Add Forgejo machine to git deployment

This deployment is the old `actions-runners` deployment, renamed.
2024-11-18 11:44:35 +01:00 · 2024-11-18 11:44:35 +01:00 · 2ffab40687
parent 47bca471da
commit 2ffab40687
3 changed files with 35 additions and 12 deletions
--- a/infra/README.org
+++ b/infra/README.org
@ -13,15 +13,20 @@ to see the available deployments. Given a deployment (eg. ~actions-runners~), ru
 nixops4 apply <deployment>
 #+end_src

+* Deployments
+
+- ~git~ :: Machines hosting our Git infrastructure, eg. Forgejo and its actions
+  runners
+
 * Procolix machines

 These machines are hosted on the Procolix Proxmox instance, to which
 non-Procolix members of the project do not have access. They host our stable
 infrastructure.

-| Machine | Description            | Deployment      |
-|---------+------------------------+-----------------|
-| vm02116 | Forgejo                | /none/            |
-| vm02179 | Forgejo actions runner | actions-runners |
-| vm02186 | Forgejo actions runner | actions-runners |
-| vm02187 | Wiki                   | /none/            |
+| Machine | Description            | Deployment |
+|---------+------------------------+------------|
+| vm02116 | Forgejo                | ~git~        |
+| vm02179 | Forgejo actions runner | ~git~        |
+| vm02186 | Forgejo actions runner | ~git~        |
+| vm02187 | Wiki                   | /none/       |
--- a/infra/flake-part.nix
+++ b/infra/flake-part.nix
@ -1,12 +1,30 @@
 { inputs, ... }:

 {
-  nixops4Deployments.actions-runners =
+  nixops4Deployments.git =
    { providers, ... }:
    {
      providers.local = inputs.nixops4-nixos.modules.nixops4Provider.local;

      resources = {
+        vm02116 = {
+          type = providers.local.exec;
+          imports = [ inputs.nixops4-nixos.modules.nixops4Resource.nixos ];
+          ssh = {
+            host = "185.206.232.34";
+            opts = "";
+            hostPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILriawl1za2jbxzelkL5v8KPmcvuj7xVBgwFxuM/zhYr";
+          };
+          nixpkgs = inputs.nixpkgs;
+          nixos.module = {
+            imports = [
+              ./vm02116/configuration.nix
+              ./vm02116/forgejo.nix
+              ./vm02116/hardware-configuration.nix
+            ];
+          };
+        };
+
        vm02179 = {
          type = providers.local.exec;
          imports = [ inputs.nixops4-nixos.modules.nixops4Resource.nixos ];
--- a/infra/vm02116/configuration.nix
+++ b/infra/vm02116/configuration.nix
@ -178,6 +178,11 @@
    };
  };

+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEElREJN0AC7lbp+5X204pQ5r030IbgCllsIxyU3iiKY"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJg5TlS1NGCRZwMjDgBkXeFUXqooqRlM8fJdBAQ4buPg"
+  ];
+
  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
@ -223,11 +228,6 @@
  # Or disable the firewall altogether.
  # networking.firewall.enable = false;

-  # Copy the NixOS configuration file and link it from the resulting system
-  # (/run/current-system/configuration.nix). This is useful in case you
-  # accidentally delete configuration.nix.
-  system.copySystemConfiguration = true;
-
  # This option defines the first version of NixOS you have installed on this particular machine,
  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
  #