Add gitlab runner back to oracles
This commit is contained in:
parent
607c186fc3
commit
310008ca02
|
@ -17,12 +17,17 @@
|
||||||
owner = config.users.users.nathan.name;
|
owner = config.users.users.nathan.name;
|
||||||
group = config.users.users.nathan.group;
|
group = config.users.users.nathan.group;
|
||||||
};
|
};
|
||||||
|
"nix-asuran" = {
|
||||||
|
format = "yaml";
|
||||||
|
sopsFile = ../../secrets/oracles/gitlab.yaml;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
# Setup system configuration
|
# Setup system configuration
|
||||||
nathan = {
|
nathan = {
|
||||||
programs = {
|
programs = {
|
||||||
utils = {
|
utils = {
|
||||||
devel = true;
|
devel = true;
|
||||||
|
binfmt = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
services = {
|
services = {
|
||||||
|
@ -55,6 +60,9 @@
|
||||||
setupGrub = true;
|
setupGrub = true;
|
||||||
nix.autoUpdate = true;
|
nix.autoUpdate = true;
|
||||||
harden = false;
|
harden = false;
|
||||||
|
virtualization = {
|
||||||
|
docker = true;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
# Configure networking
|
# Configure networking
|
||||||
|
@ -169,13 +177,16 @@
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# Setup vhost for pack website
|
||||||
services.nginx.virtualHosts."pack.forward-progress.net" = {
|
services.nginx.virtualHosts."pack.forward-progress.net" = {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
locations."/".root = "/var/www/pack.forward-progress.net";
|
locations."/".root = "/var/www/pack.forward-progress.net";
|
||||||
root = "/var/www/pack.forward-progress.net";
|
root = "/var/www/pack.forward-progress.net";
|
||||||
};
|
};
|
||||||
# Backup postgres
|
|
||||||
|
# Backup postgres, as used by matrix
|
||||||
services.postgresqlBackup = {
|
services.postgresqlBackup = {
|
||||||
#enable = true;
|
#enable = true;
|
||||||
compression = "none";
|
compression = "none";
|
||||||
|
@ -183,4 +194,41 @@
|
||||||
startAt = "OnCalendar=00/2:00";
|
startAt = "OnCalendar=00/2:00";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# Setup the gitlab runners
|
||||||
|
services.gitlab-runner =
|
||||||
|
let
|
||||||
|
nix-shared = with lib; {
|
||||||
|
dockerImage = "nixpkgs/nix-flakes";
|
||||||
|
dockerVolumes = [
|
||||||
|
"/var/sharedstore:/sharedstore"
|
||||||
|
];
|
||||||
|
dockerDisableCache = true;
|
||||||
|
dockerPrivileged = true;
|
||||||
|
};
|
||||||
|
in
|
||||||
|
{
|
||||||
|
enable = true;
|
||||||
|
concurrent = 4;
|
||||||
|
checkInterval = 1;
|
||||||
|
services = {
|
||||||
|
# default-asuran = {
|
||||||
|
# registrationConfigFile = "/var/lib/secret/gitlab-runner/asuran-default";
|
||||||
|
# dockerImage = "debian:stable";
|
||||||
|
# dockerVolumes = [
|
||||||
|
# "/var/run/docker.sock:/var/run/docker.sock"
|
||||||
|
# ];
|
||||||
|
# dockerPrivileged = true;
|
||||||
|
# tagList = [ "linux-own" ];
|
||||||
|
# };
|
||||||
|
|
||||||
|
nix-asuran = nix-shared // {
|
||||||
|
registrationConfigFile = config.sops.secrets.nix-asuran.path;
|
||||||
|
tagList = [ "nix" ];
|
||||||
|
requestConcurrency = 8;
|
||||||
|
limit = 4;
|
||||||
|
runUntagged = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -44,7 +44,7 @@ with lib;
|
||||||
enable = true;
|
enable = true;
|
||||||
allowReboot = true;
|
allowReboot = true;
|
||||||
# Update from the flake
|
# Update from the flake
|
||||||
flake = "github:nathans-flakes/system";
|
flake = "github:nathans-flakes/system/rewrite";
|
||||||
# Attempt to update daily at 2AM
|
# Attempt to update daily at 2AM
|
||||||
dates = "2:00";
|
dates = "2:00";
|
||||||
};
|
};
|
||||||
|
|
|
@ -23,6 +23,8 @@ with lib;
|
||||||
# Automatically prune to keep things lean
|
# Automatically prune to keep things lean
|
||||||
autoPrune.enable = true;
|
autoPrune.enable = true;
|
||||||
};
|
};
|
||||||
|
# Make sure our containers can reach the network
|
||||||
|
boot.kernel.sysctl."net.ipv4.ip_forward" = true;
|
||||||
})
|
})
|
||||||
(mkIf nc.virtualization.lxc {
|
(mkIf nc.virtualization.lxc {
|
||||||
virtualisation.lxd = {
|
virtualisation.lxd = {
|
||||||
|
|
|
@ -0,0 +1,30 @@
|
||||||
|
nix-asuran: ENC[AES256_GCM,data:RXjgVChMgDP1YodyEZyUJejD8g/eXVvbBzZ7N1oUmkKEDgjjetHxZVt8h4BfCyymQaZA9wP2wtq4/jiWdOKrYuKsnCZ3SR4qJpxjkOe0W+hh,iv:pLmBWY6ZB4S4OrRJRiOhxBKGJvPsGQcJRarmZY6aFSw=,tag:uliGhjYATCn0qvpsG3Ux/A==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkUkxDNzRaaXk5MjFSK3o2
|
||||||
|
aWhRamxEb3FFMGo3OUVDL25udVg5UDM3SHhFCnZEWmluYklvcjh2ZWk0K2kvSUZj
|
||||||
|
YzFMUHdaQlhhQi8ya3l5KzB4NzBDdlEKLS0tIHVLSlFkUEdoK3hzQ2V5VlZTSW9Q
|
||||||
|
MWw3OG9CN3BkanZsUEVPbjBRclVTLzAKYyjhfh/VZDx9RnlcS6palMaGDOSYPha0
|
||||||
|
i3bU8KvH0cc/FhSkv320Owwrwq4ocI3ZSWEWXVgmnwxLuXi2pNW3Qw==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age12ayrv88xjt4r276fzc9du70x8q0r7xutt85vj627ykf4k8kgms4sc6wywn
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZSjFkRkpjcytHV1RCSEc1
|
||||||
|
TnlQR2c2cUtVT3dUZGQrb1JEWFFyNmNSekdBCjRYUHdDZGdQRWFkZHdISzgrNHdO
|
||||||
|
S2hlQThUckRDVE9RM1czcWFpVWMzczAKLS0tIGFrZFhVWk5SR3dtVUFwQjdCaEJ5
|
||||||
|
R3NHOS83TmIyaG1yYjdJODFuVmZ6aTAKF/PP60jU0JlN8TchHeTp0T5Fhg55kMHc
|
||||||
|
t9Dv+PBkscQxO3VxUD3Oqw9/c/C5Abm8KgcWmYrLa00+2zbMC0oZEA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2022-09-06T00:47:48Z"
|
||||||
|
mac: ENC[AES256_GCM,data:7LHqZlBtRw+dN5Ed2bSPl7onYbI6m3rpFSqJ2qJM7dLK0wLSrJoP9K0chfLKDthTtw21KRv9m0SyAOsjv1ek8uyD7PIE5hhmtWGWm/rrDMLtLt+NWxQWBdM2sMGughvzhRG0auLUF8WaWHaoRuQyG9qlmO8lXMspS7/dfDQUcdQ=,iv:ciThIEZv4nom9w6XQS2rtw+lAlPcpGMLeuUjfAkTiWg=,tag:G0C0d6+fRGZ0Bq/GeczIrg==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.7.3
|
Loading…
Reference in New Issue