forgejo-ci-runners/profiles/role-lxc-vm.nix

48 lines
1.4 KiB
Nix

{ pkgs, config, ... }:
{
imports = [
./common.nix
];
# Ensure the /var/lib/gitea-runner/default directory is created
# and has the correct permissions.
systemd.tmpfiles.rules = [
"d /var/lib/gitea-runner/default 0750 gitea-runner gitea-runner -"
"d /var/lib/tailscale 0750 root root -"
];
services.gitea-actions-runner = {
package = pkgs.forgejo-actions-runner;
instances.default = {
enable = true;
name = config.networking.hostName;
url = "https://git.hsn.dev";
# The gitea-runner token file is pushed on vm creation with this command:
# `incus file push "$TOKEN_FILE" "$INCUS_INSTANCE/var/lib/forgejo/$TOKEN_FILE" --mode 400`
tokenFile = "/var/lib/gitea-runner/default/tokenfile";
labels = [
"docker:docker://node:20-bullseye"
"docker-x86_64:docker://node:20-bullseye"
"ubuntu-x86_64:docker://node:20-bullseye"
"native-x86_64:host"
];
};
};
# Enable Tailscale with enhanced configuration
services.tailscale = {
enable = true;
openFirewall = true;
};
# Ensure networking dependencies are properly ordered
# systemd.services.tailscaled = {
# after = [
# "network-pre.target"
# "NetworkManager.service"
# "systemd-resolved.service"
# ];
# wants = [ "network-pre.target" ];
# requires = [ "network-online.target" ];
# };
}