jahanson/forgejo-ci-runners
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
forgejo-ci-runners/agents/fj-shadowfax-x86_64.nix
Joseph Hanson 90618b06a2
All checks were successful
Build / nix-build (native-aarch64, fj-hetzner-aarch64-01) (pull_request) Successful in 52s
Details
Build / nix-build (native-x86_64, fj-shadowfax-01) (pull_request) Successful in 1m28s
Details
Adding agent to fj-shadowfax
2024-06-18 17:52:57 -05:00

72 lines
No EOL
2 KiB
Nix
Raw Blame History

{ pkgs, config, lib, ... }:
{
imports = [
../cachix.nix
];
environment.systemPackages = with pkgs; [
# vim -- added by srvos.nixosModules.server
# git -- srvos.nixosModules.server
# tmux -- srvos.nixosModules.server
cachix
lazydocker
lazygit
nodejs_20 # required by actions such as checkout
];
sops.secrets."forgejo-runner-token" = {
# configure secret for the gitea/forgejo runner.
sopsFile = ./secrets.sops.yaml;
mode = "0444";
restartUnits = [ "gitea-runner-default.service" ];
};
sops.secrets."cachix/agent_auth_tokens/fj-shadowfax-x86_64" = {
# configure secret for cachix deploy agent.
sopsFile = ./secrets.sops.yaml;
mode = "0444";
restartUnits = [ "cachix-agent.service" ];
};
nix.settings.trusted-users = [ "gitea-runner" ];
users.users.jahanson = {
isNormalUser = true;
extraGroups = [ "wheel" "docker" ];
initialPassword = "debug123";
};
virtualisation.docker.enable = true;
users.users.gitea-runner.group = "gitea-runner";
users.groups.gitea-runner = {};
users.users.gitea-runner.extraGroups = [ "docker" ];
users.users.gitea-runner.isNormalUser = true;
# Runner communication port for cache restores.
networking.firewall.allowedTCPPorts = [ 45315 ];
services.gitea-actions-runner = {
package = pkgs.forgejo-actions-runner;
instances.default = {
enable = true;
name = "fj-shadowfax-x86_64";
url = "https://git.hsn.dev";
# Obtaining the path to the runner token file may differ
tokenFile = config.sops.secrets.forgejo-runner-token.path;
labels = [
"docker:docker://node:20-bullseye"
"x86_64"
"linux"
"pc"
"docker-x86_64:docker://node:20-bullseye"
"native-x86_64:host"
];
};
};
services.cachix-agent = {
enable = true;
credentialsFile = config.sops.secrets."cachix/agent_auth_tokens/fj-shadowfax-x86_64".path;
};
system.stateVersion = "24.05";
}
Reference in a new issue View git blame Copy permalink