James/eve-psr-nix0
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove legit container; Remove Hydra; setup GitLab; setup GitLab runner; add GitLab CI definitions

Browse Source
This commit is contained in:
James Eversole 2023-07-01 14:59:05 -05:00
parent 18d718a870
commit c34c7ca635
10 changed files with 116 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
.gitlab-ci.yml Normal file
View File

@ -0,0 +1,19 @@
stages:
- generate
- check
generate-flake-ci:
stage: generate
before_script:
script: nix run "git+https://git.eversole.co/james/flake-to-gitlab-ci" > flake-ci.yml
artifacts:
paths:
- flake-ci.yml
flake-ci:
stage: check
trigger:
include:
- artifact: flake-ci.yml
job: generate-flake-ci
strategy: depend

76
application/containers.nix
View File

@ -1,8 +1,28 @@
{ config, ... }: { config, lib, pkgs, ... }:
{ {
virtualisation.oci-containers = { virtualisation.oci-containers = {
containers = { containers = {
gitlab = {
image = "gitlab/gitlab-ce:latest";
ports = [ "26616:80" "26617:22" ];
volumes = [
"/home/sezycei/srv/containerdata/gitlab/config:/etc/gitlab"
"/home/sezycei/srv/containerdata/gitlab/log:/var/log/gitlab"
"/home/sezycei/srv/containerdata/gitlab/data:/var/opt/gitlab"
];
environment = {
GITLAB_OMNIBUS_CONFIG = ''
external_url 'https://git.eversole.co'
nginx['listen_port'] = 80
nginx['listen_https'] = false
gitlab_rails['gitlab_shell_ssh_port'] = 26617
'';
};
};
# gitlab-runner = a service definition in this file.
jellyfin = { jellyfin = {
image = "linuxserver/jellyfin"; image = "linuxserver/jellyfin";
ports = [ "127.0.0.1:8096:8096" "127.0.0.1:8920:8920" ]; ports = [ "127.0.0.1:8096:8096" "127.0.0.1:8920:8920" ];
@ -22,18 +42,6 @@
}; };
}; };
legit = {
image = "docker.matri.cx/legit";
ports = [ "127.0.0.1:5121:8080" ];
volumes = [
"/home/sezycei/srv/containerdata/legit/static:/static"
"/home/sezycei/srv/containerdata/legit/templates:/templates"
"/home/sezycei/srv/containerdata/legit/legit.yml:/legit.yml"
"/home/sezycei/srv/containerdata/legit/repos:/var/www/git"
];
environment = { };
};
murmur = { murmur = {
image = "goofball222/murmur"; image = "goofball222/murmur";
ports = [ "127.0.0.1:64738:64738" "127.0.0.1:64738:64738/udp" ]; ports = [ "127.0.0.1:64738:64738" "127.0.0.1:64738:64738/udp" ];
@ -81,4 +89,46 @@
}; };
}; };
services.gitlab-runner = {
enable = true;
services = {
nix = with lib; {
registrationConfigFile = toString /run/agenix/gitlab-runner;
dockerImage = "alpine";
dockerVolumes = [
"/nix/store:/nix/store:ro"
"/nix/var/nix/db:/nix/var/nix/db:ro"
"/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro"
];
preBuildScript = pkgs.writeScript "setup-container" ''
mkdir -p -m 0755 /nix/var/log/nix/drvs
mkdir -p -m 0755 /nix/var/nix/gcroots
mkdir -p -m 0755 /nix/var/nix/profiles
mkdir -p -m 0755 /nix/var/nix/temproots
mkdir -p -m 0755 /nix/var/nix/userpool
mkdir -p -m 1777 /nix/var/nix/gcroots/per-user
mkdir -p -m 1777 /nix/var/nix/profiles/per-user
mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root
mkdir -p -m 0700 "$HOME/.nix-defexpr"
. ${pkgs.nix}/etc/profile.d/nix-daemon.sh
${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixos-23.05 nixpkgs
${pkgs.nix}/bin/nix-channel --update nixpkgs
${pkgs.nix}/bin/nix-env -i ${concatStringsSep " " (with pkgs; [ nix cacert git openssh ])}
# Config
mkdir -p "$HOME/.config/nix"
echo "experimental-features = nix-command flakes" >> "$HOME/.config/nix/nix.conf"
echo "max-jobs = 8" >> "$HOME/.config/nix/nix.conf"
echo "build-cores = 8" >> "$HOME/.config/nix/nix.conf"
'';
environmentVariables = {
ENV = "/etc/profile";
USER = "root";
NIX_REMOTE = "daemon";
PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin";
NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt";
};
};
};
};
} }

2
application/nginx.nix
View File

@ -54,7 +54,7 @@
target = "http://127.0.0.1:3001"; target = "http://127.0.0.1:3001";
}; };
"eversole.co" = static { dir = "/var/www/jame.su"; }; "eversole.co" = static { dir = "/var/www/jame.su"; };
"git.eversole.co" = proxied { target = "http://127.0.0.1:5121"; }; "git.eversole.co" = proxied { target = "http://127.0.0.1:26616"; };
"graf.matri.cx" = { root = "/var/www/graf.matri.cx"; }; # refer to /monitoring/nginx.nix "graf.matri.cx" = { root = "/var/www/graf.matri.cx"; }; # refer to /monitoring/nginx.nix
"hydra.matri.cx" = proxied { "hydra.matri.cx" = proxied {
target = "http://127.0.0.1:3034"; target = "http://127.0.0.1:3034";

8
flake.nix
View File

@ -18,19 +18,16 @@
outputs = { self, nixpkgs, agenix, nix-serve-ng, ... }@attrs: outputs = { self, nixpkgs, agenix, nix-serve-ng, ... }@attrs:
let let
forEachSystem = nixpkgs.lib.genAttrs system; forEachSystem = nixpkgs.lib.genAttrs systems;
pkgs = import nixpkgs { inherit system; }; pkgs = import nixpkgs { inherit system; };
shell = import ./shell.nix { inherit agenix pkgs; }; shell = import ./shell.nix { inherit agenix pkgs; };
system = "x86_64-linux"; system = "x86_64-linux";
systems = [ system ];
in in
{ {
devShell.x86_64-linux = shell.dev; devShell.x86_64-linux = shell.dev;
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt; formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt;
hydraJobs = {
build = shell.packages.${system}.format;
};
packages = shell.packages; packages = shell.packages;
nixosConfigurations = { nixosConfigurations = {
@ -58,7 +55,6 @@
./system/hardware.nix ./system/hardware.nix
./system/nix-conf.nix ./system/nix-conf.nix
./system/security.nix ./system/security.nix
./system/build-services.nix
./system/system.nix ./system/system.nix
./system/virtualisation.nix ./system/virtualisation.nix

1
secrets.nix
View File

@ -7,6 +7,7 @@ let
in in
{ {
"secrets/cache-key.age" = { publicKeys = all; }; "secrets/cache-key.age" = { publicKeys = all; };
"secrets/gitlab-runner.age" = { publicKeys = all; };
"secrets/graf-email.age" = { publicKeys = all; }; "secrets/graf-email.age" = { publicKeys = all; };
"secrets/htpasswd-dock.age" = { publicKeys = all; }; "secrets/htpasswd-dock.age" = { publicKeys = all; };
"secrets/keys.age" = { publicKeys = all; }; "secrets/keys.age" = { publicKeys = all; };

11
secrets/gitlab-runner.age Normal file
View File

@ -0,0 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 dQ70Fw 1Y4XyvfewFemjm/3N6v2HKdO+kf3l9zWjR4gm+OL/Wo
7G5Ipgr3ZjRBpQrKWQoqLhAGYk1lwyGZBLsbiGi5eNo
-> ssh-ed25519 ZIoeGg pxNvqGCNvjT+6DrKIfZW0O28lKY7OKRtV5uvurhFWSk
fGcCiYWChBAuHJ4764adKj+btYt410oaKtfDlJzfHR4
-> A"-uU"q-grease p] \?3MHe D,
xpBFoA2Gd3mh877T3WnAvfM6eaB4QF+PXltWXWb4vD28xAZCstZX7yFJ31W/ZUW1
PcEj2vP/t4OpIRkjgBcrwi/iaaAOO4d1AH252iN9YlNVO0JJMWLcOxAB
--- ewj86Tn8VoLJ44f8q8eKrtFvDLpLVmJfhPydTDsm5VY
iräù<EFBFBD>RÔÂ>·v<ÓÉgÁxhñ>ÁØþjÓjgä
ÂYÛ £˜1—)R©ìx•C¨ë2¬'<02>î¾,d﯈s(0¶ö¸ 'ä’öd©õLIÛflÉ`g&šå—ô3ˆhÆgñAêSˆ(<28>

1
system/age.nix
View File

@ -2,6 +2,7 @@
age = { age = {
secrets = { secrets = {
cache-key.file = ../secrets/cache-key.age; cache-key.file = ../secrets/cache-key.age;
gitlab-runner.file = ../secrets/gitlab-runner.age;
graf-email = { graf-email = {
file = ../secrets/graf-email.age; file = ../secrets/graf-email.age;
mode = "770"; mode = "770";

25
system/build-services.nix
View File

@ -1,25 +0,0 @@
{ config, ... }: {
services = {
hydra = {
enable = true;
hydraURL = "https://hydra.matri.cx";
listenHost = "127.0.0.1";
port = 3034;
extraConfig = ''
using_frontend_proxy = 1
base_uri = "https://hydra.matri.cx"
'';
useSubstitutes = true;
notificationSender = "hydra@matri.cx";
buildMachinesFiles = [ ];
};
nix-serve = {
enable = true;
secretKeyFile = config.age.secrets.cache-key.path;
};
};
}

6
system/dns.nix
View File

@ -28,6 +28,12 @@
} }
} }
box.eversole.co {
template IN A {
answer "{{ .Name }} 0 IN A 149.28.112.101"
}
}
*.eversole.co { *.eversole.co {
template IN A { template IN A {
answer "{{ .Name }} 0 IN A 192.168.0.130" answer "{{ .Name }} 0 IN A 192.168.0.130"

12
system/system.nix
View File

@ -1,5 +1,6 @@
{ pkgs, ... }: { { pkgs, ... }: {
boot = { boot = {
kernel.sysctl."net.ipv4.ip_forward" = true;
loader.systemd-boot.enable = true; loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true; loader.efi.canTouchEfiVariables = true;
}; };
@ -14,5 +15,16 @@
}; };
}; };
programs.ssh.knownHosts = {
selbeiskami = {
hostNames = [ "192.168.0.57" ];
publicKey = "192.168.0.57 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBiTyWzAu7V2Jkk4rqEjBLu+lAhhkLTO8W/PGb8HkeqQ";
};
matricx = {
hostNames = [ "192.168.0.130" "matri.cx" ];
publicKey = "matri.cx ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMyaPYK0HcKAjrD1g+FPqPEU9FJ0I6+iKYmQlWKE0zHp";
};
};
time.timeZone = "America/Chicago"; time.timeZone = "America/Chicago";
} }