Add gitlab runner back to oracles

This commit is contained in:
Nathan McCarty 2022-09-05 20:52:22 -04:00
parent 607c186fc3
commit 310008ca02
Signed by: thatonelutenist
GPG Key ID: D70DA3DD4D1E9F96
4 changed files with 82 additions and 2 deletions

View File

@ -17,12 +17,17 @@
owner = config.users.users.nathan.name; owner = config.users.users.nathan.name;
group = config.users.users.nathan.group; group = config.users.users.nathan.group;
}; };
"nix-asuran" = {
format = "yaml";
sopsFile = ../../secrets/oracles/gitlab.yaml;
};
}; };
# Setup system configuration # Setup system configuration
nathan = { nathan = {
programs = { programs = {
utils = { utils = {
devel = true; devel = true;
binfmt = true;
}; };
}; };
services = { services = {
@ -55,6 +60,9 @@
setupGrub = true; setupGrub = true;
nix.autoUpdate = true; nix.autoUpdate = true;
harden = false; harden = false;
virtualization = {
docker = true;
};
}; };
}; };
# Configure networking # Configure networking
@ -169,13 +177,16 @@
} }
]; ];
}; };
# Setup vhost for pack website
services.nginx.virtualHosts."pack.forward-progress.net" = { services.nginx.virtualHosts."pack.forward-progress.net" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/".root = "/var/www/pack.forward-progress.net"; locations."/".root = "/var/www/pack.forward-progress.net";
root = "/var/www/pack.forward-progress.net"; root = "/var/www/pack.forward-progress.net";
}; };
# Backup postgres
# Backup postgres, as used by matrix
services.postgresqlBackup = { services.postgresqlBackup = {
#enable = true; #enable = true;
compression = "none"; compression = "none";
@ -183,4 +194,41 @@
startAt = "OnCalendar=00/2:00"; startAt = "OnCalendar=00/2:00";
}; };
# Setup the gitlab runners
services.gitlab-runner =
let
nix-shared = with lib; {
dockerImage = "nixpkgs/nix-flakes";
dockerVolumes = [
"/var/sharedstore:/sharedstore"
];
dockerDisableCache = true;
dockerPrivileged = true;
};
in
{
enable = true;
concurrent = 4;
checkInterval = 1;
services = {
# default-asuran = {
# registrationConfigFile = "/var/lib/secret/gitlab-runner/asuran-default";
# dockerImage = "debian:stable";
# dockerVolumes = [
# "/var/run/docker.sock:/var/run/docker.sock"
# ];
# dockerPrivileged = true;
# tagList = [ "linux-own" ];
# };
nix-asuran = nix-shared // {
registrationConfigFile = config.sops.secrets.nix-asuran.path;
tagList = [ "nix" ];
requestConcurrency = 8;
limit = 4;
runUntagged = true;
};
};
};
} }

View File

@ -44,7 +44,7 @@ with lib;
enable = true; enable = true;
allowReboot = true; allowReboot = true;
# Update from the flake # Update from the flake
flake = "github:nathans-flakes/system"; flake = "github:nathans-flakes/system/rewrite";
# Attempt to update daily at 2AM # Attempt to update daily at 2AM
dates = "2:00"; dates = "2:00";
}; };

View File

@ -23,6 +23,8 @@ with lib;
# Automatically prune to keep things lean # Automatically prune to keep things lean
autoPrune.enable = true; autoPrune.enable = true;
}; };
# Make sure our containers can reach the network
boot.kernel.sysctl."net.ipv4.ip_forward" = true;
}) })
(mkIf nc.virtualization.lxc { (mkIf nc.virtualization.lxc {
virtualisation.lxd = { virtualisation.lxd = {

View File

@ -0,0 +1,30 @@
nix-asuran: ENC[AES256_GCM,data:RXjgVChMgDP1YodyEZyUJejD8g/eXVvbBzZ7N1oUmkKEDgjjetHxZVt8h4BfCyymQaZA9wP2wtq4/jiWdOKrYuKsnCZ3SR4qJpxjkOe0W+hh,iv:pLmBWY6ZB4S4OrRJRiOhxBKGJvPsGQcJRarmZY6aFSw=,tag:uliGhjYATCn0qvpsG3Ux/A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkUkxDNzRaaXk5MjFSK3o2
aWhRamxEb3FFMGo3OUVDL25udVg5UDM3SHhFCnZEWmluYklvcjh2ZWk0K2kvSUZj
YzFMUHdaQlhhQi8ya3l5KzB4NzBDdlEKLS0tIHVLSlFkUEdoK3hzQ2V5VlZTSW9Q
MWw3OG9CN3BkanZsUEVPbjBRclVTLzAKYyjhfh/VZDx9RnlcS6palMaGDOSYPha0
i3bU8KvH0cc/FhSkv320Owwrwq4ocI3ZSWEWXVgmnwxLuXi2pNW3Qw==
-----END AGE ENCRYPTED FILE-----
- recipient: age12ayrv88xjt4r276fzc9du70x8q0r7xutt85vj627ykf4k8kgms4sc6wywn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZSjFkRkpjcytHV1RCSEc1
TnlQR2c2cUtVT3dUZGQrb1JEWFFyNmNSekdBCjRYUHdDZGdQRWFkZHdISzgrNHdO
S2hlQThUckRDVE9RM1czcWFpVWMzczAKLS0tIGFrZFhVWk5SR3dtVUFwQjdCaEJ5
R3NHOS83TmIyaG1yYjdJODFuVmZ6aTAKF/PP60jU0JlN8TchHeTp0T5Fhg55kMHc
t9Dv+PBkscQxO3VxUD3Oqw9/c/C5Abm8KgcWmYrLa00+2zbMC0oZEA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-09-06T00:47:48Z"
mac: ENC[AES256_GCM,data:7LHqZlBtRw+dN5Ed2bSPl7onYbI6m3rpFSqJ2qJM7dLK0wLSrJoP9K0chfLKDthTtw21KRv9m0SyAOsjv1ek8uyD7PIE5hhmtWGWm/rrDMLtLt+NWxQWBdM2sMGughvzhRG0auLUF8WaWHaoRuQyG9qlmO8lXMspS7/dfDQUcdQ=,iv:ciThIEZv4nom9w6XQS2rtw+lAlPcpGMLeuUjfAkTiWg=,tag:G0C0d6+fRGZ0Bq/GeczIrg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3