Fediversity/Fediversity
13
2
Fork 6
Code Issues 111 Pull requests 15 Projects 1 Activity Actions

Add a deployment for forgejo-ci
Some checks failed
/ check-pre-commit (pull_request) Has been cancelled
Details
/ check-data-model (pull_request) Has been cancelled
Details
/ check-peertube (pull_request) Has been cancelled
Details
/ check-panel (pull_request) Has been cancelled
Details
/ check-deployment-basic (pull_request) Has been cancelled
Details
/ check-deployment-cli (pull_request) Has been cancelled
Details
/ check-deployment-panel (pull_request) Has been cancelled
Details

Browse source
This commit is contained in:
Kiara Grouwstra 2025-07-02 12:27:07 +02:00
parent aa36402bbc
commit 447cbbcdd8
Signed by: kiara
SSH key fingerprint: SHA256:COspvLoLJ5WC5rFb9ZDe5urVCkK4LJZOsjfF4duRJFU
5 changed files with 65 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
infra/flake-part.nix
View file

@ -167,6 +167,10 @@ in
{ {
_class = "flake"; _class = "flake";
# NOTE: `forgejo-ci`, being a physical machine and not a Proxmox VM, gets
# custom treatment.
imports = [ ./forgejo-ci/flake-part.nix ];
## - Each normal or test machine gets a NixOS configuration. ## - Each normal or test machine gets a NixOS configuration.
## - Each normal or test machine gets a VM options entry. ## - Each normal or test machine gets a VM options entry.
## - Each normal machine gets a deployment. ## - Each normal machine gets a deployment.

58
infra/forgejo-ci/flake-part.nix Normal file
View file

@ -0,0 +1,58 @@
{
lib,
inputs,
sources,
keys,
secrets,
...
}:
## NOTE: Hackish solution mostly taken from `../common/resource.nix`.
## Eventually, `forgejo-ci` should move to a datacentre somewhere and this code
## should be integrated with the code for other machines (in particular VMs).
let
inherit (lib) attrValues elem;
inherit (lib.attrsets) concatMapAttrs optionalAttrs;
inherit (lib.strings) removeSuffix;
hostPublicKey = keys.systems.forgejo-ci;
in
{
_class = "flake";
nixops4Deployments.forgejo-ci =
{ providers, ... }:
{
providers.local = inputs.nixops4.modules.nixops4Provider.local;
resources.forgejo-ci = {
type = providers.local.exec;
imports = [ inputs.nixops4-nixos.modules.nixops4Resource.nixos ];
ssh = {
host = "forgejo-ci";
hostPublicKey = hostPublicKey;
};
nixpkgs = inputs.nixpkgs;
nixos.module = {
imports = with sources; [
"${agenix}/modules/age.nix"
"${disko}/module.nix"
./configuration.nix
];
age.secrets = concatMapAttrs (
name: secret:
optionalAttrs (elem hostPublicKey secret.publicKeys) {
${removeSuffix ".age" name}.file = secrets.rootPath + "/${name}";
}
) secrets.mapping;
users.users.root.openssh.authorizedKeys.keys = attrValues keys.contributors;
};
};
};
}

1
keys/systems/forgejo-ci.pub Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFXQW5fxJoNY9wtTMsNExgbAbvyljIRGBLjY+USh/0A

1
machines/machines.md
View file

@ -11,5 +11,6 @@ Machine | Proxmox | Description
[`fedi201`](./dev/fedi201) | fediversity | FediPanel [`fedi201`](./dev/fedi201) | fediversity | FediPanel
[`vm02116`](./dev/vm02116) | procolix | Forgejo [`vm02116`](./dev/vm02116) | procolix | Forgejo
[`vm02187`](./dev/vm02187) | procolix | Wiki [`vm02187`](./dev/vm02187) | procolix | Wiki
| `forgejo-ci` | n/a (physical) | Forgejo actions runner |
This table excludes all machines with names starting with `test`. This table excludes all machines with names starting with `test`.

1
machines/machines.md.sh
View file

@ -37,6 +37,7 @@ for machine in $(echo "$vmOptions" | jq -r 'keys[]'); do
done done
cat <<\EOF cat <<\EOF
| `forgejo-ci` | n/a (physical) | Forgejo actions runner |
This table excludes all machines with names starting with `test`. This table excludes all machines with names starting with `test`.
EOF EOF