Gitlab runner

`services.gitlab-runner.clear-docker-cache.dates`

Specification (in the format described by {manpage}systemd.time(7)) of the time at which the prune will occur.

Type: string

Default

"weekly"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/continuous-integration/gitlab-runner.nix

`services.gitlab-runner.clear-docker-cache.enable`

Whether to periodically prune gitlab runner's Docker resources. If enabled, a systemd timer will run {command}clear-docker-cache as specified by the dates option.

Type: boolean

Default

false

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/continuous-integration/gitlab-runner.nix

`services.gitlab-runner.clear-docker-cache.flags`

Any additional flags passed to {command}clear-docker-cache.

Type: list of string

Default

[ ]

Example

["prune"]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/continuous-integration/gitlab-runner.nix

`services.gitlab-runner.clear-docker-cache.package`

Docker package to use for clearing up docker cache. Type: unspecified value

Default

config.virtualisation.docker.package

Example

pkgs.docker

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/continuous-integration/gitlab-runner.nix

`services.gitlab-runner.configFile`

Configuration file for gitlab-runner.

{option}configFile takes precedence over {option}services. {option}checkInterval and {option}concurrent will be ignored too.

This option is deprecated, please use {option}services instead. You can use {option}registrationConfigFile and {option}registrationFlags for settings not covered by this module.

Type: null or path

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/continuous-integration/gitlab-runner.nix

`services.gitlab-runner.enable`

Whether to enable Gitlab Runner. Type: boolean

Default

false

Example

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/continuous-integration/gitlab-runner.nix

`services.gitlab-runner.extraPackages`

Extra packages to add to PATH for the gitlab-runner process.

Type: list of package

Default

[ ]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/continuous-integration/gitlab-runner.nix

`services.gitlab-runner.gracefulTermination`

Finish all remaining jobs before stopping. If not set gitlab-runner will stop immediately without waiting for jobs to finish, which will lead to failed builds.

Type: boolean

Default

false

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/continuous-integration/gitlab-runner.nix

`services.gitlab-runner.gracefulTimeout`

Time to wait until a graceful shutdown is turned into a forceful one.

Type: string

Default

"infinity"

Example

"5min 20s"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/continuous-integration/gitlab-runner.nix

`services.gitlab-runner.package`

The gitlab-runner package to use. Type: package

Default

pkgs.gitlab-runner

Example

gitlab-runner_1_11

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/continuous-integration/gitlab-runner.nix

`services.gitlab-runner.services`

GitLab Runner services. Type: attribute set of (submodule)

Default

{ }

Example

{# runner for building in docker via host's nix-daemon# nix store will be readable in runner, might be insecurenix = {# File should contain at least these two variables:# -CI_SERVER_URL# -REGISTRATION_TOKEN` # # NOTE: Support for runner registration tokens will be removed in GitLab 18.0. # Please migrate to runner authentication tokens soon. For reference, the example # runners below this one are configured with authentication tokens instead. registrationConfigFile = "/run/secrets/gitlab-runner-registration";

dockerImage = "alpine";
dockerVolumes = [
  "/nix/store:/nix/store:ro"
  "/nix/var/nix/db:/nix/var/nix/db:ro"
  "/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro"
];
dockerDisableCache = true;
preBuildScript = pkgs.writeScript "setup-container" ''
  mkdir -p -m 0755 /nix/var/log/nix/drvs
  mkdir -p -m 0755 /nix/var/nix/gcroots
  mkdir -p -m 0755 /nix/var/nix/profiles
  mkdir -p -m 0755 /nix/var/nix/temproots
  mkdir -p -m 0755 /nix/var/nix/userpool
  mkdir -p -m 1777 /nix/var/nix/gcroots/per-user
  mkdir -p -m 1777 /nix/var/nix/profiles/per-user
  mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root
  mkdir -p -m 0700 "$HOME/.nix-defexpr"

  . ${pkgs.nix}/etc/profile.d/nix.sh

  ${pkgs.nix}/bin/nix-env -i ${concatStringsSep " " (with pkgs; [ nix cacert git openssh ])}

  ${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixpkgs-unstable
  ${pkgs.nix}/bin/nix-channel --update nixpkgs
'';
environmentVariables = {
  ENV = "/etc/profile";
  USER = "root";
  NIX_REMOTE = "daemon";
  PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin";
  NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt";
};
tagList = [ "nix" ];

}; # runner for building docker images docker-images = { # File should contain at least these two variables: # CI_SERVER_URL # CI_SERVER_TOKEN authenticationTokenConfigFile = "/run/secrets/gitlab-runner-docker-images-token-env";

dockerImage = "docker:stable";
dockerVolumes = [
  "/var/run/docker.sock:/var/run/docker.sock"
];
tagList = [ "docker-images" ];

}; # runner for executing stuff on host system (very insecure!) # make sure to add required packages (including git!) # to environment.systemPackages shell = { # File should contain at least these two variables: # CI_SERVER_URL # CI_SERVER_TOKEN authenticationTokenConfigFile = "/run/secrets/gitlab-runner-shell-token-env";

executor = "shell";
tagList = [ "shell" ];

}; # runner for everything else default = { # File should contain at least these two variables: # CI_SERVER_URL # CI_SERVER_TOKEN authenticationTokenConfigFile = "/run/secrets/gitlab-runner-default-token-env"; dockerImage = "debian:stable"; }; } `

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/continuous-integration/gitlab-runner.nix

`services.gitlab-runner.services.<name>.authenticationTokenConfigFile`

Absolute path to a file containing environment variables used for gitlab-runner registrations with runner authentication tokens. They replace the deprecated runner registration tokens, as outlined in the GitLab documentation.

A list of all supported environment variables can be found with gitlab-runner register --help.

The ones you probably want to set are: - CI_SERVER_URL=<CI server URL> - CI_SERVER_TOKEN=<runner authentication token secret>

::: {.warning} Make sure to use a quoted absolute path, or it is going to be copied to Nix Store. :::

Type: null or path

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/continuous-integration/gitlab-runner.nix

`services.gitlab-runner.services.<name>.buildsDir`

Absolute path to a directory where builds will be stored in context of selected executor (Locally, Docker, SSH).

Type: null or path

Default

null

Example

"/var/lib/gitlab-runner/builds"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/continuous-integration/gitlab-runner.nix

`services.gitlab-runner.services.<name>.cloneUrl`

Overwrite the URL for the GitLab instance. Used if the Runner can’t connect to GitLab on the URL GitLab exposes itself.

Type: null or string

Default

null

Example

"http://gitlab.example.local"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/continuous-integration/gitlab-runner.nix

`services.gitlab-runner.services.<name>.debugTraceDisabled`

When set to true Runner will disable the possibility of using the CI_DEBUG_TRACE feature.

Type: boolean

Default

false

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/continuous-integration/gitlab-runner.nix

`services.gitlab-runner.services.<name>.description`

Name/description of the runner.

Type: null or string

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/continuous-integration/gitlab-runner.nix

`services.gitlab-runner.services.<name>.dockerAllowedImages`

Whitelist allowed images.

Type: list of string

Default

[ ]

Example

["ruby:*""python:*""php:*""my.registry.tld:5000/*:*"]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/continuous-integration/gitlab-runner.nix

`services.gitlab-runner.services.<name>.dockerAllowedServices`

Whitelist allowed services.

Type: list of string

Default

[ ]

Example

["postgres:9""redis:*""mysql:*"]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/continuous-integration/gitlab-runner.nix

`services.gitlab-runner.services.<name>.dockerDisableCache`

Disable all container caching.

Type: boolean

Default

false

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/continuous-integration/gitlab-runner.nix

`services.gitlab-runner.services.<name>.dockerExtraHosts`

Add a custom host-to-IP mapping.

Type: list of string

Default

[ ]

Example

["other-host:127.0.0.1"]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/continuous-integration/gitlab-runner.nix

`services.gitlab-runner.services.<name>.dockerImage`

Docker image to be used.

Type: null or string

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/continuous-integration/gitlab-runner.nix

`services.gitlab-runner.services.<name>.dockerPrivileged`

Give extended privileges to container.

Type: boolean

Default

false

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/continuous-integration/gitlab-runner.nix

`services.gitlab-runner.services.<name>.dockerVolumes`

Bind-mount a volume and create it if it doesn't exist prior to mounting.

Type: list of string

Default

[ ]

Example

["/var/run/docker.sock:/var/run/docker.sock"]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/continuous-integration/gitlab-runner.nix

`services.gitlab-runner.services.<name>.environmentVariables`

Custom environment variables injected to build environment. For secrets you can use {option}registrationConfigFile with RUNNER_ENV variable set.

Type: attribute set of string

Default

{ }

Example

{NAME = "value";}

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/continuous-integration/gitlab-runner.nix

`services.gitlab-runner.services.<name>.executor`

Select executor, eg. shell, docker, etc. See runner documentation for more information.

Type: string

Default

"docker"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/continuous-integration/gitlab-runner.nix

`services.gitlab-runner.services.<name>.limit`

Limit how many jobs can be handled concurrently by this service. 0 (default) simply means don't limit.

Type: signed integer

Default

0

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/continuous-integration/gitlab-runner.nix

`services.gitlab-runner.services.<name>.maximumTimeout`

What is the maximum timeout (in seconds) that will be set for job when using this Runner. 0 (default) simply means don't limit.

This option has no effect for runners registered with an runner authentication tokens and will be ignored.

Type: signed integer

Default

0

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/continuous-integration/gitlab-runner.nix

`services.gitlab-runner.services.<name>.postBuildScript`

Runner-specific command script executed after code is pulled and just after build executes.

Type: null or path

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/continuous-integration/gitlab-runner.nix

`services.gitlab-runner.services.<name>.postGetSourcesScript`

Runner-specific command script executed after code is pulled.

Type: null or path

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/continuous-integration/gitlab-runner.nix

`services.gitlab-runner.services.<name>.preBuildScript`

Runner-specific command script executed after code is pulled, just before build executes.

Type: null or path

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/continuous-integration/gitlab-runner.nix

`services.gitlab-runner.services.<name>.preGetSourcesScript`

Runner-specific command script executed before code is pulled.

Type: null or path

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/continuous-integration/gitlab-runner.nix

`services.gitlab-runner.services.<name>.protected`

When set to true Runner will only run on pipelines triggered on protected branches.

This option has no effect for runners registered with an runner authentication tokens and will be ignored.

Type: boolean

Default

false

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/continuous-integration/gitlab-runner.nix

`services.gitlab-runner.services.<name>.registrationConfigFile`

Absolute path to a file with environment variables used for gitlab-runner registration with runner registration tokens.

A list of all supported environment variables can be found in gitlab-runner register --help.

The ones you probably want to set are: - CI_SERVER_URL=<CI server URL> - REGISTRATION_TOKEN=<registration secret>

Support for runner registration tokens is deprecated since GitLab 16.0, has been disabled by default in GitLab 17.0 and will be removed in GitLab 18.0, as outlined in the GitLab documentation. Please consider migrating to runner authentication tokens and check the documentation on {option}services.gitlab-runner.services.<name>.authenticationTokenConfigFile.

::: {.warning} Make sure to use a quoted absolute path, or it is going to be copied to Nix Store. :::

Type: null or path