let credentials = { # REDACTED }; # Shared by all machines sh

1. let
2. credentials = {
3. # REDACTED
4. };
5.  
6. # Shared by all machines
7. shared = {
8. deployment.targetEnv = "gce";
9. deployment.gce = credentials // {
10. region = "us-west1-b";
11. rootDiskSize = 20; # GiB
12. };
13. };
14.  
15. gitlab = {resources, ...}: {
16. deployment.targetEnv = "gce";
17. deployment.gce = {
18. instanceType = "n1-standard-2"; # 2 vCPUs, 7.5GB RAM
19. tags = [ "gitlab" ];
20. network = resources.gceNetworks.net;
21. };
22.  
23. imports = [
24. ./foobar.nix
25. ./secrets.nix
26. ];
27.  
28. swapDevices = [ { device = "/var/swapfile"; size = 4096; } ];
29. } // shared; # TODO: This doesn't work
30.  
31. runner = { resources, ...}: {
32. deployment.gce = {
33. instanceType = "g1-small"; # 1 shared vCPU, 1.7 GB RAM
34. tags = [ "gitlab-runner" ];
35. network = resources.gceNetworks.net;
36. };
37.  
38. imports = [
39. ./barfoo.nix
40. ./secrets.nix
41. ];
42.  
43. networking.hostName = "gitlab-runner.slumberso.me";
44.  
45. swapDevices = [ { device = "/var/swapfile"; size = 4096; } ];
46. } // shared; # TODO: This doesn't work
47.  
48. in {
49.  
50. resources.gceNetworks.net = credentials // {
51. addressRange = "192.168.4.0/24";
52. firewall = {
53. allow-http = {
54. targetTags = [ "gitlab" ];
55. allowed.tcp = [ 80 ];
56. };
57. allow-https = {
58. targetTags = [ "gitlab" ];
59. allowed.tcp = [ 443 ];
60. };
61. allow-ping.allowed.icmp = null;
62. };
63. };
64.  
65. resources.gceTargetPools.gitlab = { resources, nodes, ...}: credentials // {
66. region = "us-west1";
67. machines = with nodes; [ server ];
68. };
69.  
70. # TODO: Naming the machine "server" is not helpful
71. server = gitlab;
72. }