nixos-config/machines/orbi/service-forgejo-runner.nix

81 lines
1.7 KiB
Nix
Raw Normal View History

2024-08-29 03:26:04 +02:00
{
config,
lib,
pkgs,
utils,
...
}:
let
inherit (utils) escapeSystemdPath;
2024-07-19 21:33:09 +02:00
in
{
2024-08-11 14:46:03 +02:00
virtualisation.podman.enable = true;
2024-07-19 21:33:09 +02:00
#nix.settings.trusted-users = [ "root" "gitea-runner"];
2024-08-29 03:26:04 +02:00
nix.settings.allowed-users = [
"*"
"gitea-runner"
];
2024-07-19 21:33:09 +02:00
users.users.gitea-runner = {
isSystemUser = true;
group = "gitea-runner";
};
users.groups.gitea-runner = { };
2024-07-20 13:56:03 +02:00
clan.core.facts.services.gitea-runner = {
2024-07-19 21:33:09 +02:00
secret."gitea-runner.token" = { };
generator = {
prompt = "please enter your gitea-runner password";
path = with pkgs; [ coreutils ];
script = ''
2024-10-12 19:13:39 +02:00
echo "TOKEN=$prompt_value" > "$secrets"/gitea-runner.token
2024-07-19 21:33:09 +02:00
'';
};
};
2024-10-12 19:13:39 +02:00
systemd.services."gitea-runner-orbi" = {
2024-07-19 21:33:09 +02:00
serviceConfig = {
DynamicUser = lib.mkForce false;
};
};
services.gitea-actions-runner = {
package = pkgs.forgejo-runner;
2024-10-12 19:13:39 +02:00
instances."orbi" = {
2024-07-19 21:33:09 +02:00
enable = true;
2024-08-02 20:12:59 +02:00
settings = {
runner = {
timeout = "12h";
};
};
2024-07-19 21:33:09 +02:00
hostPackages = [
pkgs.bash
pkgs.coreutils
pkgs.curl
pkgs.gawk
pkgs.gitMinimal
pkgs.gnused
pkgs.nodejs
pkgs.wget
pkgs.nix
2024-07-19 23:27:05 +02:00
pkgs.openssh
2024-07-19 21:33:09 +02:00
];
url = "https://git.ingolf-wagner.de";
2024-07-20 13:56:03 +02:00
tokenFile = config.clan.core.facts.services.gitea-runner.secret."gitea-runner.token".path;
2024-10-12 19:13:39 +02:00
name = "orbi";
2024-07-19 21:33:09 +02:00
labels = [
# provide a debian base with nodejs for actions
#"debian-latest:docker://node:18-bullseye"
# fake the ubuntu name, because node provides no ubuntu builds
#"ubuntu-latest:docker://node:18-bullseye"
# provide native execution on the host
"native:host"
];
};
};
}