51 lines
1.1 KiB
Nix
51 lines
1.1 KiB
Nix
|
{ pkgs, config, ... }:
|
||
|
|
{
|
||
|
|
imports = [
|
||
|
|
../cachix.nix
|
||
|
|
];
|
||
|
|
environment.systemPackages = with pkgs; [
|
||
|
|
# vim -- added by srvos.nixosModules.server
|
||
|
|
# git -- srvos.nixosModules.server
|
||
|
|
# tmux -- srvos.nixosModules.server
|
||
|
|
cachix
|
||
|
|
lazydocker
|
||
|
|
lazygit
|
||
|
|
nodejs_20 # required by actions such as checkout
|
||
|
|
openssl
|
||
|
|
];
|
||
|
|
|
||
|
|
sops.secrets."forgejo-runner-token" = {
|
||
|
|
# configure secret for the gitea/forgejo runner.
|
||
|
|
sopsFile = ./secrets.sops.yaml;
|
||
|
|
mode = "0444";
|
||
|
|
restartUnits = [ "gitea-runner-default.service" ];
|
||
|
|
};
|
||
|
|
|
||
|
|
# Required for the gitea-runner to be able to pull images.
|
||
|
|
nix.settings.trusted-users = [ "gitea-runner" ];
|
||
|
|
|
||
|
|
users = {
|
||
|
|
groups.gitea-runner = { };
|
||
|
|
|
||
|
|
users = {
|
||
|
|
gitea-runner = {
|
||
|
|
isNormalUser = true;
|
||
|
|
extraGroups = [ "docker" ];
|
||
|
|
group = "gitea-runner";
|
||
|
|
};
|
||
|
|
|
||
|
|
jahanson = {
|
||
|
|
isNormalUser = true;
|
||
|
|
extraGroups = [ "wheel" "docker" ];
|
||
|
|
};
|
||
|
|
};
|
||
|
|
};
|
||
|
|
|
||
|
|
virtualisation.docker.enable = true;
|
||
|
|
|
||
|
|
# Runner communication port for cache restores.
|
||
|
|
networking.firewall.allowedTCPPorts = [ 45315 ];
|
||
|
|
|
||
|
|
system.stateVersion = "24.05";
|
||
|
|
}
|