-
-
Save mschwaig/e65984fff6940f68aea7806c2e7b38a5 to your computer and use it in GitHub Desktop.
NixOS configuration for a Gitlab Runner used with gitlab.com
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ config, pkgs, lib, ... }: | |
with lib; | |
{ | |
imports = [ | |
./hardware-configuration.nix | |
./networking.nix # generated at runtime by nixos-infect | |
]; | |
nix = { | |
package = pkgs.nixFlakes; | |
extraOptions = '' | |
experimental-features = nix-command flakes | |
''; | |
}; | |
environment.systemPackages = with pkgs; [ | |
git (neovim.override { vimAlias = true; }) | |
]; | |
programs.vim.defaultEditor = true; | |
services.gitlab-runner = { | |
enable = true; | |
services = { | |
# runner for building via nix in docker | |
nix = { | |
registrationConfigFile = pkgs.writeText "gitlab-runner-nix-registration" '' | |
CI_SERVER_URL=https://gitlab.com/ | |
REGISTRATION_TOKEN=r3a11y-s3cr3t-t0k3n | |
''; | |
dockerImage = "alpine"; | |
dockerVolumes = [ | |
"/nix/store:/nix/store:ro" | |
"/nix/var/nix/db:/nix/var/nix/db:ro" | |
"/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro" | |
]; | |
dockerDisableCache = true; | |
preBuildScript = pkgs.writeScript "setup-container" '' | |
mkdir -p -m 0755 /nix/var/log/nix/drvs | |
mkdir -p -m 0755 /nix/var/nix/gcroots | |
mkdir -p -m 0755 /nix/var/nix/profiles | |
mkdir -p -m 0755 /nix/var/nix/temproots | |
mkdir -p -m 0755 /nix/var/nix/userpool | |
mkdir -p -m 1777 /nix/var/nix/gcroots/per-user | |
mkdir -p -m 1777 /nix/var/nix/profiles/per-user | |
mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root | |
mkdir -p -m 0700 "$HOME/.nix-defexpr" | |
. ${pkgs.nix}/etc/profile.d/nix.sh | |
${pkgs.nix}/bin/nix-env -i ${concatStringsSep " " (with pkgs; [ nix cacert git openssh ])} | |
${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixpkgs-unstable | |
${pkgs.nix}/bin/nix-channel --update nixpkgs | |
''; | |
environmentVariables = { | |
ENV = "/etc/profile"; | |
USER = "root"; | |
NIX_REMOTE = "daemon"; | |
PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin"; | |
NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"; | |
}; | |
tagList = [ "nix" ]; | |
}; | |
# runner for building docker images | |
docker-images = { | |
registrationConfigFile = pkgs.writeText "gitlab-runner-docker-images-registration" '' | |
CI_SERVER_URL=https://gitlab.com/ | |
REGISTRATION_TOKEN=r3a11y-s3cr3t-t0k3n | |
''; | |
dockerImage = "docker:stable"; | |
dockerVolumes = [ | |
"/var/run/docker.sock:/var/run/docker.sock" | |
]; | |
tagList = [ "docker-images" ]; | |
}; | |
# runner for executing stuff on host system | |
# make sure to add required packages (including git!) | |
# to `environment.systemPackages` | |
shell = { | |
registrationConfigFile = pkgs.writeText "gitlab-runner-shell-registration" '' | |
CI_SERVER_URL=https://gitlab.com/ | |
REGISTRATION_TOKEN=r3a11y-s3cr3t-t0k3n | |
''; | |
executor = "shell"; | |
tagList = [ "nix-host" ]; | |
}; | |
}; | |
}; | |
boot.cleanTmpDir = true; | |
networking.hostName = "nixos-gitlab-runner"; | |
networking.firewall.allowPing = true; | |
services.openssh.enable = true; | |
users.users.root.openssh.authorizedKeys.keys = [ | |
"ssh-ed25519 AAAHLETMEIIN mschwaig@mutalisk" | |
]; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I connected this to a repo on gitlab.com to reproduce an issue and test out how difficult it is to set up a GitLab runner on NixOS.
docker-images
for executing arbitrary docker imagesnix
for running nix commands in a specific docker image with the host's/nix/store
mounted readonlynix-host
for running nix commands in a shell directly on the Gitlab runner (for maximum caching)