2024-09-08 11:55:08 -05:00
|
|
|
{ pkgs, lib, ... }:
|
2024-09-07 14:50:44 -05:00
|
|
|
{
|
|
|
|
|
imports = [
|
|
|
|
|
../cachix.nix
|
|
|
|
|
];
|
2024-09-08 11:44:45 -05:00
|
|
|
|
2024-09-07 14:50:44 -05:00
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
|
# vim -- added by srvos.nixosModules.server
|
|
|
|
|
# git -- srvos.nixosModules.server
|
|
|
|
|
# tmux -- srvos.nixosModules.server
|
|
|
|
|
cachix
|
|
|
|
|
lazydocker
|
|
|
|
|
lazygit
|
|
|
|
|
nodejs_20 # required by actions such as checkout
|
|
|
|
|
openssl
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
sops.secrets."forgejo-runner-token" = {
|
|
|
|
|
# configure secret for the gitea/forgejo runner.
|
|
|
|
|
sopsFile = ./secrets.sops.yaml;
|
|
|
|
|
mode = "0444";
|
|
|
|
|
restartUnits = [ "gitea-runner-default.service" ];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# Required for the gitea-runner to be able to pull images.
|
|
|
|
|
nix.settings.trusted-users = [ "gitea-runner" ];
|
|
|
|
|
|
|
|
|
|
users = {
|
|
|
|
|
groups.gitea-runner = { };
|
|
|
|
|
|
|
|
|
|
users = {
|
|
|
|
|
gitea-runner = {
|
|
|
|
|
isNormalUser = true;
|
|
|
|
|
extraGroups = [ "docker" ];
|
|
|
|
|
group = "gitea-runner";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
jahanson = {
|
|
|
|
|
isNormalUser = true;
|
|
|
|
|
extraGroups = [ "wheel" "docker" ];
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
virtualisation.docker.enable = true;
|
|
|
|
|
|
2024-09-08 11:44:45 -05:00
|
|
|
networking = {
|
|
|
|
|
# Runner communication port for cache restores.
|
|
|
|
|
firewall.allowedTCPPorts = [ 45315 ];
|
|
|
|
|
|
|
|
|
|
networkmanager.enable = true;
|
2024-09-08 11:55:08 -05:00
|
|
|
useDHCP = lib.mkDefault true;
|
2024-09-08 11:44:45 -05:00
|
|
|
};
|
2024-09-07 14:50:44 -05:00
|
|
|
|
|
|
|
|
system.stateVersion = "24.05";
|
|
|
|
|
}
|
