mirror of
https://github.com/phfroidmont/self-hosting.git
synced 2025-12-25 13:46:59 +01:00
Move gitlab-runner to hel1
This commit is contained in:
Paul-Henri Froidmont
parent
66c62a2e40
commit
0d3f1b4afc
GPG key ID:
BE948AFD7E7873BE
4 changed files with 28 additions and 22 deletions
|
|
@ -11,15 +11,10 @@ in
|
||||||
{
|
{
|
||||||
options.custom.services.gitlab-runner = {
|
options.custom.services.gitlab-runner = {
|
||||||
enable = mkEnableOption "gitlab-runner";
|
enable = mkEnableOption "gitlab-runner";
|
||||||
|
runnerRegistrationConfigFile = lib.mkOption { type = lib.types.path; };
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
sops.secrets = {
|
|
||||||
runnerRegistrationConfig = {
|
|
||||||
owner = config.users.users.gitlab-runner.name;
|
|
||||||
key = "gitlab/runner_registration_config";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
users.groups.gitlab-runner = { };
|
users.groups.gitlab-runner = { };
|
||||||
users.users.gitlab-runner = {
|
users.users.gitlab-runner = {
|
||||||
|
|
@ -35,16 +30,13 @@ in
|
||||||
localAddress = "192.168.100.2";
|
localAddress = "192.168.100.2";
|
||||||
|
|
||||||
bindMounts = {
|
bindMounts = {
|
||||||
"${config.sops.secrets.runnerRegistrationConfig.path}" = {
|
"${cfg.runnerRegistrationConfigFile}" = {
|
||||||
hostPath = config.sops.secrets.runnerRegistrationConfig.path;
|
hostPath = cfg.runnerRegistrationConfigFile;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config =
|
config =
|
||||||
let
|
{ config, ... }:
|
||||||
hostConfig = config;
|
|
||||||
in
|
|
||||||
args@{ config, ... }:
|
|
||||||
{
|
{
|
||||||
|
|
||||||
nix = {
|
nix = {
|
||||||
|
|
@ -80,7 +72,7 @@ in
|
||||||
enable = true;
|
enable = true;
|
||||||
services = {
|
services = {
|
||||||
shell = {
|
shell = {
|
||||||
authenticationTokenConfigFile = hostConfig.sops.secrets.runnerRegistrationConfig.path;
|
authenticationTokenConfigFile = cfg.runnerRegistrationConfigFile;
|
||||||
executor = "shell";
|
executor = "shell";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
@ -93,7 +85,7 @@ in
|
||||||
Group = config.users.groups.gitlab-runner.name;
|
Group = config.users.groups.gitlab-runner.name;
|
||||||
};
|
};
|
||||||
|
|
||||||
system.stateVersion = "22.05";
|
system.stateVersion = "24.05";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,5 @@
|
||||||
{
|
{
|
||||||
config,
|
config,
|
||||||
lib,
|
|
||||||
pkgs,
|
|
||||||
pkgs-unstable,
|
|
||||||
inputs,
|
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
{
|
{
|
||||||
|
|
@ -13,8 +9,21 @@
|
||||||
../modules
|
../modules
|
||||||
];
|
];
|
||||||
|
|
||||||
|
sops.secrets = {
|
||||||
|
runnerRegistrationConfig = {
|
||||||
|
owner = config.users.users.gitlab-runner.name;
|
||||||
|
key = "gitlab/runner_registration_config/hel1";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
time.timeZone = "Europe/Amsterdam";
|
time.timeZone = "Europe/Amsterdam";
|
||||||
|
|
||||||
|
networking.nat = {
|
||||||
|
enable = true;
|
||||||
|
internalInterfaces = [ "ve-+" ];
|
||||||
|
externalInterface = "enp41s0";
|
||||||
|
};
|
||||||
|
|
||||||
disko.devices = {
|
disko.devices = {
|
||||||
disk = {
|
disk = {
|
||||||
nvme0 = {
|
nvme0 = {
|
||||||
|
|
@ -160,6 +169,10 @@
|
||||||
|
|
||||||
custom = {
|
custom = {
|
||||||
services.openssh.enable = true;
|
services.openssh.enable = true;
|
||||||
|
services.gitlab-runner = {
|
||||||
|
enable = true;
|
||||||
|
runnerRegistrationConfigFile = config.sops.secrets.runnerRegistrationConfig.path;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -118,7 +118,6 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx.enable = true;
|
services.nginx.enable = true;
|
||||||
services.gitlab-runner.enable = true;
|
|
||||||
services.openssh.enable = true;
|
services.openssh.enable = true;
|
||||||
services.jellyfin.enable = true;
|
services.jellyfin.enable = true;
|
||||||
services.stb.enable = true;
|
services.stb.enable = true;
|
||||||
|
|
|
||||||
|
|
@ -7,7 +7,9 @@ nix:
|
||||||
cache_secret_key: ENC[AES256_GCM,data:Q2mRU+EuTyqjYNvbuyGLqoDSqa/7EPlzNuCJU7QUBRSozf1D4dDzAPNU47xZ2rKcjz6Eg4OhAZLlGeFw9le8SzHOSJ65UYHoMMc6Rpvv/fPhgg2s2UMArrqyO3ultj1pVe3eIIRzBQcdoFqVDg==,iv:jhMTWEO6ahcZl+Dq6mA+mWIie8T0Dq1ZYe/HHYAD5ss=,tag:2GRmd2z96+TGI7MdvOBEdA==,type:str]
|
cache_secret_key: ENC[AES256_GCM,data:Q2mRU+EuTyqjYNvbuyGLqoDSqa/7EPlzNuCJU7QUBRSozf1D4dDzAPNU47xZ2rKcjz6Eg4OhAZLlGeFw9le8SzHOSJ65UYHoMMc6Rpvv/fPhgg2s2UMArrqyO3ultj1pVe3eIIRzBQcdoFqVDg==,iv:jhMTWEO6ahcZl+Dq6mA+mWIie8T0Dq1ZYe/HHYAD5ss=,tag:2GRmd2z96+TGI7MdvOBEdA==,type:str]
|
||||||
gitlab:
|
gitlab:
|
||||||
password: ENC[AES256_GCM,data:ellmwJv7zasbAD3hzAkSSJ4Z9qHqmlernG0=,iv:czXgy9wnDHLSrzefL+nKfbPm6DhZwpNARkUxNsBDHzM=,tag:NYXTjgaUAvOOeJlGe5fchQ==,type:str]
|
password: ENC[AES256_GCM,data:ellmwJv7zasbAD3hzAkSSJ4Z9qHqmlernG0=,iv:czXgy9wnDHLSrzefL+nKfbPm6DhZwpNARkUxNsBDHzM=,tag:NYXTjgaUAvOOeJlGe5fchQ==,type:str]
|
||||||
runner_registration_config: ENC[AES256_GCM,data:R+9UIDgrTx8xiz4DRRjB4ocyib43lIfQyxWTW+d8/UzkA87GFIraSLIjhnoDFhk57s3jQGUtmudl709z410V8+EXbLB81gl1mJqaXQ==,iv:qckhsamd24VVTB7glMcVyMsLJo9jON3Nc9JfeGOM0xI=,tag:/DOmtSrQOoIzpMHH/oBnFQ==,type:str]
|
runner_registration_config:
|
||||||
|
storage1: ENC[AES256_GCM,data:rYaKEZaJEIXTgLCrSGw7IqahrEBrD6cpwf+dB1C1mrUn395PcZ7A/er5765WKTuaFHsOUyZ7Lsj1fDl1bzbr1xnhkPE3/gCJFy7OLg==,iv:WCz4mEJO6BZbeAPhccfoMI3EYh1Kil40AWj6sU1bR9s=,tag:+DqVtAZpt288S7HAoZKcEw==,type:str]
|
||||||
|
hel1: ENC[AES256_GCM,data:wP7WidQ+w7V/Dk5eKOg2bO1ZQaTvRMwPK0nadncDZNMsZnU8OcfS3KDDufvZPO33oWd0LfjxqNPikppqOt9T00uO2JoTek8KOzQ75iSwZA==,iv:iEn76embp30/CVyqtOoTNvo0xo8QTZ2hW6wCkwkOM28=,tag:6d/IbI2YnSbZDksfxUlkbw==,type:str]
|
||||||
synapse:
|
synapse:
|
||||||
db_password: ENC[AES256_GCM,data:hy2BgTsRaZDQZULTW/csmnRy5ZjDEuPqxyuINv0ov5pFzDkozJVL1wut3HgBXjYZ8bqNjS5pCPQtkznw,iv:i41zKGwvPGIEZP0ZjhRaY4UMeOXBovQmLr1e1ewZhV4=,tag:3kKKYouH+lOrNxPJE5ul/Q==,type:str]
|
db_password: ENC[AES256_GCM,data:hy2BgTsRaZDQZULTW/csmnRy5ZjDEuPqxyuINv0ov5pFzDkozJVL1wut3HgBXjYZ8bqNjS5pCPQtkznw,iv:i41zKGwvPGIEZP0ZjhRaY4UMeOXBovQmLr1e1ewZhV4=,tag:3kKKYouH+lOrNxPJE5ul/Q==,type:str]
|
||||||
macaroon_secret_key: ENC[AES256_GCM,data:6n1gCit2MC8l4VR9DSUR87BB+hY5Oza33423sbV8sNIXmZsPzhyvxaBalK/0TVjLH6Q=,iv:OgHxNG96ZW4+LPZhLAtOD01Wibad6vSX6s4BrPE67YE=,tag:OGIz/ufUwt8/pUMLvoaXtg==,type:str]
|
macaroon_secret_key: ENC[AES256_GCM,data:6n1gCit2MC8l4VR9DSUR87BB+hY5Oza33423sbV8sNIXmZsPzhyvxaBalK/0TVjLH6Q=,iv:OgHxNG96ZW4+LPZhLAtOD01Wibad6vSX6s4BrPE67YE=,tag:OGIz/ufUwt8/pUMLvoaXtg==,type:str]
|
||||||
|
|
@ -71,8 +73,8 @@ sops:
|
||||||
azure_kv: []
|
azure_kv: []
|
||||||
hc_vault: []
|
hc_vault: []
|
||||||
age: []
|
age: []
|
||||||
lastmodified: "2024-09-11T18:58:46Z"
|
lastmodified: "2024-12-05T15:21:41Z"
|
||||||
mac: ENC[AES256_GCM,data:NeD6/1DBlvW9vyReJJVBb8YY8qnMPZE0pobvNNdq/0dJKQfnAEndEokqWrRCuzd8oFuMbSmb4CDMX3N6r6nypGi4MMeeBAxPqlHO8aHAZ+XSrAh0XPNmcUnTYUP/zhJA9mp2fyWWgQT4gMEQslKVHDiCd68yOrj2wOr9Nx4CW8Y=,iv:eUyv6w/hXdxGg/1y2CU/WjEivzctCKO3Yw66ToEolH0=,tag:nFh240Xx1+dtLpz9P4U6gA==,type:str]
|
mac: ENC[AES256_GCM,data:8p+Am3IjJZoBmZDwOSymSVeMrbaXfgHO1BZhq8Sdn/pFCGC2/et8xg/heQ7JGBRQMER2AzIdtreTe9f+6NJLYdRuh0CghwxKHfcykUSBNkgzc2bDFLD+xAFWhFoYJx9YZvuDuOeU6rQ/YVSunDYu4K7aX5KdCLon2+1MOtDHZXo=,iv:gW1hBzHSxugVl09FT1HhL2J/9HccwfLFwSEKdei5mLg=,tag:ncQof/HBVGht+xfna6AC2Q==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2024-12-05T00:56:17Z"
|
- created_at: "2024-12-05T00:56:17Z"
|
||||||
enc: |-
|
enc: |-
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue