Enable cachix runner on hetzner aarch64 machine. Pinned nixpkgs to stable 24.05.

This commit is contained in:
Joseph Hanson 2024-07-25 09:53:17 -05:00
parent a47d932d18
commit 2f22ea63ce
Signed by: jahanson
SSH key fingerprint: SHA256:vy6dKBECV522aPAwklFM3ReKAVB086rT3oWwiuiFG7o
4 changed files with 42 additions and 27 deletions

View file

@ -1,9 +1,9 @@
{ pkgs, config, lib, ... }: { pkgs, config, lib, ... }:
{ {
imports = [ imports = [
../cachix.nix ../cachix.nix
]; ];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# vim -- added by srvos.nixosModules.server # vim -- added by srvos.nixosModules.server
# git -- srvos.nixosModules.server # git -- srvos.nixosModules.server
# tmux -- srvos.nixosModules.server # tmux -- srvos.nixosModules.server
@ -20,12 +20,19 @@
restartUnits = [ "gitea-runner-default.service" ]; restartUnits = [ "gitea-runner-default.service" ];
}; };
sops.secrets."cachix/agent_auth_tokens/fj-hetzner-aarch64" = {
# configure secret for cachix deploy agent.
sopsFile = ./secrets.sops.yaml;
mode = "0444";
restartUnits = [ "cachix-agent.service" ];
};
nix.settings.trusted-users = [ "gitea-runner" ]; nix.settings.trusted-users = [ "gitea-runner" ];
virtualisation.docker.enable = true; virtualisation.docker.enable = true;
users.users.gitea-runner.group = "gitea-runner"; users.users.gitea-runner.group = "gitea-runner";
users.groups.gitea-runner = {}; users.groups.gitea-runner = { };
users.users.gitea-runner.extraGroups = [ "docker" ]; users.users.gitea-runner.extraGroups = [ "docker" ];
users.users.gitea-runner.isNormalUser = true; users.users.gitea-runner.isNormalUser = true;
@ -49,5 +56,11 @@
]; ];
}; };
}; };
services.cachix-agent = {
enable = true;
credentialsFile = config.sops.secrets."cachix/agent_auth_tokens/fj-hetzner-aarch64".path;
};
system.stateVersion = "24.05"; system.stateVersion = "24.05";
} }

View file

@ -2,6 +2,8 @@ forgejo-runner-token: ENC[AES256_GCM,data:rzSo75Mo4Y8HbD605rz5RDH8HTVkZNxcsWhLzZ
cachix: cachix:
agent_auth_tokens: agent_auth_tokens:
fj-shadowfax-x86_64: ENC[AES256_GCM,data:A3LyWAqmk6VeBtaP9NH6CUNGkhtuu2t993XU2KYX7piJ3ku3/or/vc96phkxekgP6bICJ4A8FijDHhRJKp9rNjYRNxztWg+b2IqH8U5W0/iVO248o4RTdNqi451bPpn+EnaW2g3XWHZ5vQjYm/2vrhZ1CFA1zGFndimIFLtri3J7tJl710WrxAXS9rfPg8Mpw5+6rZSp63ZeDfT9X0xRzngfypsc6CEo,iv:laMt7qH6r9eFJjiHm71vUvGx87HDWGalFwBSu4h30HI=,tag:G3VNbzpoGt3KjHqcWvN+UQ==,type:str] fj-shadowfax-x86_64: ENC[AES256_GCM,data:A3LyWAqmk6VeBtaP9NH6CUNGkhtuu2t993XU2KYX7piJ3ku3/or/vc96phkxekgP6bICJ4A8FijDHhRJKp9rNjYRNxztWg+b2IqH8U5W0/iVO248o4RTdNqi451bPpn+EnaW2g3XWHZ5vQjYm/2vrhZ1CFA1zGFndimIFLtri3J7tJl710WrxAXS9rfPg8Mpw5+6rZSp63ZeDfT9X0xRzngfypsc6CEo,iv:laMt7qH6r9eFJjiHm71vUvGx87HDWGalFwBSu4h30HI=,tag:G3VNbzpoGt3KjHqcWvN+UQ==,type:str]
#ENC[AES256_GCM,data:/EEIy1X24dChXGhIcyxIWdyZTw==,iv:90MbJ2SfioGuxZ023P4EMfBoMKAplB4fQCdEuRyACps=,tag:zveXaR/LoYSfdh0bSHuqKA==,type:comment]
fj-hetzner-aarch64: ENC[AES256_GCM,data:baSr2hF3vGf/KEZ9/Ud/LcmfQbfP8aUqDYQxkAPv34oKLwl8+Czbw51oOQ2U5613pQVsu+I1JgCKchLiMSu5NdoMsfV7oShb+jbIBVK1ySjICcVfljJvlqL+412romKnugtlQiZVMHdxgwycVQV4XSeBlKXxUc9orQObXe263nmiKYSHtgnHo4cE0N+FL4bRtyK0fbWtsS+9jTtZ78fqnrM3P3INEWTb,iv:+s0i6DPVu2QuPQ4tFXOY1NNnX0yqq4oQ5aCy2gjvOS0=,tag:ZHb7rOQmMtFeDJN1zYUHag==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -44,8 +46,8 @@ sops:
RmI3bXhPVEthNUZrRWM0Sit0ZU5lcU0KPdIFA2t/bMV7XWumdtmJSfktv6YXO/Vt RmI3bXhPVEthNUZrRWM0Sit0ZU5lcU0KPdIFA2t/bMV7XWumdtmJSfktv6YXO/Vt
k/Zsb/HvCkBoVz2U9r8JveIMgc2knqqJGm+HS8zE/SZgh0OIUYKZEQ== k/Zsb/HvCkBoVz2U9r8JveIMgc2knqqJGm+HS8zE/SZgh0OIUYKZEQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-16T01:32:09Z" lastmodified: "2024-07-25T14:49:15Z"
mac: ENC[AES256_GCM,data:BkZQd6p/vDPLhoR4SbmVF9DTWVmDrUWTgVC+THWp2ASezzTCEAukAV81cO+mr4gedoig4JO4FfmhiedIeJvpKSPsZLlEaZXL2yJsvKQ59M+IxCKODan13RjbIy2ifqtSdlo6nCDvV/TMiutBVHhVnwQF30hRYVEloEBOI/BkzUo=,iv:Dd/5SstdUGEROAqqz0ZiMv4jG7gu2xIWvGKe/gXcBzo=,tag:6ZWXrZ7MefxabzeJGbsanw==,type:str] mac: ENC[AES256_GCM,data:oG/t32sChs6P4Dqx3HJdcBdhUUAh0RYSDGffmxbEetRvZkTOTAp83KBOUyj+77TQPrC66W5tE4m+eG4BKgDnoHE3RvdBkOAY6BS1NG6hDHJshQxBXLHqtXJ8swgAWQtnTNmgzam7FdBsRmecq/DDcHUk5raf86OY7Wsqe4UR2zg=,iv:M6BpBZKaenS1x59MZUG5mB1oTSA3AI7Wan0SiNyKnX4=,tag:fAgzfETqahPwO0Xh93dfLQ==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

View file

@ -65,11 +65,11 @@
"pre-commit-hooks": "pre-commit-hooks" "pre-commit-hooks": "pre-commit-hooks"
}, },
"locked": { "locked": {
"lastModified": 1719923519, "lastModified": 1721828545,
"narHash": "sha256-7Rhljj2fsklFRsu+eq7N683Z9qukmreMEj5C1GqCrSA=", "narHash": "sha256-KscBvzhLlD6Yc4TLjezgL4C6PrtV1kdvx78uCxuOSjA=",
"owner": "cachix", "owner": "cachix",
"repo": "cachix", "repo": "cachix",
"rev": "4e9e71f78b9500fa6210cf1eaa4d75bdbab777c3", "rev": "40d591e3ca6931042334f884eadb841f1da69623",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -189,11 +189,11 @@
"nixpkgs": "nixpkgs_3" "nixpkgs": "nixpkgs_3"
}, },
"locked": { "locked": {
"lastModified": 1721735625, "lastModified": 1721871128,
"narHash": "sha256-4T0FK0b3Q7Dd7oj79M7GhA9+YqKxxGT0iN+h8yqdP7s=", "narHash": "sha256-NyWVCnSeePnJHGJxZ0l3zdGQGrVjUcx2IJbV8KIsPf0=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "4698b1ef375e9c904037e0b2049aa73d39ac1b2d", "rev": "55e874b9c14764cb791e5740f0e92202e41393fc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -581,11 +581,11 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1721559948, "lastModified": 1721782431,
"narHash": "sha256-cFgdjyK/VBM3hB1RfFHXcI/VOCBVAv813s1upHKX7bI=", "narHash": "sha256-UNDpwjYxNXQet/g3mgRLsQ9zxrbm9j2JEvP4ijF3AWs=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "c19d62ad2265b16e2199c5feb4650fe459ca1c46", "rev": "4f02464258baaf54992debfd010a7a3662a25536",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -597,27 +597,27 @@
}, },
"nixpkgs_4": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1721562059, "lastModified": 1721686456,
"narHash": "sha256-Tybxt65eyOARf285hMHIJ2uul8SULjFZbT9ZaEeUnP8=", "narHash": "sha256-nw/BnNzATDPfzpJVTnY8mcSKKsz6BJMEFRkJ332QSN0=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "68c9ed8bbed9dfce253cc91560bf9043297ef2fe", "rev": "575f3027caa1e291d24f1e9fb0e3a19c2f26d96b",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "nixos",
"ref": "nixos-unstable", "ref": "nixos-24.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs_5": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1721571961, "lastModified": 1721838734,
"narHash": "sha256-jfF4gpRUpTBY2OxDB0FRySsgNGOiuDckEtu7YDQom3Y=", "narHash": "sha256-o87oh2nLDzZ1E9+j1I6GaEvd9865OWGYvxaPSiH9DEU=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "4cc8b29327bed3d52b40041f810f49734298af46", "rev": "1855c9961e0bfa2e776fa4b58b7d43149eeed431",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -713,11 +713,11 @@
"nixpkgs": "nixpkgs_5" "nixpkgs": "nixpkgs_5"
}, },
"locked": { "locked": {
"lastModified": 1721612563, "lastModified": 1721888498,
"narHash": "sha256-6T6GkLuNVbgDKijcBY/5mUiK8gO2Xi2QFM13hUKa2a0=", "narHash": "sha256-O5/s8e6CL99AQoKEn8k6F99UoJdAzQ8z9LZ7SxFJ3c4=",
"owner": "numtide", "owner": "numtide",
"repo": "srvos", "repo": "srvos",
"rev": "936858820dcad0e958f16f0e9652519bef045d5d", "rev": "27b3a9b23847cb2e716334ee6ad58b82ddc3f7a7",
"type": "github" "type": "github"
}, },
"original": { "original": {

View file

@ -2,7 +2,7 @@
description = "Forgejo CI Runners"; description = "Forgejo CI Runners";
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
srvos.url = "github:numtide/srvos"; srvos.url = "github:numtide/srvos";
disko.url = "github:nix-community/disko"; disko.url = "github:nix-community/disko";
cachix-deploy-flake.url = "github:cachix/cachix-deploy-flake"; cachix-deploy-flake.url = "github:cachix/cachix-deploy-flake";