|
|
# `REGISTRATION_TOKEN`
|
|
|
|
|
registrationConfigFile = "/run/secrets/gitlab-runner-registration";
|
|
|
|
|
dockerImage = "docker:stable";
|
|
|
|
|
dockerVolumes = [
|
|
|
|
|
"/var/run/docker.sock:/var/run/docker.sock"
|
|
|
|
|
];
|
|
|
|
|
tagList = [ "docker-images" ];
|
|
|
|
|
};
|
|
|
|
|
# runner for executing stuff on host system (very insecure!)
|
|
|
|
|
# make sure to add required packages (including git!)
|
|
|
|
|
# to `environment.systemPackages`
|
|
|
|
|
shell = {
|
|
|
|
|
# File should contain at least these two variables:
|
|
|
|
|
# `CI_SERVER_URL`
|
|
|
|
|
# `REGISTRATION_TOKEN`
|
|
|
|
|
registrationConfigFile = "/run/secrets/gitlab-runner-registration";
|
|
|
|
|
executor = "shell";
|
|
|
|
|
tagList = [ "shell" ];
|
|
|
|
|
};
|
|
|
|
|
# runner for everything else
|
|
|
|
|
default = {
|
|
|
|
|
# File should contain at least these two variables:
|
|
|
|
|
# `CI_SERVER_URL`
|
|
|
|
|
# `REGISTRATION_TOKEN`
|
|
|
|
|
registrationConfigFile = "/run/secrets/gitlab-runner-registration";
|
|
|
|
|
dockerImage = "debian:stable";
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
'';
|
|
|
|
|
type = types.attrsOf (types.submodule {
|
|
|
|
|
options = {
|
|
|
|
|
registrationConfigFile = mkOption {
|
|
|
|
|
type = types.path;
|
2022-08-12 12:06:08 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2020-05-03 17:38:23 +00:00
|
|
|
|
Absolute path to a file with environment variables
|
|
|
|
|
used for gitlab-runner registration.
|
|
|
|
|
A list of all supported environment variables can be found in
|
2022-08-12 12:06:08 +00:00
|
|
|
|
`gitlab-runner register --help`.
|
2020-05-03 17:38:23 +00:00
|
|
|
|
|
|
|
|
|
Ones that you probably want to set is
|
|
|
|
|
|
2022-08-12 12:06:08 +00:00
|
|
|
|
`CI_SERVER_URL=<CI server URL>`
|
2020-05-03 17:38:23 +00:00
|
|
|
|
|
2022-08-12 12:06:08 +00:00
|
|
|
|
`REGISTRATION_TOKEN=<registration secret>`
|
2021-08-05 21:33:18 +00:00
|
|
|
|
|
|
|
|
|
WARNING: make sure to use quoted absolute path,
|
|
|
|
|
or it is going to be copied to Nix Store.
|
2020-05-03 17:38:23 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
registrationFlags = mkOption {
|
|
|
|
|
type = types.listOf types.str;
|
|
|
|
|
default = [ ];
|
|
|
|
|
example = [ "--docker-helper-image my/gitlab-runner-helper" ];
|
2022-08-12 12:06:08 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2020-05-03 17:38:23 +00:00
|
|
|
|
Extra command-line flags passed to
|
2022-08-12 12:06:08 +00:00
|
|
|
|
`gitlab-runner register`.
|
|
|
|
|
Execute `gitlab-runner register --help`
|
2020-05-03 17:38:23 +00:00
|
|
|
|
for a list of supported flags.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
environmentVariables = mkOption {
|
|
|
|
|
type = types.attrsOf types.str;
|
|
|
|
|
default = { };
|
|
|
|
|
example = { NAME = "value"; };
|
2022-08-12 12:06:08 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2020-05-03 17:38:23 +00:00
|
|
|
|
Custom environment variables injected to build environment.
|
2022-08-12 12:06:08 +00:00
|
|
|
|
For secrets you can use {option}`registrationConfigFile`
|
|
|
|
|
with `RUNNER_ENV` variable set.
|
2020-05-03 17:38:23 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
2022-04-27 09:35:20 +00:00
|
|
|
|
description = mkOption {
|
|
|
|
|
type = types.nullOr types.str;
|
|
|
|
|
default = null;
|
2022-08-12 12:06:08 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2022-04-27 09:35:20 +00:00
|
|
|
|
Name/description of the runner.
|
|
|
|
|
'';
|
|
|
|
|
};
|
2020-05-03 17:38:23 +00:00
|
|
|
|
executor = mkOption {
|
|
|
|
|
type = types.str;
|
|
|
|
|
default = "docker";
|
2022-08-12 12:06:08 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2020-05-03 17:38:23 +00:00
|
|
|
|
Select executor, eg. shell, docker, etc.
|
2022-08-12 12:06:08 +00:00
|
|
|
|
See [runner documentation](https://docs.gitlab.com/runner/executors/README.html) for more information.
|
2020-05-03 17:38:23 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
buildsDir = mkOption {
|
|
|
|
|
type = types.nullOr types.path;
|
|
|
|
|
default = null;
|
|
|
|
|
example = "/var/lib/gitlab-runner/builds";
|
2022-08-12 12:06:08 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2020-05-03 17:38:23 +00:00
|
|
|
|
Absolute path to a directory where builds will be stored
|
|
|
|
|
in context of selected executor (Locally, Docker, SSH).
|
|
|
|
|
'';
|
|
|
|
|
};
|
2020-08-20 17:08:02 +00:00
|
|
|
|
cloneUrl = mkOption {
|
|
|
|
|
type = types.nullOr types.str;
|
|
|
|
|
default = null;
|
|
|
|
|
example = "http://gitlab.example.local";
|
2022-08-12 12:06:08 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2020-08-20 17:08:02 +00:00
|
|
|
|
Overwrite the URL for the GitLab instance. Used if the Runner can’t connect to GitLab on the URL GitLab exposes itself.
|
|
|
|
|
'';
|
|
|
|
|
};
|
2020-05-03 17:38:23 +00:00
|
|
|
|
dockerImage = mkOption {
|
|
|
|
|
type = types.nullOr types.str;
|
|
|
|
|
default = null;
|
2022-08-12 12:06:08 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2020-05-03 17:38:23 +00:00
|
|
|
|
Docker image to be used.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
dockerVolumes = mkOption {
|
|
|
|
|
type = types.listOf types.str;
|
|
|
|
|
default = [ ];
|
|
|
|
|
example = [ "/var/run/docker.sock:/var/run/docker.sock" ];
|
2022-08-12 12:06:08 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2020-05-03 17:38:23 +00:00
|
|
|
|
Bind-mount a volume and create it
|
|
|
|
|
if it doesn't exist prior to mounting.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
dockerDisableCache = mkOption {
|
|
|
|
|
type = types.bool;
|
|
|
|
|
default = false;
|
2022-08-12 12:06:08 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2020-05-03 17:38:23 +00:00
|
|
|
|
Disable all container caching.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
dockerPrivileged = mkOption {
|
|
|
|
|
type = types.bool;
|
|
|
|
|
default = false;
|
2022-08-12 12:06:08 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2020-05-03 17:38:23 +00:00
|
|
|
|
Give extended privileges to container.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
dockerExtraHosts = mkOption {
|
|
|
|
|
type = types.listOf types.str;
|
|
|
|
|
default = [ ];
|
|
|
|
|
example = [ "other-host:127.0.0.1" ];
|
2022-08-12 12:06:08 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2020-05-03 17:38:23 +00:00
|
|
|
|
Add a custom host-to-IP mapping.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
dockerAllowedImages = mkOption {
|
|
|
|
|
type = types.listOf types.str;
|
|
|
|
|
default = [ ];
|
|
|
|
|
example = [ "ruby:*" "python:*" "php:*" "my.registry.tld:5000/*:*" ];
|
2022-08-12 12:06:08 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2020-05-03 17:38:23 +00:00
|
|
|
|
Whitelist allowed images.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
dockerAllowedServices = mkOption {
|
|
|
|
|
type = types.listOf types.str;
|
|
|
|
|
default = [ ];
|
|
|
|
|
example = [ "postgres:9" "redis:*" "mysql:*" ];
|
2022-08-12 12:06:08 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2020-05-03 17:38:23 +00:00
|
|
|
|
Whitelist allowed services.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
preCloneScript = mkOption {
|
|
|
|
|
type = types.nullOr types.path;
|
|
|
|
|
default = null;
|
2022-08-12 12:06:08 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2020-05-03 17:38:23 +00:00
|
|
|
|
Runner-specific command script executed before code is pulled.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
preBuildScript = mkOption {
|
|
|
|
|
type = types.nullOr types.path;
|
|
|
|
|
default = null;
|
2022-08-12 12:06:08 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2020-05-03 17:38:23 +00:00
|
|
|
|
Runner-specific command script executed after code is pulled,
|
|
|
|
|
just before build executes.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
postBuildScript = mkOption {
|
|
|
|
|
type = types.nullOr types.path;
|
|
|
|
|
default = null;
|
2022-08-12 12:06:08 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2020-05-03 17:38:23 +00:00
|
|
|
|
Runner-specific command script executed after code is pulled
|
|
|
|
|
and just after build executes.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
tagList = mkOption {
|
|
|
|
|
type = types.listOf types.str;
|
|
|
|
|
default = [ ];
|
2022-08-12 12:06:08 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2020-05-03 17:38:23 +00:00
|
|
|
|
Tag list.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
runUntagged = mkOption {
|
|
|
|
|
type = types.bool;
|
|
|
|
|
default = false;
|
2022-08-12 12:06:08 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2020-05-03 17:38:23 +00:00
|
|
|
|
Register to run untagged builds; defaults to
|
2022-08-12 12:06:08 +00:00
|
|
|
|
`true` when {option}`tagList` is empty.
|
2020-05-03 17:38:23 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
limit = mkOption {
|
|
|
|
|
type = types.int;
|
|
|
|
|
default = 0;
|
2022-08-12 12:06:08 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2020-05-03 17:38:23 +00:00
|
|
|
|
Limit how many jobs can be handled concurrently by this service.
|
|
|
|
|
0 (default) simply means don't limit.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
requestConcurrency = mkOption {
|
|
|
|
|
type = types.int;
|
|
|
|
|
default = 0;
|
2022-08-12 12:06:08 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2020-05-03 17:38:23 +00:00
|
|
|
|
Limit number of concurrent requests for new jobs from GitLab.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
maximumTimeout = mkOption {
|
|
|
|
|
type = types.int;
|
|
|
|
|
default = 0;
|
2022-08-12 12:06:08 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2020-05-03 17:38:23 +00:00
|
|
|
|
What is the maximum timeout (in seconds) that will be set for
|
|
|
|
|
job when using this Runner. 0 (default) simply means don't limit.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
protected = mkOption {
|
|
|
|
|
type = types.bool;
|
|
|
|
|
default = false;
|
2022-08-12 12:06:08 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2020-05-03 17:38:23 +00:00
|
|
|
|
When set to true Runner will only run on pipelines
|
|
|
|
|
triggered on protected branches.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
debugTraceDisabled = mkOption {
|
|
|
|
|
type = types.bool;
|
|
|
|
|
default = false;
|
2022-08-12 12:06:08 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2020-05-03 17:38:23 +00:00
|
|
|
|
When set to true Runner will disable the possibility of
|
2022-08-12 12:06:08 +00:00
|
|
|
|
using the `CI_DEBUG_TRACE` feature.
|
2020-05-03 17:38:23 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
});
|
|
|
|
|
};
|
2022-10-21 18:38:19 +00:00
|
|
|
|
clear-docker-cache = {
|
|
|
|
|
enable = mkOption {
|
|
|
|
|
type = types.bool;
|
|
|
|
|
default = false;
|
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
|
Whether to periodically prune gitlab runner's Docker resources. If
|
|
|
|
|
enabled, a systemd timer will run {command}`clear-docker-cache` as
|
|
|
|
|
specified by the `dates` option.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
flags = mkOption {
|
|
|
|
|
type = types.listOf types.str;
|
|
|
|
|
default = [ ];
|
|
|
|
|
example = [ "prune" ];
|
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
|
Any additional flags passed to {command}`clear-docker-cache`.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
dates = mkOption {
|
|
|
|
|
default = "weekly";
|
|
|
|
|
type = types.str;
|
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
|
Specification (in the format described by
|
|
|
|
|
{manpage}`systemd.time(7)`) of the time at
|
|
|
|
|
which the prune will occur.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
package = mkOption {
|
|
|
|
|
default = config.virtualisation.docker.package;
|
|
|
|
|
defaultText = literalExpression "config.virtualisation.docker.package";
|
|
|
|
|
example = literalExpression "pkgs.docker";
|
|
|
|
|
description = lib.mdDoc "Docker package to use for clearing up docker cache.";
|
|
|
|
|
};
|
|
|
|
|
};
|
2020-05-03 17:38:23 +00:00
|
|
|
|
};
|
2020-04-24 23:36:52 +00:00
|
|
|
|
config = mkIf cfg.enable {
|
2023-01-11 07:51:40 +00:00
|
|
|
|
warnings = mapAttrsToList
|
2021-08-05 21:33:18 +00:00
|
|
|
|
(n: v: "services.gitlab-runner.services.${n}.`registrationConfigFile` points to a file in Nix Store. You should use quoted absolute path to prevent this.")
|
2023-01-11 07:51:40 +00:00
|
|
|
|
(filterAttrs (n: v: isStorePath v.registrationConfigFile) cfg.services);
|
2022-08-12 12:06:08 +00:00
|
|
|
|
|
2020-05-03 17:38:23 +00:00
|
|
|
|
environment.systemPackages = [ cfg.package ];
|
2020-04-24 23:36:52 +00:00
|
|
|
|
systemd.services.gitlab-runner = {
|
|
|
|
|
description = "Gitlab Runner";
|
2020-05-03 17:38:23 +00:00
|
|
|
|
documentation = [ "https://docs.gitlab.com/runner/" ];
|
2020-04-24 23:36:52 +00:00
|
|
|
|
after = [ "network.target" ]
|
|
|
|
|
++ optional hasDocker "docker.service";
|
|
|
|
|
requires = optional hasDocker "docker.service";
|
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
2020-05-03 17:38:23 +00:00
|
|
|
|
environment = config.networking.proxy.envVars // {
|
|
|
|
|
HOME = "/var/lib/gitlab-runner";
|
|
|
|
|
};
|
|
|
|
|
path = with pkgs; [
|
|
|
|
|
bash
|
|
|
|
|
gawk
|
|
|
|
|
jq
|
|
|
|
|
moreutils
|
|
|
|
|
remarshal
|
2020-11-24 20:58:05 +00:00
|
|
|
|
util-linux
|
2020-05-15 21:57:56 +00:00
|
|
|
|
cfg.package
|
2020-05-03 17:38:23 +00:00
|
|
|
|
] ++ cfg.extraPackages;
|
2020-04-24 23:36:52 +00:00
|
|
|
|
reloadIfChanged = true;
|
|
|
|
|
serviceConfig = {
|
2020-05-03 17:38:23 +00:00
|
|
|
|
# Set `DynamicUser` under `systemd.services.gitlab-runner.serviceConfig`
|
|
|
|
|
# to `lib.mkForce false` in your configuration to run this service as root.
|
|
|
|
|
# You can also set `User` and `Group` options to run this service as desired user.
|
|
|
|
|
# Make sure to restart service or changes won't apply.
|
|
|
|
|
DynamicUser = true;
|
2020-04-24 23:36:52 +00:00
|
|
|
|
StateDirectory = "gitlab-runner";
|
2020-05-03 17:38:23 +00:00
|
|
|
|
SupplementaryGroups = optional hasDocker "docker";
|
|
|
|
|
ExecStartPre = "!${configureScript}/bin/gitlab-runner-configure";
|
|
|
|
|
ExecStart = "${startScript}/bin/gitlab-runner-start";
|
|
|
|
|
ExecReload = "!${configureScript}/bin/gitlab-runner-configure";
|
2023-01-11 07:51:40 +00:00
|
|
|
|
} // optionalAttrs cfg.gracefulTermination {
|
2020-04-24 23:36:52 +00:00
|
|
|
|
TimeoutStopSec = "${cfg.gracefulTimeout}";
|
|
|
|
|
KillSignal = "SIGQUIT";
|
|
|
|
|
KillMode = "process";
|
|
|
|
|
};
|
|
|
|
|
};
|
2022-10-21 18:38:19 +00:00
|
|
|
|
# Enable periodic clear-docker-cache script
|
2023-03-04 12:14:45 +00:00
|
|
|
|
systemd.services.gitlab-runner-clear-docker-cache = mkIf (cfg.clear-docker-cache.enable && (any (s: s.executor == "docker") (attrValues cfg.services))) {
|
2022-10-21 18:38:19 +00:00
|
|
|
|
description = "Prune gitlab-runner docker resources";
|
|
|
|
|
restartIfChanged = false;
|
|
|
|
|
unitConfig.X-StopOnRemoval = false;
|
|
|
|
|
|
|
|
|
|
serviceConfig.Type = "oneshot";
|
|
|
|
|
|
|
|
|
|
path = [ cfg.clear-docker-cache.package pkgs.gawk ];
|
|
|
|
|
|
|
|
|
|
script = ''
|
|
|
|
|
${pkgs.gitlab-runner}/bin/clear-docker-cache ${toString cfg.clear-docker-cache.flags}
|
|
|
|
|
'';
|
|
|
|
|
|
2023-03-04 12:14:45 +00:00
|
|
|
|
startAt = cfg.clear-docker-cache.dates;
|
2022-10-21 18:38:19 +00:00
|
|
|
|
};
|
2020-05-03 17:38:23 +00:00
|
|
|
|
# Enable docker if `docker` executor is used in any service
|
|
|
|
|
virtualisation.docker.enable = mkIf (
|
|
|
|
|
any (s: s.executor == "docker") (attrValues cfg.services)
|
|
|
|
|
) (mkDefault true);
|
2020-04-24 23:36:52 +00:00
|
|
|
|
};
|
2020-05-03 17:38:23 +00:00
|
|
|
|
imports = [
|
|
|
|
|
(mkRenamedOptionModule [ "services" "gitlab-runner" "packages" ] [ "services" "gitlab-runner" "extraPackages" ] )
|
|
|
|
|
(mkRemovedOptionModule [ "services" "gitlab-runner" "configOptions" ] "Use services.gitlab-runner.services option instead" )
|
|
|
|
|
(mkRemovedOptionModule [ "services" "gitlab-runner" "workDir" ] "You should move contents of workDir (if any) to /var/lib/gitlab-runner" )
|
2022-08-12 12:06:08 +00:00
|
|
|
|
|
|
|
|
|
(mkRenamedOptionModule [ "services" "gitlab-runner" "checkInterval" ] [ "services" "gitlab-runner" "settings" "check_interval" ] )
|
|
|
|
|
(mkRenamedOptionModule [ "services" "gitlab-runner" "concurrent" ] [ "services" "gitlab-runner" "settings" "concurrent" ] )
|
|
|
|
|
(mkRenamedOptionModule [ "services" "gitlab-runner" "sentryDSN" ] [ "services" "gitlab-runner" "settings" "sentry_dsn" ] )
|
|
|
|
|
(mkRenamedOptionModule [ "services" "gitlab-runner" "prometheusListenAddress" ] [ "services" "gitlab-runner" "settings" "listen_address" ] )
|
|
|
|
|
|
|
|
|
|
(mkRenamedOptionModule [ "services" "gitlab-runner" "sessionServer" "listenAddress" ] [ "services" "gitlab-runner" "settings" "session_server" "listen_address" ] )
|
|
|
|
|
(mkRenamedOptionModule [ "services" "gitlab-runner" "sessionServer" "advertiseAddress" ] [ "services" "gitlab-runner" "settings" "session_server" "advertise_address" ] )
|
|
|
|
|
(mkRenamedOptionModule [ "services" "gitlab-runner" "sessionServer" "sessionTimeout" ] [ "services" "gitlab-runner" "settings" "session_server" "session_timeout" ] )
|
2020-05-03 17:38:23 +00:00
|
|
|
|
];
|
2023-07-15 17:15:38 +00:00
|
|
|
|
|
|
|
|
|
meta.maintainers = teams.gitlab.members;
|
2020-04-24 23:36:52 +00:00
|
|
|
|
}
|