add crystal-gitlab host and gitlab runner

2023-01-06 23:51:58 -08:00 · 2023-01-06 23:51:58 -08:00 · a6330a9df3
commit a6330a9df3
parent 95ec26cc93
9 changed files with 139 additions and 1 deletions
--- a/devices/common-gpt.nix
+++ b/devices/common-gpt.nix
--- a/devices/common-mbr.nix
+++ b/devices/common-mbr.nix
@ -0,0 +1,22 @@
+{pkgs, ...}: {
+  boot = {
+    loader = {
+      grub = {
+        enable = true;
+        device = "/dev/sda";
+        useOSProber = true;
+      };
+    };
+    kernelPackages = pkgs.linuxPackages_latest;
+  };
+
+  hardware = {
+    xpadneo.enable = true;
+  };
+
+  time.timeZone = "America/Los_Angeles";
+
+  zramSwap.enable = true;
+
+  system.stateVersion = "23.05";
+}
--- a/devices/crystal-gitlab/base.nix
+++ b/devices/crystal-gitlab/base.nix
@ -0,0 +1,31 @@
+{
+  config,
+  pkgs,
+  lib,
+  modulesPath,
+  ...
+}: {
+  imports = [(modulesPath + "/profiles/qemu-guest.nix")];
+
+  boot = {
+    initrd = {
+      availableKernelModules = ["uhci_hcd" "ehci-pci" "ahci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
+      kernelModules = [];
+    };
+    kernelModules = ["kvm-intel"];
+    extraModulePackages = [];
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/sda1";
+      fsType = "xfs";
+    };
+  };
+
+  networking.hostName = "crystal-gitlab";
+  networking.useDHCP = true;
+  nixpkgs.hostPlatform = "x86_64-linux";
+  powerManagement.cpuFreqGovernor = "powersave";
+  hardware.cpu.intel.updateMicrocode = config.hardware.enableRedistributableFirmware;
+}
--- a/flake.lock
+++ b/flake.lock
@ -1,5 +1,25 @@
 {
  "nodes": {
+    "agenix": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1665870395,
+        "narHash": "sha256-Tsbqb27LDNxOoPLh0gw2hIb6L/6Ow/6lIBvqcHzEKBI=",
+        "owner": "ryantm",
+        "repo": "agenix",
+        "rev": "a630400067c6d03c9b3e0455347dc8559db14288",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ryantm",
+        "repo": "agenix",
+        "type": "github"
+      }
+    },
    "flake-compat": {
      "flake": false,
      "locked": {
@ -264,6 +284,7 @@
    },
    "root": {
      "inputs": {
+        "agenix": "agenix",
        "home-manager": "home-manager",
        "neovim": "neovim",
        "nix-on-droid": "nix-on-droid",
--- a/flake.nix
+++ b/flake.nix
@ -24,6 +24,9 @@
    nix-on-droid.inputs.home-manager.follows = "home-manager";

    nixos-hardware.url = "github:NixOS/nixos-hardware";
+
+    agenix.url = "github:ryantm/agenix";
+    agenix.inputs.nixpkgs.follows = "nixpkgs";
  };
  outputs = {
    self,
@ -35,6 +38,7 @@
    nixos-wsl,
    nix-on-droid,
    nixos-hardware,
+    agenix,
    ...
  }: let
    modules = {
@ -54,11 +58,21 @@
        common = [
          ./common/personal.nix
          ./common/nix.nix
-          ./devices/common.nix
+          ./devices/common-gpt.nix
+        ];
+        common-mbr = [
+          ./common/personal.nix
+          ./common/nix.nix
+          ./devices/common-mbr.nix
        ];
        dev = [
          ./common/dev/podman.nix
        ];
+        services = {
+          common = [
+            ./services/openssh.nix
+          ];
+        };
        desktops = {
          common = [
            ./common/desktop/apps.nix
@ -84,6 +98,7 @@
        modules =
          modules.nixos.common
          ++ modules.nixos.dev
+          ++ modules.nixos.services.common
          ++ modules.nixos.desktops.common
          ++ modules.nixos.desktops.gnome
          ++ [
@ -91,6 +106,7 @@
            ./devices/skynet/base.nix
            ./devices/skynet/hardware.nix
            nixos-hardware.nixosModules.framework-12th-gen-intel
+            agenix.nixosModule
          ];
      };

@ -104,6 +120,19 @@
          ./devices/wsl/base.nix
        ];
      };
+
+      crystal-gitlab = nixpkgs.lib.nixosSystem {
+        pkgs = pkgsForSystem "x86_64-linux";
+        system = "x86_64-linux";
+        modules =
+          modules.nixos.common-mbr
+          ++ modules.nixos.services.common
+          ++ [
+            agenix.nixosModule
+            ./devices/crystal-gitlab/base.nix
+            ./services/crystal/gitlab-runner.nix
+          ];
+      };
    };

    homeConfigurations.relms = home-manager.lib.homeManagerConfiguration {
--- a/secrets/gitlab-runners.age
+++ b/secrets/gitlab-runners.age
@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 lCCbYQ HHxHdDoRM4AmtCuYtNbjYuMzXx201+Cpwc+nPHlGqjQ
+JIkr2C6TalQ6gFng8Lo4FZmX3FFRL6yFIdmYqIKtXPo
+-> ?x+~awL9-grease ( =Vvj_3'y
+rIUv4FY
+--- OnKh4PXvG3q5GXG4y9TtdOnyeIkdBEOYm8xkw9eQB1M
+Š“×†"¢4Jž>:\õÌ3Ö€ŽEê>ª¶ˆ¨ô<C2A8>â<EFBFBD>IˆwHØS¿<53><C2BF>ŽG<C5BD>¼›f5Åo<C385>:¿æÙ²¹á'ù˜Ï,&0¨¹Ÿô‘wâ9K%Beo<ìt`]qÈŒdþc"‡vRµ<52>ÔÚÈÂr"s
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -0,0 +1,8 @@
+let
+  relms = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKqJnbK9FjoPX7EYtXwG5QV8XfK7fcTfOWGFrfsQRj9z";
+
+  skynet = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMajj7jUSGbJgndndLYs1ZQi37WsZi7Foyj2xmfbGrnn";
+  crystal-gitlab = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBg8PGtAXNsZYmWLYCmIdv1rpezCXBZ/Z+XbVZ39m3vt";
+in {
+  "gitlab-runners.age".publicKeys = [crystal-gitlab];
+}
--- a/services/crystal/gitlab-runner.nix
+++ b/services/crystal/gitlab-runner.nix
@ -0,0 +1,17 @@
+{
+  pkgs,
+  config,
+  ...
+}: {
+  age.secrets.gitlab-runner.file = ../../secrets/gitlab-runners.age;
+
+  services.gitlab-runner = {
+    enable = true;
+    services = {
+      alpha = {
+        registrationConfigFile = config.age.secrets.gitlab-runner.path;
+        dockerImage = "alpine:latest";
+      };
+    };
+  };
+}
--- a/services/openssh.nix
+++ b/services/openssh.nix
@ -0,0 +1,3 @@
+{
+  services.openssh.enable = true;
+}