forked from pub-solar/os
Merge branch 'main' into feature/mailman
This commit is contained in:
commit
2a756869e3
|
@ -11,7 +11,7 @@ steps:
|
|||
event:
|
||||
- pull_request
|
||||
environment:
|
||||
NIX_FLAGS: "--print-build-logs --verbose"
|
||||
NIX_FLAGS: "--print-build-logs --verbose --accept-flake-config"
|
||||
commands:
|
||||
- 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS'
|
||||
- nix $$NIX_FLAGS develop --command nix flake show
|
||||
|
@ -27,7 +27,7 @@ node:
|
|||
steps:
|
||||
- name: "Tests"
|
||||
environment:
|
||||
NIX_FLAGS: "--print-build-logs --verbose"
|
||||
NIX_FLAGS: "--print-build-logs --verbose --accept-flake-config"
|
||||
commands:
|
||||
- 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS'
|
||||
- nix $$NIX_FLAGS build ".#checks.x86_64-linux.customTestFor-PubSolarOS-firstTest"
|
||||
|
@ -93,7 +93,7 @@ steps:
|
|||
- name: "Build ISO"
|
||||
image: docker.nix-community.org/nixpkgs/nix-flakes:latest
|
||||
environment:
|
||||
NIX_FLAGS: "--print-build-logs --verbose"
|
||||
NIX_FLAGS: "--print-build-logs --verbose --accept-flake-config"
|
||||
volumes:
|
||||
- name: file-exchange
|
||||
path: /var/nix/iso-cache
|
||||
|
|
72
flake.lock
72
flake.lock
|
@ -386,41 +386,6 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"naersk": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixos"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1671096816,
|
||||
"narHash": "sha256-ezQCsNgmpUHdZANDCILm3RvtO1xH8uujk/+EqNvzIOg=",
|
||||
"owner": "nmattia",
|
||||
"repo": "naersk",
|
||||
"rev": "d998160d6a076cfe8f9741e56aeec7e267e3e114",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nmattia",
|
||||
"repo": "naersk",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixlib": {
|
||||
"locked": {
|
||||
"lastModified": 1636849918,
|
||||
"narHash": "sha256-nzUK6dPcTmNVrgTAC1EOybSMsrcx+QrVPyqRdyKLkjA=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixpkgs.lib",
|
||||
"rev": "28a5b0557f14124608db68d3ee1f77e9329e9dd5",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "nixpkgs.lib",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixos": {
|
||||
"locked": {
|
||||
"lastModified": 1674781052,
|
||||
|
@ -437,25 +402,6 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixos-generators": {
|
||||
"inputs": {
|
||||
"nixlib": "nixlib",
|
||||
"nixpkgs": "nixpkgs"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1674666581,
|
||||
"narHash": "sha256-KNI2s/xrL7WOYaPJAWKBtb7cCH3335rLfsL+B+ssuGY=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixos-generators",
|
||||
"rev": "6a5dc1d3d557ea7b5c19b15ff91955124d0400fa",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "nixos-generators",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1674550793,
|
||||
|
@ -471,22 +417,6 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1637186689,
|
||||
"narHash": "sha256-NU7BhgnwA/3ibmCeSzFK6xGi+Bari9mPfn+4cBmyEjw=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "7fad01d9d5a3f82081c00fb57918d64145dc904c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixpkgs-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1657292830,
|
||||
|
@ -525,9 +455,7 @@
|
|||
"home": "home",
|
||||
"keycloak-theme-pub-solar": "keycloak-theme-pub-solar",
|
||||
"latest": "latest_2",
|
||||
"naersk": "naersk",
|
||||
"nixos": "nixos",
|
||||
"nixos-generators": "nixos-generators",
|
||||
"nixos-hardware": "nixos-hardware",
|
||||
"nur": "nur",
|
||||
"triton-vmtools": "triton-vmtools"
|
||||
|
|
17
flake.nix
17
flake.nix
|
@ -31,13 +31,8 @@
|
|||
agenix.url = "github:ryantm/agenix";
|
||||
agenix.inputs.nixpkgs.follows = "nixos";
|
||||
|
||||
naersk.url = "github:nmattia/naersk";
|
||||
naersk.inputs.nixpkgs.follows = "nixos";
|
||||
|
||||
nixos-hardware.url = "github:nixos/nixos-hardware";
|
||||
|
||||
nixos-generators.url = "github:nix-community/nixos-generators";
|
||||
|
||||
triton-vmtools.url = "git+https://git.b12f.io/pub-solar/infra?ref=main&dir=vmtools";
|
||||
triton-vmtools.inputs.nixpkgs.follows = "nixos";
|
||||
|
||||
|
@ -152,8 +147,16 @@
|
|||
};
|
||||
};
|
||||
users = {
|
||||
pub-solar = {suites, ...}: {imports = suites.base;};
|
||||
barkeeper = {suites, ...}: {imports = suites.base;};
|
||||
pub-solar = {suites, ...}: {
|
||||
imports = suites.base;
|
||||
|
||||
home.stateVersion = "21.03";
|
||||
};
|
||||
barkeeper = {suites, ...}: {
|
||||
imports = suites.base;
|
||||
|
||||
home.stateVersion = "21.03";
|
||||
};
|
||||
}; # digga.lib.importers.rakeLeaves ./users/hm;
|
||||
};
|
||||
|
||||
|
|
109
modules/docker-ci-runner/default.nix
Normal file
109
modules/docker-ci-runner/default.nix
Normal file
|
@ -0,0 +1,109 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
self,
|
||||
...
|
||||
}:
|
||||
with lib; let
|
||||
bootstrap = pkgs.writeScript "bootstrap.sh" ''
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -e
|
||||
|
||||
apt update
|
||||
apt install --yes curl git sudo xz-utils
|
||||
|
||||
adduser --system --uid 999 build
|
||||
chown build /nix
|
||||
|
||||
sudo -u build curl -L https://nixos.org/nix/install > install
|
||||
sudo -u build sh install
|
||||
|
||||
echo "export PATH=/nix/var/nix/profiles/per-user/build/profile/bin:''$PATH" >> /etc/profile
|
||||
|
||||
mkdir /etc/nix
|
||||
echo 'experimental-features = nix-command flakes' >> /etc/nix/nix.conf
|
||||
|
||||
export nix_user_config_file="/home/build/.local/share/nix/trusted-settings.json"
|
||||
mkdir -p $(dirname \\$nix_user_config_file)
|
||||
echo '{"extra-experimental-features":{"nix-command flakes":true},"extra-substituters":{"https://nix-dram.cachix.org https://dram.cachix.org https://nrdxp.cachix.org https://nix-community.cachix.org":true},"extra-trusted-public-keys":{"nix-dram.cachix.org-1:CKjZ0L1ZiqH3kzYAZRt8tg8vewAx5yj8Du/+iR8Efpg= dram.cachix.org-1:baoy1SXpwYdKbqdTbfKGTKauDDeDlHhUpC+QuuILEMY= nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=":true}}' > \\$nix_user_config_file
|
||||
chown -R build /home/build/
|
||||
|
||||
curl -L https://github.com/drone-runners/drone-runner-exec/releases/latest/download/drone_runner_exec_linux_amd64.tar.gz | tar xz
|
||||
sudo install -t /usr/local/bin drone-runner-exec
|
||||
|
||||
if [ ! -f /run/vars ]; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
cp -a /run/vars /run/runtime-vars
|
||||
env | grep "DRONE" >> /run/runtime-vars
|
||||
|
||||
su - -s /bin/bash build sh -c "/usr/local/bin/drone-runner-exec daemon /run/runtime-vars"
|
||||
'';
|
||||
psCfg = config.pub-solar;
|
||||
cfg = config.pub-solar.docker-ci-runner;
|
||||
in {
|
||||
options.pub-solar.docker-ci-runner = {
|
||||
enable = lib.mkEnableOption "Enables a docker container running a drone exec runner as unprivileged user.";
|
||||
|
||||
enableKvm = lib.mkOption {
|
||||
description = ''
|
||||
Enable kvm support.
|
||||
'';
|
||||
default = true;
|
||||
type = types.bool;
|
||||
};
|
||||
|
||||
nixCacheLocation = lib.mkOption {
|
||||
description = ''
|
||||
Location of nix cache that is shared between builds
|
||||
'';
|
||||
default = "/var/lib/docker-ci-runner";
|
||||
type = types.path;
|
||||
};
|
||||
|
||||
runnerEnvironment = lib.mkOption {
|
||||
description = ''
|
||||
Additional environment vars added to the vars file on container runtime
|
||||
'';
|
||||
default = {};
|
||||
};
|
||||
|
||||
runnerVarsFile = lib.mkOption {
|
||||
description = ''
|
||||
Location of vars file passed to drone runner
|
||||
'';
|
||||
type = types.path;
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
virtualisation = {
|
||||
docker = {
|
||||
enable = true; # sadly podman is not supported rightnow
|
||||
};
|
||||
|
||||
oci-containers = {
|
||||
backend = "docker";
|
||||
containers."drone-exec-runner" = {
|
||||
image = "debian";
|
||||
autoStart = true;
|
||||
entrypoint = "bash";
|
||||
cmd = ["/bootstrap.sh"];
|
||||
|
||||
volumes = [
|
||||
"${cfg.runnerVarsFile}:/run/vars"
|
||||
"${cfg.nixCacheLocation}:/nix"
|
||||
"${bootstrap}:/bootstrap.sh"
|
||||
];
|
||||
|
||||
environment = cfg.runnerEnvironment;
|
||||
|
||||
extraOptions = lib.mkIf cfg.enableKvm ["--device=/dev/kvm"];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -88,15 +88,5 @@ in {
|
|||
|
||||
# Allow unfree packages only on a user basis, not on a system-wide basis
|
||||
xdg.configFile."nixpkgs/config.nix".text = " { allowUnfree = true; } ";
|
||||
|
||||
# This value determines the Home Manager release that your
|
||||
# configuration is compatible with. This helps avoid breakage
|
||||
# when a new Home Manager release introduces backwards
|
||||
# incompatible changes.
|
||||
#
|
||||
# You can update Home Manager without changing this value. See
|
||||
# the Home Manager release notes for a list of state version
|
||||
# changes in each release.
|
||||
home.stateVersion = "21.03";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -17,6 +17,7 @@
|
|||
shellcheck
|
||||
shfmt
|
||||
treefmt
|
||||
nixos-generators
|
||||
;
|
||||
|
||||
inherit
|
||||
|
@ -62,7 +63,7 @@ in {
|
|||
(devos cachix)
|
||||
]
|
||||
++ lib.optionals (pkgs.stdenv.hostPlatform.isLinux && !pkgs.stdenv.buildPlatform.isDarwin) [
|
||||
(devos inputs.nixos-generators.defaultPackage.${pkgs.system})
|
||||
(devos nixos-generators)
|
||||
(devos deploy-rs)
|
||||
];
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue