lukegb/depot
1
0
Fork 0
Code Issues 1 Pull requests Projects Packages Activity Actions

depot-wide: overhaul GitLab CI configuration

Browse source 
We now use a stub configuration to kick off the pipeline, which is dynamically
generated using Nix config.
This commit is contained in:
Luke Granger-Brown 2021-03-28 15:27:46 +00:00
parent f8b4903286
commit 2b8dce0920
10 changed files with 82 additions and 147 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

159
.gitlab-ci.yml
View file

@ -3,158 +3,25 @@
# SPDX-License-Identifier: Apache-2.0
stages:
- build
- deploy
- generate
- start
nixCache:
stage: build
generatePipeline:
stage: generate
image: "nixos/nix:latest"
script:
- "nix run -f ./ third_party.nixpkgs.bash -c ./hack/populate_secrets.sh"
- "nix build -v -f ./ci-root.nix --substituters \"https://cache.nixos.org/ s3://lukegb-nix-cache?endpoint=storage.googleapis.com&trusted=1\""
- "nix copy -v --to 's3://lukegb-nix-cache?endpoint=storage.googleapis.com' ./result"
- "cat ./result/other-systemPathJSON > systems.json"
- "nix build -v -f . nix.gitlab-ci --substituters \"https://cache.nixos.org/ s3://lukegb-nix-cache?endpoint=storage.googleapis.com&trusted=1\""
- "cat ./result > gitlab-ci.yml"
artifacts:
paths:
- systems.json
- gitlab-ci.yml
expire_in: '30 days'
tags:
- cacher
.deploy:
stage: deploy
needs:
- job: nixCache
artifacts: true
tags:
- deployer
# environment:
# deployment_tier: production
marukuru:
extends: .deploy
resource_group: marukuru
script: './hack/deploy.sh "marukuru" "-p 20022"'
environment:
name: marukuru
clouvider-fra01:
extends: .deploy
resource_group: clouvider-fra01
script: './hack/deploy.sh "clouvider-fra01" ""'
environment:
name: clouvider-fra01
kusakabe:
extends: .deploy
resource_group: kusakabe
script: './hack/deploy.sh "kusakabe" ""'
environment:
name: kusakabe
clouvider-lon01:
extends: .deploy
resource_group: clouvider-lon01
script: './hack/deploy.sh "clouvider-lon01" ""'
environment:
name: clouvider-lon01
totoro:
extends: .deploy
resource_group: totoro
script: './hack/deploy.sh "totoro" ""'
environment:
name: totoro
swann:
extends: .deploy
resource_group: swann
script: './hack/deploy.sh "swann" ""'
environment:
name: swann
etheroute-lon01:
extends: .deploy
resource_group: etheroute-lon01
script: './hack/deploy.sh "etheroute-lon01" ""'
environment:
name: etheroute-lon01
blade-janeway:
extends: .deploy
resource_group: blade-janeway
script: './hack/deploy.sh "blade-janeway" ""'
environment:
name: blade-janeway
# chakotay and kim are not autodeployed because they're usually off.
#blade-chakotay:
# extends: .deploy
# resource_group: blade-chakotay
# script: './hack/deploy.sh "blade-chakotay" ""'
# environment:
# name: blade-chakotay
#
#blade-kim:
# extends: .deploy
# resource_group: blade-kim
# script: './hack/deploy.sh "blade-kim" ""'
# environment:
# name: blade-kim
# paris and tuvok are not autodeployed because they are the routers, and I don't trust myself
#blade-paris:
# extends: .deploy
# resource_group: blade-paris
# script: './hack/deploy.sh "blade-paris" ""'
# environment:
# name: blade-paris
#
#blade-tuvok:
# extends: .deploy
# resource_group: blade-tuvok
# script: './hack/deploy.sh "blade-tuvok" ""'
# environment:
# name: blade-tuvok
blade-torres:
extends: .deploy
resource_group: blade-torres
script: './hack/deploy.sh "blade-torres" ""'
environment:
name: blade-torres
bvm-nixosmgmt:
extends: .deploy
resource_group: bvm-nixosmgmt
script: './hack/deploy.sh "bvm-nixosmgmt" ""'
environment:
name: bvm-nixosmgmt
frantech-las01:
extends: .deploy
resource_group: frantech-las01
script: './hack/deploy.sh "frantech-las01" ""'
environment:
name: frantech-las01
frantech-lux01:
extends: .deploy
resource_group: frantech-lux01
script: './hack/deploy.sh "frantech-lux01" ""'
environment:
name: frantech-lux01
frantech-nyc01:
extends: .deploy
resource_group: frantech-nyc01
script: './hack/deploy.sh "frantech-nyc01" ""'
environment:
name: frantech-nyc01
docker-push:
stage: deploy
tags:
# We run this on cacher instead, because disk space.
- cacher
script: './hack/dockerpush.sh'
startPipeline:
stage: start
trigger:
include:
- artifact: gitlab-ci.yml
job: generatePipeline

1
nix/default.nix
View file

@ -4,4 +4,5 @@
args: {
pkgs = import ./pkgs args;
gitlab-ci = import ./gitlab-ci args;
}

50
nix/gitlab-ci/default.nix Normal file
View file

@ -0,0 +1,50 @@
# SPDX-FileCopyrightText: 2020 Luke Granger-Brown <depot@lukegb.com>
#
# SPDX-License-Identifier: Apache-2.0
{ depot, lib, pkgs, ... }:
let
cfg = {
stages = [ "build" "deploy" ];
nixCache = {
stage = "build";
image = "nixos/nix:latest";
script = [
"nix run -f ./ third_party.nixpkgs.bash -c ./hack/populate_secrets.sh"
"nix build -v -f ./ci-root.nix --substituters \"https://cache.nixos.org/ s3://lukegb-nix-cache?endpoint=storage.googleapis.com&trusted=1\""
"nix copy -v --to 's3://lukegb-nix-cache?endpoint=storage.googleapis.com' ./result"
"cat ./result/other-systemPathJSON > systems.json"
];
artifacts = {
paths = [ "systems.json" ];
expire_in = "30 days";
};
tags = [ "cacher" ];
};
docker-push = {
stage = "deploy";
# This requires a sizable amount of temporary disk, so we run it on cacher instead.
tags = [ "cacher" ];
script = "./hack/dockerpush.sh";
};
} // (lib.mapAttrs deployStage deployMachs);
deployMachs = lib.filterAttrs (name: cfg: cfg.config.my.deploy.enable) depot.ops.nixos.systemConfigs;
deployStage = machName: mach: {
stage = "deploy";
needs = [{ job = "nixCache"; artifacts = true; }];
tags = [ "deployer" ];
resource_group = machName;
script = ''./hack/deploy.sh "${machName}" "${mach.config.my.deploy.args}"'';
environment = {
name = machName;
};
};
format = pkgs.formats.yaml { };
configFile = format.generate ".gitlab-ci.yml" cfg;
in
configFile

1
ops/nixos/blade-chakotay/default.nix
View file

@ -23,6 +23,7 @@ in {
internal = "e4:11:5b:ac:e3:b8";
storage = "e4:11:5b:ac:e3:bc";
};
my.deploy.enable = false;
services.ceph = {
#osd.enable = true;

1
ops/nixos/blade-kim/default.nix
View file

@ -23,6 +23,7 @@ in {
internal = "e4:11:5b:ac:d1:7a";
storage = "e4:11:5b:ac:d1:7e";
};
my.deploy.enable = false;
services.ceph = {
#osd.enable = true;

1
ops/nixos/blade-paris/default.nix
View file

@ -39,6 +39,7 @@ in {
storage = "e4:11:5b:ac:e4:8e";
internet = "e4:11:5b:ac:e4:8c";
};
my.deploy.enable = false;
services.ceph = {
mon.enable = true;

1
ops/nixos/default.nix
View file

@ -68,6 +68,7 @@ let
installcdSystem = systemFor "installcd" (import ./installcd);
in systemDrvs // {
systems = systemDrvs;
systemConfigs = evaledSystems;
systemExporters = systemExporters;
tailscaleIPs = systemTailscaleIPs;

11
ops/nixos/lib/common.nix
View file

@ -25,10 +25,19 @@ in
};
options.my.ip.tailscale = lib.mkOption {
type = lib.types.nullOr lib.types.string;
type = lib.types.nullOr lib.types.str;
default = null;
};
options.my.deploy.enable = lib.mkOption {
type = lib.types.bool;
default = true;
};
options.my.deploy.args = lib.mkOption {
type = lib.types.str;
default = "";
};
config = {
hardware.enableRedistributableFirmware = true;

1
ops/nixos/marukuru/default.nix
View file

@ -65,6 +65,7 @@ in {
environment.systemPackages = with pkgs; [];
services.openssh.ports = [ 20022 ];
my.deploy.args = "-p 20022";
networking.firewall = {
interfaces.docker0.allowedTCPPorts = [ 25 ];

3
ops/nixos/porcorosso/default.nix
View file

@ -68,6 +68,9 @@ in {
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.enableRedistributableFirmware = true;
# Laptop, don't autodeploy.
my.deploy.enable = false;
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;