forgejo-ci-runners/agents/fj-shadowfax-x86_64.nix

{ pkgs, config, lib, ... }:
 {
  imports = [
    ../cachix.nix
  ];
  environment.systemPackages = with pkgs; [ 
    # vim -- added by srvos.nixosModules.server
    # git -- srvos.nixosModules.server
    # tmux -- srvos.nixosModules.server
    cachix
    lazydocker
    lazygit
    nodejs_20 # required by actions such as checkout
  ];

  sops.secrets."forgejo-runner-token" = {
    # configure secret for the gitea/forgejo runner.
    sopsFile = ./secrets.sops.yaml;
    mode = "0444";
    restartUnits = [ "gitea-runner-default.service" ];
  };

  sops.secrets."cachix/agent_auth_tokens/fj-shadowfax-x86_64" = {
    # configure secret for cachix deploy agent. 
    sopsFile = ./secrets.sops.yaml;
    mode = "0444";
    restartUnits = [ "cachix-agent.service" ];
  };

  nix.settings.trusted-users = [ "gitea-runner" ];
  users.users.jahanson = {
    isNormalUser = true;
    extraGroups = [ "wheel" "docker" ];
    initialPassword = "debug123";
  };
  
  virtualisation.docker.enable = true;

  users.users.gitea-runner.group = "gitea-runner";
  users.groups.gitea-runner = {};
  users.users.gitea-runner.extraGroups = [ "docker" ];
  users.users.gitea-runner.isNormalUser = true;

  # Runner communication port for cache restores.
  networking.firewall.allowedTCPPorts = [ 45315 ];

  services.gitea-actions-runner = {
    package = pkgs.forgejo-actions-runner;
    instances.default = {
      enable = true;
      name = "fj-shadowfax-x86_64";
      url = "https://git.hsn.dev";
      # Obtaining the path to the runner token file may differ
      tokenFile = config.sops.secrets.forgejo-runner-token.path;
      labels = [
        "docker:docker://node:20-bullseye"
        "x86_64"
        "linux"
        "pc"
        "docker-x86_64:docker://node:20-bullseye"
        "native-x86_64:host"
      ];
    };
  };

  services.cachix-agent = {
    enable = true;
    credentialsFile = config.sops.secrets."cachix/agent_auth_tokens/fj-shadowfax-x86_64".path;
  };
  
  system.stateVersion = "24.05";
}
Forgejo CI Runners 2024-05-14 12:03:36 -05:00			`{ pkgs, config, lib, ... }:`
add node and host label 2024-05-20 19:36:31 -05:00			`{`
Build caching. 2024-05-23 12:22:57 -05:00			`imports = [`
			`../cachix.nix`
			`];`
Forgejo CI Runners 2024-05-14 12:03:36 -05:00			`environment.systemPackages = with pkgs; [`
Reconfigure agents, add shadowfax forgejo runner 2024-05-23 11:26:32 -05:00			`# vim -- added by srvos.nixosModules.server`
			`# git -- srvos.nixosModules.server`
			`# tmux -- srvos.nixosModules.server`
Forgejo CI Runners 2024-05-14 12:03:36 -05:00			`cachix`
Add the right amount of laziness 2024-05-14 14:21:22 -05:00			`lazydocker`
			`lazygit`
Reconfigure agents, add shadowfax forgejo runner 2024-05-23 11:26:32 -05:00			`nodejs_20 # required by actions such as checkout`
Forgejo CI Runners 2024-05-14 12:03:36 -05:00			`];`

			`sops.secrets."forgejo-runner-token" = {`
Adding agent to fj-shadowfax 2024-06-18 17:52:57 -05:00			`# configure secret for the gitea/forgejo runner.`
Forgejo CI Runners 2024-05-14 12:03:36 -05:00			`sopsFile = ./secrets.sops.yaml;`
			`mode = "0444";`
Restart units 2024-05-14 13:22:24 -05:00			`restartUnits = [ "gitea-runner-default.service" ];`
Forgejo CI Runners 2024-05-14 12:03:36 -05:00			`};`

Adding agent to fj-shadowfax 2024-06-18 17:52:57 -05:00			`sops.secrets."cachix/agent_auth_tokens/fj-shadowfax-x86_64" = {`
			`# configure secret for cachix deploy agent.`
			`sopsFile = ./secrets.sops.yaml;`
			`mode = "0444";`
			`restartUnits = [ "cachix-agent.service" ];`
			`};`

update trusted user. 2024-05-21 14:12:28 -05:00			`nix.settings.trusted-users = [ "gitea-runner" ];`
debug users 2024-05-26 11:16:48 -05:00			`users.users.jahanson = {`
			`isNormalUser = true;`
			`extraGroups = [ "wheel" "docker" ];`
			`initialPassword = "debug123";`
			`};`
Forgejo CI Runners 2024-05-14 12:03:36 -05:00
			`virtualisation.docker.enable = true;`

create user, add docker group. 2024-05-14 13:38:39 -05:00			`users.users.gitea-runner.group = "gitea-runner";`
primary group 2024-05-14 13:41:38 -05:00			`users.groups.gitea-runner = {};`
create user, add docker group. 2024-05-14 13:38:39 -05:00			`users.users.gitea-runner.extraGroups = [ "docker" ];`
			`users.users.gitea-runner.isNormalUser = true;`

Open port for runner cache communication. 2024-05-15 07:45:21 -05:00			`# Runner communication port for cache restores.`
			`networking.firewall.allowedTCPPorts = [ 45315 ];`

Forgejo CI Runners 2024-05-14 12:03:36 -05:00			`services.gitea-actions-runner = {`
			`package = pkgs.forgejo-actions-runner;`
			`instances.default = {`
			`enable = true;`
Reconfigure agents, add shadowfax forgejo runner 2024-05-23 11:26:32 -05:00			`name = "fj-shadowfax-x86_64";`
Forgejo CI Runners 2024-05-14 12:03:36 -05:00			`url = "https://git.hsn.dev";`
			`# Obtaining the path to the runner token file may differ`
			`tokenFile = config.sops.secrets.forgejo-runner-token.path;`
			`labels = [`
Update runner labels. 2024-05-20 08:46:49 -05:00			`"docker:docker://node:20-bullseye"`
Reconfigure agents, add shadowfax forgejo runner 2024-05-23 11:26:32 -05:00			`"x86_64"`
Update runner labels. 2024-05-20 08:46:49 -05:00			`"linux"`
add node and host label 2024-05-20 19:36:31 -05:00			`"pc"`
Reconfigure agents, add shadowfax forgejo runner 2024-05-23 11:26:32 -05:00			`"docker-x86_64:docker://node:20-bullseye"`
			`"native-x86_64:host"`
Forgejo CI Runners 2024-05-14 12:03:36 -05:00			`];`
			`};`
			`};`
Adding agent to fj-shadowfax 2024-06-18 17:52:57 -05:00
			`services.cachix-agent = {`
			`enable = true;`
			`credentialsFile = config.sops.secrets."cachix/agent_auth_tokens/fj-shadowfax-x86_64".path;`
			`};`

Forgejo CI Runners 2024-05-14 12:03:36 -05:00			`system.stateVersion = "24.05";`
add node and host label 2024-05-20 19:36:31 -05:00			`}`