Joseph Hanson
80405241c6
Some checks failed
Build on PR / nix-build (fj-shadowfax-01, native-x86_64, x86_64-linux) (pull_request) Has been cancelled
Build on PR / nix-build (fj-hetzner-aarch64-01, native-aarch64, aarch64-linux) (pull_request) Has been cancelled
Deploy on PR Merge / if_merged (fj-hetzner-aarch64-01, native-aarch64, aarch64-linux) (pull_request) Successful in 1m4s
Deploy on PR Merge / if_merged (fj-shadowfax-01, native-x86_64, x86_64-linux) (pull_request) Has been cancelled
50 lines
1.1 KiB
Nix
50 lines
1.1 KiB
Nix
{ pkgs, config, ... }:
|
|
{
|
|
imports = [
|
|
../cachix.nix
|
|
];
|
|
environment.systemPackages = with pkgs; [
|
|
# vim -- added by srvos.nixosModules.server
|
|
# git -- srvos.nixosModules.server
|
|
# tmux -- srvos.nixosModules.server
|
|
cachix
|
|
lazydocker
|
|
lazygit
|
|
nodejs_20 # required by actions such as checkout
|
|
openssl
|
|
];
|
|
|
|
sops.secrets."forgejo-runner-token" = {
|
|
# configure secret for the gitea/forgejo runner.
|
|
sopsFile = ./secrets.sops.yaml;
|
|
mode = "0444";
|
|
restartUnits = [ "gitea-runner-default.service" ];
|
|
};
|
|
|
|
# Required for the gitea-runner to be able to pull images.
|
|
nix.settings.trusted-users = [ "gitea-runner" ];
|
|
|
|
users = {
|
|
groups.gitea-runner = { };
|
|
|
|
users = {
|
|
gitea-runner = {
|
|
isNormalUser = true;
|
|
extraGroups = [ "docker" ];
|
|
group = "gitea-runner";
|
|
};
|
|
|
|
jahanson = {
|
|
isNormalUser = true;
|
|
extraGroups = [ "wheel" "docker" ];
|
|
};
|
|
};
|
|
};
|
|
|
|
virtualisation.docker.enable = true;
|
|
|
|
# Runner communication port for cache restores.
|
|
networking.firewall.allowedTCPPorts = [ 45315 ];
|
|
|
|
system.stateVersion = "24.05";
|
|
}
|