Archived
0
0
Fork 0

add crystal-gitlab host and gitlab runner

This commit is contained in:
Daryl Ronningen 2023-01-06 23:51:58 -08:00
parent 95ec26cc93
commit a6330a9df3
Signed by: Daryl Ronningen
GPG key ID: FD23F0C934A5EC6B
9 changed files with 139 additions and 1 deletions

22
devices/common-mbr.nix Normal file
View file

@ -0,0 +1,22 @@
{pkgs, ...}: {
boot = {
loader = {
grub = {
enable = true;
device = "/dev/sda";
useOSProber = true;
};
};
kernelPackages = pkgs.linuxPackages_latest;
};
hardware = {
xpadneo.enable = true;
};
time.timeZone = "America/Los_Angeles";
zramSwap.enable = true;
system.stateVersion = "23.05";
}

View file

@ -0,0 +1,31 @@
{
config,
pkgs,
lib,
modulesPath,
...
}: {
imports = [(modulesPath + "/profiles/qemu-guest.nix")];
boot = {
initrd = {
availableKernelModules = ["uhci_hcd" "ehci-pci" "ahci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
kernelModules = [];
};
kernelModules = ["kvm-intel"];
extraModulePackages = [];
};
fileSystems = {
"/" = {
device = "/dev/sda1";
fsType = "xfs";
};
};
networking.hostName = "crystal-gitlab";
networking.useDHCP = true;
nixpkgs.hostPlatform = "x86_64-linux";
powerManagement.cpuFreqGovernor = "powersave";
hardware.cpu.intel.updateMicrocode = config.hardware.enableRedistributableFirmware;
}

View file

@ -1,5 +1,25 @@
{ {
"nodes": { "nodes": {
"agenix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1665870395,
"narHash": "sha256-Tsbqb27LDNxOoPLh0gw2hIb6L/6Ow/6lIBvqcHzEKBI=",
"owner": "ryantm",
"repo": "agenix",
"rev": "a630400067c6d03c9b3e0455347dc8559db14288",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -264,6 +284,7 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix",
"home-manager": "home-manager", "home-manager": "home-manager",
"neovim": "neovim", "neovim": "neovim",
"nix-on-droid": "nix-on-droid", "nix-on-droid": "nix-on-droid",

View file

@ -24,6 +24,9 @@
nix-on-droid.inputs.home-manager.follows = "home-manager"; nix-on-droid.inputs.home-manager.follows = "home-manager";
nixos-hardware.url = "github:NixOS/nixos-hardware"; nixos-hardware.url = "github:NixOS/nixos-hardware";
agenix.url = "github:ryantm/agenix";
agenix.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = { outputs = {
self, self,
@ -35,6 +38,7 @@
nixos-wsl, nixos-wsl,
nix-on-droid, nix-on-droid,
nixos-hardware, nixos-hardware,
agenix,
... ...
}: let }: let
modules = { modules = {
@ -54,11 +58,21 @@
common = [ common = [
./common/personal.nix ./common/personal.nix
./common/nix.nix ./common/nix.nix
./devices/common.nix ./devices/common-gpt.nix
];
common-mbr = [
./common/personal.nix
./common/nix.nix
./devices/common-mbr.nix
]; ];
dev = [ dev = [
./common/dev/podman.nix ./common/dev/podman.nix
]; ];
services = {
common = [
./services/openssh.nix
];
};
desktops = { desktops = {
common = [ common = [
./common/desktop/apps.nix ./common/desktop/apps.nix
@ -84,6 +98,7 @@
modules = modules =
modules.nixos.common modules.nixos.common
++ modules.nixos.dev ++ modules.nixos.dev
++ modules.nixos.services.common
++ modules.nixos.desktops.common ++ modules.nixos.desktops.common
++ modules.nixos.desktops.gnome ++ modules.nixos.desktops.gnome
++ [ ++ [
@ -91,6 +106,7 @@
./devices/skynet/base.nix ./devices/skynet/base.nix
./devices/skynet/hardware.nix ./devices/skynet/hardware.nix
nixos-hardware.nixosModules.framework-12th-gen-intel nixos-hardware.nixosModules.framework-12th-gen-intel
agenix.nixosModule
]; ];
}; };
@ -104,6 +120,19 @@
./devices/wsl/base.nix ./devices/wsl/base.nix
]; ];
}; };
crystal-gitlab = nixpkgs.lib.nixosSystem {
pkgs = pkgsForSystem "x86_64-linux";
system = "x86_64-linux";
modules =
modules.nixos.common-mbr
++ modules.nixos.services.common
++ [
agenix.nixosModule
./devices/crystal-gitlab/base.nix
./services/crystal/gitlab-runner.nix
];
};
}; };
homeConfigurations.relms = home-manager.lib.homeManagerConfiguration { homeConfigurations.relms = home-manager.lib.homeManagerConfiguration {

View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 lCCbYQ HHxHdDoRM4AmtCuYtNbjYuMzXx201+Cpwc+nPHlGqjQ
JIkr2C6TalQ6gFng8Lo4FZmX3FFRL6yFIdmYqIKtXPo
-> ?x+~awL9-grease ( =Vvj_3'y
rIUv4FY
--- OnKh4PXvG3q5GXG4y9TtdOnyeIkdBEOYm8xkw9eQB1M
Š“׆"¢4Jž>:\õÌ3Ö€ŽEê>ª¶ˆ¨ô<C2A8>â<EFBFBD>IˆwHØS¿<53><C2BF>ŽG<C5BD>¼f5Åo<C385>:¿æÙ²¹á'ù˜Ï,&0¨¹Ÿôwâ9K%Beo<ì­t`]qÈŒdþc"‡v<52>ÔÚÈÂr"s

8
secrets/secrets.nix Normal file
View file

@ -0,0 +1,8 @@
let
relms = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKqJnbK9FjoPX7EYtXwG5QV8XfK7fcTfOWGFrfsQRj9z";
skynet = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMajj7jUSGbJgndndLYs1ZQi37WsZi7Foyj2xmfbGrnn";
crystal-gitlab = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBg8PGtAXNsZYmWLYCmIdv1rpezCXBZ/Z+XbVZ39m3vt";
in {
"gitlab-runners.age".publicKeys = [crystal-gitlab];
}

View file

@ -0,0 +1,17 @@
{
pkgs,
config,
...
}: {
age.secrets.gitlab-runner.file = ../../secrets/gitlab-runners.age;
services.gitlab-runner = {
enable = true;
services = {
alpha = {
registrationConfigFile = config.age.secrets.gitlab-runner.path;
dockerImage = "alpine:latest";
};
};
};
}

3
services/openssh.nix Normal file
View file

@ -0,0 +1,3 @@
{
services.openssh.enable = true;
}