Add gitlab runner back to oracles
This commit is contained in:
parent
607c186fc3
commit
310008ca02
|
@ -17,12 +17,17 @@
|
|||
owner = config.users.users.nathan.name;
|
||||
group = config.users.users.nathan.group;
|
||||
};
|
||||
"nix-asuran" = {
|
||||
format = "yaml";
|
||||
sopsFile = ../../secrets/oracles/gitlab.yaml;
|
||||
};
|
||||
};
|
||||
# Setup system configuration
|
||||
nathan = {
|
||||
programs = {
|
||||
utils = {
|
||||
devel = true;
|
||||
binfmt = true;
|
||||
};
|
||||
};
|
||||
services = {
|
||||
|
@ -55,6 +60,9 @@
|
|||
setupGrub = true;
|
||||
nix.autoUpdate = true;
|
||||
harden = false;
|
||||
virtualization = {
|
||||
docker = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
# Configure networking
|
||||
|
@ -169,13 +177,16 @@
|
|||
}
|
||||
];
|
||||
};
|
||||
|
||||
# Setup vhost for pack website
|
||||
services.nginx.virtualHosts."pack.forward-progress.net" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/".root = "/var/www/pack.forward-progress.net";
|
||||
root = "/var/www/pack.forward-progress.net";
|
||||
};
|
||||
# Backup postgres
|
||||
|
||||
# Backup postgres, as used by matrix
|
||||
services.postgresqlBackup = {
|
||||
#enable = true;
|
||||
compression = "none";
|
||||
|
@ -183,4 +194,41 @@
|
|||
startAt = "OnCalendar=00/2:00";
|
||||
};
|
||||
|
||||
# Setup the gitlab runners
|
||||
services.gitlab-runner =
|
||||
let
|
||||
nix-shared = with lib; {
|
||||
dockerImage = "nixpkgs/nix-flakes";
|
||||
dockerVolumes = [
|
||||
"/var/sharedstore:/sharedstore"
|
||||
];
|
||||
dockerDisableCache = true;
|
||||
dockerPrivileged = true;
|
||||
};
|
||||
in
|
||||
{
|
||||
enable = true;
|
||||
concurrent = 4;
|
||||
checkInterval = 1;
|
||||
services = {
|
||||
# default-asuran = {
|
||||
# registrationConfigFile = "/var/lib/secret/gitlab-runner/asuran-default";
|
||||
# dockerImage = "debian:stable";
|
||||
# dockerVolumes = [
|
||||
# "/var/run/docker.sock:/var/run/docker.sock"
|
||||
# ];
|
||||
# dockerPrivileged = true;
|
||||
# tagList = [ "linux-own" ];
|
||||
# };
|
||||
|
||||
nix-asuran = nix-shared // {
|
||||
registrationConfigFile = config.sops.secrets.nix-asuran.path;
|
||||
tagList = [ "nix" ];
|
||||
requestConcurrency = 8;
|
||||
limit = 4;
|
||||
runUntagged = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -44,7 +44,7 @@ with lib;
|
|||
enable = true;
|
||||
allowReboot = true;
|
||||
# Update from the flake
|
||||
flake = "github:nathans-flakes/system";
|
||||
flake = "github:nathans-flakes/system/rewrite";
|
||||
# Attempt to update daily at 2AM
|
||||
dates = "2:00";
|
||||
};
|
||||
|
|
|
@ -23,6 +23,8 @@ with lib;
|
|||
# Automatically prune to keep things lean
|
||||
autoPrune.enable = true;
|
||||
};
|
||||
# Make sure our containers can reach the network
|
||||
boot.kernel.sysctl."net.ipv4.ip_forward" = true;
|
||||
})
|
||||
(mkIf nc.virtualization.lxc {
|
||||
virtualisation.lxd = {
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
nix-asuran: ENC[AES256_GCM,data:RXjgVChMgDP1YodyEZyUJejD8g/eXVvbBzZ7N1oUmkKEDgjjetHxZVt8h4BfCyymQaZA9wP2wtq4/jiWdOKrYuKsnCZ3SR4qJpxjkOe0W+hh,iv:pLmBWY6ZB4S4OrRJRiOhxBKGJvPsGQcJRarmZY6aFSw=,tag:uliGhjYATCn0qvpsG3Ux/A==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkUkxDNzRaaXk5MjFSK3o2
|
||||
aWhRamxEb3FFMGo3OUVDL25udVg5UDM3SHhFCnZEWmluYklvcjh2ZWk0K2kvSUZj
|
||||
YzFMUHdaQlhhQi8ya3l5KzB4NzBDdlEKLS0tIHVLSlFkUEdoK3hzQ2V5VlZTSW9Q
|
||||
MWw3OG9CN3BkanZsUEVPbjBRclVTLzAKYyjhfh/VZDx9RnlcS6palMaGDOSYPha0
|
||||
i3bU8KvH0cc/FhSkv320Owwrwq4ocI3ZSWEWXVgmnwxLuXi2pNW3Qw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age12ayrv88xjt4r276fzc9du70x8q0r7xutt85vj627ykf4k8kgms4sc6wywn
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZSjFkRkpjcytHV1RCSEc1
|
||||
TnlQR2c2cUtVT3dUZGQrb1JEWFFyNmNSekdBCjRYUHdDZGdQRWFkZHdISzgrNHdO
|
||||
S2hlQThUckRDVE9RM1czcWFpVWMzczAKLS0tIGFrZFhVWk5SR3dtVUFwQjdCaEJ5
|
||||
R3NHOS83TmIyaG1yYjdJODFuVmZ6aTAKF/PP60jU0JlN8TchHeTp0T5Fhg55kMHc
|
||||
t9Dv+PBkscQxO3VxUD3Oqw9/c/C5Abm8KgcWmYrLa00+2zbMC0oZEA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2022-09-06T00:47:48Z"
|
||||
mac: ENC[AES256_GCM,data:7LHqZlBtRw+dN5Ed2bSPl7onYbI6m3rpFSqJ2qJM7dLK0wLSrJoP9K0chfLKDthTtw21KRv9m0SyAOsjv1ek8uyD7PIE5hhmtWGWm/rrDMLtLt+NWxQWBdM2sMGughvzhRG0auLUF8WaWHaoRuQyG9qlmO8lXMspS7/dfDQUcdQ=,iv:ciThIEZv4nom9w6XQS2rtw+lAlPcpGMLeuUjfAkTiWg=,tag:G0C0d6+fRGZ0Bq/GeczIrg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
Loading…
Reference in New Issue