# SPDX-FileCopyrightText: 2020 Luke Granger-Brown <depot@lukegb.com>
#
# SPDX-License-Identifier: Apache-2.0

{ depot, lib, pkgs, config, ... }:
{
  my.vault.secrets.gitlab-runner-environment = {
    restartUnits = ["gitlab-runner.service"];
    group = "root";
    template = ''
      {{ with secret "kv/apps/gitlab-runner" }}
      {{ .Data.data.environment }}
      {{ end }}
    '';
  };
  services.gitlab-runner = {
    enable = true;
    settings.concurrent = 1;
    services = {
      deployer = {
        registrationConfigFile = config.my.vault.secrets.gitlab-runner-environment.path;
        executor = "shell";
        tagList = [ "cacher" ];
      };
    };
    gracefulTermination = true;
    gracefulTimeout = "4min";
    package = depot.nix.pkgs.heptapod-runner;
  };
  users.users.gitlab-runner = {
    isNormalUser = true;
    group = "nogroup";
    createHome = true;
    home = "/srv/gitlab-runner";
  };

  nix.gc.automatic = false;
}