steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

nix: use upstream gitlab-runner module

Browse source 
This migrates to the upstream gitlab-runner module and allows removing
the custom one \o/
This commit is contained in:
steveej 2020-10-17 16:17:09 +02:00
parent 405ca2ade4
commit 4ca173efd4
3 changed files with 21 additions and 174 deletions
Download patch file Download diff file Expand all files Collapse all files

2
nix/os/devices/vmd32387.contaboserver.net/configuration.nix
View file

@ -2,12 +2,10 @@
{ {
disabledModules = [ disabledModules = [
"services/continuous-integration/gitlab-runner.nix"
]; ];
imports = [ imports = [
../../profiles/common/configuration.nix ../../profiles/common/configuration.nix
../../modules/encryptedDisk.nix ../../modules/encryptedDisk.nix
../../modules/gitlab-runner.nix
./system.nix ./system.nix
./hw.nix ./hw.nix

42
nix/os/devices/vmd32387.contaboserver.net/pkg.nix
View file

@ -10,6 +10,14 @@
}; };
home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix { inherit pkgs; }; home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix { inherit pkgs; };
nix.buildMachines = [
{ hostName = "localhost";
system = "x86_64-linux";
supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"];
maxJobs = 4;
}
];
services.hydra = { services.hydra = {
enable = false; enable = false;
hydraURL = "http://localhost:3000"; # externally visible URL hydraURL = "http://localhost:3000"; # externally visible URL
@ -20,18 +28,10 @@
useSubstitutes = true; useSubstitutes = true;
}; };
nix.buildMachines = [
{ hostName = "localhost";
system = "x86_64-linux";
supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"];
maxJobs = 4;
}
];
services.gitlab-runner = { services.gitlab-runner = {
enable = true; enable = true;
packages = with pkgs; [ extraPackages = with pkgs; [
bash bash
gitlab-runner gitlab-runner
nix nix
@ -39,18 +39,16 @@
git-crypt git-crypt
]; ];
configFile = let concurrent = 2;
nixRunnerToken = "/etc/secrets/gitlab-runner/nix-runner.token"; checkInterval = 0;
in pkgs.writeText "config.toml" '' services = {
concurrent = 2 nixRunner = {
check_interval = 0 executor = "shell";
[[runners]] runUntagged = true;
name = "nix-runner" registrationConfigFile = "/etc/secrets/gitlab-runner/nix-runner.registration";
url = "https://gitlab.com" tagList = [ "nix" ];
token = "<% sed -z 's/[\n\s]//g' ${nixRunnerToken} %>" };
executor = "shell" };
shell = "bash"
[runners.cache]
'';
}; };
} }

149
nix/os/modules/gitlab-runner.nix
View file

@ -1,149 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.gitlab-runner;
configFile =
if (cfg.configFile == null) then
(pkgs.runCommand "config.toml" {
buildInputs = [ pkgs.remarshal ];
} ''
remarshal -if json -of toml \
< ${pkgs.writeText "config.json" (builtins.toJSON cfg.configOptions)} \
> $out
'')
else
cfg.configFile;
hasDocker = config.virtualisation.docker.enable;
in
{
options.services.gitlab-runner = {
enable = mkEnableOption "Gitlab Runner";
configFile = mkOption {
default = null;
description = ''
Configuration file for gitlab-runner.
Use this option in favor of configOptions to avoid placing CI tokens in the nix store.
<option>configFile</option> takes precedence over <option>configOptions</option>.
Warning: Not using <option>configFile</option> will potentially result in secrets
leaking into the WORLD-READABLE nix store.
'';
type = types.nullOr types.path;
};
configOptions = mkOption {
description = ''
Configuration for gitlab-runner
<option>configFile</option> will take precedence over this option.
Warning: all Configuration, especially CI token, will be stored in a
WORLD-READABLE file in the Nix Store.
If you want to protect your CI token use <option>configFile</option> instead.
'';
type = types.attrs;
example = {
concurrent = 2;
runners = [{
name = "docker-nix-1.11";
url = "https://CI/";
token = "TOKEN";
executor = "docker";
builds_dir = "";
docker = {
host = "";
image = "nixos/nix:1.11";
privileged = true;
disable_cache = true;
cache_dir = "";
};
}];
};
};
gracefulTermination = mkOption {
default = false;
type = types.bool;
description = ''
Finish all remaining jobs before stopping, restarting or reconfiguring.
If not set gitlab-runner will stop immediatly without waiting for jobs to finish,
which will lead to failed builds.
'';
};
gracefulTimeout = mkOption {
default = "infinity";
type = types.str;
example = "5min 20s";
description = ''Time to wait until a graceful shutdown is turned into a forceful one.'';
};
workDir = mkOption {
default = "/var/lib/gitlab-runner";
type = types.path;
description = "The working directory used";
};
package = mkOption {
description = "Gitlab Runner package to use";
default = pkgs.gitlab-runner;
defaultText = "pkgs.gitlab-runner";
type = types.package;
example = literalExample "pkgs.gitlab-runner_1_11";
};
packages = mkOption {
default = [ pkgs.bash pkgs.docker-machine ];
defaultText = "[ pkgs.bash pkgs.docker-machine ]";
type = types.listOf types.package;
description = ''
Packages to add to PATH for the gitlab-runner process.
'';
};
};
config = mkIf cfg.enable {
systemd.services.gitlab-runner = {
path = cfg.packages;
environment = config.networking.proxy.envVars;
description = "Gitlab Runner";
after = [ "network.target" ]
++ optional hasDocker "docker.service";
requires = optional hasDocker "docker.service";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = "gitlab-runner";
Group = "gitlab-runner";
WorkingDirectory = cfg.workDir;
ExecStart = ''/usr/bin/env bash -c "exec ${cfg.package.bin}/bin/gitlab-runner run \
--working-directory ${cfg.workDir} \
--config <(${pkgs.esh}/bin/esh -o - -- ${configFile}) \
--service gitlab-runner \
"'';
} // optionalAttrs (cfg.gracefulTermination) {
TimeoutStopSec = "${cfg.gracefulTimeout}";
KillSignal = "SIGQUIT";
KillMode = "process";
};
};
# Make the gitlab-runner command availabe so users can query the runner
environment.systemPackages = [ cfg.package ];
users.users.gitlab-runner = {
group = "gitlab-runner";
extraGroups = optional hasDocker "docker";
uid = config.ids.uids.gitlab-runner;
home = cfg.workDir;
createHome = true;
};
users.groups.gitlab-runner.gid = config.ids.gids.gitlab-runner;
};
}