From 1cec43be02f624981c1860bd9da62629810d9850 Mon Sep 17 00:00:00 2001 From: Hendrik Sokolowski Date: Sun, 30 Oct 2022 21:32:53 +0100 Subject: [PATCH] ci-runner experiment --- modules/ci-runner/default.nix | 68 +++++++++++++++++++++-------------- 1 file changed, 41 insertions(+), 27 deletions(-) diff --git a/modules/ci-runner/default.nix b/modules/ci-runner/default.nix index b9fbb105..9fe6df51 100644 --- a/modules/ci-runner/default.nix +++ b/modules/ci-runner/default.nix @@ -1,34 +1,46 @@ -{ lib, config, pkgs, self, ... }: +{ lib, config, pkgs, self, dockerTools, ... }: with lib; let - bootstrap = pkgs.writeScript "bootstrap.sh" '' - #!/usr/bin/env bash + runnerImageName = "ci-runner-docker-drone-exec"; + runnerImage = dockerTools.buildImage { + name = runnerImageName; + tag = "latest"; - set -e + fromImageName = "debian"; - apt update - apt install --yes curl git sudo xz-utils + runAsRoot = '' + #!/usr/bin/env bash - adduser --system --uid 999 build + set -e + + apt update + apt install --yes curl git sudo xz-utils + + adduser --system --uid 9999 build + chown build /nix + + sudo -u build curl -L https://nixos.org/nix/install > install + sudo -u build sh install + + echo "export PATH=/nix/var/nix/profiles/per-user/build/profile/bin:''$PATH" >> /etc/profile + + mkdir /etc/nix + echo 'experimental-features = nix-command flakes' >> /etc/nix/nix.conf + + export nix_user_config_file="/home/build/.local/share/nix/trusted-settings.json" + mkdir -p $(dirname \\$nix_user_config_file) + echo '{"extra-experimental-features":{"nix-command flakes":true},"extra-substituters":{"https://nix-dram.cachix.org https://dram.cachix.org https://nrdxp.cachix.org https://nix-community.cachix.org":true},"extra-trusted-public-keys":{"nix-dram.cachix.org-1:CKjZ0L1ZiqH3kzYAZRt8tg8vewAx5yj8Du/+iR8Efpg= dram.cachix.org-1:baoy1SXpwYdKbqdTbfKGTKauDDeDlHhUpC+QuuILEMY= nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=":true}}' > \\$nix_user_config_file + chown -R build /home/build/ + + curl -L https://github.com/drone-runners/drone-runner-exec/releases/latest/download/drone_runner_exec_linux_amd64.tar.gz | tar xz + sudo install -t /usr/local/bin drone-runner-exec + ''; + }; + + startup = pkgs.writeScript "startup.sh" '' chown build /nix - sudo -u build curl -L https://nixos.org/nix/install > install - sudo -u build sh install - - echo "export PATH=/nix/var/nix/profiles/per-user/build/profile/bin:''$PATH" >> /etc/profile - - mkdir /etc/nix - echo 'experimental-features = nix-command flakes' >> /etc/nix/nix.conf - - export nix_user_config_file="/home/build/.local/share/nix/trusted-settings.json" - mkdir -p $(dirname \\$nix_user_config_file) - echo '{"extra-experimental-features":{"nix-command flakes":true},"extra-substituters":{"https://nix-dram.cachix.org https://dram.cachix.org https://nrdxp.cachix.org https://nix-community.cachix.org":true},"extra-trusted-public-keys":{"nix-dram.cachix.org-1:CKjZ0L1ZiqH3kzYAZRt8tg8vewAx5yj8Du/+iR8Efpg= dram.cachix.org-1:baoy1SXpwYdKbqdTbfKGTKauDDeDlHhUpC+QuuILEMY= nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=":true}}' > \\$nix_user_config_file - chown -R build /home/build/ - - curl -L https://github.com/drone-runners/drone-runner-exec/releases/latest/download/drone_runner_exec_linux_amd64.tar.gz | tar xz - sudo install -t /usr/local/bin drone-runner-exec - if [ ! -f /run/vars ]; then exit 1 fi @@ -38,6 +50,7 @@ let su - -s /bin/bash build sh -c "/usr/local/bin/drone-runner-exec daemon /run/runtime-vars" ''; + psCfg = config.pub-solar; cfg = config.pub-solar.ci-runner; in @@ -62,7 +75,7 @@ in runnerEnvironment = lib.mkOption { description = '' - Additional environment vars added to the vars file on container runtime + Additional environment variables added to the vars file on container runtime ''; default = {}; }; @@ -84,15 +97,16 @@ in oci-containers = { backend = "docker"; containers."drone-exec-runner" = { - image = "debian"; + image = runnerImageName; + imageFile = runnerImage; autoStart = true; entrypoint = "bash"; - cmd = [ "/bootstrap.sh" ]; + cmd = [ "/startup.sh" ]; volumes = [ "${cfg.runnerVarsFile}:/run/vars" "${cfg.nixCacheLocation}:/nix" - "${bootstrap}:/bootstrap.sh" + "${startup}:/startup.sh" ]; environment = cfg.runnerEnvironment;