bvm-heptapod: add deployer container
This commit is contained in:
parent
8b3e77de1e
commit
297e9c97e7
1 changed files with 60 additions and 0 deletions
|
@ -111,5 +111,65 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
containers.deployer = {
|
||||
config = { config, pkgs, ... }: {
|
||||
imports = [
|
||||
../lib/low-space.nix
|
||||
];
|
||||
networking.hosts = depot.ops.nixos.tailscaleIPs;
|
||||
nix = {
|
||||
binaryCaches = lib.mkForce [ "https://cache.nixos.org/" "s3://lukegb-nix-cache?endpoint=storage.googleapis.com&trusted=1" ];
|
||||
trustedBinaryCaches = lib.mkForce [ "https://cache.nixos.org/" "s3://lukegb-nix-cache?endpoint=storage.googleapis.com&trusted=1" ];
|
||||
envVars = {
|
||||
AWS_ACCESS_KEY_ID = "${depot.ops.secrets.nixCache.AWS_ACCESS_KEY_ID}";
|
||||
AWS_SECRET_ACCESS_KEY = "${depot.ops.secrets.nixCache.AWS_SECRET_ACCESS_KEY}";
|
||||
};
|
||||
};
|
||||
environment.etc."secrets/gitlab-runner-registration" = {
|
||||
text = ''
|
||||
CI_SERVER_URL=https://hg.lukegb.com
|
||||
REGISTRATION_TOKEN=${depot.ops.secrets.deployer.registrationToken}
|
||||
'';
|
||||
mode = "0600";
|
||||
};
|
||||
services.gitlab-runner = {
|
||||
enable = true;
|
||||
concurrent = 16;
|
||||
services = {
|
||||
deployer = {
|
||||
registrationConfigFile = "/etc/secrets/gitlab-runner-registration";
|
||||
executor = "shell";
|
||||
tagList = [ "deployer" ];
|
||||
};
|
||||
};
|
||||
gracefulTermination = true;
|
||||
gracefulTimeout = "4min";
|
||||
package = depot.nix.pkgs.heptapod-runner;
|
||||
};
|
||||
users.users.gitlab-runner = {
|
||||
isNormalUser = true;
|
||||
group = "nogroup";
|
||||
createHome = true;
|
||||
home = "/srv/gitlab-runner";
|
||||
};
|
||||
system.activationScripts.deployer-key = lib.stringAfter [ "users" "groups" ] ''
|
||||
mkdir -p /srv/gitlab-runner/.ssh
|
||||
chown -R gitlab-runner:nogroup /srv/gitlab-runner/.ssh
|
||||
chmod -R u=rwX,go= /srv/gitlab-runner/.ssh
|
||||
cp "${pkgs.writeTextFile {
|
||||
name = "gitlab-runner-key";
|
||||
destination = "/private/id_ed25519";
|
||||
text = depot.ops.secrets.deployer.privateKey;
|
||||
}}/private/id_ed25519" /srv/gitlab-runner/.ssh/id_ed25519
|
||||
chown -R gitlab-runner:nogroup /srv/gitlab-runner/.ssh
|
||||
chmod -R u=rwX,go= /srv/gitlab-runner/.ssh
|
||||
'';
|
||||
environment.systemPackages = with pkgs; [
|
||||
vim rxvt_unicode.terminfo kitty.terminfo rsync jq
|
||||
depot.nix.pkgs.heptapod-runner-mercurial
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
system.stateVersion = "21.11";
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue