bvm-heptapod: add deployer container
This commit is contained in:
parent
8b3e77de1e
commit
297e9c97e7
1 changed files with 60 additions and 0 deletions
|
@ -111,5 +111,65 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
containers.deployer = {
|
||||||
|
config = { config, pkgs, ... }: {
|
||||||
|
imports = [
|
||||||
|
../lib/low-space.nix
|
||||||
|
];
|
||||||
|
networking.hosts = depot.ops.nixos.tailscaleIPs;
|
||||||
|
nix = {
|
||||||
|
binaryCaches = lib.mkForce [ "https://cache.nixos.org/" "s3://lukegb-nix-cache?endpoint=storage.googleapis.com&trusted=1" ];
|
||||||
|
trustedBinaryCaches = lib.mkForce [ "https://cache.nixos.org/" "s3://lukegb-nix-cache?endpoint=storage.googleapis.com&trusted=1" ];
|
||||||
|
envVars = {
|
||||||
|
AWS_ACCESS_KEY_ID = "${depot.ops.secrets.nixCache.AWS_ACCESS_KEY_ID}";
|
||||||
|
AWS_SECRET_ACCESS_KEY = "${depot.ops.secrets.nixCache.AWS_SECRET_ACCESS_KEY}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
environment.etc."secrets/gitlab-runner-registration" = {
|
||||||
|
text = ''
|
||||||
|
CI_SERVER_URL=https://hg.lukegb.com
|
||||||
|
REGISTRATION_TOKEN=${depot.ops.secrets.deployer.registrationToken}
|
||||||
|
'';
|
||||||
|
mode = "0600";
|
||||||
|
};
|
||||||
|
services.gitlab-runner = {
|
||||||
|
enable = true;
|
||||||
|
concurrent = 16;
|
||||||
|
services = {
|
||||||
|
deployer = {
|
||||||
|
registrationConfigFile = "/etc/secrets/gitlab-runner-registration";
|
||||||
|
executor = "shell";
|
||||||
|
tagList = [ "deployer" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
gracefulTermination = true;
|
||||||
|
gracefulTimeout = "4min";
|
||||||
|
package = depot.nix.pkgs.heptapod-runner;
|
||||||
|
};
|
||||||
|
users.users.gitlab-runner = {
|
||||||
|
isNormalUser = true;
|
||||||
|
group = "nogroup";
|
||||||
|
createHome = true;
|
||||||
|
home = "/srv/gitlab-runner";
|
||||||
|
};
|
||||||
|
system.activationScripts.deployer-key = lib.stringAfter [ "users" "groups" ] ''
|
||||||
|
mkdir -p /srv/gitlab-runner/.ssh
|
||||||
|
chown -R gitlab-runner:nogroup /srv/gitlab-runner/.ssh
|
||||||
|
chmod -R u=rwX,go= /srv/gitlab-runner/.ssh
|
||||||
|
cp "${pkgs.writeTextFile {
|
||||||
|
name = "gitlab-runner-key";
|
||||||
|
destination = "/private/id_ed25519";
|
||||||
|
text = depot.ops.secrets.deployer.privateKey;
|
||||||
|
}}/private/id_ed25519" /srv/gitlab-runner/.ssh/id_ed25519
|
||||||
|
chown -R gitlab-runner:nogroup /srv/gitlab-runner/.ssh
|
||||||
|
chmod -R u=rwX,go= /srv/gitlab-runner/.ssh
|
||||||
|
'';
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
vim rxvt_unicode.terminfo kitty.terminfo rsync jq
|
||||||
|
depot.nix.pkgs.heptapod-runner-mercurial
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
system.stateVersion = "21.11";
|
system.stateVersion = "21.11";
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue