48 lines
1.4 KiB
Nix
48 lines
1.4 KiB
Nix
{ pkgs, config, ... }:
|
|
{
|
|
imports = [
|
|
./common.nix
|
|
];
|
|
|
|
# Ensure the /var/lib/gitea-runner/default directory is created
|
|
# and has the correct permissions.
|
|
systemd.tmpfiles.rules = [
|
|
"d /var/lib/gitea-runner/default 0750 gitea-runner gitea-runner -"
|
|
"d /var/lib/tailscale 0750 root root -"
|
|
];
|
|
|
|
services.gitea-actions-runner = {
|
|
package = pkgs.forgejo-actions-runner;
|
|
instances.default = {
|
|
enable = true;
|
|
name = config.networking.hostName;
|
|
url = "https://git.hsn.dev";
|
|
# The gitea-runner token file is pushed on vm creation with this command:
|
|
# `incus file push "$TOKEN_FILE" "$INCUS_INSTANCE/var/lib/forgejo/$TOKEN_FILE" --mode 400`
|
|
tokenFile = "/var/lib/gitea-runner/default/tokenfile";
|
|
labels = [
|
|
"docker:docker://node:20-bullseye"
|
|
"docker-x86_64:docker://node:20-bullseye"
|
|
"ubuntu-x86_64:docker://node:20-bullseye"
|
|
"native-x86_64:host"
|
|
];
|
|
};
|
|
};
|
|
|
|
# Enable Tailscale with enhanced configuration
|
|
services.tailscale = {
|
|
enable = true;
|
|
openFirewall = true;
|
|
};
|
|
|
|
# Ensure networking dependencies are properly ordered
|
|
# systemd.services.tailscaled = {
|
|
# after = [
|
|
# "network-pre.target"
|
|
# "NetworkManager.service"
|
|
# "systemd-resolved.service"
|
|
# ];
|
|
# wants = [ "network-pre.target" ];
|
|
# requires = [ "network-online.target" ];
|
|
# };
|
|
}
|