Gitlab runner: Difference between revisions

From NixOS Wiki
imported>Yajo
m This is the correct env to load for a daemon nix environment
imported>Novmar
mNo edit summary
Line 7: Line 7:
{
{
   boot.kernel.sysctl."net.ipv4.ip_forward" = true; # 1
   boot.kernel.sysctl."net.ipv4.ip_forward" = true; # 1
   virtualization.docker.enable = true;
   virtualisation.docker.enable = true;
   services.gitlab-runner = {
   services.gitlab-runner = {
     enable = true;
     enable = true;

Revision as of 13:53, 19 October 2022

The state of gitlab-runner in nixpkgs

As of 20.09 NixOS comes with a revamped gitlab-runner module which provides the capabilities to set up custom to meet your needs. The services.gitlab-runner.services documents a number of typical setups and this article gives an overview of some of the more complex setups.

Configuring a caching dockerized gitlab build runner

With the configuration defined below a gitlab runner will be created which provides a caching docker container to run nix-build.

{
  boot.kernel.sysctl."net.ipv4.ip_forward" = true; # 1
  virtualisation.docker.enable = true;
  services.gitlab-runner = {
    enable = true;
    services= {
      # runner for building in docker via host's nix-daemon
      # nix store will be readable in runner, might be insecure
      nix = with lib;{
        # File should contain at least these two variables:
        # `CI_SERVER_URL`
        # `REGISTRATION_TOKEN`
        registrationConfigFile = toString ./path/to/ci-env; # 2
        dockerImage = "alpine";
        dockerVolumes = [
          "/nix/store:/nix/store:ro"
          "/nix/var/nix/db:/nix/var/nix/db:ro"
          "/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro"
        ];
        dockerDisableCache = true;
        preBuildScript = pkgs.writeScript "setup-container" ''
          mkdir -p -m 0755 /nix/var/log/nix/drvs
          mkdir -p -m 0755 /nix/var/nix/gcroots
          mkdir -p -m 0755 /nix/var/nix/profiles
          mkdir -p -m 0755 /nix/var/nix/temproots
          mkdir -p -m 0755 /nix/var/nix/userpool
          mkdir -p -m 1777 /nix/var/nix/gcroots/per-user
          mkdir -p -m 1777 /nix/var/nix/profiles/per-user
          mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root
          mkdir -p -m 0700 "$HOME/.nix-defexpr"
          . ${pkgs.nix}/etc/profile.d/nix-daemon.sh
          ${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixos-20.09 nixpkgs # 3
          ${pkgs.nix}/bin/nix-channel --update nixpkgs
          ${pkgs.nix}/bin/nix-env -i ${concatStringsSep " " (with pkgs; [ nix cacert git openssh ])}
        '';
        environmentVariables = {
          ENV = "/etc/profile";
          USER = "root";
          NIX_REMOTE = "daemon";
          PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin";
          NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt";
        };
        tagList = [ "nix" ];
      };
    };
  };
}
  1. enabling ip_forward on the host machine is important for the docker container to be able to perform networking tasks (such as cloning the gitlab repo)
  2. the registrationConfigFile must contain the gitlab token for registering a gitlab-runner
  3. this line defines the default nixpkgs channel to be used inside the container
Note: In order to have NIX_PATH set, the etc/profile.d/nix.sh file must be sourced in the .gitlab-ci.yml of your project:
before_script:
  - . "$HOME/.nix-profile/etc/profile.d/nix.sh"
  ...