kiara/Fediversity
1
0
Fork 0
forked from Fediversity/Fediversity
Code Pull requests Activity

allow consuming attic cache from ci runner

Browse source
This commit is contained in:
Kiara Grouwstra 2025-07-04 19:23:41 +02:00
parent 16e1f9a6a3
commit a5ec137b4f
Signed by: kiara
SSH key fingerprint: SHA256:COspvLoLJ5WC5rFb9ZDe5urVCkK4LJZOsjfF4duRJFU
5 changed files with 52 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
default.nix
View file

@ -65,6 +65,7 @@ in
pkgs.httpie pkgs.httpie
pkgs.jq pkgs.jq
pkgs.nix-unit pkgs.nix-unit
pkgs.attic-client
test-loop test-loop
nixops4.packages.${system}.default nixops4.packages.${system}.default
]; ];

8
infra/common/nixos/default.nix
View file

@ -24,6 +24,14 @@ in
experimental-features = nix-command flakes experimental-features = nix-command flakes
''; '';
nix.settings = {
substituters = [
"https://attic.fediversity.net/demo"
];
trusted-public-keys = [
"demo:N3CAZ049SeBVqBM+OnhLMrxWJ9altbD/aoJtHrY19KM="
];
};
boot.loader = { boot.loader = {
systemd-boot.enable = true; systemd-boot.enable = true;
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;

43
machines/dev/forgejo-ci/forgejo-actions-runner.nix
View file

@ -6,9 +6,9 @@
}: }:
let let
system = builtins.currentSystem; system = builtins.currentSystem;
sources = import ../../../npins;
packages = packages =
let let
sources = import ../../../npins;
inherit (import sources.flake-inputs) import-flake; inherit (import sources.flake-inputs) import-flake;
inherit ((import-flake { src = ../../..; }).inputs) nixops4; inherit ((import-flake { src = ../../..; }).inputs) nixops4;
in in
@ -42,6 +42,47 @@ in
{ {
_class = "nixos"; _class = "nixos";
imports = with sources; [
"${home-manager}/nixos"
"${vars}/options.nix"
"${vars}/backends/on-machine.nix"
];
vars.settings.on-machine.enable = true;
vars.generators."templates" = rec {
dependencies = [ "attic" ];
runtimeInputs = [
pkgs.coreutils
pkgs.gnused
];
script = lib.concatStringsSep "\n" (
lib.mapAttrsToList (template: _: ''
cp "$templates/${template}" "$out/${template}"
echo "filling placeholders in template ${template}..."
sed -i "s/${placeholder}/$(cat "${config.age.secrets.wiki-password.path}")/g" "$out/${template}"
'') files
);
files."attic.toml" = {
secret = true;
template = pkgs.writeText "attic.toml" ''
default-server = "fediversity"
[servers.fediversity]
endpoint = "http://localhost:8080"
token = "${config.vars.generators.attic.files.token.placeholder}"
'';
};
};
home-manager = {
users.gitea-runner.home = {
stateVersion = "25.05";
file.".config/attic/config.toml".source =
config.vars.generators."templates".files."attic.toml".path;
};
};
services.gitea-actions-runner = { services.gitea-actions-runner = {
package = pkgs.forgejo-actions-runner; package = pkgs.forgejo-actions-runner;
instances = lib.genAttrs (builtins.genList (n: "nix${builtins.toString n}") numInstances) (_: { instances = lib.genAttrs (builtins.genList (n: "nix${builtins.toString n}") numInstances) (_: {

BIN
secrets/attic-ci-token.age Normal file
View file

Binary file not shown.

1
secrets/secrets.nix
View file

@ -25,6 +25,7 @@ concatMapAttrs
## are able to decrypt them. ## are able to decrypt them.
{ {
attic-ci-token = [ forgejo-ci ];
forgejo-database-password = [ vm02116 ]; forgejo-database-password = [ vm02116 ];
forgejo-email-password = [ vm02116 ]; forgejo-email-password = [ vm02116 ];
forgejo-runner-token = [ forgejo-ci ]; forgejo-runner-token = [ forgejo-ci ];