Control the actions runners' configuration via NixOps4

Niols commented

2024-11-17 01:13:20 +01:00

Owner

This PR moves the configuration of our two Forgejo actions runners, vm02179 and vm02186, to the repository, and ties them together with NixOps4. Provided one has root access on these two machines, updating their configurations now just consists in running nixops apply actions-runners.

Future work consists in cleaning up their configurations, merging them (most of it is shared anyways) and consolidating it with the configurations in deployment (which should probably move away from there and into infra). However, all of this deserved to be done in another PR, in my opinion.

This PR moves the configuration of our two Forgejo actions runners, vm02179 and vm02186, to the repository, and ties them together with NixOps4. Provided one has root access on these two machines, updating their configurations now just consists in running `nixops apply actions-runners`. Future work consists in cleaning up their configurations, merging them (most of it is shared anyways) and consolidating it with the configurations in `deployment` (which should probably move away from there and into `infra`). However, all of this deserved to be done in another PR, in my opinion.

Niols added 4 commits 2024-11-17 01:13:21 +01:00

Move files related to vm02186 to own directory 309af0f14e

Add files related to vm02179 12bac31fbc

Make a NixOps4 deployment for action runners 125376f97f

Rename “default” NixOps4 deployment

/ check-pre-commit (pull_request) Successful in 24s

Details

d5511dd077

Niols commented

2024-11-17 01:15:50 +01:00

Author

Owner

It is to be noted that we had already prior to this PR committed the token to register an actions runner to Forgejo in the repository. Technically, with this token, anyone could register an actions runner, disrupt the service, and get access to our code and repository secrets. For now, the code is public and we have no repository secrets, but the clean way would be to regenerate a new token, not have that token committed, but instead delivered via a secrets management scheme.

It is to be noted that we had already prior to this PR committed the token to register an actions runner to Forgejo in the repository. Technically, with this token, anyone could register an actions runner, disrupt the service, and get access to our code and repository secrets. For now, the code is public and we have no repository secrets, but the clean way would be to regenerate a new token, _not_ have that token committed, but instead delivered via a secrets management scheme.

Niols commented

2024-11-17 01:35:21 +01:00

Author

Owner

@koen @kevin> vm02179 is excruciatingly slow, as in even SSH-ing into it takes minutes to terminate, and sometimes it even fails. I do not have the same problem with vm02186. This was already the case prior to this PR.

Niols added 1 commit 2024-11-18 09:52:20 +01:00

Ooops

/ check-pre-commit (pull_request) Successful in 21s

Details

d18bd066a0

Niols added 1 commit 2024-11-18 09:56:44 +01:00

Add Valentin's SSH keys

/ check-pre-commit (pull_request) Successful in 21s

Details

fe3890d1be

Niols force-pushed actions-runners-via-nixops from fe3890d1be to aa1b0056ff

2024-11-18 09:58:03 +01:00

Compare

Niols force-pushed actions-runners-via-nixops from aa1b0056ff to ae90b3e362

2024-11-18 11:09:13 +01:00

Compare

Niols added 1 commit 2024-11-18 11:30:51 +01:00

Small description of the infra/ subdirectory

/ check-pre-commit (pull_request) Successful in 22s

Details

e300ff517d

Niols merged commit d8320bc287 into main

2024-11-18 11:39:26 +01:00

Niols deleted branch actions-runners-via-nixops

2024-11-18 11:39:26 +01:00

Niols referenced this pull request from a commit

2024-11-18 11:39:28 +01:00

Control the actions runners' configuration via NixOps4 (#8)

Rows
Columns

Control the actions runners' configuration via NixOps4 #8