2024-05-29 15:45:23 +00:00
|
|
|
{
|
|
|
|
config,
|
|
|
|
lib,
|
|
|
|
pkgs,
|
|
|
|
flake,
|
|
|
|
...
|
|
|
|
}:
|
|
|
|
{
|
|
|
|
age.secrets.tankstelle-forgejo-actions-runner-token = {
|
|
|
|
file = "${flake.self}/secrets/tankstelle-forgejo-actions-runner-token.age";
|
|
|
|
mode = "440";
|
|
|
|
};
|
|
|
|
|
|
|
|
# Trust docker bridge interface traffic
|
|
|
|
# Needed for the docker runner to communicate with the act_runner cache
|
|
|
|
networking.firewall.trustedInterfaces = [ "br-+" ];
|
|
|
|
|
2024-05-30 13:49:56 +00:00
|
|
|
users.users.gitea-runner = {
|
|
|
|
home = "/var/lib/gitea-runner/tankstelle";
|
|
|
|
useDefaultShell = true;
|
|
|
|
group = "gitea-runner";
|
|
|
|
# Required to interact with nix daemon
|
|
|
|
extraGroups = [
|
|
|
|
"wheel"
|
|
|
|
];
|
|
|
|
isSystemUser = true;
|
|
|
|
};
|
|
|
|
|
|
|
|
users.groups.gitea-runner = { };
|
|
|
|
|
|
|
|
systemd.tmpfiles.rules = [ "d '/var/lib/gitea-runner' 0750 gitea-runner gitea-runner - -" ];
|
|
|
|
|
|
|
|
systemd.services."gitea-runner-tankstelle" = {
|
|
|
|
serviceConfig.DynamicUser = lib.mkForce false;
|
|
|
|
path = with pkgs; [
|
|
|
|
coreutils
|
|
|
|
bash
|
|
|
|
coreutils
|
|
|
|
curl
|
|
|
|
gawk
|
|
|
|
gitMinimal
|
|
|
|
gnused
|
|
|
|
nodejs
|
|
|
|
wget
|
|
|
|
cachix
|
|
|
|
jq
|
|
|
|
];
|
|
|
|
};
|
2024-05-29 16:39:45 +00:00
|
|
|
|
2024-05-29 15:45:23 +00:00
|
|
|
# forgejo actions runner
|
|
|
|
# https://forgejo.org/docs/latest/admin/actions/
|
|
|
|
# https://docs.gitea.com/usage/actions/quickstart
|
|
|
|
services.gitea-actions-runner = {
|
|
|
|
package = pkgs.forgejo-runner;
|
|
|
|
instances."tankstelle" = {
|
|
|
|
enable = true;
|
|
|
|
name = config.networking.hostName;
|
|
|
|
url = "https://git.pub.solar";
|
|
|
|
tokenFile = config.age.secrets.tankstelle-forgejo-actions-runner-token.path;
|
2024-05-30 13:21:44 +00:00
|
|
|
labels = [ "self-hosted:host://-self-hosted" ];
|
2024-05-29 15:45:23 +00:00
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|