Replace native ci runner with docker ci runner
This commit is contained in:
parent
41af850466
commit
5e836f6f31
|
@ -1,41 +1,105 @@
|
||||||
{ lib, config, pkgs, self, ... }:
|
{ lib, config, pkgs, self, ... }:
|
||||||
|
|
||||||
with lib;
|
with lib;
|
||||||
let
|
let
|
||||||
|
bootstrap = pkgs.writeScript "bootstrap.sh" ''
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
apt update
|
||||||
|
apt install --yes curl git sudo xz-utils
|
||||||
|
|
||||||
|
adduser --system --uid 999 build
|
||||||
|
chown build /nix
|
||||||
|
|
||||||
|
sudo -u build curl -L https://nixos.org/nix/install > install
|
||||||
|
sudo -u build sh install
|
||||||
|
|
||||||
|
echo "export PATH=/nix/var/nix/profiles/per-user/build/profile/bin:''$PATH" >> /etc/profile
|
||||||
|
|
||||||
|
mkdir /etc/nix
|
||||||
|
echo 'experimental-features = nix-command flakes' >> /etc/nix/nix.conf
|
||||||
|
|
||||||
|
export nix_user_config_file="/home/build/.local/share/nix/trusted-settings.json"
|
||||||
|
mkdir -p $(dirname \\$nix_user_config_file)
|
||||||
|
echo '{"extra-experimental-features":{"nix-command flakes":true},"extra-substituters":{"https://nix-dram.cachix.org https://dram.cachix.org https://nrdxp.cachix.org https://nix-community.cachix.org":true},"extra-trusted-public-keys":{"nix-dram.cachix.org-1:CKjZ0L1ZiqH3kzYAZRt8tg8vewAx5yj8Du/+iR8Efpg= dram.cachix.org-1:baoy1SXpwYdKbqdTbfKGTKauDDeDlHhUpC+QuuILEMY= nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=":true}}' > \\$nix_user_config_file
|
||||||
|
chown -R build /home/build/
|
||||||
|
|
||||||
|
curl -L https://github.com/drone-runners/drone-runner-exec/releases/latest/download/drone_runner_exec_linux_amd64.tar.gz | tar xz
|
||||||
|
sudo install -t /usr/local/bin drone-runner-exec
|
||||||
|
|
||||||
|
if [ ! -f /run/vars ]; then
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
cp -a /run/vars /run/runtime-vars
|
||||||
|
env | grep "DRONE" >> /run/runtime-vars
|
||||||
|
|
||||||
|
su - -s /bin/bash build sh -c "/usr/local/bin/drone-runner-exec daemon /run/runtime-vars"
|
||||||
|
'';
|
||||||
psCfg = config.pub-solar;
|
psCfg = config.pub-solar;
|
||||||
cfg = config.pub-solar.ci-runner;
|
cfg = config.pub-solar.ci-runner;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options.pub-solar.ci-runner = {
|
options.pub-solar.ci-runner = {
|
||||||
enable = mkEnableOption "Enables a systemd service that runs drone-ci-runner";
|
enable = lib.mkEnableOption "Enables a docker container running a drone exec runner as unprivileged user.";
|
||||||
};
|
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
enableKvm = lib.mkOption {
|
||||||
systemd.user.services.ci-runner = {
|
description = ''
|
||||||
enable = true;
|
Enable kvm support.
|
||||||
|
'';
|
||||||
description = "CI runner for the PubSolarOS repository that can run test VM instances with KVM.";
|
default = true;
|
||||||
|
type = types.bool;
|
||||||
serviceConfig = {
|
|
||||||
Type = "simple";
|
|
||||||
Restart = "always";
|
|
||||||
};
|
|
||||||
|
|
||||||
path = [
|
|
||||||
pkgs.git
|
|
||||||
pkgs.nix
|
|
||||||
pkgs.libvirt
|
|
||||||
];
|
|
||||||
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
after = [ "network.target" "libvirtd.service" ];
|
|
||||||
|
|
||||||
script = ''${pkgs.drone-runner-exec}/bin/drone-runner-exec daemon /run/agenix/drone-runner-exec-config'';
|
|
||||||
};
|
};
|
||||||
|
|
||||||
age.secrets."drone-runner-exec-config" = {
|
nixCacheLocation = lib.mkOption {
|
||||||
file = "${self}/secrets/drone-runner-exec-config";
|
description = ''
|
||||||
mode = "700";
|
Location of nix cache that is shared between builds
|
||||||
owner = psCfg.user.name;
|
'';
|
||||||
|
type = types.path;
|
||||||
|
};
|
||||||
|
|
||||||
|
runnerEnvironment = lib.mkOption {
|
||||||
|
description = ''
|
||||||
|
Additional environment vars added to the vars file on container runtime
|
||||||
|
'';
|
||||||
|
default = {};
|
||||||
|
};
|
||||||
|
|
||||||
|
runnerVarsFile = lib.mkOption {
|
||||||
|
description = ''
|
||||||
|
Location of vars file passed to drone runner
|
||||||
|
'';
|
||||||
|
type = types.path;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = lib.mkIf cfg.enable {
|
||||||
|
virtualisation = {
|
||||||
|
docker = {
|
||||||
|
enable = true; # sadly podman is not supported rightnow
|
||||||
|
};
|
||||||
|
|
||||||
|
oci-containers = {
|
||||||
|
backend = "docker";
|
||||||
|
containers."drone-exec-runner" = {
|
||||||
|
image = "debian";
|
||||||
|
autoStart = true;
|
||||||
|
entrypoint = "bash";
|
||||||
|
cmd = [ "/bootstrap.sh" ];
|
||||||
|
|
||||||
|
volumes = [
|
||||||
|
"${cfg.runnerVarsFile}:/run/vars"
|
||||||
|
"${cfg.nixCacheLocation}:/nix"
|
||||||
|
"${bootstrap}:/bootstrap.sh"
|
||||||
|
];
|
||||||
|
|
||||||
|
environment = cfg.runnerEnvironment;
|
||||||
|
|
||||||
|
extraOptions = lib.mkIf cfg.enableKvm [ "--device=/dev/kvm" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,105 +0,0 @@
|
||||||
{ lib, config, pkgs, self, ... }:
|
|
||||||
|
|
||||||
with lib;
|
|
||||||
let
|
|
||||||
bootstrap = pkgs.writeScript "bootstrap.sh" ''
|
|
||||||
#!/usr/bin/env bash
|
|
||||||
|
|
||||||
set -e
|
|
||||||
|
|
||||||
apt update
|
|
||||||
apt install --yes curl git sudo xz-utils
|
|
||||||
|
|
||||||
adduser --system --uid 999 build
|
|
||||||
chown build /nix
|
|
||||||
|
|
||||||
sudo -u build curl -L https://nixos.org/nix/install > install
|
|
||||||
sudo -u build sh install
|
|
||||||
|
|
||||||
echo "export PATH=/nix/var/nix/profiles/per-user/build/profile/bin:''$PATH" >> /etc/profile
|
|
||||||
|
|
||||||
mkdir /etc/nix
|
|
||||||
echo 'experimental-features = nix-command flakes' >> /etc/nix/nix.conf
|
|
||||||
|
|
||||||
export nix_user_config_file="/home/build/.local/share/nix/trusted-settings.json"
|
|
||||||
mkdir -p $(dirname \\$nix_user_config_file)
|
|
||||||
echo '{"extra-experimental-features":{"nix-command flakes":true},"extra-substituters":{"https://nix-dram.cachix.org https://dram.cachix.org https://nrdxp.cachix.org https://nix-community.cachix.org":true},"extra-trusted-public-keys":{"nix-dram.cachix.org-1:CKjZ0L1ZiqH3kzYAZRt8tg8vewAx5yj8Du/+iR8Efpg= dram.cachix.org-1:baoy1SXpwYdKbqdTbfKGTKauDDeDlHhUpC+QuuILEMY= nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=":true}}' > \\$nix_user_config_file
|
|
||||||
chown -R build /home/build/
|
|
||||||
|
|
||||||
curl -L https://github.com/drone-runners/drone-runner-exec/releases/latest/download/drone_runner_exec_linux_amd64.tar.gz | tar xz
|
|
||||||
sudo install -t /usr/local/bin drone-runner-exec
|
|
||||||
|
|
||||||
if [ ! -f /run/vars ]; then
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
cp -a /run/vars /run/runtime-vars
|
|
||||||
env | grep "DRONE" >> /run/runtime-vars
|
|
||||||
|
|
||||||
su - -s /bin/bash build sh -c "/usr/local/bin/drone-runner-exec daemon /run/runtime-vars"
|
|
||||||
'';
|
|
||||||
psCfg = config.pub-solar;
|
|
||||||
cfg = config.pub-solar.docker-ci-runner;
|
|
||||||
in
|
|
||||||
{
|
|
||||||
options.pub-solar.docker-ci-runner = {
|
|
||||||
enable = lib.mkEnableOption "Enables a docker container running a drone exec runner as unprivileged user.";
|
|
||||||
|
|
||||||
enableKvm = lib.mkOption {
|
|
||||||
description = ''
|
|
||||||
Enable kvm support.
|
|
||||||
'';
|
|
||||||
default = true;
|
|
||||||
type = types.bool;
|
|
||||||
};
|
|
||||||
|
|
||||||
nixCacheLocation = lib.mkOption {
|
|
||||||
description = ''
|
|
||||||
Location of nix cache that is shared between builds
|
|
||||||
'';
|
|
||||||
type = types.path;
|
|
||||||
};
|
|
||||||
|
|
||||||
runnerEnvironment = lib.mkOption {
|
|
||||||
description = ''
|
|
||||||
Additional environment vars added to the vars file on container runtime
|
|
||||||
'';
|
|
||||||
default = {};
|
|
||||||
};
|
|
||||||
|
|
||||||
runnerVarsFile = lib.mkOption {
|
|
||||||
description = ''
|
|
||||||
Location of vars file passed to drone runner
|
|
||||||
'';
|
|
||||||
type = types.path;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
config = lib.mkIf cfg.enable {
|
|
||||||
virtualisation = {
|
|
||||||
docker = {
|
|
||||||
enable = true; # sadly podman is not supported rightnow
|
|
||||||
};
|
|
||||||
|
|
||||||
oci-containers = {
|
|
||||||
backend = "docker";
|
|
||||||
containers."drone-exec-runner" = {
|
|
||||||
image = "debian";
|
|
||||||
autoStart = true;
|
|
||||||
entrypoint = "bash";
|
|
||||||
cmd = [ "/bootstrap.sh" ];
|
|
||||||
|
|
||||||
volumes = [
|
|
||||||
"${cfg.runnerVarsFile}:/run/vars"
|
|
||||||
"${cfg.nixCacheLocation}:/nix"
|
|
||||||
"${bootstrap}:/bootstrap.sh"
|
|
||||||
];
|
|
||||||
|
|
||||||
environment = cfg.runnerEnvironment;
|
|
||||||
|
|
||||||
extraOptions = lib.mkIf cfg.enableKvm [ "--device=/dev/kvm" ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
Loading…
Reference in a new issue