From 91d742c1cddf12c76e003e153deebd3080738df7 Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Sat, 9 May 2020 23:49:32 +0100 Subject: [PATCH] gitlab-ci: try and get deploys works --- .gitlab-ci.yml | 2 ++ hack/deploy.sh | 2 +- nix/pkgs/default.nix | 3 +-- nix/pkgs/heptapod-runner.nix | 19 +++++++++---------- ops/nixos/lib/common.nix | 3 +++ ops/nixos/lib/rebuilder.nix | 4 +++- ops/nixos/marukuru/default.nix | 4 ++++ 7 files changed, 23 insertions(+), 14 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 94904fa2fe..15af8290bb 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -5,6 +5,8 @@ stages: nixCache: stage: build image: "nixos/nix:latest" + only: + - disabled_while_iterating script: - "mkdir -p ops/secrets" - "cp ${OPS_SECRETS_DEFAULT_NIX} ops/secrets/default.nix" diff --git a/hack/deploy.sh b/hack/deploy.sh index 8951a08cfa..b12d00b316 100755 --- a/hack/deploy.sh +++ b/hack/deploy.sh @@ -16,4 +16,4 @@ echo Syncing repo content to machine "$1" rsync -e "$ssh_cmd" -avz --exclude='.hg/' ./ "deployer@$1:depot/" echo Triggering rebuild -$ssh_cmd -t "deployer@$1" rebuilder depot/ +$ssh_cmd -t "deployer@$1" rebuilder ./depot diff --git a/nix/pkgs/default.nix b/nix/pkgs/default.nix index dbd6a0a25c..da1e959f3c 100644 --- a/nix/pkgs/default.nix +++ b/nix/pkgs/default.nix @@ -1,6 +1,5 @@ args: { javaws-env = import ./javaws-env.nix args; plex-pass = import ./plex-pass.nix args; - heptapod-runner = import ./heptapod-runner.nix args; secretsync = import ./secretsync args; -} +} // (import ./heptapod-runner.nix args) diff --git a/nix/pkgs/heptapod-runner.nix b/nix/pkgs/heptapod-runner.nix index 975a50f740..0ba6bc3b3e 100644 --- a/nix/pkgs/heptapod-runner.nix +++ b/nix/pkgs/heptapod-runner.nix @@ -6,7 +6,14 @@ let rev = "b4fda456f403"; sha256 = "1ybkd2jnq2dvkj157w2nlf9rmrgbd8kas43kimi9aarajgi9sri1"; }; - wrappedMercurial = pkgs.symlinkJoin { +in +{ + heptapod-runner = pkgs.gitlab-runner.overrideAttrs (oldAttrs: rec { + inherit version; + buildInputs = oldAttrs.buildInputs ++ [ pkgs.makeWrapper ]; + src = newSrc; + }); + heptapod-runner-mercurial = pkgs.symlinkJoin { name = pkgs.mercurial.name; paths = [ pkgs.mercurial ]; postBuild = '' @@ -14,12 +21,4 @@ let cp "${newSrc}/dockerfiles/build/runner.hgrc" "$out/etc/mercurial/hgrc" ''; }; -in -pkgs.gitlab-runner.overrideAttrs (oldAttrs: rec { - inherit version; - buildInputs = oldAttrs.buildInputs ++ [ wrappedMercurial pkgs.makeWrapper ]; - src = newSrc; - postInstall = '' - wrapProgram $bin/bin/gitlab-runner --prefix PATH : ${wrappedMercurial} - ''; -}) +} diff --git a/ops/nixos/lib/common.nix b/ops/nixos/lib/common.nix index 425785638e..8a530417f6 100644 --- a/ops/nixos/lib/common.nix +++ b/ops/nixos/lib/common.nix @@ -44,6 +44,9 @@ in isSystemUser = true; uid = 1001; hashedPassword = "NP"; + useDefaultShell = true; + home = "/var/lib/deployer"; + createHome = true; openssh.authorizedKeys.keyFiles = [ ../../secrets/deployer_ed25519.pub ]; diff --git a/ops/nixos/lib/rebuilder.nix b/ops/nixos/lib/rebuilder.nix index a73d78a48b..bdf367d083 100644 --- a/ops/nixos/lib/rebuilder.nix +++ b/ops/nixos/lib/rebuilder.nix @@ -5,10 +5,12 @@ pkgs.writeShellScriptBin "rebuilder" '' exec sudo "$0" "$@" fi + DEPOT_PATH="''${1:-}" + export AWS_ACCESS_KEY_ID="${depot.ops.secrets.nixCache.AWS_ACCESS_KEY_ID}" export AWS_SECRET_ACCESS_KEY="${depot.ops.secrets.nixCache.AWS_SECRET_ACCESS_KEY}" - system="$(nix-build -E '(import {}).ops.nixos.${system}' --no-out-link)" + system="$(nix-build -E "(import $DEPOT_PATH {}).ops.nixos.${system}" --no-out-link)" nix-env -p /nix/var/nix/profiles/system --set "$system" "$system/bin/switch-to-configuration" switch '' diff --git a/ops/nixos/marukuru/default.nix b/ops/nixos/marukuru/default.nix index 2590be0804..bdd08862c4 100644 --- a/ops/nixos/marukuru/default.nix +++ b/ops/nixos/marukuru/default.nix @@ -189,6 +189,10 @@ in { chown -R gitlab-runner:nogroup /srv/gitlab-runner/.ssh chmod -R u=rwX,go= /srv/gitlab-runner/.ssh ''; + environment.systemPackages = with pkgs; [ + vim rxvt_unicode.terminfo + depot.nix.pkgs.heptapod-runner-mercurial + ]; }; };