diff options
| author | Franz Pletz <fpletz@fnordicwalking.de> | 2017-08-21 20:27:48 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-08-21 20:27:48 +0200 |
| commit | 66fe192301cc1d6f279f41d4a4ba12ecfd88d8a4 (patch) | |
| tree | 100a23e03fba8e9e1a4043a206373e36d14b7d41 /nixos/modules | |
| parent | 4d192a3522576c1685abc78b0f0479afab1be9ce (diff) | |
| parent | e6785422ae213dffe19bc2a2bb6b2dd275799be0 (diff) | |
| download | nixlib-66fe192301cc1d6f279f41d4a4ba12ecfd88d8a4.tar nixlib-66fe192301cc1d6f279f41d4a4ba12ecfd88d8a4.tar.gz nixlib-66fe192301cc1d6f279f41d4a4ba12ecfd88d8a4.tar.bz2 nixlib-66fe192301cc1d6f279f41d4a4ba12ecfd88d8a4.tar.lz nixlib-66fe192301cc1d6f279f41d4a4ba12ecfd88d8a4.tar.xz nixlib-66fe192301cc1d6f279f41d4a4ba12ecfd88d8a4.tar.zst nixlib-66fe192301cc1d6f279f41d4a4ba12ecfd88d8a4.zip | |
Merge pull request #28293 from makefu/module/gitlab-runner/configOptions
module gitlab-runner: introduce configOptions and configFile
Diffstat (limited to 'nixos/modules')
| -rw-r--r-- | nixos/modules/services/continuous-integration/gitlab-runner.nix | 56 |
1 files changed, 53 insertions, 3 deletions
diff --git a/nixos/modules/services/continuous-integration/gitlab-runner.nix b/nixos/modules/services/continuous-integration/gitlab-runner.nix index b11bc031b3ff..ce0583dad54d 100644 --- a/nixos/modules/services/continuous-integration/gitlab-runner.nix +++ b/nixos/modules/services/continuous-integration/gitlab-runner.nix @@ -4,15 +4,65 @@ with lib; let cfg = config.services.gitlab-runner; - configFile = pkgs.writeText "config.toml" cfg.configText; + configFile = + if (cfg.configFile == null) then + (pkgs.runCommand "config.toml" { + buildInputs = [ pkgs.remarshal ]; + } '' + remarshal -if json -of toml \ + < ${pkgs.writeText "config.json" (builtins.toJSON cfg.configOptions)} \ + > $out + '') + else + cfg.configFile; hasDocker = config.virtualisation.docker.enable; in { options.services.gitlab-runner = { enable = mkEnableOption "Gitlab Runner"; - configText = mkOption { - description = "Verbatim config.toml to use"; + configFile = mkOption { + default = null; + description = '' + Configuration file for gitlab-runner. + Use this option in favor of configOptions to avoid placing CI tokens in the nix store. + + <option>configFile</option> takes precedence over <option>configOptions</option>. + + Warning: Not using <option>configFile</option> will potentially result in secrets + leaking into the WORLD-READABLE nix store. + ''; + type = types.nullOr types.path; + }; + + configOptions = mkOption { + description = '' + Configuration for gitlab-runner + <option>configFile</option> will take precedence over this option. + + Warning: all Configuration, especially CI token, will be stored in a + WORLD-READABLE file in the Nix Store. + + If you want to protect your CI token use <option>configFile</option> instead. + ''; + type = types.attrs; + example = { + concurrent = 2; + runners = [{ + name = "docker-nix-1.11"; + url = "https://CI/"; + token = "TOKEN"; + executor = "docker"; + builds_dir = ""; + docker = { + host = ""; + image = "nixos/nix:1.11"; + privileged = true; + disable_cache = true; + cache_dir = ""; + }; + }]; + }; }; gracefulTermination = mkOption { |