feat: add untrusted gitlab-runner for Garuda org

garuda-linux · Nov 7, 2023 · 71eeb4d · 71eeb4d
1 parent 8ff32d7
commit 71eeb4d
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 4 deletions.
diff --git a/docker-compose/gitlab-runner/docker-compose.yml b/docker-compose/gitlab-runner/docker-compose.yml
@@ -0,0 +1,10 @@
+---
+version: "3.9"
+services:
+  gitlab-runner:
+    image: gitlab/gitlab-runner:alpine
+    container_name: gitlab-runner
+    volumes:
+      - /etc/gitlab-runner:/etc/gitlab-runner
+      - /var/run/docker.sock:/var/run/docker.sock
+    restart: "no"
diff --git a/nixos/hosts/github-runner.nix b/nixos/hosts/github-runner.nix
@@ -25,6 +25,9 @@
     envfile = "/var/garuda/secrets/github-runner.env";
     source = ../../docker-compose/github-runner;
   };
+  services.docker-compose-runner.gitlab-runner = {
+    source = ../../docker-compose/gitlab-runner;
+  };
 
   # Enable SSH
   services.openssh.enable = true;

diff --git a/nixos/hosts/immortalis/containers.nix b/nixos/hosts/immortalis/containers.nix
@@ -133,10 +133,17 @@ in
         config = import ../github-runner.nix;
         defaults = false;
         extraOptions = {
-          bindMounts."token" = {
-            hostPath = garuda-lib.secrets.docker-compose.github-runner;
-            isReadOnly = true;
-            mountPoint = "/var/garuda/secrets/github-runner.env";
+          bindMounts = {
+            "token" = {
+              hostPath = garuda-lib.secrets.docker-compose.github-runner;
+              isReadOnly = true;
+              mountPoint = "/var/garuda/secrets/github-runner.env";
+            };
+            "gitlab-config" = {
+              hostPath = "/data_1/containers/github-runner/gitlab-runner";
+              isReadOnly = false;
+              mountPoint = "/etc/gitlab-runner";
+            };
           };
           forwardPorts = [
             {