gitlab-ci: try and get deploys works

This commit is contained in:
Luke Granger-Brown 2020-05-09 23:49:32 +01:00
parent 118ebf59fd
commit 91d742c1cd
7 changed files with 23 additions and 14 deletions

View file

@ -5,6 +5,8 @@ stages:
nixCache: nixCache:
stage: build stage: build
image: "nixos/nix:latest" image: "nixos/nix:latest"
only:
- disabled_while_iterating
script: script:
- "mkdir -p ops/secrets" - "mkdir -p ops/secrets"
- "cp ${OPS_SECRETS_DEFAULT_NIX} ops/secrets/default.nix" - "cp ${OPS_SECRETS_DEFAULT_NIX} ops/secrets/default.nix"

View file

@ -16,4 +16,4 @@ echo Syncing repo content to machine "$1"
rsync -e "$ssh_cmd" -avz --exclude='.hg/' ./ "deployer@$1:depot/" rsync -e "$ssh_cmd" -avz --exclude='.hg/' ./ "deployer@$1:depot/"
echo Triggering rebuild echo Triggering rebuild
$ssh_cmd -t "deployer@$1" rebuilder depot/ $ssh_cmd -t "deployer@$1" rebuilder ./depot

View file

@ -1,6 +1,5 @@
args: { args: {
javaws-env = import ./javaws-env.nix args; javaws-env = import ./javaws-env.nix args;
plex-pass = import ./plex-pass.nix args; plex-pass = import ./plex-pass.nix args;
heptapod-runner = import ./heptapod-runner.nix args;
secretsync = import ./secretsync args; secretsync = import ./secretsync args;
} } // (import ./heptapod-runner.nix args)

View file

@ -6,7 +6,14 @@ let
rev = "b4fda456f403"; rev = "b4fda456f403";
sha256 = "1ybkd2jnq2dvkj157w2nlf9rmrgbd8kas43kimi9aarajgi9sri1"; sha256 = "1ybkd2jnq2dvkj157w2nlf9rmrgbd8kas43kimi9aarajgi9sri1";
}; };
wrappedMercurial = pkgs.symlinkJoin { in
{
heptapod-runner = pkgs.gitlab-runner.overrideAttrs (oldAttrs: rec {
inherit version;
buildInputs = oldAttrs.buildInputs ++ [ pkgs.makeWrapper ];
src = newSrc;
});
heptapod-runner-mercurial = pkgs.symlinkJoin {
name = pkgs.mercurial.name; name = pkgs.mercurial.name;
paths = [ pkgs.mercurial ]; paths = [ pkgs.mercurial ];
postBuild = '' postBuild = ''
@ -14,12 +21,4 @@ let
cp "${newSrc}/dockerfiles/build/runner.hgrc" "$out/etc/mercurial/hgrc" cp "${newSrc}/dockerfiles/build/runner.hgrc" "$out/etc/mercurial/hgrc"
''; '';
}; };
in }
pkgs.gitlab-runner.overrideAttrs (oldAttrs: rec {
inherit version;
buildInputs = oldAttrs.buildInputs ++ [ wrappedMercurial pkgs.makeWrapper ];
src = newSrc;
postInstall = ''
wrapProgram $bin/bin/gitlab-runner --prefix PATH : ${wrappedMercurial}
'';
})

View file

@ -44,6 +44,9 @@ in
isSystemUser = true; isSystemUser = true;
uid = 1001; uid = 1001;
hashedPassword = "NP"; hashedPassword = "NP";
useDefaultShell = true;
home = "/var/lib/deployer";
createHome = true;
openssh.authorizedKeys.keyFiles = [ openssh.authorizedKeys.keyFiles = [
../../secrets/deployer_ed25519.pub ../../secrets/deployer_ed25519.pub
]; ];

View file

@ -5,10 +5,12 @@ pkgs.writeShellScriptBin "rebuilder" ''
exec sudo "$0" "$@" exec sudo "$0" "$@"
fi fi
DEPOT_PATH="''${1:-<depot>}"
export AWS_ACCESS_KEY_ID="${depot.ops.secrets.nixCache.AWS_ACCESS_KEY_ID}" export AWS_ACCESS_KEY_ID="${depot.ops.secrets.nixCache.AWS_ACCESS_KEY_ID}"
export AWS_SECRET_ACCESS_KEY="${depot.ops.secrets.nixCache.AWS_SECRET_ACCESS_KEY}" export AWS_SECRET_ACCESS_KEY="${depot.ops.secrets.nixCache.AWS_SECRET_ACCESS_KEY}"
system="$(nix-build -E '(import <depot> {}).ops.nixos.${system}' --no-out-link)" system="$(nix-build -E "(import $DEPOT_PATH {}).ops.nixos.${system}" --no-out-link)"
nix-env -p /nix/var/nix/profiles/system --set "$system" nix-env -p /nix/var/nix/profiles/system --set "$system"
"$system/bin/switch-to-configuration" switch "$system/bin/switch-to-configuration" switch
'' ''

View file

@ -189,6 +189,10 @@ in {
chown -R gitlab-runner:nogroup /srv/gitlab-runner/.ssh chown -R gitlab-runner:nogroup /srv/gitlab-runner/.ssh
chmod -R u=rwX,go= /srv/gitlab-runner/.ssh chmod -R u=rwX,go= /srv/gitlab-runner/.ssh
''; '';
environment.systemPackages = with pkgs; [
vim rxvt_unicode.terminfo
depot.nix.pkgs.heptapod-runner-mercurial
];
}; };
}; };