NixOS module for a drone ci runner in docker #147

b12f · 2022-10-22T13:09:36Z

hensoko commented

2022-10-22 13:09:36 +00:00

(Migrated from git.b12f.io)

Add module to run a drone exec runner within a docker container as user process by still providing kvm support

b12f (Migrated from git.b12f.io) reviewed 2022-10-22 13:09:43 +00:00

teutat3s (Migrated from git.b12f.io) reviewed 2022-10-22 13:09:43 +00:00

axeman (Migrated from git.b12f.io) reviewed 2022-10-22 13:09:43 +00:00

teutat3s (Migrated from git.b12f.io) approved these changes 2022-10-24 08:30:42 +00:00

modules/docker-ci-runner/default.nix Outdated

					
				@ -0,0 +43,4 @@

				in

				{

				  options.pub-solar.docker-ci-runner = {

				    enable = lib.mkEnableOption "Enables a docker container running a drone exec runner as unprivileged user.";

teutat3s (Migrated from git.b12f.io) commented

2022-10-24 08:30:42 +00:00

Where can I find the mentioned systemd service, or did I miss something?

teutat3s (Migrated from git.b12f.io) commented

2022-10-24 12:24:55 +00:00

Haha kinda misleading. I will reword this. But a docker container is created and for that NixOS adds a docker-drone-ci-runner.service.

teutat3s (Migrated from git.b12f.io) reviewed 2022-10-24 09:23:45 +00:00

modules/docker-ci-runner/default.nix Outdated

					
				@ -0,0 +36,4 @@

				    cp -a /run/vars /run/runtime-vars

				    env | grep "DRONE" >> /run/runtime-vars

				    su - -s /bin/bash build sh -c "/usr/local/bin/drone-runner-exec daemon /run/runtime-vars"

teutat3s (Migrated from git.b12f.io) commented

2022-10-24 09:23:45 +00:00

Is this meant to be the same vars as in line 93? /run/runtime-vars vs. /run/vars?

Is this meant to be the same `vars` as in line 93? `/run/runtime-vars` vs. `/run/vars`?

teutat3s (Migrated from git.b12f.io) commented

2022-10-24 09:24:27 +00:00

Ah, read two lines above, nvm :D

b12f (Migrated from git.b12f.io) reviewed 2022-10-29 20:40:32 +00:00

modules/docker-ci-runner/default.nix Outdated

					
				@ -0,0 +56,4 @@

				    nixCacheLocation = lib.mkOption {

				      description = ''

				        Location of nix cache that is shared between builds

				      '';

b12f (Migrated from git.b12f.io) commented

2022-10-29 20:40:32 +00:00

We should have a default here

b12f (Migrated from git.b12f.io) commented

2022-10-29 20:56:33 +00:00

Ack

modules/docker-ci-runner/default.nix Outdated

					
				@ -0,0 +69,4 @@

				    };

				    runnerVarsFile = lib.mkOption {

				      description = ''

b12f (Migrated from git.b12f.io) commented

2022-10-29 20:47:35 +00:00

I'd discuss age encryption here.

b12f (Migrated from git.b12f.io) commented

2022-10-29 20:56:17 +00:00

It is not necessarily age. It just requires a file to be used for vars which can also be provied like this

let
  secretsFile = pkgs.writeFile "vars" ''
    DRONE_ENVIRONMENT_VARIABLE = "I don´t know";
  '';
in
{
  pub-solar.modules.docker-ci-runner.runnerVarsFile = secretsFile;
}

It is not necessarily age. It just requires a file to be used for vars which can also be provied like this ``` let secretsFile = pkgs.writeFile "vars" '' DRONE_ENVIRONMENT_VARIABLE = "I don´t know"; ''; in { pub-solar.modules.docker-ci-runner.runnerVarsFile = secretsFile; } ```

b12f added 1 commit 2023-01-28 23:03:33 +00:00

Merge branch 'main' into feature/add-module-to-run-kvm-capable-drone-runner-in-docker

continuous-integration/drone/push Build is passing

Details

continuous-integration/drone/pr Build is failing

Details

a1cc9ea05a

b12f approved these changes 2023-01-29 17:03:27 +00:00

b12f left a comment

LGTM

modules/docker-ci-runner/default.nix Outdated

					
				@ -0,0 +43,4 @@

				in

				{

				  options.pub-solar.docker-ci-runner = {

				    enable = lib.mkEnableOption "Enables a docker container running a drone exec runner as unprivileged user.";