forgejo-ci-runners/agents/linux.nix
2024-05-20 08:46:49 -05:00

91 lines
No EOL
1.8 KiB
Nix

{ pkgs, config, lib, ... }:
let
in {
environment.systemPackages = with pkgs; [
vim
# zig broken on darwin
#ncdu
git
tmux
cachix
direnv
lazydocker
lazygit
];
sops.secrets."forgejo-runner-token" = {
# configure secret for forwarding rules
sopsFile = ./secrets.sops.yaml;
mode = "0444";
restartUnits = [ "gitea-runner-default.service" ];
};
virtualisation.docker.enable = true;
users.users.gitea-runner.group = "gitea-runner";
users.groups.gitea-runner = {};
users.users.gitea-runner.extraGroups = [ "docker" ];
users.users.gitea-runner.isNormalUser = true;
# Runner communication port for cache restores.
networking.firewall.allowedTCPPorts = [ 45315 ];
services.gitea-actions-runner = {
package = pkgs.forgejo-actions-runner;
instances.default = {
enable = true;
name = "monolith";
url = "https://git.hsn.dev";
# Obtaining the path to the runner token file may differ
tokenFile = config.sops.secrets.forgejo-runner-token.path;
labels = [
"docker:docker://node:20-bullseye"
"aarch64"
"linux"
"pc"
## optionally provide native execution on the host:
# "native:host"
];
};
};
system.stateVersion = "24.05";
}
# extraPackages = with pkgs; [
# # custom
# cachix
# tmate
# jq
# # nixos
# docker
# openssh
# coreutils-full
# bashInteractive # bash with ncurses support
# bzip2
# cpio
# curl
# diffutils
# findutils
# gawk
# stdenv.cc.libc
# getent
# getconf
# gnugrep
# gnupatch
# gnused
# gnutar
# gzip
# xz
# less
# ncurses
# netcat
# mkpasswd
# procps
# time
# zstd
# util-linux
# which
# nixos-rebuild
# ];