diff --git a/.forgejo/workflows/check.yml b/.forgejo/workflows/check.yml
index 0034e9e..0968832 100644
--- a/.forgejo/workflows/check.yml
+++ b/.forgejo/workflows/check.yml
@@ -24,26 +24,48 @@ jobs:
echo "hash=$(md5sum flake.lock | awk '{print $1}')" >> $GITHUB_OUTPUT
- name: Restore and cache Nix store
- uses: https://github.com/nix-community/cache-nix-action@v5
+ uses: https://github.com/nix-community/cache-nix-action@v4.0.3
id: nix-store-cache
with:
- primary-key: cache-${{ runner.os }}-nix-store-${{ steps.flake-lock-hash.outputs.hash }}
- restore-prefixes-first-match: |
+ key: cache-${{ runner.os }}-nix-store-${{ steps.flake-lock-hash.outputs.hash }}
+ restore-keys: |
cache-${{ runner.os }}-nix-store-
gc-linux: true
gc-max-store-size-linux: 10000000000
- purge: true
- purge-prefixes: cache-${{ runner.os }}-nix-store-
- purge-created: 42
+ purge-caches: true
+ purge-key: cache-${{ runner.os }}-nix-store-
+ purge-created: true
+ purge-created-max-age: 42
- name: Prepare cachix
uses: https://github.com/cachix/cachix-action@v14
with:
name: pub-solar
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
+ useDaemon: false
- name: Run flake checks
run: |
+ # Prevent cache garbage collection by creating GC roots
+ for target in $(nix flake show --json --all-systems | jq '
+ .["nixosConfigurations"] |
+ to_entries[] |
+ .key
+ ' | tr -d '"'
+ ); do
+ nix --print-build-logs --verbose --accept-flake-config --access-tokens '' \
+ build --out-link ./result-$target ".#nixosConfigurations.${target}.config.system.build.toplevel"
+ done
+
nix --print-build-logs --verbose --accept-flake-config --access-tokens '' flake check
+
+ # Add GC roots for flake inputs, too
+ # https://github.com/NixOS/nix/issues/4250#issuecomment-1146878407
+ mkdir --parents "$NIX_USER_PROFILE_DIR"
+ gc_root_prefix="$NIX_USER_PROFILE_DIR"/infra-flake-
+ echo "Adding gcroots flake inputs with prefix $gc_root_prefix ..."
+ nix flake archive --json 2>/dev/null | jq --raw-output '.inputs | to_entries[] | "ln --force --symbolic --no-target-directory "+.value.path+" \"'"$gc_root_prefix"'"+.key+"\""' | while read -r line; do
+ eval "$line"
+ done
diff --git a/hosts/flora-6/apps/forgejo-actions-runner.nix b/hosts/flora-6/apps/forgejo-actions-runner.nix
index d3f6aeb..045f0c2 100644
--- a/hosts/flora-6/apps/forgejo-actions-runner.nix
+++ b/hosts/flora-6/apps/forgejo-actions-runner.nix
@@ -13,16 +13,43 @@
# Needed for the docker runner to communicate with the act_runner cache
networking.firewall.trustedInterfaces = [ "br-+" ];
+ users.users.gitea-runner = {
+ home = "/var/lib/gitea-runner/flora-6";
+ useDefaultShell = true;
+ group = "gitea-runner";
+ isSystemUser = true;
+ };
+
+ users.groups.gitea-runner = {};
+
+ systemd.services."gitea-runner-flora\\x2d6".serviceConfig = {
+ DynamicUser = lib.mkForce false;
+ };
+
+ systemd.tmpfiles.rules = [
+ "d '/data/gitea-actions-runner' 0750 gitea-runner gitea-runner - -"
+ "d '/var/lib/gitea-runner' 0750 gitea-runner gitea-runner - -"
+ ];
+
# forgejo actions runner
# https://forgejo.org/docs/latest/admin/actions/
# https://docs.gitea.com/usage/actions/quickstart
services.gitea-actions-runner = {
- package = pkgs.forgejo-actions-runner;
+ package = pkgs.forgejo-runner;
instances."flora-6" = {
enable = true;
name = config.networking.hostName;
url = "https://git.pub.solar";
tokenFile = config.age.secrets.forgejo-actions-runner-token.path;
+ settings = {
+ cache = {
+ enabled = true;
+ dir = "/data/gitea-actions-runner/actcache";
+ host = "";
+ port = 0;
+ external_server = "";
+ };
+ };
labels = [
# provide a debian 12 bookworm base with Node.js for actions
"debian-latest:docker://git.pub.solar/pub-solar/actions-base-image:20-bookworm"
diff --git a/overlays/default.nix b/overlays/default.nix
index 6b81e38..74cf409 100644
--- a/overlays/default.nix
+++ b/overlays/default.nix
@@ -13,6 +13,7 @@
};
in
{
+ forgejo-runner = unstable.forgejo-runner;
element-themes = prev.callPackage ./pkgs/element-themes { inherit (inputs) element-themes; };
})
];