diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 79e99297ca..3c38c4ce0b 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -13,6 +13,8 @@ nixCache: - "nix run -f ./ third_party.nixpkgs.bash -c ./hack/populate_secrets.sh" - "nix build -v -f ./ci-root.nix --substituters \"https://cache.nixos.org s3://lukegb-nix-cache?endpoint=storage.googleapis.com&trusted=1\"" - "nix copy -v --to 's3://lukegb-nix-cache?endpoint=storage.googleapis.com' ./result" + tags: + - cacher .deploy: stage: deploy diff --git a/ops/nixos/clouvider-lon01/default.nix b/ops/nixos/clouvider-lon01/default.nix index 161eb91b7b..77528766be 100644 --- a/ops/nixos/clouvider-lon01/default.nix +++ b/ops/nixos/clouvider-lon01/default.nix @@ -220,5 +220,31 @@ in { "d /run/minotarproxy 0700 minotarproxy - -" ]; + environment.etc."secrets/gitlab-runner-registration" = { + text = '' + CI_SERVER_URL=https://hg.lukegb.com + REGISTRATION_TOKEN=${depot.ops.secrets.deployer.registrationToken} + ''; + mode = "0600"; + }; + services.gitlab-runner = { + enable = true; + concurrent = 1; + services = { + deployer = { + registrationConfigFile = "/etc/secrets/gitlab-runner-registration"; + executor = "shell"; + tagList = [ "cacher" ]; + }; + }; + gracefulTermination = true; + gracefulTimeout = "4min"; + package = depot.nix.pkgs.heptapod-runner; + }; + users.users.gitlab-runner = { + createHome = true; + home = "/srv/gitlab-runner"; + }; + system.stateVersion = "20.09"; }