diff --git a/app/drone-ci/build/.gitignore b/app/drone-ci/build/.gitignore new file mode 100644 index 0000000..ef92077 --- /dev/null +++ b/app/drone-ci/build/.gitignore @@ -0,0 +1,2 @@ +result/ +*.qcow2.zst diff --git a/app/drone-ci/build/Makefile b/app/drone-ci/build/Makefile new file mode 100644 index 0000000..2814a0d --- /dev/null +++ b/app/drone-ci/build/Makefile @@ -0,0 +1,8 @@ +.PHONY: all + +all: + nix-build '' -A config.system.build.qcow2 --arg configuration "{ imports = [ ./build-qcow2.nix ]; }" --show-trace + zstd -7 -i result/nixos.qcow2 -o drone-runner.qcow2.zst -f + RESULTPATH=`readlink result`; rm result; nix-store --delete $$RESULTPATH + rclone copy drone-runner.qcow2.zst grgdf:alex/ -vv + diff --git a/app/drone-ci/build/build-qcow2.nix b/app/drone-ci/build/build-qcow2.nix new file mode 100644 index 0000000..266ba2c --- /dev/null +++ b/app/drone-ci/build/build-qcow2.nix @@ -0,0 +1,24 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + imports = + [ + + ./machine-config.nix + ]; + + system.build.qcow2 = import { + inherit lib config; + pkgs = import { inherit (pkgs) system; }; # ensure we use the regular qemu-kvm package + diskSize = 8192; + format = "qcow2"; + configFile = pkgs.writeText "configuration.nix" + '' + { + imports = [ <./machine-config.nix> ]; + } + ''; + }; +} diff --git a/app/drone-ci/build/machine-config.nix b/app/drone-ci/build/machine-config.nix new file mode 100644 index 0000000..3b55078 --- /dev/null +++ b/app/drone-ci/build/machine-config.nix @@ -0,0 +1,68 @@ +{ pkgs, lib, ... }: + +with lib; + +{ + imports = [ + + ]; + + config = { + fileSystems."/" = { + device = "/dev/disk/by-label/nixos"; + fsType = "ext4"; + autoResize = true; + }; + + boot.growPartition = true; + boot.kernelParams = [ "console=ttyS0" ]; + boot.loader.grub.device = "/dev/vda"; + boot.loader.timeout = 0; + + users.extraUsers.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJpaBZdYxHqMxhv2RExAOa7nkKhPBOHupMP3mYaZ73w9 lx@lindy" + ]; + services.openssh.enable = true; + services.openssh.permitRootLogin = "prohibit-password"; + networking.firewall = { + enable = true; + allowedTCPPorts = [ 22 ]; + }; + + virtualisation.docker.enable = true; + virtualisation.oci-containers.backend = "docker"; + virtualisation.oci-containers.containers = { + drone_runner = { + image = "drone/drone-runner-docker:1.4.0"; + volumes = [ + "/nix:/nix" + "/var/run/docker.sock:/var/run/docker.sock" + ]; + environment = { + DRONE_RPC_PROTO = "https"; + DRONE_RPC_HOST = "drone.deuxfleurs.fr"; + DRONE_RUNNER_CAPACITY = "1"; + DRONE_DEBUG = "true"; + DRONE_LOGS_TRACE = "true"; + DRONE_RPC_DUMP_HTTP = "true"; + DRONE_RPC_DUMP_HTTP_BODY = "true"; + DRONE_RUNNER_LABELS = "nix:1"; + }; + environmentFiles = [ + "/dev/qemu/dronesecret0" + ]; + }; + drone_gc = { + image = "drone/gc:latest"; + volumes = [ + "/var/run/docker.sock:/var/run/docker.sock" + ]; + environment = { + GC_DEBUG = "true"; + GC_CACHE = "10gb"; + GC_INTERVAL = "10m"; + }; + }; + }; + }; +} diff --git a/app/drone-ci/deploy/runner-insecure.hcl b/app/drone-ci/deploy/runner-insecure.hcl new file mode 100644 index 0000000..2ea5638 --- /dev/null +++ b/app/drone-ci/deploy/runner-insecure.hcl @@ -0,0 +1,91 @@ +job "drone-runner" { + datacenters = ["neptune"] + type = "system" + + group "runner" { + + task "populate-nix-store" { + lifecycle { + hook = "prestart" + sidecar = false + } + + driver = "docker" + config { + image = "nixpkgs/nix:nixos-21.05" + command = "sh" + args = [ + "-c", "cp -rv /nix/{store,var} /mnt/" + ] + volumes = [ + "/var/lib/drone/nix:/mnt", + ] + } + + resources { + memory = 100 + cpu = 100 + } + } + + task "drone-runner" { + driver = "docker" + config { + image = "drone/drone-runner-docker:1.4.0" + + volumes = [ + "/var/lib/drone/nix:/nix", + "/var/run/docker.sock:/var/run/docker.sock" + ] + } + + template { + data = <