KokaKiwi/nixcfg
1
0
Fork 0
forked from Deuxfleurs/nixcfg
Code Pull requests Activity

Work on drone runner as VM

Browse source
This commit is contained in:
Alex 2022-05-30 14:57:05 +02:00
parent 2d9adf82d0
commit d47d4e93ab
Signed by untrusted user: lx
GPG key ID: 0E496D15096376BE
9 changed files with 250 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/drone-ci/build/.gitignore vendored Normal file
View file

@ -0,0 +1,2 @@
result/
*.qcow2.zst

8
app/drone-ci/build/Makefile Normal file
View file

@ -0,0 +1,8 @@
.PHONY: all
all:
nix-build '<nixpkgs/nixos>' -A config.system.build.qcow2 --arg configuration "{ imports = [ ./build-qcow2.nix ]; }" --show-trace
zstd -7 -i result/nixos.qcow2 -o drone-runner.qcow2.zst -f
RESULTPATH=`readlink result`; rm result; nix-store --delete $$RESULTPATH
rclone copy drone-runner.qcow2.zst grgdf:alex/ -vv

24
app/drone-ci/build/build-qcow2.nix Normal file
View file

@ -0,0 +1,24 @@
{ config, lib, pkgs, ... }:
with lib;
{
imports =
[
<nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
./machine-config.nix
];
system.build.qcow2 = import <nixpkgs/nixos/lib/make-disk-image.nix> {
inherit lib config;
pkgs = import <nixpkgs> { inherit (pkgs) system; }; # ensure we use the regular qemu-kvm package
diskSize = 8192;
format = "qcow2";
configFile = pkgs.writeText "configuration.nix"
''
{
imports = [ <./machine-config.nix> ];
}
'';
};
}

68
app/drone-ci/build/machine-config.nix Normal file
View file

@ -0,0 +1,68 @@
{ pkgs, lib, ... }:
with lib;
{
imports = [
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
];
config = {
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
autoResize = true;
};
boot.growPartition = true;
boot.kernelParams = [ "console=ttyS0" ];
boot.loader.grub.device = "/dev/vda";
boot.loader.timeout = 0;
users.extraUsers.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJpaBZdYxHqMxhv2RExAOa7nkKhPBOHupMP3mYaZ73w9 lx@lindy"
];
services.openssh.enable = true;
services.openssh.permitRootLogin = "prohibit-password";
networking.firewall = {
enable = true;
allowedTCPPorts = [ 22 ];
};
virtualisation.docker.enable = true;
virtualisation.oci-containers.backend = "docker";
virtualisation.oci-containers.containers = {
drone_runner = {
image = "drone/drone-runner-docker:1.4.0";
volumes = [
"/nix:/nix"
"/var/run/docker.sock:/var/run/docker.sock"
];
environment = {
DRONE_RPC_PROTO = "https";
DRONE_RPC_HOST = "drone.deuxfleurs.fr";
DRONE_RUNNER_CAPACITY = "1";
DRONE_DEBUG = "true";
DRONE_LOGS_TRACE = "true";
DRONE_RPC_DUMP_HTTP = "true";
DRONE_RPC_DUMP_HTTP_BODY = "true";
DRONE_RUNNER_LABELS = "nix:1";
};
environmentFiles = [
"/dev/qemu/dronesecret0"
];
};
drone_gc = {
image = "drone/gc:latest";
volumes = [
"/var/run/docker.sock:/var/run/docker.sock"
];
environment = {
GC_DEBUG = "true";
GC_CACHE = "10gb";
GC_INTERVAL = "10m";
};
};
};
};
}

91
app/drone-ci/deploy/runner-insecure.hcl Normal file
View file

@ -0,0 +1,91 @@
job "drone-runner" {
datacenters = ["neptune"]
type = "system"
group "runner" {
task "populate-nix-store" {
lifecycle {
hook = "prestart"
sidecar = false
}
driver = "docker"
config {
image = "nixpkgs/nix:nixos-21.05"
command = "sh"
args = [
"-c", "cp -rv /nix/{store,var} /mnt/"
]
volumes = [
"/var/lib/drone/nix:/mnt",
]
}
resources {
memory = 100
cpu = 100
}
}
task "drone-runner" {
driver = "docker"
config {
image = "drone/drone-runner-docker:1.4.0"
volumes = [
"/var/lib/drone/nix:/nix",
"/var/run/docker.sock:/var/run/docker.sock"
]
}
template {
data = <<EOH
DRONE_RPC_PROTO=https
DRONE_RPC_HOST=drone.deuxfleurs.fr
DRONE_RPC_SECRET={{ key "secrets/drone-ci/rpc_secret" | trimSpace }}
DRONE_RUNNER_CAPACITY=1
DRONE_DEBUG=true
DRONE_LOGS_TRACE=true
DRONE_RPC_DUMP_HTTP=true
DRONE_RPC_DUMP_HTTP_BODY=true
DRONE_RUNNER_NAME={{ env "attr.unique.hostname" }}
DRONE_RUNNER_LABELS=nix:1
EOH
destination = "secrets/env"
env = true
}
resources {
memory = 200
cpu = 100
}
}
task "drone-gc" {
driver = "docker"
config {
image = "drone/gc:latest"
volumes = [
"/var/run/docker.sock:/var/run/docker.sock"
]
}
template {
data = <<EOH
GC_DEBUG=true
GC_CACHE=10gb
GC_INTERVAL=10m
EOH
destination = "secrets/env"
env = true
}
resources {
memory = 100
cpu = 100
}
}
}
}

43
app/drone-ci/deploy/runner-vm.hcl Normal file
View file

@ -0,0 +1,43 @@
job "drone-runner" {
datacenters = ["neptune"]
type = "system"
group "runner-vm" {
network {
port "ssh" { }
}
task "drone-runner-vm" {
driver = "qemu"
config {
image_path = "local/drone-runner.qcow2"
accelerator = "kvm"
args = [
"-object", "secret,id=dronesecret0,file=secrets/secret_env"
]
port_map {
ssh = 22
}
}
artifact {
source = "https://alex.web.deuxfleurs.fr/drone-runner.qcow2.zst"
destination = "local/drone-runner.qcow2"
mode = "file"
}
template {
data = <<EOH
DRONE_RPC_SECRET={{ key "secrets/drone-ci/rpc_secret" | trimSpace }}
DRONE_RUNNER_NAME={{ env "attr.unique.hostname" }}
EOH
destination = "secrets/secret_env"
}
resources {
memory = 2000
}
}
}
}

1
app/drone-ci/secrets/drone-ci/rpc_secret Normal file
View file

@ -0,0 +1 @@
USER Drone RPC secret

2
nix/configuration.nix
View file

@ -71,6 +71,8 @@ SystemMaxUse=1G
docker-compose docker-compose
wireguard wireguard
wesher wesher
qemu
qemu_kvm
]; ];
programs.vim.defaultEditor = true; programs.vim.defaultEditor = true;

11
nix/deuxfleurs.nix
View file

@ -151,6 +151,12 @@ in
services.nomad.enable = true; services.nomad.enable = true;
services.nomad.package = pkgs.nomad_1_1; services.nomad.package = pkgs.nomad_1_1;
services.nomad.extraPackages = [
pkgs.glibc
pkgs.zstd
pkgs.qemu
pkgs.qemu_kvm
];
services.nomad.settings = services.nomad.settings =
(if cfg.is_raft_server (if cfg.is_raft_server
then { server = { then { server = {
@ -201,6 +207,11 @@ in
]; ];
} }
]; ];
qemu = [
{
enabled = true;
}
];
} }
]; ];
}; };