forked from Fediversity/Fediversity
Add forgejo-ci
machine to our infrastructure (#389)
picked up from https://git.fediversity.eu/Fediversity/Fediversity/compare/main...niols:forgejo-ci. closes #356. Co-authored-by: Nicolas “Niols” Jeannerod <nicolas.jeannerod@moduscreate.com> Reviewed-on: Fediversity/Fediversity#389 Reviewed-by: Nicolas Jeannerod <nicolas.jeannerod@moduscreate.com> Co-authored-by: Kiara Grouwstra <kiara@procolix.eu> Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>
This commit is contained in:
parent
6da42936e7
commit
871672d447
9 changed files with 122 additions and 6 deletions
|
@ -23,4 +23,9 @@ in
|
|||
nix.extraOptions = ''
|
||||
experimental-features = nix-command flakes
|
||||
'';
|
||||
|
||||
boot.loader = {
|
||||
systemd-boot.enable = true;
|
||||
efi.canTouchEfiVariables = true;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -6,11 +6,6 @@
|
|||
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
|
||||
|
||||
boot = {
|
||||
loader = {
|
||||
systemd-boot.enable = true;
|
||||
efi.canTouchEfiVariables = true;
|
||||
};
|
||||
|
||||
initrd = {
|
||||
availableKernelModules = [
|
||||
"ata_piix"
|
||||
|
|
1
keys/systems/forgejo-ci.pub
Normal file
1
keys/systems/forgejo-ci.pub
Normal file
|
@ -0,0 +1 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFXQW5fxJoNY9wtTMsNExgbAbvyljIRGBLjY+USh/0A
|
66
machines/dev/forgejo-ci/default.nix
Normal file
66
machines/dev/forgejo-ci/default.nix
Normal file
|
@ -0,0 +1,66 @@
|
|||
{
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
{
|
||||
_class = "nixops4Resource";
|
||||
|
||||
# XXX this needs an SSH config entry `forgejo-ci` to locate and access the machine. also needs `HostKeyAlias`.
|
||||
ssh.host = lib.mkForce "forgejo-ci";
|
||||
|
||||
fediversityVm = {
|
||||
domain = "procolix.com";
|
||||
|
||||
ipv4 = {
|
||||
interface = "enp1s0f0";
|
||||
address = "192.168.201.65";
|
||||
prefixLength = 24;
|
||||
gateway = "192.168.201.1";
|
||||
};
|
||||
ipv6.enable = false;
|
||||
};
|
||||
|
||||
nixos.module =
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
let
|
||||
inherit (lib) mkDefault mkForce;
|
||||
in
|
||||
{
|
||||
_class = "nixos";
|
||||
|
||||
imports = [
|
||||
./forgejo-actions-runner.nix
|
||||
];
|
||||
|
||||
hardware.cpu.intel.updateMicrocode = mkDefault config.hardware.enableRedistributableFirmware;
|
||||
|
||||
networking = {
|
||||
nftables.enable = mkForce false;
|
||||
hostId = "1d6ea552";
|
||||
};
|
||||
|
||||
## NOTE: This is a physical machine, so is not covered by disko
|
||||
fileSystems."/" = {
|
||||
device = "rpool/root";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/home" = {
|
||||
device = "rpool/home";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/50B2-DD3F";
|
||||
fsType = "vfat";
|
||||
options = [
|
||||
"fmask=0077"
|
||||
"dmask=0077"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
47
machines/dev/forgejo-ci/forgejo-actions-runner.nix
Normal file
47
machines/dev/forgejo-ci/forgejo-actions-runner.nix
Normal file
|
@ -0,0 +1,47 @@
|
|||
{ pkgs, config, ... }:
|
||||
|
||||
{
|
||||
_class = "nixos";
|
||||
|
||||
services.gitea-actions-runner = {
|
||||
package = pkgs.forgejo-actions-runner;
|
||||
|
||||
instances.default = {
|
||||
enable = true;
|
||||
|
||||
name = config.networking.fqdn;
|
||||
url = "https://git.fediversity.eu";
|
||||
tokenFile = config.age.secrets.forgejo-runner-token.path;
|
||||
|
||||
settings = {
|
||||
log.level = "info";
|
||||
runner = {
|
||||
file = ".runner";
|
||||
# Take only 1 job at a time to avoid clashing NixOS tests, see #362
|
||||
capacity = 1;
|
||||
timeout = "3h";
|
||||
insecure = false;
|
||||
fetch_timeout = "5s";
|
||||
fetch_interval = "2s";
|
||||
};
|
||||
};
|
||||
|
||||
## This runner supports Docker (with a default Ubuntu image) and native
|
||||
## modes. In native mode, it contains a few default packages.
|
||||
labels = [
|
||||
"docker:docker://node:16-bullseye"
|
||||
"native:host"
|
||||
];
|
||||
|
||||
hostPackages = with pkgs; [
|
||||
bash
|
||||
git
|
||||
nix
|
||||
nodejs
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
## For the Docker mode of the runner.
|
||||
virtualisation.docker.enable = true;
|
||||
}
|
|
@ -11,5 +11,6 @@ Machine | Proxmox | Description
|
|||
[`fedi201`](./dev/fedi201) | fediversity | FediPanel
|
||||
[`vm02116`](./dev/vm02116) | procolix | Forgejo
|
||||
[`vm02187`](./dev/vm02187) | procolix | Wiki
|
||||
| `forgejo-ci` | n/a (physical) | Forgejo actions runner |
|
||||
|
||||
This table excludes all machines with names starting with `test`.
|
||||
|
|
|
@ -37,6 +37,7 @@ for machine in $(echo "$vmOptions" | jq -r 'keys[]'); do
|
|||
done
|
||||
|
||||
cat <<\EOF
|
||||
| `forgejo-ci` | n/a (physical) | Forgejo actions runner |
|
||||
|
||||
This table excludes all machines with names starting with `test`.
|
||||
EOF
|
||||
|
|
Binary file not shown.
|
@ -26,7 +26,7 @@ concatMapAttrs
|
|||
{
|
||||
forgejo-database-password = [ vm02116 ];
|
||||
forgejo-email-password = [ vm02116 ];
|
||||
forgejo-runner-token = [ ];
|
||||
forgejo-runner-token = [ forgejo-ci ];
|
||||
panel-secret-key = [ fedi201 ];
|
||||
panel-ssh-key = [ fedi201 ];
|
||||
wiki-basicauth-htpasswd = [ vm02187 ];
|
||||
|
|
Loading…
Add table
Reference in a new issue