diff options
author | Alex Auvolat <alex@adnab.me> | 2022-05-30 14:57:05 +0200 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2022-05-30 14:57:05 +0200 |
commit | d47d4e93ab8682710e80eec8c7c9d6a7d2f14202 (patch) | |
tree | a0039fb674a7150c0338707606a20c9d62ced1e5 /app/drone-ci/build | |
parent | 2d9adf82d04261f420af4cc5482e442297741a5d (diff) | |
download | nixcfg-d47d4e93ab8682710e80eec8c7c9d6a7d2f14202.tar.gz nixcfg-d47d4e93ab8682710e80eec8c7c9d6a7d2f14202.zip |
Work on drone runner as VM
Diffstat (limited to 'app/drone-ci/build')
-rw-r--r-- | app/drone-ci/build/.gitignore | 2 | ||||
-rw-r--r-- | app/drone-ci/build/Makefile | 8 | ||||
-rw-r--r-- | app/drone-ci/build/build-qcow2.nix | 24 | ||||
-rw-r--r-- | app/drone-ci/build/machine-config.nix | 68 |
4 files changed, 102 insertions, 0 deletions
diff --git a/app/drone-ci/build/.gitignore b/app/drone-ci/build/.gitignore new file mode 100644 index 0000000..ef92077 --- /dev/null +++ b/app/drone-ci/build/.gitignore @@ -0,0 +1,2 @@ +result/ +*.qcow2.zst diff --git a/app/drone-ci/build/Makefile b/app/drone-ci/build/Makefile new file mode 100644 index 0000000..2814a0d --- /dev/null +++ b/app/drone-ci/build/Makefile @@ -0,0 +1,8 @@ +.PHONY: all + +all: + nix-build '<nixpkgs/nixos>' -A config.system.build.qcow2 --arg configuration "{ imports = [ ./build-qcow2.nix ]; }" --show-trace + zstd -7 -i result/nixos.qcow2 -o drone-runner.qcow2.zst -f + RESULTPATH=`readlink result`; rm result; nix-store --delete $$RESULTPATH + rclone copy drone-runner.qcow2.zst grgdf:alex/ -vv + diff --git a/app/drone-ci/build/build-qcow2.nix b/app/drone-ci/build/build-qcow2.nix new file mode 100644 index 0000000..266ba2c --- /dev/null +++ b/app/drone-ci/build/build-qcow2.nix @@ -0,0 +1,24 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + imports = + [ + <nixpkgs/nixos/modules/installer/cd-dvd/channel.nix> + ./machine-config.nix + ]; + + system.build.qcow2 = import <nixpkgs/nixos/lib/make-disk-image.nix> { + inherit lib config; + pkgs = import <nixpkgs> { inherit (pkgs) system; }; # ensure we use the regular qemu-kvm package + diskSize = 8192; + format = "qcow2"; + configFile = pkgs.writeText "configuration.nix" + '' + { + imports = [ <./machine-config.nix> ]; + } + ''; + }; +} diff --git a/app/drone-ci/build/machine-config.nix b/app/drone-ci/build/machine-config.nix new file mode 100644 index 0000000..3b55078 --- /dev/null +++ b/app/drone-ci/build/machine-config.nix @@ -0,0 +1,68 @@ +{ pkgs, lib, ... }: + +with lib; + +{ + imports = [ + <nixpkgs/nixos/modules/profiles/qemu-guest.nix> + ]; + + config = { + fileSystems."/" = { + device = "/dev/disk/by-label/nixos"; + fsType = "ext4"; + autoResize = true; + }; + + boot.growPartition = true; + boot.kernelParams = [ "console=ttyS0" ]; + boot.loader.grub.device = "/dev/vda"; + boot.loader.timeout = 0; + + users.extraUsers.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJpaBZdYxHqMxhv2RExAOa7nkKhPBOHupMP3mYaZ73w9 lx@lindy" + ]; + services.openssh.enable = true; + services.openssh.permitRootLogin = "prohibit-password"; + networking.firewall = { + enable = true; + allowedTCPPorts = [ 22 ]; + }; + + virtualisation.docker.enable = true; + virtualisation.oci-containers.backend = "docker"; + virtualisation.oci-containers.containers = { + drone_runner = { + image = "drone/drone-runner-docker:1.4.0"; + volumes = [ + "/nix:/nix" + "/var/run/docker.sock:/var/run/docker.sock" + ]; + environment = { + DRONE_RPC_PROTO = "https"; + DRONE_RPC_HOST = "drone.deuxfleurs.fr"; + DRONE_RUNNER_CAPACITY = "1"; + DRONE_DEBUG = "true"; + DRONE_LOGS_TRACE = "true"; + DRONE_RPC_DUMP_HTTP = "true"; + DRONE_RPC_DUMP_HTTP_BODY = "true"; + DRONE_RUNNER_LABELS = "nix:1"; + }; + environmentFiles = [ + "/dev/qemu/dronesecret0" + ]; + }; + drone_gc = { + image = "drone/gc:latest"; + volumes = [ + "/var/run/docker.sock:/var/run/docker.sock" + ]; + environment = { + GC_DEBUG = "true"; + GC_CACHE = "10gb"; + GC_INTERVAL = "10m"; + }; + }; + }; + }; +} |