teutat3s/os
2
0
Fork 0
forked from pub-solar/os
Code Pull requests Activity

forgejo-actions-runner: init module, add to ryzensun

Browse source
This commit is contained in:
teutat3s 2024-11-07 10:22:35 +01:00
parent c0b1e6088d
commit 2aabad4062
Signed by: teutat3s
GPG key ID: 4FA1D3FA524F22C1
4 changed files with 60 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
modules/default.nix
View file

@ -10,6 +10,7 @@
desktop-extended = import ./desktop-extended; desktop-extended = import ./desktop-extended;
docker = import ./docker; docker = import ./docker;
#email = import ./email; #email = import ./email;
forgejo-actions-runner = import ./forgejo-actions-runner;
#gaming = import ./gaming; #gaming = import ./gaming;
graphical = import ./graphical; graphical = import ./graphical;
invoiceplane = import ./invoiceplane; invoiceplane = import ./invoiceplane;

58
modules/forgejo-actions-runner/default.nix Normal file
View file

@ -0,0 +1,58 @@
{
config,
pkgs,
lib,
flake,
...
}:
let
hostname = config.networking.hostName;
in
{
age.secrets."forgejo-actions-runner-token.age" = {
file = "${flake.self}/secrets/forgejo-actions-runner-token.age";
mode = "440";
};
# Trust docker bridge interface traffic
# Needed for the docker runner to communicate with the act_runner cache
networking.firewall.trustedInterfaces = [ "br-+" ];
users.users.gitea-runner = {
home = "/var/lib/gitea-runner/${hostname}";
useDefaultShell = true;
group = "gitea-runner";
# Required to interact with nix daemon
extraGroups = [ "wheel" ];
isSystemUser = true;
};
users.groups.gitea-runner = { };
systemd.tmpfiles.rules = [ "d '/var/lib/gitea-runner' 0750 gitea-runner gitea-runner - -" ];
systemd.services."gitea-runner-${hostname}" = {
serviceConfig.DynamicUser = lib.mkForce false;
};
# forgejo actions runner
# https://forgejo.org/docs/latest/admin/actions/
# https://docs.gitea.com/usage/actions/quickstart
services.gitea-actions-runner = {
package = pkgs.forgejo-runner;
instances."${hostname}" = {
enable = true;
name = hostname;
url = "https://git.pub.solar";
tokenFile = config.age.secrets."forgejo-actions-runner-token.age".path;
labels = [
# provide a debian 12 bookworm base with Node.js for actions
"debian-latest:docker://git.pub.solar/pub-solar/actions-base-image:20-bookworm"
# fake the ubuntu name, commonly used in actions examples
"ubuntu-latest:docker://git.pub.solar/pub-solar/actions-base-image:20-bookworm"
# alpine with Node.js
"alpine-latest:docker://node:20-alpine"
];
};
};
}

BIN
secrets/forgejo-actions-runner-token.age Normal file
View file

Binary file not shown.

1
secrets/secrets.nix
View file

@ -26,6 +26,7 @@ in
"mnx-bonanza-pf1.p12.age".publicKeys = allKeys; "mnx-bonanza-pf1.p12.age".publicKeys = allKeys;
"docker-ci-runner-secrets.age".publicKeys = allKeys; "docker-ci-runner-secrets.age".publicKeys = allKeys;
"test-secret.age".publicKeys = [ users.teutat3s-5-nfc ]; "test-secret.age".publicKeys = [ users.teutat3s-5-nfc ];
"forgejo-actions-runner-token.age".publicKeys = allKeys;
"hosting-de-acme-secrets.age".publicKeys = [ "hosting-de-acme-secrets.age".publicKeys = [
machines.fae machines.fae
users.teutat3s users.teutat3s