Skynet/nixos
6
1
Fork 0
Code Issues 43 Pull requests 1 Projects Releases Packages Wiki Activity Actions

gitlab: runner up and running

Browse source 
heh
This commit is contained in:
silver 2023-06-17 19:37:06 +01:00
parent f24b450b36
commit 704222fcb9
5 changed files with 147 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

69
applications/gitlab_runner.nix Normal file
View file

@ -0,0 +1,69 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.skynet_gitlab_runner;
in {
imports = [
];
options.services.skynet_gitlab_runner = {
enable = mkEnableOption "Skynet Gitlab Runner";
runner = {
name = mkOption {
type = types.str;
};
gitlab = mkOption {
default = "https://gitlab.skynet.ie";
type = types.str;
};
description = mkOption {
default = cfg.runner.name;
type = types.str;
};
docker = {
image = mkOption {
default = "alpine:latest";
type = types.str;
};
cleanup_dates = mkOption {
# https://man.archlinux.org/man/systemd.time.7#CALENDAR_EVENTS
# it will use a lot of storage so clear it daily, may change to hourly if required
default = "daily";
type = types.str;
};
};
};
};
config = mkIf cfg.enable {
# https://search.nixos.org/options?from=0&size=50&sort=alpha_desc&type=packages&query=services.gitlab-runner.
age.secrets."${cfg.runner.name}".file = ../secrets/gitlab/runners/${cfg.runner.name}.age;
services.gitlab-runner = {
enable = true;
clear-docker-cache = {
enable = true;
dates = cfg.runner.docker.cleanup_dates;
};
services = {
# might make a function later to have multiple runners, might never need it though
"${cfg.runner.name}" = {
cloneUrl = cfg.runner.gitlab;
description = cfg.runner.description;
registrationConfigFile = config.age.secrets."${cfg.runner.name}".path;
dockerImage = cfg.runner.docker.image;
};
};
};
};
}

3
flake.nix
View file

@ -57,6 +57,9 @@
# Gitlab # Gitlab
glados = import ./machines/glados.nix; glados = import ./machines/glados.nix;
# Gitlab runners
wheatly = import ./machines/wheatly.nix;
# email # email
gir.imports = [ ./machines/gir.nix simple-nixos-mailserver.nixosModule]; gir.imports = [ ./machines/gir.nix simple-nixos-mailserver.nixosModule];

53
machines/wheatly.nix Normal file
View file

@ -0,0 +1,53 @@
/*
Name: https://theportalwiki.com/wiki/Wheatley
Why: Whereever GLaDOS is Wheatly is not too far away
Type: VM
Hardware: -
From: 2023
Role: Gitlab Runner
Notes:
*/
{ pkgs, lib, nodes, ... }:
let
# name of the server, sets teh hostname and record for it
name = "wheatly";
ip_pub = "193.1.99.78";
ip_priv = "172.20.20.7";
hostname = "${name}.skynet.ie";
in {
imports = [
../applications/gitlab_runner.nix
];
deployment = {
targetHost = hostname;
targetPort = 22;
targetUser = "root";
tags = [ "active" ];
};
skynet_dns.records = {
external = [
"${name} A ${ip_pub}"
];
reverse = [
"${builtins.substring 9 3 ip_pub} IN PTR ${hostname}."
];
};
environment.systemPackages = [
pkgs.gitlab-runner
];
services.skynet_gitlab_runner = {
enable = true;
runner.name = "runner01";
};
}

14
secrets/gitlab/runners/runner01.age Normal file
View file

@ -0,0 +1,14 @@
age-encryption.org/v1
-> ssh-ed25519 V1pwNA zfq1BfPaVUFSBQp9N511d9dH/7OOaXCV+g+cbYMZphw
50UdZD5tpPVR2PKEHPaPVhi/1x8GXoA/kDRKNAs5OnU
-> ssh-ed25519 rIwlvw pKhv0WXm8Cbc5KjZgI/b/NJvF8rTzzxdBvON8HBRgVY
Wyzj2gDrBawwxoirJgR24gIrYi6oaV3R1dki6cpepS4
-> ssh-ed25519 q8eJgg oP4w7oRI4suBuIEZ6SC9SOw991WGDjd4103m3ADZuTs
Clt4xDr+OrS4MtwK+1/7LmTM0P0jGhqvZD4+cPg533g
-> ssh-ed25519 yvS9bw FimWkJGigumVEyx2CV96SfwXRkl8aPHdgFTVAlMSa3s
etHz9IbwrOtzDAMXKQ0xa716OCLeJYX6rGgvLI+7Ngc
-> OQ)-grease
FmK6wjGW+7g4g+/HorXpNDoGV2G0RW6HYHlJfzHVhpY+o9No2et/q/lOOkly7+GQ
MMijO83k9LMwtN0zqY4aZfv4kpcJWQhjESUuY+FX
--- uleDVma8uLL0beHr7DTDVlNz218xZuKHeIa24ANkpJo
<EFBFBD> ej& ¼€<C2BC>à~'Ö<>ø0­pf÷>.‰)¤b <0A>â4rÒ¶dtŧ”õ“ÞnúH<C3BA>{ŒKÏà5<C3A0>$72¿b}EíAÔ­Ö+Æî³ ­<>A;TØ2Ó`·ÓâŽÄ£k]qK>

8
secrets/secrets.nix
View file

@ -25,6 +25,8 @@ let
glados = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6go7ScvOga9vYqC5HglPfh2Nu8wQTpEKpvIZuMAZom root@glados"; glados = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6go7ScvOga9vYqC5HglPfh2Nu8wQTpEKpvIZuMAZom root@glados";
wheatly = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEehcrWqZbTr4+do1ONE9Il/SayP0xXMvhozm845tonN root@wheatly";
kitt = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPble6JA2O/Wwv0Fztl/kiV0qj+QMjS+jTTj1Sz8k9xK root@kitt"; kitt = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPble6JA2O/Wwv0Fztl/kiV0qj+QMjS+jTTj1Sz8k9xK root@kitt";
gir = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINL2qk/e0QBqpTQ2xDjF7Cv4c92jJ53jW2fuu88hAF/u root@gir"; gir = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINL2qk/e0QBqpTQ2xDjF7Cv4c92jJ53jW2fuu88hAF/u root@gir";
@ -55,6 +57,10 @@ let
glados glados
]; ];
gitlab_runners = [
wheatly
];
# these need dns stuff # these need dns stuff
webservers = [ webservers = [
# ULFM # ULFM
@ -84,6 +90,8 @@ in
"gitlab/secrets_jws.age".publicKeys = users ++ gitlab; "gitlab/secrets_jws.age".publicKeys = users ++ gitlab;
"gitlab/ldap_pw.age".publicKeys = users ++ gitlab; "gitlab/ldap_pw.age".publicKeys = users ++ gitlab;
"gitlab/runners/runner01.age".publicKeys = users ++ gitlab_runners;
# for ldap # for ldap
"ldap/pw.age".publicKeys = users ++ ldap; "ldap/pw.age".publicKeys = users ++ ldap;
"ldap/self_service.age".publicKeys = users ++ ldap; "ldap/self_service.age".publicKeys = users ++ ldap;