From 4ec5cc43d4111150fc0b44b6a0afec2e07f8cc8d Mon Sep 17 00:00:00 2001 From: Alex Auvolat Date: Mon, 30 May 2022 16:36:17 +0200 Subject: [PATCH] Drone runner VM almost works --- app/drone-ci/build/build-qcow2.nix | 2 +- app/drone-ci/build/machine-config.nix | 21 +++++++++++++++++++-- app/drone-ci/deploy/runner-vm.hcl | 14 ++++++++++++-- 3 files changed, 32 insertions(+), 5 deletions(-) diff --git a/app/drone-ci/build/build-qcow2.nix b/app/drone-ci/build/build-qcow2.nix index 266ba2c..3ad45f4 100644 --- a/app/drone-ci/build/build-qcow2.nix +++ b/app/drone-ci/build/build-qcow2.nix @@ -12,7 +12,7 @@ with lib; system.build.qcow2 = import { inherit lib config; pkgs = import { inherit (pkgs) system; }; # ensure we use the regular qemu-kvm package - diskSize = 8192; + diskSize = 32768; format = "qcow2"; configFile = pkgs.writeText "configuration.nix" '' diff --git a/app/drone-ci/build/machine-config.nix b/app/drone-ci/build/machine-config.nix index 3b55078..e1d24a1 100644 --- a/app/drone-ci/build/machine-config.nix +++ b/app/drone-ci/build/machine-config.nix @@ -14,11 +14,22 @@ with lib; autoResize = true; }; + fileSystems."/secrets" = { + device = "/dev/disk/by-label/QEMU\\x20VVFAT"; + fsType = "vfat"; + }; + boot.growPartition = true; boot.kernelParams = [ "console=ttyS0" ]; boot.loader.grub.device = "/dev/vda"; boot.loader.timeout = 0; + environment.systemPackages = with pkgs; [ + iotop + jnettop + htop + ]; + users.extraUsers.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJpaBZdYxHqMxhv2RExAOa7nkKhPBOHupMP3mYaZ73w9 lx@lindy" ]; @@ -31,11 +42,17 @@ with lib; virtualisation.docker.enable = true; virtualisation.oci-containers.backend = "docker"; + systemd.user.services.drone_nix_setup = { + script = '' + docker run --rm -it -v /var/lib/drone/nix:/mnt nixpkgs/nix:nixos-21.05 cp -r /nix/{store,var} /mnt/ + ''; + wantedBy = [ "multi-user.target" ]; + }; virtualisation.oci-containers.containers = { drone_runner = { image = "drone/drone-runner-docker:1.4.0"; volumes = [ - "/nix:/nix" + "/var/lib/drone/nix:/nix" "/var/run/docker.sock:/var/run/docker.sock" ]; environment = { @@ -49,7 +66,7 @@ with lib; DRONE_RUNNER_LABELS = "nix:1"; }; environmentFiles = [ - "/dev/qemu/dronesecret0" + "/secrets/secret_env" ]; }; drone_gc = { diff --git a/app/drone-ci/deploy/runner-vm.hcl b/app/drone-ci/deploy/runner-vm.hcl index 28beeb8..5271b05 100644 --- a/app/drone-ci/deploy/runner-vm.hcl +++ b/app/drone-ci/deploy/runner-vm.hcl @@ -4,7 +4,15 @@ job "drone-runner" { group "runner-vm" { network { - port "ssh" { } + port "ssh" { + static = 22544 + } + } + + constraint { + attribute = "${attr.unique.hostname}" + operator = "=" + value = "caribou" } task "drone-runner-vm" { @@ -14,7 +22,9 @@ job "drone-runner" { image_path = "local/drone-runner.qcow2" accelerator = "kvm" args = [ - "-object", "secret,id=dronesecret0,file=secrets/secret_env" + "-drive", "index=1,file=fat:rw:/var/lib/nomad/alloc/${NOMAD_ALLOC_ID}/${NOMAD_TASK_NAME}/secrets,format=raw,media=disk", + "-device", "e1000,netdev=user.0", + "-netdev", "user,id=user.0,hostfwd=tcp::${NOMAD_PORT_ssh}-:22", ] port_map { ssh = 22