Enter fedi300 as a new CI runner (#59)

This commit is contained in:
Nicolas Jeannerod 2024-12-16 14:07:08 +01:00
commit 79730bfd38
Signed by untrusted user: Niols
GPG key ID: 35DB9EC8886E1CB8
11 changed files with 110 additions and 96 deletions

View file

@ -18,6 +18,7 @@ nixops4 apply <deployment>
- ~git~ :: Machines hosting our Git infrastructure, eg. Forgejo and its actions - ~git~ :: Machines hosting our Git infrastructure, eg. Forgejo and its actions
runners runners
- ~web~ :: Machines hosting our online content, eg. the website or the wiki - ~web~ :: Machines hosting our online content, eg. the website or the wiki
- ~other~ :: Machines without a specific purpose
* Procolix machines * Procolix machines
@ -25,9 +26,10 @@ These machines are hosted on the Procolix Proxmox instance, to which
non-Procolix members of the project do not have access. They host our stable non-Procolix members of the project do not have access. They host our stable
infrastructure. infrastructure.
| Machine | Description | Deployment | | Machine | Proxmox | Description | Deployment |
|---------+------------------------+------------| |---------+-------------+------------------------+------------|
| vm02116 | Forgejo | ~git~ | | vm02116 | Procolix | Forgejo | ~git~ |
| vm02179 | Forgejo actions runner | ~git~ | | vm02179 | Procolix | /unused/ | ~other~ |
| vm02186 | Forgejo actions runner | ~git~ | | vm02186 | Procolix | /unused/ | ~other~ |
| vm02187 | Wiki | ~web~ | | vm02187 | Procolix | Wiki | ~web~ |
| fedi300 | Fediversity | Forgejo actions runner | ~git~ |

View file

@ -16,6 +16,13 @@ in
system.stateVersion = "24.05"; # do not change system.stateVersion = "24.05"; # do not change
nixpkgs.hostPlatform = mkDefault "x86_64-linux"; nixpkgs.hostPlatform = mkDefault "x86_64-linux";
## This is just nice to have, but it is also particularly important for the
## Forgejo CI runners because the Nix configuration in the actions is directly
## taken from here.
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
(pkgs.vim_configurable.customize { (pkgs.vim_configurable.customize {
name = "vim"; name = "vim";

34
infra/fedi300/default.nix Normal file
View file

@ -0,0 +1,34 @@
{ lib, ... }:
{
imports = [
../common
./forgejo-actions-runner.nix
];
procolix.vm = {
name = "fedi300";
ip4 = "95.215.187.30";
ip6 = "2a00:51c0:12:1305::30";
};
## FIXME: We should just have an option under `procolix.vm` to distinguish
## between Procolix VMs and Fediversity ones.
networking.domain = lib.mkForce "fediversity.eu";
networking.defaultGateway.address = lib.mkForce "95.215.187.1";
networking.defaultGateway6.address = lib.mkForce "2a00:51c0:13:1305::1";
fileSystems."/" = {
device = "/dev/disk/by-uuid/cbcfaf6b-39bd-4328-9f53-dea8a9d32ecc";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/1A4E-07F4";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
}

View file

@ -29,6 +29,7 @@
"docker:docker://node:16-bullseye" "docker:docker://node:16-bullseye"
"native:host" "native:host"
]; ];
hostPackages = with pkgs; [ hostPackages = with pkgs; [
bash bash
git git
@ -40,10 +41,4 @@
## For the Docker mode of the runner. ## For the Docker mode of the runner.
virtualisation.docker.enable = true; virtualisation.docker.enable = true;
## The Nix configuration of the system influences the Nix configuration
## in the workflow, and our workflows are often flake-based.
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
} }

View file

@ -25,6 +25,58 @@
}; };
}; };
fedi300 = {
type = providers.local.exec;
imports = [ inputs.nixops4-nixos.modules.nixops4Resource.nixos ];
ssh = {
host = "95.215.187.30";
opts = "";
hostPublicKey = self.keys.systems.fedi300;
};
nixpkgs = inputs.nixpkgs;
nixos.module = {
imports = [
./fedi300
self.nixosModules.ageSecrets
{ fediversity.hostPublicKey = self.keys.systems.fedi300; }
];
};
};
};
};
nixops4Deployments.web =
{ providers, ... }:
{
providers.local = inputs.nixops4-nixos.modules.nixops4Provider.local;
resources = {
vm02187 = {
type = providers.local.exec;
imports = [ inputs.nixops4-nixos.modules.nixops4Resource.nixos ];
ssh = {
host = "185.206.232.187";
opts = "";
hostPublicKey = self.keys.systems.vm02187;
};
nixpkgs = inputs.nixpkgs;
nixos.module = {
imports = [
./vm02187
self.nixosModules.ageSecrets
{ fediversity.hostPublicKey = self.keys.systems.vm02187; }
];
};
};
};
};
nixops4Deployments.other =
{ providers, ... }:
{
providers.local = inputs.nixops4-nixos.modules.nixops4Provider.local;
resources = {
vm02179 = { vm02179 = {
type = providers.local.exec; type = providers.local.exec;
imports = [ inputs.nixops4-nixos.modules.nixops4Resource.nixos ]; imports = [ inputs.nixops4-nixos.modules.nixops4Resource.nixos ];
@ -62,30 +114,4 @@
}; };
}; };
}; };
nixops4Deployments.web =
{ providers, ... }:
{
providers.local = inputs.nixops4-nixos.modules.nixops4Provider.local;
resources = {
vm02187 = {
type = providers.local.exec;
imports = [ inputs.nixops4-nixos.modules.nixops4Resource.nixos ];
ssh = {
host = "185.206.232.187";
opts = "";
hostPublicKey = self.keys.systems.vm02187;
};
nixpkgs = inputs.nixpkgs;
nixos.module = {
imports = [
./vm02187
self.nixosModules.ageSecrets
{ fediversity.hostPublicKey = self.keys.systems.vm02187; }
];
};
};
};
};
} }

View file

@ -1,7 +1,6 @@
{ {
imports = [ imports = [
../common ../common
./gitea-runner.nix
]; ];
procolix.vm = { procolix.vm = {

View file

@ -1,42 +0,0 @@
{ config, pkgs, ... }:
{
virtualisation.docker.enable = true;
services.gitea-actions-runner = {
package = pkgs.forgejo-actions-runner;
instances.default = {
enable = true;
name = "vm02179.procolix.com";
url = "https://git.fediversity.eu";
tokenFile = config.age.secrets.forgejo-runner-token.path;
labels = [
"docker:docker://node:16-bullseye"
"native:host"
];
hostPackages = with pkgs; [
bash
git
nix
nodejs
];
settings = {
log.level = "info";
runner = {
file = ".runner";
capacity = 8;
timeout = "3h";
insecure = false;
fetch_timeout = "5s";
fetch_interval = "2s";
};
};
};
};
## The Nix configuration of the system influences the Nix configuration
## in the workflow, and our workflows are often flake-based.
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
}

View file

@ -1,7 +1,6 @@
{ {
imports = [ imports = [
../common ../common
./gitea-runner.nix
]; ];
procolix.vm = { procolix.vm = {

1
keys/systems/fedi300.pub Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGFH/Kvye5It8FojdjpsuyZQiU0kxj2wq7Zq/+61vxNn

View file

@ -1,11 +1,7 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 1MUEqQ 5Bvi8UvLbifM2vlDOr4NRaZLRfIg6kAPY0oiwiSy50o -> ssh-ed25519 1MUEqQ QbrQLCnwsw79a0fjmKK0nSHl6n/+qRGg9E2vwufiCDM
TnbS5BHO4hmjs7Ux9rRMzK9ahsIkU9GpmAx59MzIpI0 z7SiyeLgJK7ueDyox4eXLxYNjJUPD2N4V+2IyV6Yibc
-> ssh-ed25519 h0QWFg 4Cu85VZM6zyysIYwMFccXUWUGejkylHiytJA4+2nN1Q -> ssh-ed25519 rJoYaw jn0foZgtavsFhVVoXKHkp+1ZU1SeFqkff2D89I5k3iQ
e8XuOUfrOZ6xoWNK4gvVgs0H5pgtqUfrv/DBeh1WIsU YA58TNYkEhBvNHuSBfZv1uxaeJoQ1T4Wb+VswWgi5ck
-> ssh-ed25519 pJV4iw JQgQMTxfDZ/26In72UHPU+k0ZGBK1DRQWoOwfxS0xwI --- crnhqJNO+eMBMgAgJjQsS0EOxee/UazYlssOXxlcp1g
8De1c3d95ySwjqjQn9rHlYDfMDTHct1kbyjVx+8EZyA šU$1Óȱ{²Ëôil©Î_èâÖ yŸG´äå)(·<1D>ñ“D\òY÷ã`ß¿³ð2<C3B0>½/lÆ¢w­å•Ân¸ŸO«C³
--- neht26C0cEHeTGVa+epEwoO+oqXvyO94xwp25zAX6wY
ˇDčNŻ+ŰVâU8©ŘĽQv©Ň<C2A9>ľţAđ~Ž+űáÄ<C3A1>łL©wŞ`<60>óŤüE©XfV®ż©Ą0@ůqHj
βRGOY
.?Dĺ9<C4BA>ŹO[%\

View file

@ -26,10 +26,7 @@ concatMapAttrs
{ {
forgejo-database-password = [ vm02116 ]; forgejo-database-password = [ vm02116 ];
forgejo-email-password = [ vm02116 ]; forgejo-email-password = [ vm02116 ];
forgejo-runner-token = [ forgejo-runner-token = [ fedi300 ];
vm02179
vm02186
];
wiki-basicauth-htpasswd = [ vm02187 ]; wiki-basicauth-htpasswd = [ vm02187 ];
wiki-password = [ vm02187 ]; wiki-password = [ vm02187 ];
wiki-smtp-password = [ vm02187 ]; wiki-smtp-password = [ vm02187 ];