forked from Fediversity/Fediversity
Enter fedi300
as a new CI runner (#59)
This commit is contained in:
commit
79730bfd38
|
@ -18,6 +18,7 @@ nixops4 apply <deployment>
|
||||||
- ~git~ :: Machines hosting our Git infrastructure, eg. Forgejo and its actions
|
- ~git~ :: Machines hosting our Git infrastructure, eg. Forgejo and its actions
|
||||||
runners
|
runners
|
||||||
- ~web~ :: Machines hosting our online content, eg. the website or the wiki
|
- ~web~ :: Machines hosting our online content, eg. the website or the wiki
|
||||||
|
- ~other~ :: Machines without a specific purpose
|
||||||
|
|
||||||
* Procolix machines
|
* Procolix machines
|
||||||
|
|
||||||
|
@ -25,9 +26,10 @@ These machines are hosted on the Procolix Proxmox instance, to which
|
||||||
non-Procolix members of the project do not have access. They host our stable
|
non-Procolix members of the project do not have access. They host our stable
|
||||||
infrastructure.
|
infrastructure.
|
||||||
|
|
||||||
| Machine | Description | Deployment |
|
| Machine | Proxmox | Description | Deployment |
|
||||||
|---------+------------------------+------------|
|
|---------+-------------+------------------------+------------|
|
||||||
| vm02116 | Forgejo | ~git~ |
|
| vm02116 | Procolix | Forgejo | ~git~ |
|
||||||
| vm02179 | Forgejo actions runner | ~git~ |
|
| vm02179 | Procolix | /unused/ | ~other~ |
|
||||||
| vm02186 | Forgejo actions runner | ~git~ |
|
| vm02186 | Procolix | /unused/ | ~other~ |
|
||||||
| vm02187 | Wiki | ~web~ |
|
| vm02187 | Procolix | Wiki | ~web~ |
|
||||||
|
| fedi300 | Fediversity | Forgejo actions runner | ~git~ |
|
||||||
|
|
|
@ -16,6 +16,13 @@ in
|
||||||
system.stateVersion = "24.05"; # do not change
|
system.stateVersion = "24.05"; # do not change
|
||||||
nixpkgs.hostPlatform = mkDefault "x86_64-linux";
|
nixpkgs.hostPlatform = mkDefault "x86_64-linux";
|
||||||
|
|
||||||
|
## This is just nice to have, but it is also particularly important for the
|
||||||
|
## Forgejo CI runners because the Nix configuration in the actions is directly
|
||||||
|
## taken from here.
|
||||||
|
nix.extraOptions = ''
|
||||||
|
experimental-features = nix-command flakes
|
||||||
|
'';
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
(pkgs.vim_configurable.customize {
|
(pkgs.vim_configurable.customize {
|
||||||
name = "vim";
|
name = "vim";
|
||||||
|
|
34
infra/fedi300/default.nix
Normal file
34
infra/fedi300/default.nix
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
{ lib, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
../common
|
||||||
|
./forgejo-actions-runner.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
procolix.vm = {
|
||||||
|
name = "fedi300";
|
||||||
|
ip4 = "95.215.187.30";
|
||||||
|
ip6 = "2a00:51c0:12:1305::30";
|
||||||
|
};
|
||||||
|
|
||||||
|
## FIXME: We should just have an option under `procolix.vm` to distinguish
|
||||||
|
## between Procolix VMs and Fediversity ones.
|
||||||
|
networking.domain = lib.mkForce "fediversity.eu";
|
||||||
|
networking.defaultGateway.address = lib.mkForce "95.215.187.1";
|
||||||
|
networking.defaultGateway6.address = lib.mkForce "2a00:51c0:13:1305::1";
|
||||||
|
|
||||||
|
fileSystems."/" = {
|
||||||
|
device = "/dev/disk/by-uuid/cbcfaf6b-39bd-4328-9f53-dea8a9d32ecc";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot" = {
|
||||||
|
device = "/dev/disk/by-uuid/1A4E-07F4";
|
||||||
|
fsType = "vfat";
|
||||||
|
options = [
|
||||||
|
"fmask=0022"
|
||||||
|
"dmask=0022"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
|
@ -29,6 +29,7 @@
|
||||||
"docker:docker://node:16-bullseye"
|
"docker:docker://node:16-bullseye"
|
||||||
"native:host"
|
"native:host"
|
||||||
];
|
];
|
||||||
|
|
||||||
hostPackages = with pkgs; [
|
hostPackages = with pkgs; [
|
||||||
bash
|
bash
|
||||||
git
|
git
|
||||||
|
@ -40,10 +41,4 @@
|
||||||
|
|
||||||
## For the Docker mode of the runner.
|
## For the Docker mode of the runner.
|
||||||
virtualisation.docker.enable = true;
|
virtualisation.docker.enable = true;
|
||||||
|
|
||||||
## The Nix configuration of the system influences the Nix configuration
|
|
||||||
## in the workflow, and our workflows are often flake-based.
|
|
||||||
nix.extraOptions = ''
|
|
||||||
experimental-features = nix-command flakes
|
|
||||||
'';
|
|
||||||
}
|
}
|
|
@ -25,6 +25,58 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
fedi300 = {
|
||||||
|
type = providers.local.exec;
|
||||||
|
imports = [ inputs.nixops4-nixos.modules.nixops4Resource.nixos ];
|
||||||
|
ssh = {
|
||||||
|
host = "95.215.187.30";
|
||||||
|
opts = "";
|
||||||
|
hostPublicKey = self.keys.systems.fedi300;
|
||||||
|
};
|
||||||
|
nixpkgs = inputs.nixpkgs;
|
||||||
|
nixos.module = {
|
||||||
|
imports = [
|
||||||
|
./fedi300
|
||||||
|
self.nixosModules.ageSecrets
|
||||||
|
{ fediversity.hostPublicKey = self.keys.systems.fedi300; }
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
nixops4Deployments.web =
|
||||||
|
{ providers, ... }:
|
||||||
|
{
|
||||||
|
providers.local = inputs.nixops4-nixos.modules.nixops4Provider.local;
|
||||||
|
|
||||||
|
resources = {
|
||||||
|
vm02187 = {
|
||||||
|
type = providers.local.exec;
|
||||||
|
imports = [ inputs.nixops4-nixos.modules.nixops4Resource.nixos ];
|
||||||
|
ssh = {
|
||||||
|
host = "185.206.232.187";
|
||||||
|
opts = "";
|
||||||
|
hostPublicKey = self.keys.systems.vm02187;
|
||||||
|
};
|
||||||
|
nixpkgs = inputs.nixpkgs;
|
||||||
|
nixos.module = {
|
||||||
|
imports = [
|
||||||
|
./vm02187
|
||||||
|
self.nixosModules.ageSecrets
|
||||||
|
{ fediversity.hostPublicKey = self.keys.systems.vm02187; }
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
nixops4Deployments.other =
|
||||||
|
{ providers, ... }:
|
||||||
|
{
|
||||||
|
providers.local = inputs.nixops4-nixos.modules.nixops4Provider.local;
|
||||||
|
|
||||||
|
resources = {
|
||||||
vm02179 = {
|
vm02179 = {
|
||||||
type = providers.local.exec;
|
type = providers.local.exec;
|
||||||
imports = [ inputs.nixops4-nixos.modules.nixops4Resource.nixos ];
|
imports = [ inputs.nixops4-nixos.modules.nixops4Resource.nixos ];
|
||||||
|
@ -62,30 +114,4 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
nixops4Deployments.web =
|
|
||||||
{ providers, ... }:
|
|
||||||
{
|
|
||||||
providers.local = inputs.nixops4-nixos.modules.nixops4Provider.local;
|
|
||||||
|
|
||||||
resources = {
|
|
||||||
vm02187 = {
|
|
||||||
type = providers.local.exec;
|
|
||||||
imports = [ inputs.nixops4-nixos.modules.nixops4Resource.nixos ];
|
|
||||||
ssh = {
|
|
||||||
host = "185.206.232.187";
|
|
||||||
opts = "";
|
|
||||||
hostPublicKey = self.keys.systems.vm02187;
|
|
||||||
};
|
|
||||||
nixpkgs = inputs.nixpkgs;
|
|
||||||
nixos.module = {
|
|
||||||
imports = [
|
|
||||||
./vm02187
|
|
||||||
self.nixosModules.ageSecrets
|
|
||||||
{ fediversity.hostPublicKey = self.keys.systems.vm02187; }
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
../common
|
../common
|
||||||
./gitea-runner.nix
|
|
||||||
];
|
];
|
||||||
|
|
||||||
procolix.vm = {
|
procolix.vm = {
|
||||||
|
|
|
@ -1,42 +0,0 @@
|
||||||
{ config, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
virtualisation.docker.enable = true;
|
|
||||||
|
|
||||||
services.gitea-actions-runner = {
|
|
||||||
package = pkgs.forgejo-actions-runner;
|
|
||||||
instances.default = {
|
|
||||||
enable = true;
|
|
||||||
name = "vm02179.procolix.com";
|
|
||||||
url = "https://git.fediversity.eu";
|
|
||||||
tokenFile = config.age.secrets.forgejo-runner-token.path;
|
|
||||||
labels = [
|
|
||||||
"docker:docker://node:16-bullseye"
|
|
||||||
"native:host"
|
|
||||||
];
|
|
||||||
hostPackages = with pkgs; [
|
|
||||||
bash
|
|
||||||
git
|
|
||||||
nix
|
|
||||||
nodejs
|
|
||||||
];
|
|
||||||
settings = {
|
|
||||||
log.level = "info";
|
|
||||||
runner = {
|
|
||||||
file = ".runner";
|
|
||||||
capacity = 8;
|
|
||||||
timeout = "3h";
|
|
||||||
insecure = false;
|
|
||||||
fetch_timeout = "5s";
|
|
||||||
fetch_interval = "2s";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
## The Nix configuration of the system influences the Nix configuration
|
|
||||||
## in the workflow, and our workflows are often flake-based.
|
|
||||||
nix.extraOptions = ''
|
|
||||||
experimental-features = nix-command flakes
|
|
||||||
'';
|
|
||||||
}
|
|
|
@ -1,7 +1,6 @@
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
../common
|
../common
|
||||||
./gitea-runner.nix
|
|
||||||
];
|
];
|
||||||
|
|
||||||
procolix.vm = {
|
procolix.vm = {
|
||||||
|
|
1
keys/systems/fedi300.pub
Normal file
1
keys/systems/fedi300.pub
Normal file
|
@ -0,0 +1 @@
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGFH/Kvye5It8FojdjpsuyZQiU0kxj2wq7Zq/+61vxNn
|
|
@ -1,11 +1,7 @@
|
||||||
age-encryption.org/v1
|
age-encryption.org/v1
|
||||||
-> ssh-ed25519 1MUEqQ 5Bvi8UvLbifM2vlDOr4NRaZLRfIg6kAPY0oiwiSy50o
|
-> ssh-ed25519 1MUEqQ QbrQLCnwsw79a0fjmKK0nSHl6n/+qRGg9E2vwufiCDM
|
||||||
TnbS5BHO4hmjs7Ux9rRMzK9ahsIkU9GpmAx59MzIpI0
|
z7SiyeLgJK7ueDyox4eXLxYNjJUPD2N4V+2IyV6Yibc
|
||||||
-> ssh-ed25519 h0QWFg 4Cu85VZM6zyysIYwMFccXUWUGejkylHiytJA4+2nN1Q
|
-> ssh-ed25519 rJoYaw jn0foZgtavsFhVVoXKHkp+1ZU1SeFqkff2D89I5k3iQ
|
||||||
e8XuOUfrOZ6xoWNK4gvVgs0H5pgtqUfrv/DBeh1WIsU
|
YA58TNYkEhBvNHuSBfZv1uxaeJoQ1T4Wb+VswWgi5ck
|
||||||
-> ssh-ed25519 pJV4iw JQgQMTxfDZ/26In72UHPU+k0ZGBK1DRQWoOwfxS0xwI
|
--- crnhqJNO+eMBMgAgJjQsS0EOxee/UazYlssOXxlcp1g
|
||||||
8De1c3d95ySwjqjQn9rHlYDfMDTHct1kbyjVx+8EZyA
|
—šU$1Óȱ{²Ëôil©Î_èâÖyŸG´äå)(·<1D>ñ“D\òY÷ã`ß¿³ð2<C3B0>½/lÆ¢w–å•‚Ân¸ŸO«C³
|
||||||
--- neht26C0cEHeTGVa+epEwoO+oqXvyO94xwp25zAX6wY
|
|
||||||
ˇDčNŻ+ŰVâU8©ŘĽQv©Ň<C2A9>ľţAđ‹~Ž+űáÄ<C3A1>łL©wŞ`<60>óŤüE©XfV®ż©Ą0@ůqHj
|
|
||||||
βRGOY
|
|
||||||
.?Dĺ9<C4BA>ŹO[%\
|
|
|
@ -26,10 +26,7 @@ concatMapAttrs
|
||||||
{
|
{
|
||||||
forgejo-database-password = [ vm02116 ];
|
forgejo-database-password = [ vm02116 ];
|
||||||
forgejo-email-password = [ vm02116 ];
|
forgejo-email-password = [ vm02116 ];
|
||||||
forgejo-runner-token = [
|
forgejo-runner-token = [ fedi300 ];
|
||||||
vm02179
|
|
||||||
vm02186
|
|
||||||
];
|
|
||||||
wiki-basicauth-htpasswd = [ vm02187 ];
|
wiki-basicauth-htpasswd = [ vm02187 ];
|
||||||
wiki-password = [ vm02187 ];
|
wiki-password = [ vm02187 ];
|
||||||
wiki-smtp-password = [ vm02187 ];
|
wiki-smtp-password = [ vm02187 ];
|
||||||
|
|
Loading…
Reference in a new issue