diff --git a/flake.nix b/flake.nix index 1deae7c..c944fe7 100644 --- a/flake.nix +++ b/flake.nix @@ -403,6 +403,9 @@ ] ++ homeManagerUModules ++ [{ age.secrets = { minio_bertof = { file = ./secrets/minio_bertof.age; owner = "bertof"; }; + heimdall-gitlab-runner-nix.file = ./secrets/heimdall-gitlab-runner-nix.age; + heimdall-gitlab-runner-docker-images.file = ./secrets/heimdall-gitlab-runner-docker-images.age; + heimdall-gitlab-runner-default.file = ./secrets/heimdall-gitlab-runner-default.age; }; home-manager.users.bertof = import ./instances/heimdall/hm.nix; }]; diff --git a/instances/heimdall/configuration.nix b/instances/heimdall/configuration.nix index 9546666..92ae49e 100644 --- a/instances/heimdall/configuration.nix +++ b/instances/heimdall/configuration.nix @@ -83,6 +83,25 @@ in }; services = { + gitlab-runner = { + enable = true; + services = let authenticationTokenConfigFile = config.age.secrets.heimdall-gitlab-runner.path; in { + # runner for building docker images + docker-images = { + authenticationTokenConfigFile = config.age.secrets.heimdall-gitlab-runner-docker-images.path; + + dockerImage = "docker:stable"; + dockerVolumes = [ + "/var/run/docker.sock:/var/run/docker.sock" + ]; + }; + # runner for everything else + default = { + authenticationTokenConfigFile = config.age.secrets.heimdall-gitlab-runner-default.path; + dockerImage = "debian:stable"; + }; + }; + }; music-assistant = { enable = true; providers = [ "chromecast" "dlna" "filesystem_local" "hass" "hass_players" "jellyfin" "player_group" "radiobrowser" "soundcloud" "tidal" ]; diff --git a/secrets/heimdall-gitlab-runner-default.age b/secrets/heimdall-gitlab-runner-default.age new file mode 100644 index 0000000..a6632e7 --- /dev/null +++ b/secrets/heimdall-gitlab-runner-default.age @@ -0,0 +1,19 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHF5NzlGUSBOTW81 +bXZ5QXJsTHlxN1FUVTRSNzZvZk0xdGR3amttbHlxNUFQbGZtL1E0CmhNSmxIN2JJ +elA5RkYxbElpSUFXYXBKTnJMYnlZL1VNRkh0YmxvWW5HbjAKLT4gc3NoLWVkMjU1 +MTkgNGJlaEZBIGs0Q0RSbGViSVQ1Z1lobEkrSzhHbTVEZldyK1J4WmVxbkgyTVN5 +Qi9CaEEKNExTM0E1cWJNVTJvSWdDT2tBMTM3a05LOVhhUU01MEpwMkJyYXMxaWE3 +YwotPiBzc2gtZWQyNTUxOSBoR1FBU0EgbEVZM1oxQnJrcHpXSU44ZE5pTlI2Z3FW +a0RUMmQ5UURHbzVzYVN6dW9rVQo3MGxwT0MyRG9XZngvL2VPUEpySGVRWTVNZ2p1 +TW5YOUd1K05tUnJpKzVNCi0+IHNzaC1lZDI1NTE5IHlpWW9YZyB5WDVXU1YyZTNC +cWg4OW1qSEV1Zmlib2o5elZEY2xhYjY4VjdLcXZRVkNRCmRNdUt1dXYrSllxZW55 +YXJkNng3MCtNMHZqdWp6WHAvME1kSlVqOU1LWXcKLT4gbDNKLWdyZWFzZSA5JE1b +X2w4VyBcViBrI0tVeSAzWQpZenVOblZJUGowZ1NlMHRZaDFqU3ZsdHdaSDg4ZXFU +T0FrSkd2OFp2OXVNaUpKRVdYbE4rOFdsa0NUcWZtRTJzCmp4SFc2bkFyN1JpV3hQ +TEFGVW1kVW1NRVF5ZUp3NXRsN0NWRHFsK29Zbml1TVRBCi0tLSBXY1gySjVwU2lz +RnJIZi85KzJkZDdPUExDQXlQMStQbXlWS0NxSm5EM0tVCsfn/FPue+4C/F95dJ4k +FbV9F5T1txNwKjN3wFVz/pf8RcDUi7vWZC5qpRjGuXGdjNfNaKnd3sQJ//wXTYA2 +PgiLX56jljCqtXCaXdfBrky6bCx2/Zm3oagqogYYCClC8gPuJq7g3rL8wi6tnKc3 +G2Tj8AbvxETApX/3oEcqPL35hTbyD5eTEwYKhkyKKKqQghSr3+ceC3ZipXo= +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/heimdall-gitlab-runner-docker-images.age b/secrets/heimdall-gitlab-runner-docker-images.age new file mode 100644 index 0000000..30a94f9 --- /dev/null +++ b/secrets/heimdall-gitlab-runner-docker-images.age @@ -0,0 +1,19 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHF5NzlGUSBBRUtQ +NkRYdkYxeW1CU0poaEtBVGpKLzEwTVoyWnBNNDNFZHZMLzNIYndjCkViTTE3N1Vu +aU1jVU1adFMyT3BZVUJOeWlzMXlXYmt0cVYzREd6dlN3VVUKLT4gc3NoLWVkMjU1 +MTkgNGJlaEZBIEdUT1ZscmFQMGRSeEFRc0txQWdTV09XWkhrb1Z2R2hKV25tT1ZI +U0gzVUkKQU51Vks2TWlEb3E3STNrNjZ5QU16UURnekNMVjFrQnBlYVVqVlh5bmhV +WQotPiBzc2gtZWQyNTUxOSBoR1FBU0EgSUNibGRYYWVvb1RHdXN4K09xQW5uZUJs +czlxbDdUSXB0QWhta2lWdncyQQpXdW9Mb3N4V2IrcGRXSnVjelJGdmo4VDVGVWNU +dUE2RjZLay9kUGxMbUJVCi0+IHNzaC1lZDI1NTE5IHlpWW9YZyBhcGVrS1JjZndu +THNJRktVY0tlclVrNFZidk5FSENiUm1LRnU1SFB4b2pZCklOTHF6VzlUdHFISXkz +ZHRORVE4WEJuZWt6ZVVnaU01TE1KNGgzZzZKMm8KLT4gd1QtZ3JlYXNlIHd8IExy +IGVhby1QCmZ1WGVEZkVoaUY1RlVWdlM1T09uZDIxbnk3RysyYWRGL3hwblV5ekxI +UHovSWFmZWdqTzRUTDVhNU9PSGZHczMKZTRsY1lidjJFdXBlTXJUdUswTWY4Qm1p +S0UvMXA4djNjTjh5NVRFYlB3Ci0tLSBVVC9XNlZvNzhLMlN2R0szcVpIQ2ptTEFJ +SmtNczkxanFZdUdFM2lGbnFVCmnC9Xw0KifuJlAIwXrK4FZ4QM2wlT5Ggd90HseN +koU6VidHdjBspvrvVSQk7LAiZkYr8A6T7LbHrlTD9/IK0NIk0eLmyDEO8qQPtzLX +gqKOv1IAxnydIeEy2vW7nU3KmQpi1ROY9AerKlnzbSuHxqnZfG/wsDi9Iq3IB/Bx +hHbcm9uACzhDsANMIeOsO84nHr2Bk170zfRZirU= +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/heimdall-gitlab-runner-nix.age b/secrets/heimdall-gitlab-runner-nix.age new file mode 100644 index 0000000..682c76d --- /dev/null +++ b/secrets/heimdall-gitlab-runner-nix.age @@ -0,0 +1,20 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHF5NzlGUSBGSCtI +bXgrckxhdGlHc0lGRE1LQ0E4bGt3dkFZVVZsUFJDSFpJNTI0ZFdVCkVpRlNSTS9O +T01BM2RNZXlRQkN4ZkxHM3dMZ1NveVlDVVU5dTF2SVYrU1UKLT4gc3NoLWVkMjU1 +MTkgNGJlaEZBIFFwNmJPK2tncHdKcGhUZkVmZlBEYjh1Z2cwS1ZocS9ma055UFcz +dHRrWEkKSzZ4UU9NNXRFQURNeERJcEluSGVSVWpHcm5kWGVKaDd3YkNkcHA1N2Z6 +ZwotPiBzc2gtZWQyNTUxOSBoR1FBU0EgM0xNbVk0aU1oamNIMWJ4YUVzMzhROWNE +MmFsSXh3ZTVYSjZyUE5qbVkyWQowcHFQRE5EMG91UTR1ekdvUlQ2TVllZUFmU0Ru +NWNtVHJnZ09nb0hXOENRCi0+IHNzaC1lZDI1NTE5IHlpWW9YZyBSN3laY3REendN +UXhUQlhLSFhIVVZ0Z2JCWHZQNE5CS0lxc0RLbG9zVmp3Cmo4U21henlVNHVFbHRu +MUtLOHk2ZlBrbjVqaG9UN2JWSlozVkkzT0pNNmcKLT4geGV9YC5TOjwtZ3JlYXNl +IHchbkglJ0BjICJ8W08oRVoKWWVnVE1DeDJXN1hWTTBYOTV2cWd6K3NtUnllUFdS +bStteFdLZXBoNE90bWRuNW9FZDlBWTl4bWYyVGo0L1FVeApPdTd2Tll0YVFKNmlP +SmEvdk91cThUdWpqQldjb3VDT0l5NkFqSjlXUGRVbWR5UWtxeGcKLS0tIFRySkc3 +YmFWYXJFTlF5aWFVaWxCVDY0cncycDBvQk9rMWduU1lpUHI3S2MK0AlK7DoYTpSh +niSWMlVWSxicfJxCUcXctBADOVkqwBBtIaFQLB2raMY5wZ05r5dUu60wUxUVTibC +tsq5xLtVSzqngBqDU3CrpPykOfZHhQoilKKbvBCFueJwgj4MLMyv2Q4+HKDAg8te +xmdOP7gLF8O3Je1EpGUuAKVq77fA1j/RxHzWWnilXam76moCKrKsOyxt19QD5z6J +OA== +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 3fc9ddc..8a5dd4f 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -48,4 +48,7 @@ in "minio_bertof.age".publicKeys = devUsers ++ [ sif thor odin heimdall thinkstation ]; "minio_tiziano.age".publicKeys = devUsers ++ [ tiziano_odin ] ++ [ odin thinkstation ]; "ollama.age".publicKeys = devUsers ++ [ sif thor ]; + "heimdall-gitlab-runner-nix.age".publicKeys = devUsers ++ [ heimdall ]; + "heimdall-gitlab-runner-docker-images.age".publicKeys = devUsers ++ [ heimdall ]; + "heimdall-gitlab-runner-default.age".publicKeys = devUsers ++ [ heimdall ]; }