gitlab-ci: try and get deploys works
This commit is contained in:
parent
118ebf59fd
commit
91d742c1cd
7 changed files with 23 additions and 14 deletions
|
@ -5,6 +5,8 @@ stages:
|
||||||
nixCache:
|
nixCache:
|
||||||
stage: build
|
stage: build
|
||||||
image: "nixos/nix:latest"
|
image: "nixos/nix:latest"
|
||||||
|
only:
|
||||||
|
- disabled_while_iterating
|
||||||
script:
|
script:
|
||||||
- "mkdir -p ops/secrets"
|
- "mkdir -p ops/secrets"
|
||||||
- "cp ${OPS_SECRETS_DEFAULT_NIX} ops/secrets/default.nix"
|
- "cp ${OPS_SECRETS_DEFAULT_NIX} ops/secrets/default.nix"
|
||||||
|
|
|
@ -16,4 +16,4 @@ echo Syncing repo content to machine "$1"
|
||||||
rsync -e "$ssh_cmd" -avz --exclude='.hg/' ./ "deployer@$1:depot/"
|
rsync -e "$ssh_cmd" -avz --exclude='.hg/' ./ "deployer@$1:depot/"
|
||||||
|
|
||||||
echo Triggering rebuild
|
echo Triggering rebuild
|
||||||
$ssh_cmd -t "deployer@$1" rebuilder depot/
|
$ssh_cmd -t "deployer@$1" rebuilder ./depot
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
args: {
|
args: {
|
||||||
javaws-env = import ./javaws-env.nix args;
|
javaws-env = import ./javaws-env.nix args;
|
||||||
plex-pass = import ./plex-pass.nix args;
|
plex-pass = import ./plex-pass.nix args;
|
||||||
heptapod-runner = import ./heptapod-runner.nix args;
|
|
||||||
secretsync = import ./secretsync args;
|
secretsync = import ./secretsync args;
|
||||||
}
|
} // (import ./heptapod-runner.nix args)
|
||||||
|
|
|
@ -6,7 +6,14 @@ let
|
||||||
rev = "b4fda456f403";
|
rev = "b4fda456f403";
|
||||||
sha256 = "1ybkd2jnq2dvkj157w2nlf9rmrgbd8kas43kimi9aarajgi9sri1";
|
sha256 = "1ybkd2jnq2dvkj157w2nlf9rmrgbd8kas43kimi9aarajgi9sri1";
|
||||||
};
|
};
|
||||||
wrappedMercurial = pkgs.symlinkJoin {
|
in
|
||||||
|
{
|
||||||
|
heptapod-runner = pkgs.gitlab-runner.overrideAttrs (oldAttrs: rec {
|
||||||
|
inherit version;
|
||||||
|
buildInputs = oldAttrs.buildInputs ++ [ pkgs.makeWrapper ];
|
||||||
|
src = newSrc;
|
||||||
|
});
|
||||||
|
heptapod-runner-mercurial = pkgs.symlinkJoin {
|
||||||
name = pkgs.mercurial.name;
|
name = pkgs.mercurial.name;
|
||||||
paths = [ pkgs.mercurial ];
|
paths = [ pkgs.mercurial ];
|
||||||
postBuild = ''
|
postBuild = ''
|
||||||
|
@ -14,12 +21,4 @@ let
|
||||||
cp "${newSrc}/dockerfiles/build/runner.hgrc" "$out/etc/mercurial/hgrc"
|
cp "${newSrc}/dockerfiles/build/runner.hgrc" "$out/etc/mercurial/hgrc"
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
in
|
}
|
||||||
pkgs.gitlab-runner.overrideAttrs (oldAttrs: rec {
|
|
||||||
inherit version;
|
|
||||||
buildInputs = oldAttrs.buildInputs ++ [ wrappedMercurial pkgs.makeWrapper ];
|
|
||||||
src = newSrc;
|
|
||||||
postInstall = ''
|
|
||||||
wrapProgram $bin/bin/gitlab-runner --prefix PATH : ${wrappedMercurial}
|
|
||||||
'';
|
|
||||||
})
|
|
||||||
|
|
|
@ -44,6 +44,9 @@ in
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
uid = 1001;
|
uid = 1001;
|
||||||
hashedPassword = "NP";
|
hashedPassword = "NP";
|
||||||
|
useDefaultShell = true;
|
||||||
|
home = "/var/lib/deployer";
|
||||||
|
createHome = true;
|
||||||
openssh.authorizedKeys.keyFiles = [
|
openssh.authorizedKeys.keyFiles = [
|
||||||
../../secrets/deployer_ed25519.pub
|
../../secrets/deployer_ed25519.pub
|
||||||
];
|
];
|
||||||
|
|
|
@ -5,10 +5,12 @@ pkgs.writeShellScriptBin "rebuilder" ''
|
||||||
exec sudo "$0" "$@"
|
exec sudo "$0" "$@"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
DEPOT_PATH="''${1:-<depot>}"
|
||||||
|
|
||||||
export AWS_ACCESS_KEY_ID="${depot.ops.secrets.nixCache.AWS_ACCESS_KEY_ID}"
|
export AWS_ACCESS_KEY_ID="${depot.ops.secrets.nixCache.AWS_ACCESS_KEY_ID}"
|
||||||
export AWS_SECRET_ACCESS_KEY="${depot.ops.secrets.nixCache.AWS_SECRET_ACCESS_KEY}"
|
export AWS_SECRET_ACCESS_KEY="${depot.ops.secrets.nixCache.AWS_SECRET_ACCESS_KEY}"
|
||||||
|
|
||||||
system="$(nix-build -E '(import <depot> {}).ops.nixos.${system}' --no-out-link)"
|
system="$(nix-build -E "(import $DEPOT_PATH {}).ops.nixos.${system}" --no-out-link)"
|
||||||
nix-env -p /nix/var/nix/profiles/system --set "$system"
|
nix-env -p /nix/var/nix/profiles/system --set "$system"
|
||||||
"$system/bin/switch-to-configuration" switch
|
"$system/bin/switch-to-configuration" switch
|
||||||
''
|
''
|
||||||
|
|
|
@ -189,6 +189,10 @@ in {
|
||||||
chown -R gitlab-runner:nogroup /srv/gitlab-runner/.ssh
|
chown -R gitlab-runner:nogroup /srv/gitlab-runner/.ssh
|
||||||
chmod -R u=rwX,go= /srv/gitlab-runner/.ssh
|
chmod -R u=rwX,go= /srv/gitlab-runner/.ssh
|
||||||
'';
|
'';
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
vim rxvt_unicode.terminfo
|
||||||
|
depot.nix.pkgs.heptapod-runner-mercurial
|
||||||
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue