Add gitlab-runner

2023-10-12 14:24:50 +00:00 · 2023-10-12 14:24:50 +00:00 · fdab91a7f8
commit fdab91a7f8
parent a4913e5f7e
10 changed files with 620 additions and 4 deletions
--- a/hosts/magnesium/secrets.yaml
+++ b/hosts/magnesium/secrets.yaml
@ -1,5 +1,6 @@
 wireguard_key_hetzner-ha: ENC[AES256_GCM,data:HEW+EalHg6/mq7pRKZkasGz0nqbkSppkf0H/uV5QMJnWwKw9a9W21Y77OSw=,iv:OA6yml1T5kVafX0RYd0Es7DHcGjJazUxP2M6a5Pwkag=,tag:lX5UPIseIQ136HLrHbzZyw==,type:str]
 turn-static-auth-secret: ENC[AES256_GCM,data:rzhixUemFPwKj1BcVPZd7KtUO9OA6A2R4qEQ1BZGVG0=,iv:uYHYe4Cywxovt3b/Ho1tQVHrpgVic+AKh9AjYMYSZcM=,tag:rr8RW/if06t38GpZCYQB4w==,type:str]
+gitlab-runner_fablab-nea-hcloud-labsync: ENC[AES256_GCM,data:+znVO8cQxjDdhch7oUALZvt84iJmWnAx6lTM0+WGkGtaRWTCTPjgnst5waSJpw/Oysrd1PkXZKmLHyHuU7K/CHQij7sWH50G3ZcUum58klJc3dCPztlrLpDVHeSwyYiLpsqkQTfjqLPfrMkxuxBgTEVXlq2ZnFuyOGbFx9hubPxLeyQKakiW3qZWGjbFXYAps7Gl61AVdKJj3y1otX2JbCjG9x2i6FHZpl5ywwQCjKNM,iv:7v+I/oJtWDap6PNIJ4Qm3Si9dGs7a79SaMhnr/tbe1A=,tag:7jgoLtdWAEKMkWoXZ10owA==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -15,8 +16,8 @@ sops:
            Vlk3Y1luTTg3bkpqNTNPUGlNYmNtMW8K9dEUwAuzvDZZoVi8FPZQ7/h75EV0L+VM
            MlTGfEt38Hi7EOw+yfXvXYHse/OKypwcrPiJDT6IT/E+O9BJCjPKCA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-07-10T19:12:04Z"
-    mac: ENC[AES256_GCM,data:cDwrW1odloAedY7tdKLPg52UTehlTrs3+lAH0ksaGGDXzQCsVNlfzR86SRGQY2s98cu7+9j5azhWSU9slDZcTIk4VWL2i8ZtVpD8KFtut0WiwWaGf2/KLe80GGw3lr4Rm491YDvv7JcUsEuCG3lAQFZzAlZcfl0faFpzYvpTk30=,iv:yeyRjURArUaG0HzcVP0Wm9n0oVHb+u4zNdaQbrC+EaM=,tag:9uFNd3CSSFjToeawBtMNHg==,type:str]
+    lastmodified: "2023-10-13T18:27:53Z"
+    mac: ENC[AES256_GCM,data:8DPq0aGtoiMOdFyD+0NKGZ9OrDi1VXXS/6y3tH4DwlkLDpDqb2QsxunTDwoHlILQBu300nB2lUeGuGlp4/0FimFdiddlu2Ljq8vLh3wt+sz660RgfeaIcgWLSHtulyNIIQJ91wzzgbRADafFRCavVFvJALnIgeE+QDQa4ybLus0=,iv:T3xwELbHbqDszIkGs8BeJn9WV0LjagF1T+HLxCR/Aeo=,tag:NAIBPTRcnRtkGKhpWpe5Pw==,type:str]
    pgp:
        - created_at: "2023-06-22T12:44:23Z"
          enc: |
--- a/hosts/magnesium/services/default.nix
+++ b/hosts/magnesium/services/default.nix
@ -1,6 +1,7 @@
 {
  imports = [
    ./coturn.nix
+    ./gitlab-runner.nix
    ./mosquitto.nix
    ./public-ip-tunnel.nix
    ./webserver.nix
--- a/hosts/magnesium/services/gitlab-runner.nix
+++ b/hosts/magnesium/services/gitlab-runner.nix
@ -0,0 +1,43 @@
+{ config, lib, pkgs, ... }:
+
+{
+  sops.secrets.gitlab-runner_fablab-nea-hcloud-labsync = {
+    sopsFile = ../secrets.yaml;
+  };
+  services.gitlab-runner = {
+    enable = true;
+    extraPackages = [
+      #(pkgs.writeShellScriptBin "docker-machine" ''
+      #  exec ${pkgs.docker-machine-gitlab}/bin/docker-machine --debug "$@"
+      #'')
+      pkgs.docker-machine-gitlab
+    ];
+    #settings.log_level = "debug";
+    services."fablab-nea-hcloud-labsync" = {
+      description = "FabLab NEA Hetzner Cloud - labsync image builder";
+      limit = 5;
+      executor = "docker+machine";
+      registrationConfigFile = config.sops.secrets.gitlab-runner_fablab-nea-hcloud-labsync.path;
+      dockerImage = "quay.io/official-images/alpine:latest";
+      dockerPrivileged = true;
+      tagList = [
+        "labsync-image"
+      ];
+      maximumTimeout = 6 * 60 * 60;
+      registrationFlags = [
+        "--docker-tlsverify"
+        "--machine-idle-nodes 0"
+        "--machine-idle-scale-factor 0.0"
+        "--machine-idle-count-min 0"
+        "--machine-idle-time 900"
+        "--machine-max-builds 100"
+        "--machine-machine-driver hetzner"
+        "--machine-machine-name gitlabrunner-%s"
+      ] ++ (map (o: "--machine-machine-options=" + o) [
+        "hetzner-image=debian-12"
+        "hetzner-server-type=cx11"
+        "hetzner-server-location=nbg1"
+      ]);
+    };
+  };
+}