Move gitlab-runner to hel1

2025-12-25 05:36:59 +01:00 · 2024-12-07 21:49:38 +01:00 · 2024-12-07 21:49:38 +01:00 · 0d3f1b4afc
commit 0d3f1b4afc
parent 66c62a2e40
4 changed files with 28 additions and 22 deletions
--- a/modules/gitlab-runner.nix
+++ b/modules/gitlab-runner.nix
@ -11,15 +11,10 @@ in
 {
  options.custom.services.gitlab-runner = {
    enable = mkEnableOption "gitlab-runner";
+    runnerRegistrationConfigFile = lib.mkOption { type = lib.types.path; };
  };

  config = mkIf cfg.enable {
-    sops.secrets = {
-      runnerRegistrationConfig = {
-        owner = config.users.users.gitlab-runner.name;
-        key = "gitlab/runner_registration_config";
-      };
-    };

    users.groups.gitlab-runner = { };
    users.users.gitlab-runner = {
@ -35,16 +30,13 @@ in
      localAddress = "192.168.100.2";

      bindMounts = {
-        "${config.sops.secrets.runnerRegistrationConfig.path}" = {
-          hostPath = config.sops.secrets.runnerRegistrationConfig.path;
+        "${cfg.runnerRegistrationConfigFile}" = {
+          hostPath = cfg.runnerRegistrationConfigFile;
        };
      };

      config =
-        let
-          hostConfig = config;
-        in
-        args@{ config, ... }:
+        { config, ... }:
        {

          nix = {
@ -80,7 +72,7 @@ in
              enable = true;
              services = {
                shell = {
-                  authenticationTokenConfigFile = hostConfig.sops.secrets.runnerRegistrationConfig.path;
+                  authenticationTokenConfigFile = cfg.runnerRegistrationConfigFile;
                  executor = "shell";
                };
              };
@ -93,7 +85,7 @@ in
            Group = config.users.groups.gitlab-runner.name;
          };

-          system.stateVersion = "22.05";
+          system.stateVersion = "24.05";
        };
    };
  };
--- a/profiles/hel.nix
+++ b/profiles/hel.nix
@ -1,9 +1,5 @@
 {
  config,
-  lib,
-  pkgs,
-  pkgs-unstable,
-  inputs,
  ...
 }:
 {
@ -13,8 +9,21 @@
    ../modules
  ];

+  sops.secrets = {
+    runnerRegistrationConfig = {
+      owner = config.users.users.gitlab-runner.name;
+      key = "gitlab/runner_registration_config/hel1";
+    };
+  };
+
  time.timeZone = "Europe/Amsterdam";

+  networking.nat = {
+    enable = true;
+    internalInterfaces = [ "ve-+" ];
+    externalInterface = "enp41s0";
+  };
+
  disko.devices = {
    disk = {
      nvme0 = {
@ -160,6 +169,10 @@

  custom = {
    services.openssh.enable = true;
+    services.gitlab-runner = {
+      enable = true;
+      runnerRegistrationConfigFile = config.sops.secrets.runnerRegistrationConfig.path;
+    };
  };

 }
--- a/profiles/storage.nix
+++ b/profiles/storage.nix
@ -118,7 +118,6 @@
    };

    services.nginx.enable = true;
-    services.gitlab-runner.enable = true;
    services.openssh.enable = true;
    services.jellyfin.enable = true;
    services.stb.enable = true;
--- a/secrets.enc.yml
+++ b/secrets.enc.yml
@ -7,7 +7,9 @@ nix:
    cache_secret_key: ENC[AES256_GCM,data:Q2mRU+EuTyqjYNvbuyGLqoDSqa/7EPlzNuCJU7QUBRSozf1D4dDzAPNU47xZ2rKcjz6Eg4OhAZLlGeFw9le8SzHOSJ65UYHoMMc6Rpvv/fPhgg2s2UMArrqyO3ultj1pVe3eIIRzBQcdoFqVDg==,iv:jhMTWEO6ahcZl+Dq6mA+mWIie8T0Dq1ZYe/HHYAD5ss=,tag:2GRmd2z96+TGI7MdvOBEdA==,type:str]
 gitlab:
    password: ENC[AES256_GCM,data:ellmwJv7zasbAD3hzAkSSJ4Z9qHqmlernG0=,iv:czXgy9wnDHLSrzefL+nKfbPm6DhZwpNARkUxNsBDHzM=,tag:NYXTjgaUAvOOeJlGe5fchQ==,type:str]
-    runner_registration_config: ENC[AES256_GCM,data:R+9UIDgrTx8xiz4DRRjB4ocyib43lIfQyxWTW+d8/UzkA87GFIraSLIjhnoDFhk57s3jQGUtmudl709z410V8+EXbLB81gl1mJqaXQ==,iv:qckhsamd24VVTB7glMcVyMsLJo9jON3Nc9JfeGOM0xI=,tag:/DOmtSrQOoIzpMHH/oBnFQ==,type:str]
+    runner_registration_config:
+        storage1: ENC[AES256_GCM,data:rYaKEZaJEIXTgLCrSGw7IqahrEBrD6cpwf+dB1C1mrUn395PcZ7A/er5765WKTuaFHsOUyZ7Lsj1fDl1bzbr1xnhkPE3/gCJFy7OLg==,iv:WCz4mEJO6BZbeAPhccfoMI3EYh1Kil40AWj6sU1bR9s=,tag:+DqVtAZpt288S7HAoZKcEw==,type:str]
+        hel1: ENC[AES256_GCM,data:wP7WidQ+w7V/Dk5eKOg2bO1ZQaTvRMwPK0nadncDZNMsZnU8OcfS3KDDufvZPO33oWd0LfjxqNPikppqOt9T00uO2JoTek8KOzQ75iSwZA==,iv:iEn76embp30/CVyqtOoTNvo0xo8QTZ2hW6wCkwkOM28=,tag:6d/IbI2YnSbZDksfxUlkbw==,type:str]
 synapse:
    db_password: ENC[AES256_GCM,data:hy2BgTsRaZDQZULTW/csmnRy5ZjDEuPqxyuINv0ov5pFzDkozJVL1wut3HgBXjYZ8bqNjS5pCPQtkznw,iv:i41zKGwvPGIEZP0ZjhRaY4UMeOXBovQmLr1e1ewZhV4=,tag:3kKKYouH+lOrNxPJE5ul/Q==,type:str]
    macaroon_secret_key: ENC[AES256_GCM,data:6n1gCit2MC8l4VR9DSUR87BB+hY5Oza33423sbV8sNIXmZsPzhyvxaBalK/0TVjLH6Q=,iv:OgHxNG96ZW4+LPZhLAtOD01Wibad6vSX6s4BrPE67YE=,tag:OGIz/ufUwt8/pUMLvoaXtg==,type:str]
@ -71,8 +73,8 @@ sops:
    azure_kv: []
    hc_vault: []
    age: []
-    lastmodified: "2024-09-11T18:58:46Z"
-    mac: ENC[AES256_GCM,data:NeD6/1DBlvW9vyReJJVBb8YY8qnMPZE0pobvNNdq/0dJKQfnAEndEokqWrRCuzd8oFuMbSmb4CDMX3N6r6nypGi4MMeeBAxPqlHO8aHAZ+XSrAh0XPNmcUnTYUP/zhJA9mp2fyWWgQT4gMEQslKVHDiCd68yOrj2wOr9Nx4CW8Y=,iv:eUyv6w/hXdxGg/1y2CU/WjEivzctCKO3Yw66ToEolH0=,tag:nFh240Xx1+dtLpz9P4U6gA==,type:str]
+    lastmodified: "2024-12-05T15:21:41Z"
+    mac: ENC[AES256_GCM,data:8p+Am3IjJZoBmZDwOSymSVeMrbaXfgHO1BZhq8Sdn/pFCGC2/et8xg/heQ7JGBRQMER2AzIdtreTe9f+6NJLYdRuh0CghwxKHfcykUSBNkgzc2bDFLD+xAFWhFoYJx9YZvuDuOeU6rQ/YVSunDYu4K7aX5KdCLon2+1MOtDHZXo=,iv:gW1hBzHSxugVl09FT1HhL2J/9HccwfLFwSEKdei5mLg=,tag:ncQof/HBVGht+xfna6AC2Q==,type:str]
    pgp:
        - created_at: "2024-12-05T00:56:17Z"
          enc: |-