nixos: migrate gitlab-runner cache to rexxar

This commit is contained in:
Luke Granger-Brown 2024-03-26 19:00:40 +00:00
parent 39c422d17e
commit ef157732dc
4 changed files with 16 additions and 2 deletions

View file

@ -61,7 +61,7 @@ in
../lib/bgp.nix ../lib/bgp.nix
../lib/whitby-distributed.nix ../lib/whitby-distributed.nix
../lib/nixbuild-distributed.nix ../lib/nixbuild-distributed.nix
../lib/gitlab-runner-cacher.nix #../lib/gitlab-runner-cacher.nix
../lib/coredns/default.nix ../lib/coredns/default.nix
../lib/deluge.nix ../lib/deluge.nix
../lib/plex.nix ../lib/plex.nix

View file

@ -7,6 +7,8 @@
imports = [ imports = [
../lib/zfs.nix ../lib/zfs.nix
../lib/bgp.nix ../lib/bgp.nix
../lib/gitlab-runner-cacher.nix
#../lib/nixbuild-distributed.nix # error: build of '/nix/store/3r7456yr8r9g4fl7w6xbgqlbsdjwfvr4-stdlib-pkgs.json.drv' on 'ssh://eu.nixbuild.net' failed: unexpected: Built outputs are invalid
]; ];
# Otherwise _this_ machine won't enumerate things properly. # Otherwise _this_ machine won't enumerate things properly.
@ -66,7 +68,7 @@
rsync -a /boot/ /boot2/ rsync -a /boot/ /boot2/
''; '';
nix.settings.max-jobs = lib.mkDefault 8; nix.settings.max-jobs = lib.mkDefault 64;
# Networking! # Networking!
networking = { networking = {
@ -212,5 +214,7 @@
(bindMountSvc "/var/lib/libvirt" "libvirt.service") (bindMountSvc "/var/lib/libvirt" "libvirt.service")
]; ];
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
system.stateVersion = "24.05"; system.stateVersion = "24.05";
} }

View file

@ -25,4 +25,9 @@
capabilities = ["read"] capabilities = ["read"]
} }
''; '';
my.servers.rexxar.appPolicies.gitlab-runner = ''
path "''${vault_gcp_secret_roleset.binary_cache_deployer.backend}/roleset/''${vault_gcp_secret_roleset.binary_cache_deployer.roleset}/token" {
capabilities = ["read"]
}
'';
} }

View file

@ -29,4 +29,9 @@
capabilities = ["read"] capabilities = ["read"]
} }
''; '';
my.servers.rexxar.appPolicies.gitlab-runner = ''
path "''${vault_gcp_secret_roleset.lukegbcom_deployer.backend}/roleset/''${vault_gcp_secret_roleset.lukegbcom_deployer.roleset}/token" {
capabilities = ["read"]
}
'';
} }