forked from MNRMax/nix-bitbucket-runner-linux-shell
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdefault.nix
133 lines (125 loc) · 4 KB
/
default.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
# Bitbucket Runner Linux Shell Nix Module
{
lib,
pkgs,
config,
...
}:
with lib;
let
cfg = config.services.bitbucket-runner;
bitbucketRunner = pkgs.callPackage ./package.nix { };
in
{
imports = [ ];
options.services.bitbucket-runner = {
enable = mkEnableOption "bitbucket-runner";
user = mkOption {
type = types.str;
default = "bitbucket-runner";
description = "The user that runs the Bitbucket runner service";
};
group = mkOption {
type = types.str;
default = "bitbucket-runner";
description = "The group for the Bitbucket runner service";
};
flags = {
accountUuid = mkOption {
type = types.str;
description = "The account UUID for the Bitbucket runner";
};
repositoryUuid = mkOption {
type = types.str;
description = "The repository UUID for the Bitbucket runner";
};
runnerUuid = mkOption {
type = types.str;
description = "The runner UUID for the Bitbucket runner";
};
OAuthClientId = mkOption {
type = types.str;
description = "The OAuth Client ID for Bitbucket authentication";
};
OAuthClientSecret = mkOption {
type = types.str;
description = "The OAuth Client Secret for Bitbucket authentication";
};
workingDirectory = mkOption {
type = types.str;
default = "/tmp";
description = "The working directory for the Bitbucket runner";
};
runtime = mkOption {
type = types.enum [
"linux-shell"
"linux-docker"
];
default = "linux-shell";
description = "The runtime environment for the Bitbucket runner";
};
extraFlags = mkOption {
type = types.str;
default = "";
description = "Additional flags to pass to the Bitbucket runner";
};
};
extraPackages = mkOption {
type = types.listOf types.package;
description = "Additional packages to make available to pipelines";
default = [ ];
};
};
config = mkIf cfg.enable {
users.users.${cfg.user} = {
description = "Bitbucket Runner Linux Shell User";
group = cfg.group;
# For certain File System actions, the runner may need an actual user
# An example is Nix operations (eg Colmena, deploy-rs etc)
isNormalUser = true;
createHome = true;
home = "/home/${cfg.user}";
};
users.groups.${cfg.group} = { };
systemd.services.bitbucket-runner = mkIf (cfg.flags.runtime == "linux-shell") {
description = "Bitbucket Runner Service";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
path = cfg.extraPackages;
serviceConfig = {
ExecStart = ''
${bitbucketRunner}/bin/bitbucket-runner-linux-shell \
--accountUuid {${cfg.flags.accountUuid}} \
--repositoryUuid {${cfg.flags.repositoryUuid}} \
--runnerUuid {${cfg.flags.runnerUuid}} \
--OAuthClientId ${cfg.flags.OAuthClientId} \
--OAuthClientSecret ${cfg.flags.OAuthClientSecret} \
--runtime ${cfg.flags.runtime} \
--workingDirectory ${cfg.flags.workingDirectory}
'';
User = cfg.user;
Group = cfg.group;
Restart = "on-failure";
};
};
virtualisation.oci-containers = mkIf (cfg.flags.runtime == "linux-docker") {
backend = "docker";
containers = {
bitbucket-runner = {
image = "docker-public.packages.atlassian.com/sox/atlassian/bitbucket-pipelines-runner";
volumes = [
"/tmp:${cfg.flags.workingDirectory}"
];
environment = {
ACCOUNT_UUID = cfg.flags.accountUuid;
REPOSITORY_UUID = cfg.flags.repositoryUuid;
RUNNER_UUID = cfg.flags.runnerUuid;
OAUTH_CLIENT_ID = cfg.flags.OAuthClientId;
OAUTH_CLIENT_SECRET = cfg.flags.OAuthClientSecret;
WORKING_DIRECTORY = cfg.flags.workingDirectory;
};
};
};
};
};
}