Skip to content

Commit

Permalink
services/github-runner-sicp: init
Browse files Browse the repository at this point in the history
  • Loading branch information
linyinfeng committed Sep 24, 2024
1 parent 40a9286 commit af4f490
Show file tree
Hide file tree
Showing 5 changed files with 57 additions and 2 deletions.
1 change: 1 addition & 0 deletions nixos/hosts/mtl0/default.nix
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ in
services.sicp-staging
services.rabbitmq
services.mongodb
services.gitlab-runner-sicp
i18n.input-method
virtualization.podman
users.yinfeng
Expand Down
28 changes: 28 additions & 0 deletions nixos/profiles/services/gitlab-runner-sicp/default.nix
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
{ config, ... }:
{
services.gitlab-runner = {
enable = true;
services = {
sicp-oj-docker = {
authenticationTokenConfigFile = config.sops.templates."gitlab-runner-sicp-oj-docker-auth".path;
dockerImage = "alpine:stable";
dockerVolumes = [
"/run/docker.sock:/run/docker.sock"
];
tagList = [ "docker" ];
};
};
};
systemd.services.gitlab-runner.restartTriggers = [
config.sops.templates."gitlab-runner-sicp-oj-docker-auth".content
];

sops.templates."gitlab-runner-sicp-oj-docker-auth".content = ''
CI_SERVER_URL="https://git.nju.edu.cn"
CI_SERVER_TOKEN="${config.sops.placeholder."gitlab_sicp_oj_docker_runner_token"}"
'';
sops.secrets."gitlab_sicp_oj_docker_runner_token" = {
terraformOutput.enable = true;
restartUnits = [ "gitlab-runner.service" ];
};
}
3 changes: 3 additions & 0 deletions nixos/profiles/virtualization/podman/default.nix
Original file line number Diff line number Diff line change
Expand Up @@ -25,4 +25,7 @@ lib.mkMerge [
distrobox
];
}
{
virtualisation.docker.enable = false;
}
]
5 changes: 3 additions & 2 deletions secrets/terraform/hosts/mtl0.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ b2_backup_key_id: ENC[AES256_GCM,data:FtLC+hUWSL5o2SD2m+bj+w5Wsz7S4kR0ZQ==,iv:wq
bind_rndc_config: ENC[AES256_GCM,data:gHmJMezZH5dUcFEYRI7YA/NKVLJdAyg6a07SxDvWY032Qz3XDgjQFzemz3/MYCi99RujZ/jUwidThaRt6CpWGuHUOb9y0pKsCLJGXWprNt00jEtEa27qil+FUOjC+ZUiMi39,iv:4CJB9Z+MYY32O1QKTKv3ryOn6NU5Ft42cNoBQPEchUE=,tag:kA/mDU7EuVnUjcrzgzUCsw==,type:str]
cloudflare_token: ENC[AES256_GCM,data:xqiuX+lqvm/a7N0etxpIkLeXjXHjSfIRL+lr5aL/mrP/3JMDLSS1qg==,iv:NyWZmvFR4WTb5RRTnQN3scIs8UkhIgw+fIXCRR6Fm1s=,tag:+9+pL9zL2xyVYSZUyEMm6Q==,type:str]
dhparam_pem: ENC[AES256_GCM,data:lMyi4GJ0QMU4+p6QhJHv9UIOREsJYPAQbHteqoCOAz0IPOUcX+1Gl4FVpRfeWKkTHTUriPd3FrwCN/5HlRfPWyFex/pG8KkaDzSwXCbrQllDJ91pxwWBRQHDgt/FDCrYz+hYHzQtjYWOwogZ3xzvC3ofCTQzCg0yHW8JYDvoWJasENl32BKCqcSl2WeXK9M9VUOi8icfl51FsAAGHC+ZKthZeX/ybI3/UXymyI+SVNKDW8p95nu2tf6V8+3iCxLRvu7x4ERL+fS0pgxRU30iA/uiDE5UG+tj4YsWpvowwKq0tYoviU2Hu+r32qZGeYoIjOTz+VEzC6Zg12KzZhydOJ6pDBRKwEZEnQA/6hFqG4TCTyJdPBXlQyHcpRlJdrazMO810bpwbvUsQupDmmUtTy1sK93zCUW84+rlGrX31SnMMdOTlCr4bD5fmuqLVbTGd3MsEk0QM24+JpnkYVbSOWyxwQRgB4TpUtIGSesm0l/hcm9Lwq41QJXaO6kAl05P6wNynyGYgMKorxYUtB0uXHEzp+buf8gNiS6oCrCQdD00wOAwNZMFy1cu3WjzNpYKcADjG49fYThkQj7JrPSOeXDAP8mu2IxvvbUConakbKmAIlvYFwr0zaBuMPLLw5cpW0jvYpX5WI7j7AI8WXFdAwO/tsyB2fZOSD1OCbtdNgCa/Pwu3L4kjlnT0KVK0SJJZRHFKAUX1ZiI816ctNePmntIFSKShipZnNZjBzK8EdV0cjHrRH2rg9bzG4z1kI3xbMUa67EPMcrXTaDTHYQsWUNqh3JDLNy+Pj99zEv1oHVKnNEbbvg/AaYHw/xVrK1KLZ3ag+zUSMvOEUATv4jGDo/zLGue5/UR6SwMqjGNg45Y7PeWQgqbCTjwsMhsxDCaP5GAMF4EmbgDeqKo+go/Pi8fYsZSSWUKrAscHaFBcyIEjjVjMLaH10D8vqw2i/pc8CLVcFdjZJ86IT19LN4nsgz8hiX2USrtSkwgXqtj2ux0sYRpuiy/OFXLglM1WfV+,iv:EqevcRQCcTgYlH1JxmcSN4/XQUg2jET4CoKDjtBybaM=,tag:RO30rY4H5otxn1egv3FSpw==,type:str]
gitlab_sicp_oj_docker_runner_token: ENC[AES256_GCM,data:rzVAfDSo9XfNTJNAucXeP6MaQmm4sE9AHg==,iv:kV3IANm6jgQjGsFLMwPRWssTfHkdTTMJkmukQUfkkG0=,tag:xP2bnPv84aU10gLeRTmraw==,type:str]
hledger_hashed_password: ENC[AES256_GCM,data:PsnNw68rEODimRrn4Pb8V8bgNOS08KcjWkb34USv8u6KicXpKGOKmxgHP2GznuqrJ2ACdzfijXbJhdXGt+vB3jCDfVoaOodS+FeEUnt9+JU83EIi4Ns+V2QOp9AA6gQNzok=,iv:j76WGpVWwEpJ2AOZK5PTr0qCHxYkji40a/CnvfiwmXE=,tag:E8zjqJUilJdFCTjjsHsj4g==,type:str]
hledger_username: ENC[AES256_GCM,data:i+G1jftazwD9p4o=,iv:AIVIndaCCUkt28y08i9tMdITOTSnRLzPu7+sG8YDvwY=,tag:EJKp2MUn+w884iu2pdWyHw==,type:str]
ike_private_key_pem: ENC[AES256_GCM,data:1DBB85sMsEkvGV64Re0B7mnUIbM8Xfmtszq9TggDCmmaireqAknmnvye9jzZ2tfSCNOjjUyciSbrNDpqkp6FUqomXHPs1THeTEfSP4bmiLF+gjVQeHtoaBpAwTVdgVK8NUE2VpX9Ce3pZwJN9+mUN+k5gSas2qjUQCztTmxb/qdOaXJJ+HbsSIV3U/v9aK3R/69oPY2I3cIO30ZHBsVNKcwjeyseOBy6rVf7tVixlvtW9UmMWfF0aFVVScEGUtKq5C5UylVDbrMI/s9+RxfFrJNR9bE0AZ/2uH684L0dfY3hjTXy9V2Fh7rPreqBvB1ZIou6WmMX2EThqDVz5p4f7sjRNMh/kvJ0o8JyMrYHfzSDmWrIvyaoantBxRJFXHVT,iv:P4BZDm3fP7T6dj+YVlNnRGH+fHFYs1OtWELBAUpZlxg=,tag:z0JydPFw0MlgEpF3k8a1Dg==,type:str]
Expand Down Expand Up @@ -65,8 +66,8 @@ sops:
V2hRNEhCdHYzMUhvMGFYMG5vcFVmTDAKJfGXQKrLecTN7vTSpNmTXzyJWLEFs5g8
l8iDsxeSySYsd23aJ0MNwxDOx7xHE90iOuFqnhdGQl2B2wF6HDfm1w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-09-23T06:28:51Z"
mac: ENC[AES256_GCM,data:E7YhTmX0mgfw3vpAKZLkSy3CgTN5Nk6k8DtAWX8qPTbkMCoZoQrM6Tbf4963a8Q7LbFwey+liV8JfIYJDEKLIt0r1ZrKONpAvQI+RjeFeeUG/npVXxlGnV+38QzphIe0qWdJ0NUMpHP9RHl29LdV8zVxLKEnGtkWADI1UCCTJ/E=,iv:u2XPQWMScbHpsUsG6cnBDzr2JhAcJIMSPqE+z8PBFwU=,tag:q47h4fYx5ZOyvO2fPgXkyw==,type:str]
lastmodified: "2024-09-24T05:04:16Z"
mac: ENC[AES256_GCM,data:qcHDmMrAY2zWjBYp3PIl293lzCX5sAo8qavLouHDbrCpApTz2eH5xs70sbna1na2WLP0zTGjPNxbXFTTwfouyZGGmrvCDbIlNc2Vk6qxagp4n2ngl4+8KahXaAC5ixjINETD1+KrK/mzsGkYT7gQJDYtWXAtWoiJMmLPqAXGmrk=,iv:GV1/YxKVoJJmlAKOad8ZoCQuomWCwHGy2KWzDAtx3qw=,tag:FTm7lZskE9xREgJ6kZnHMQ==,type:str]
pgp:
- created_at: "2023-05-11T12:18:58Z"
enc: |-
Expand Down
22 changes: 22 additions & 0 deletions terraform/gitlab-nju.tf
Original file line number Diff line number Diff line change
@@ -1,4 +1,26 @@
provider "gitlab" {
alias = "nju"
base_url = "https://git.nju.edu.cn/api/v4"
token = data.sops_file.terraform.data["gitlab.nju.token"]
}

data "gitlab_project" "sicp_online_judge" {
provider = gitlab.nju
path_with_namespace = "nju-sicp/online-judge"
}

resource "gitlab_user_runner" "sicp_online_judge_docker_runner" {
provider = gitlab.nju

runner_type = "project_type"
project_id = data.gitlab_project.sicp_online_judge.id

description = "Runner support docker in docker"
tag_list = ["docker"]
untagged = false
}

output "gitlab_sicp_oj_docker_runner_token" {
value = gitlab_user_runner.sicp_online_judge_docker_runner.token
sensitive = true
}

0 comments on commit af4f490

Please sign in to comment.