jahanson/forgejo-ci-runners
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
forgejo-ci-runners/flake.nix
Joseph Hanson a6444e7512
fix file path
2024-09-13 18:27:50 -05:00

202 lines
6.7 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
description = "Forgejo CI Runners";
inputs = {
# NixOS nixpkgs 24.05
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
# Lix - Substitution of the Nix package manager, focused on correctness, usability, and growth and committed to doing right by its community.
# https://git.lix.systems/lix-project/lix
lix-module = {
url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz";
inputs.nixpkgs.follows = "nixpkgs";
};
# srvos - NixOS modules for Hetzner Cloud and other services
srvos.url = "github:numtide/srvos";
# disko - NixOS module for managing disks
disko.url = "github:nix-community/disko";
# Cachix helper functions for deploying NixOS systems with flakes.
cachix-deploy-flake.url = "github:cachix/cachix-deploy-flake";
# Cachix - Nix binary cache hosting and continuous integration
cachix-flake = {
url = "github:cachix/cachix";
inputs.nixpkgs.follows = "nixpkgs";
};
# sops-nix - Atomic secret provisioning for NixOS based on sops
# https://github.com/Mic92/sops-nix
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = { self, sops-nix, nixpkgs, srvos, disko, cachix-flake, cachix-deploy-flake, lix-module, ... }@inputs:
let
inherit (nixpkgs) lib;
common = system: rec {
pkgs = import nixpkgs {
inherit system;
overlays = [
(final: prev: {
cachix = cachix-flake.packages.${system}.default;
})
];
};
cachix-deploy-lib = cachix-deploy-flake.lib pkgs;
};
aarch64-linux-modules = [
sops-nix.nixosModules.sops
srvos.nixosModules.hardware-hetzner-cloud
srvos.nixosModules.server
srvos.nixosModules.mixins-systemd-boot
disko.nixosModules.disko
lix-module.nixosModules.default
./profiles/role-fj-hetzner.nix
(import ./disko-hetzner-cloud.nix { disks = [ "/dev/sda" ]; })
{
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "fj-hetzner-aarch64-01";
users.users.root.openssh.authorizedKeys.keys =
[
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILcLI5qN69BuoLp8p7nTYKoLdsBNmZB31OerZ63Car1g jahanson@telchar"
];
services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "without-password";
}
];
x86_64-linux-modules = [
sops-nix.nixosModules.sops
./profiles/hw-shadowfax.nix
srvos.nixosModules.server
srvos.nixosModules.mixins-systemd-boot
disko.nixosModules.disko
lix-module.nixosModules.default
./profiles/fj-shadowfax-x86_64.nix
(import ./disko-shadowfax.nix { disks = [ "/dev/sda" ]; })
{
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "fj-shadowfax-01";
users.users.root.openssh.authorizedKeys.keys =
[
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILcLI5qN69BuoLp8p7nTYKoLdsBNmZB31OerZ63Car1g jahanson@telchar"
];
services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "without-password";
}
];
x86_64-linux-modules-lxc-vm = [
"${inputs.nixpkgs}/nixos/modules/virtualisation/lxd-virtual-machine.nix"
sops-nix.nixosModules.sops
srvos.nixosModules.server
lix-module.nixosModules.default
./profiles/role-lxc-vm.nix
{
# networking.hostName = "fj-x86_64-vm-01";
users.users.root.openssh.authorizedKeys.keys =
[
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILcLI5qN69BuoLp8p7nTYKoLdsBNmZB31OerZ63Car1g jahanson@telchar"
];
services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "without-password";
}
];
in
{
# NixOS configurations for manual deployment
nixosConfigurations =
{
"fj-hetzner-aarch64" = lib.nixosSystem {
system = "aarch64-linux";
specialArgs = { inherit inputs; };
modules = aarch64-linux-modules;
};
"fj-x86_64" = lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = x86_64-linux-modules;
};
"fj-lxc-vm-x86_64" = lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = x86_64-linux-modules-lxc-vm;
};
};
# Cachix deploy for automated deployments
packages.aarch64-linux.default =
let
inherit (common "aarch64-linux") cachix-deploy-lib;
in
cachix-deploy-lib.nixos {
# system = "aarch64-linux";
imports = aarch64-linux-modules;
};
packages.x86_64-linux.default =
let
inherit (common "x86_64-linux") cachix-deploy-lib;
in
cachix-deploy-lib.nixos {
imports = x86_64-linux-modules;
};
# Constructs a deploy.json output that can be used to deploy the runners
# https://docs.cachix.org/deploy/reference#deploy-json
deploy-json =
{
"aarch64-linux" =
let
inherit (common "aarch64-linux") cachix-deploy-lib;
in
cachix-deploy-lib.spec
{
agents = {
"fj-hetzner-aarch64-01" =
let
inherit (common "aarch64-linux") cachix-deploy-lib;
in
cachix-deploy-lib.nixos {
# system = "aarch64-linux";
imports = aarch64-linux-modules;
};
};
};
"x86_64-linux" =
let
inherit (common "x86_64-linux") cachix-deploy-lib;
in
cachix-deploy-lib.spec
{
agents = {
"fj-shadowfax-01" =
let
inherit (common "x86_64-linux") cachix-deploy-lib;
in
cachix-deploy-lib.nixos {
imports = x86_64-linux-modules;
};
};
};
};
# Convenience output that aggregates the outputs for home, nixos.
# Also used in ci to build targets generally.
top =
let
nixtop = nixpkgs.lib.genAttrs
(builtins.attrNames inputs.self.nixosConfigurations)
(attr: inputs.self.nixosConfigurations.${attr}.config.system.build.toplevel);
in
nixtop;
};
}
Reference in a new issue View git blame Copy permalink