ci-runner experiment

This commit is contained in:
Hendrik Sokolowski 2022-10-30 21:32:53 +01:00
parent 5e836f6f31
commit 1cec43be02
Signed by untrusted user: hensoko
GPG key ID: 5C36A01B80BCCC59

View file

@ -1,34 +1,46 @@
{ lib, config, pkgs, self, ... }:
{ lib, config, pkgs, self, dockerTools, ... }:
with lib;
let
bootstrap = pkgs.writeScript "bootstrap.sh" ''
#!/usr/bin/env bash
runnerImageName = "ci-runner-docker-drone-exec";
runnerImage = dockerTools.buildImage {
name = runnerImageName;
tag = "latest";
set -e
fromImageName = "debian";
apt update
apt install --yes curl git sudo xz-utils
runAsRoot = ''
#!/usr/bin/env bash
adduser --system --uid 999 build
set -e
apt update
apt install --yes curl git sudo xz-utils
adduser --system --uid 9999 build
chown build /nix
sudo -u build curl -L https://nixos.org/nix/install > install
sudo -u build sh install
echo "export PATH=/nix/var/nix/profiles/per-user/build/profile/bin:''$PATH" >> /etc/profile
mkdir /etc/nix
echo 'experimental-features = nix-command flakes' >> /etc/nix/nix.conf
export nix_user_config_file="/home/build/.local/share/nix/trusted-settings.json"
mkdir -p $(dirname \\$nix_user_config_file)
echo '{"extra-experimental-features":{"nix-command flakes":true},"extra-substituters":{"https://nix-dram.cachix.org https://dram.cachix.org https://nrdxp.cachix.org https://nix-community.cachix.org":true},"extra-trusted-public-keys":{"nix-dram.cachix.org-1:CKjZ0L1ZiqH3kzYAZRt8tg8vewAx5yj8Du/+iR8Efpg= dram.cachix.org-1:baoy1SXpwYdKbqdTbfKGTKauDDeDlHhUpC+QuuILEMY= nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=":true}}' > \\$nix_user_config_file
chown -R build /home/build/
curl -L https://github.com/drone-runners/drone-runner-exec/releases/latest/download/drone_runner_exec_linux_amd64.tar.gz | tar xz
sudo install -t /usr/local/bin drone-runner-exec
'';
};
startup = pkgs.writeScript "startup.sh" ''
chown build /nix
sudo -u build curl -L https://nixos.org/nix/install > install
sudo -u build sh install
echo "export PATH=/nix/var/nix/profiles/per-user/build/profile/bin:''$PATH" >> /etc/profile
mkdir /etc/nix
echo 'experimental-features = nix-command flakes' >> /etc/nix/nix.conf
export nix_user_config_file="/home/build/.local/share/nix/trusted-settings.json"
mkdir -p $(dirname \\$nix_user_config_file)
echo '{"extra-experimental-features":{"nix-command flakes":true},"extra-substituters":{"https://nix-dram.cachix.org https://dram.cachix.org https://nrdxp.cachix.org https://nix-community.cachix.org":true},"extra-trusted-public-keys":{"nix-dram.cachix.org-1:CKjZ0L1ZiqH3kzYAZRt8tg8vewAx5yj8Du/+iR8Efpg= dram.cachix.org-1:baoy1SXpwYdKbqdTbfKGTKauDDeDlHhUpC+QuuILEMY= nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=":true}}' > \\$nix_user_config_file
chown -R build /home/build/
curl -L https://github.com/drone-runners/drone-runner-exec/releases/latest/download/drone_runner_exec_linux_amd64.tar.gz | tar xz
sudo install -t /usr/local/bin drone-runner-exec
if [ ! -f /run/vars ]; then
exit 1
fi
@ -38,6 +50,7 @@ let
su - -s /bin/bash build sh -c "/usr/local/bin/drone-runner-exec daemon /run/runtime-vars"
'';
psCfg = config.pub-solar;
cfg = config.pub-solar.ci-runner;
in
@ -62,7 +75,7 @@ in
runnerEnvironment = lib.mkOption {
description = ''
Additional environment vars added to the vars file on container runtime
Additional environment variables added to the vars file on container runtime
'';
default = {};
};
@ -84,15 +97,16 @@ in
oci-containers = {
backend = "docker";
containers."drone-exec-runner" = {
image = "debian";
image = runnerImageName;
imageFile = runnerImage;
autoStart = true;
entrypoint = "bash";
cmd = [ "/bootstrap.sh" ];
cmd = [ "/startup.sh" ];
volumes = [
"${cfg.runnerVarsFile}:/run/vars"
"${cfg.nixCacheLocation}:/nix"
"${bootstrap}:/bootstrap.sh"
"${startup}:/startup.sh"
];
environment = cfg.runnerEnvironment;