From 938c7a2b712e254d3dbfb69e4c5ed5470b62306d Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 24 Oct 2022 18:12:29 +0200 Subject: [PATCH] WIP: init drone-exec-runner-in-docker on ryzensun --- hosts/ryzensun/ryzensun.nix | 27 +++++++++++++++++++++++---- secrets/drone_exec_runner_config | 13 +++++++++++++ secrets/environment-secrets.age | 27 +++++++++++++-------------- secrets/secrets.nix | 1 + 4 files changed, 50 insertions(+), 18 deletions(-) create mode 100644 secrets/drone_exec_runner_config diff --git a/hosts/ryzensun/ryzensun.nix b/hosts/ryzensun/ryzensun.nix index e7ec3b87..aeb7f468 100644 --- a/hosts/ryzensun/ryzensun.nix +++ b/hosts/ryzensun/ryzensun.nix @@ -10,15 +10,34 @@ in ]; config = { - age.secrets.environment-secrets = { - file = "${self}/secrets/environment-secrets.age"; - mode = "700"; - owner = "teutat3s"; + age.secrets = { + environment-secrets = { + file = "${self}/secrets/environment-secrets.age"; + mode = "700"; + owner = "teutat3s"; + }; + drone_exec_runner_config = { + file = "${self}/secrets/drone_exec_runner_config"; + mode = "700"; + owner = "999"; + }; }; pub-solar.nextcloud.enable = mkForce false; pub-solar.docker.enable = true; pub-solar.virtualisation.enable = true; + pub-solar.docker-ci-runner = { + enable = true; + enableKvm = true; + nixCacheLocation = "/mnt/internal/ci-cache-nix-store/nix"; + + runnerEnvironment = { + DRONE_RUNNER_CAPACITY = "1"; + DRONE_RUNNER_LABELS = "hosttype:baremetal"; + }; + + runnerVarsFile = "/run/agenix/drone_exec_runner_config"; + }; home-manager.users."${psCfg.user.name}".xdg.configFile = mkIf psCfg.sway.enable { "sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf; diff --git a/secrets/drone_exec_runner_config b/secrets/drone_exec_runner_config new file mode 100644 index 00000000..49bd2b71 --- /dev/null +++ b/secrets/drone_exec_runner_config @@ -0,0 +1,13 @@ +age-encryption.org/v1 +-> ssh-ed25519 Wp/X/Q cdo0CMxdOqP1MLc3cUbOD1Ha5hW70JYK1E06NwV8SkE +M9vPqxgeAPh+l7XH6IVPITlI6Vfte5EYgQbs7+csD1A +-> ssh-ed25519 8U1+ng Ag+IfCUi6yf7tn+Nc+3rySZeGdxx5oPIZ5AyY0EYQ0c +Vi35krkHDR5ASs+Ia5iWlTsNttJr2W6vts1Ap+skrpw +-> ssh-ed25519 BVsyTA zBkihyt0U/cKlD3zeHDWchqsNYrGDZUMpdDElQamWjQ +hqdON//Mi+DMhMvUt4yh+xzW7A0aimA0feVNw8ZUxVA +-> piv-p256 xGzyzw A0u0D1ELUINR5C+s5CuuD3AlxTNT07gu76Skav/PYswi +CAd+qtKFJB8GCLJKOhzZbMwrvoIc9+czTcmtSCP50gg +-> 6j-T-grease vhW, 0O njRFEQ@` F5=qhL!Q +bccSqKLEZ9j4cjioEHWLgPVhhZUEgnkIvVLIDS0d+Z1bZQhApZNQW/KkSw +--- /QTl3uBvy9Pi+541vXLEj5SIoZ08KeiNi6lwwsb04ss +FOh>f=ڥШ` f!$^9Z~PqgRǩ]>B|^iմTD;@WT2a# @*/DQv!=>ӌT95jChKZϢ h̠&{pVxCW6?ɬLF1U=0xo*n \ No newline at end of file diff --git a/secrets/environment-secrets.age b/secrets/environment-secrets.age index cce581c2..5042dcbf 100644 --- a/secrets/environment-secrets.age +++ b/secrets/environment-secrets.age @@ -1,15 +1,14 @@ age-encryption.org/v1 --> ssh-ed25519 Wp/X/Q vi9OTQKWNMjcFxcFxjmef3uVhATya9tA1BbS4I5unX0 -uW3+5JdLQpIhFBwW54uTcI4fQ0wv8mjqTkrfL/VNiYI --> ssh-ed25519 8U1+ng RTZuwmXp/Y32S3Wl49wu1QbPOUcUKpU2wFpPPe0cXEw -Zo1l9ZFBaFF/tzOG9zV/xGQBo1pX0AI1+Y75Ak5RSVg --> ssh-ed25519 BVsyTA r4a1leF6KVyx9WlooY0UlQaYukV68xxI/0K1rUU0wzI -Pon1jMs8F43fuko3sfr6zLJ2byI4D8dPJt+MsJHncrg --> piv-p256 xGzyzw A/f+lPJUWmFp16qnKAPer03T8zx3THmsgkmuSUfyPzVT -wHs2N5YTwGP2FMZLa4xYhq8mFrjMlPjtkG7SYYk0Cc8 --> UfCyg+%_-grease -psjj). +>ln{,{q zb&?uh yZk~q( -fpOxhJ7HKFoK2YxQCcuU5wiVtclm6sScfZVuXH2lPp7D+W3LVOb+gCMVbzmRlbt3 -nn/yaOqow+uqekxIyIO16OhHJJf/dOnozOvsvkh5Wqath81g83SW4F4 ---- LPldrPY9EiCjwcNFm2fkLfsdry24htLFQmabkBT/QPw -i/t`) 5# ݘ6%Cڃ/qsa#Nsb|*8 -nWϮ9)y)e4xz칞1 0Ix#'^'1=q29F?5)~jƁZ ݔ'A`| K574rMdՐ5q*qkm'!ס\ W.K \ No newline at end of file +-> ssh-ed25519 Wp/X/Q 5CsTxMCc2bZg1W17va9ZqrPF73ZG+PZg0ivTOfQSFEA +S7KYGJF2WJuf0PFLw3K86JT03zcuZeS3IAjXu0LpJ4k +-> ssh-ed25519 8U1+ng nlNMDe8jh3BVRz9DO02n+cc3Ce5I5nYr+rwcLlBIUDU +3mKSLEi6h51icjg3tfaXRMklNqdTZ3HDzl3KTpj2nDw +-> ssh-ed25519 BVsyTA Pv/lJkT2IHRC1/m1loeAM2UyPvtsHCOSxpcisZ6Ttz0 +bQ7Pv+FoRaxWb2eLbg3APC5a7L5k7vL7ja2NkE2QbEY +-> piv-p256 xGzyzw ApPpON96Th3WnXua8GsGwM5bJbA6wuqLyXlACS9/Vwec +oixZ1qz7u0lFOKyX3GiSNkOx4omG2FtCFcfQImKzDmc +-> $wlE_&-grease @R L~p ,tK +SqB+0A8uuo41O36H6nctONyRRNe8wQ2oC8jnuP5IOa5W815+sXIq2JtqMFB4dzIz +QcrmkwPOap8HWIGnP+IZxq11b5CZrnrRVxvL/EB+uf5I +--- 4j5etIXOJvk7n0UDmfbM+hlIvk6I0MwRulrh338EdRE +E[ٿÍn=Y;Uk` l5XPC #BQ|cކmJjGۡc.|xjmkEM^1&S*VP=tꗸW7~gbv"ƕ9Kl|qo7!7 F FPo_ЧzaIpUlpRz8 Ӱc:z@>m,?aG<6XU>"NLmBɩiD z6anD \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 546da678..809b900e 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -13,5 +13,6 @@ in { "example-secret.age".publicKeys = allKeys; "environment-secrets.age".publicKeys = allKeys; + "drone_exec_runner_config".publicKeys = allKeys; "test-secret.age".publicKeys = [ users.teutat3s-5-nfc ]; }