diff --git a/machines/tower/default.nix b/machines/tower/default.nix index 564997e..421208d 100644 --- a/machines/tower/default.nix +++ b/machines/tower/default.nix @@ -100,6 +100,21 @@ ''; + services.nix-gitlab-runner = { + enable = true; + registrationConfigFile = "/var/lib/gitlab-runner/gitlab_runner"; + packages = with pkgs; [ coreutils su bash git ]; + }; + + + + services.nginx.virtualHosts."phd.julienmalka.me" = { + enableACME = true; + forceSSL = true; + root = "/home/gitlab-runner/artifacts"; + }; + + services.grafana.enable = true; services.grafana.settings.server.http_port = 3000; services.prometheus = { diff --git a/modules/gitlab-runner/default.nix b/modules/gitlab-runner/default.nix new file mode 100644 index 0000000..fb9530c --- /dev/null +++ b/modules/gitlab-runner/default.nix @@ -0,0 +1,117 @@ +/* + * An opinonated Gitlab-runner, that allows for nix builds (with caching) + * on NixOS build machines + */ +{ config, pkgs, lib, ... }: +with lib; +let + cfg = config.services.nix-gitlab-runner; +in +{ + options.services.nix-gitlab-runner = { + enable = lib.mkEnableOption "Gitlab Runner"; + + gracefulTermination = mkOption { + default = false; + type = types.bool; + description = '' + Finish all remaining jobs before stopping, restarting or reconfiguring. + If not set gitlab-runner will stop immediatly without waiting for jobs to finish, + which will lead to failed builds. + ''; + }; + + gracefulTimeout = mkOption { + default = "infinity"; + type = types.str; + example = "5min 20s"; + description = ''Time to wait until a graceful shutdown is turned into a forceful one.''; + }; + + workDir = mkOption { + default = "/home/gitlab-runner"; + type = types.path; + description = "The working directory used"; + }; + + concurrent = mkOption { + default = 1; + type = types.int; + description = ''Jobs to run concurrently''; + }; + + check-interval = mkOption { + default = 0; + type = types.int; + description = ''Interval to check for jobs''; + }; + + package = mkOption { + description = "Gitlab Runner package to use"; + default = pkgs.gitlab-runner; + defaultText = "pkgs.gitlab-runner"; + type = types.package; + example = literalExample "pkgs.gitlab-runner_1_11"; + }; + + packages = mkOption { + default = with pkgs; [ coreutils su bash ]; + type = types.listOf types.package; + description = '' + Packages to add to PATH for the gitlab-runner process. + ''; + }; + + runners = mkOption { + type = types.listOf types.attrs; + default = [ ]; + description = '' + Runners [{name,url,token,executor}] + ''; + }; + + registrationConfigFile = mkOption + { + type = types.path; + }; + }; + config = + mkIf cfg.enable { + systemd.services.nix-gitlab-runner = { + path = cfg.packages; + environment = config.networking.proxy.envVars; + description = "Gitlab Runner"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + StateDirectory = "gitlab-runner"; + ExecStart = '' + ${cfg.package}/bin/gitlab-runner run \ + --working-directory ${cfg.workDir} \ + --user gitlab-runner \ + --service gitlab-runner \ + --config ${cfg.registrationConfigFile} + ''; + } // optionalAttrs (cfg.gracefulTermination) { + TimeoutStopSec = "${cfg.gracefulTimeout}"; + KillSignal = "SIGQUIT"; + KillMode = "process"; + }; + }; + + # Make the gitlab-runner command availabe so users can query the runner + environment.systemPackages = [ cfg.package pkgs.git ]; + + users.users.gitlab-runner = { + home = "/home/gitlab-runner"; + isNormalUser = true; + createHome = true; + }; + nix.settings.allowed-users = [ "gitlab-runner" ]; + nix.settings.trusted-users = [ "gitlab-runner" ]; + + + + }; +} +