aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2022-05-30 16:36:17 +0200
committerAlex Auvolat <alex@adnab.me>2022-05-30 16:36:17 +0200
commit4ec5cc43d4111150fc0b44b6a0afec2e07f8cc8d (patch)
treec9619903c6e326c150f3c2ef29760849a3fbb106
parentd47d4e93ab8682710e80eec8c7c9d6a7d2f14202 (diff)
downloadnixcfg-4ec5cc43d4111150fc0b44b6a0afec2e07f8cc8d.tar.gz
nixcfg-4ec5cc43d4111150fc0b44b6a0afec2e07f8cc8d.zip
Drone runner VM almost works
-rw-r--r--app/drone-ci/build/build-qcow2.nix2
-rw-r--r--app/drone-ci/build/machine-config.nix21
-rw-r--r--app/drone-ci/deploy/runner-vm.hcl14
3 files changed, 32 insertions, 5 deletions
diff --git a/app/drone-ci/build/build-qcow2.nix b/app/drone-ci/build/build-qcow2.nix
index 266ba2c..3ad45f4 100644
--- a/app/drone-ci/build/build-qcow2.nix
+++ b/app/drone-ci/build/build-qcow2.nix
@@ -12,7 +12,7 @@ with lib;
system.build.qcow2 = import <nixpkgs/nixos/lib/make-disk-image.nix> {
inherit lib config;
pkgs = import <nixpkgs> { inherit (pkgs) system; }; # ensure we use the regular qemu-kvm package
- diskSize = 8192;
+ diskSize = 32768;
format = "qcow2";
configFile = pkgs.writeText "configuration.nix"
''
diff --git a/app/drone-ci/build/machine-config.nix b/app/drone-ci/build/machine-config.nix
index 3b55078..e1d24a1 100644
--- a/app/drone-ci/build/machine-config.nix
+++ b/app/drone-ci/build/machine-config.nix
@@ -14,11 +14,22 @@ with lib;
autoResize = true;
};
+ fileSystems."/secrets" = {
+ device = "/dev/disk/by-label/QEMU\\x20VVFAT";
+ fsType = "vfat";
+ };
+
boot.growPartition = true;
boot.kernelParams = [ "console=ttyS0" ];
boot.loader.grub.device = "/dev/vda";
boot.loader.timeout = 0;
+ environment.systemPackages = with pkgs; [
+ iotop
+ jnettop
+ htop
+ ];
+
users.extraUsers.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJpaBZdYxHqMxhv2RExAOa7nkKhPBOHupMP3mYaZ73w9 lx@lindy"
];
@@ -31,11 +42,17 @@ with lib;
virtualisation.docker.enable = true;
virtualisation.oci-containers.backend = "docker";
+ systemd.user.services.drone_nix_setup = {
+ script = ''
+ docker run --rm -it -v /var/lib/drone/nix:/mnt nixpkgs/nix:nixos-21.05 cp -r /nix/{store,var} /mnt/
+ '';
+ wantedBy = [ "multi-user.target" ];
+ };
virtualisation.oci-containers.containers = {
drone_runner = {
image = "drone/drone-runner-docker:1.4.0";
volumes = [
- "/nix:/nix"
+ "/var/lib/drone/nix:/nix"
"/var/run/docker.sock:/var/run/docker.sock"
];
environment = {
@@ -49,7 +66,7 @@ with lib;
DRONE_RUNNER_LABELS = "nix:1";
};
environmentFiles = [
- "/dev/qemu/dronesecret0"
+ "/secrets/secret_env"
];
};
drone_gc = {
diff --git a/app/drone-ci/deploy/runner-vm.hcl b/app/drone-ci/deploy/runner-vm.hcl
index 28beeb8..5271b05 100644
--- a/app/drone-ci/deploy/runner-vm.hcl
+++ b/app/drone-ci/deploy/runner-vm.hcl
@@ -4,7 +4,15 @@ job "drone-runner" {
group "runner-vm" {
network {
- port "ssh" { }
+ port "ssh" {
+ static = 22544
+ }
+ }
+
+ constraint {
+ attribute = "${attr.unique.hostname}"
+ operator = "="
+ value = "caribou"
}
task "drone-runner-vm" {
@@ -14,7 +22,9 @@ job "drone-runner" {
image_path = "local/drone-runner.qcow2"
accelerator = "kvm"
args = [
- "-object", "secret,id=dronesecret0,file=secrets/secret_env"
+ "-drive", "index=1,file=fat:rw:/var/lib/nomad/alloc/${NOMAD_ALLOC_ID}/${NOMAD_TASK_NAME}/secrets,format=raw,media=disk",
+ "-device", "e1000,netdev=user.0",
+ "-netdev", "user,id=user.0,hostfwd=tcp::${NOMAD_PORT_ssh}-:22",
]
port_map {
ssh = 22