*: try setting up automated deploys
This won't work yet, since the deployer user isn't correctly configured, but this should at least trigger the right sets of things to happen.
This commit is contained in:
parent
c5d03b795e
commit
84f607d7cf
3 changed files with 86 additions and 0 deletions
|
@ -1,5 +1,6 @@
|
||||||
stages:
|
stages:
|
||||||
- build
|
- build
|
||||||
|
- deploy
|
||||||
|
|
||||||
nixCache:
|
nixCache:
|
||||||
stage: build
|
stage: build
|
||||||
|
@ -9,3 +10,19 @@ nixCache:
|
||||||
- "cp ${OPS_SECRETS_DEFAULT_NIX} ops/secrets/default.nix"
|
- "cp ${OPS_SECRETS_DEFAULT_NIX} ops/secrets/default.nix"
|
||||||
- "nix build -v -f ./ci-root.nix --substituters \"https://cache.nixos.org s3://lukegb-nix-cache?endpoint=storage.googleapis.com&trusted=1\""
|
- "nix build -v -f ./ci-root.nix --substituters \"https://cache.nixos.org s3://lukegb-nix-cache?endpoint=storage.googleapis.com&trusted=1\""
|
||||||
- "nix copy -v --to 's3://lukegb-nix-cache?endpoint=storage.googleapis.com' ./result"
|
- "nix copy -v --to 's3://lukegb-nix-cache?endpoint=storage.googleapis.com' ./result"
|
||||||
|
|
||||||
|
.deploy:
|
||||||
|
stage: deploy
|
||||||
|
rules:
|
||||||
|
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
|
||||||
|
variables:
|
||||||
|
SSH_ARGS: ''
|
||||||
|
script: './hack/deploy.sh "$DEPLOY_TO" "$SSH_ARGS"'
|
||||||
|
tags:
|
||||||
|
- deployer
|
||||||
|
|
||||||
|
ixvm-fra01:
|
||||||
|
extends: .deploy
|
||||||
|
variables:
|
||||||
|
# TODO(lukegb): DNS...
|
||||||
|
DEPLOY_TO: "141.98.136.124"
|
||||||
|
|
19
hack/deploy.sh
Executable file
19
hack/deploy.sh
Executable file
|
@ -0,0 +1,19 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
echo Dropping files into place as defined by manifest...
|
||||||
|
while read -r manifest_line; do
|
||||||
|
IFS='=' read -ra manifest_bits <<< "$manifest_line"
|
||||||
|
if [[ "${#manifest_bits[@]}" -ne 2 ]]; then continue; fi
|
||||||
|
echo -e "\t${manifest_bits[1]}"
|
||||||
|
cp "${!manifest_bits[0]}" "${manifest_bits[1]}"
|
||||||
|
done <<< "$SECRETS_MANIFEST"
|
||||||
|
|
||||||
|
if [ -z ${2+x} ]; then ssh_cmd="ssh"; else ssh_cmd="ssh $2"; fi
|
||||||
|
|
||||||
|
echo Syncing repo content to machine "$1"
|
||||||
|
rsync -e "$ssh_cmd" -avz --exclude='.hg/' ./ "deployer@$1:depot/"
|
||||||
|
|
||||||
|
echo Triggering rebuild
|
||||||
|
$ssh_cmd -t "deployer@$1" rebuilder depot/
|
|
@ -142,5 +142,55 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# Container networking.
|
||||||
|
networking.nat = {
|
||||||
|
enable = true;
|
||||||
|
internalInterfaces = [ "ve-+" ];
|
||||||
|
externalInterface = "eth0";
|
||||||
|
};
|
||||||
|
networking.networkmanager.unmanaged = [ "interface-name:ve-*" ];
|
||||||
|
|
||||||
|
containers.deployer = {
|
||||||
|
config = { config, pkgs, ... }: {
|
||||||
|
environment.etc."secrets/gitlab-runner-registration" = {
|
||||||
|
text = ''
|
||||||
|
CI_SERVER_URL=https://hg.lukegb.com
|
||||||
|
REGISTRATION_TOKEN=${depot.ops.secrets.deployer.registrationToken}
|
||||||
|
'';
|
||||||
|
mode = "0600";
|
||||||
|
};
|
||||||
|
services.gitlab-runner = {
|
||||||
|
enable = true;
|
||||||
|
concurrent = 4;
|
||||||
|
services = {
|
||||||
|
deployer = {
|
||||||
|
registrationConfigFile = "/etc/secrets/gitlab-runner-registration";
|
||||||
|
executor = "shell";
|
||||||
|
tagList = [ "deployer" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
gracefulTermination = true;
|
||||||
|
gracefulTimeout = "4min";
|
||||||
|
package = depot.nix.pkgs.heptapod-runner;
|
||||||
|
};
|
||||||
|
users.users.gitlab-runner = {
|
||||||
|
createHome = true;
|
||||||
|
home = "/srv/gitlab-runner";
|
||||||
|
};
|
||||||
|
system.activationScripts.deployer-key = lib.stringAfter [ "users" "groups" ] ''
|
||||||
|
mkdir -p /srv/gitlab-runner/.ssh
|
||||||
|
chown -R gitlab-runner:nogroup /srv/gitlab-runner/.ssh
|
||||||
|
chmod -R u=rwX,go= /srv/gitlab-runner/.ssh
|
||||||
|
cp "${pkgs.writeTextFile {
|
||||||
|
name = "gitlab-runner-key";
|
||||||
|
destination = "/private/id_ed25519";
|
||||||
|
text = depot.ops.secrets.deployer.privateKey;
|
||||||
|
}}/private/id_ed25519" /srv/gitlab-runner/.ssh/id_ed25519
|
||||||
|
chown -R gitlab-runner:nogroup /srv/gitlab-runner/.ssh
|
||||||
|
chmod -R u=rwX,go= /srv/gitlab-runner/.ssh
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
system.stateVersion = "20.03";
|
system.stateVersion = "20.03";
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue