102 lines
2.8 KiB
Nix
102 lines
2.8 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
utils,
|
|
...
|
|
}:
|
|
let
|
|
inherit (utils) escapeSystemdPath;
|
|
in
|
|
{
|
|
|
|
# note:
|
|
# I can't for some reason use any run-on: ubuntu-latest (docker container) to build docker contains,
|
|
# I have to use native and run the docker commands via `run: docker build ...`.
|
|
#
|
|
# `run-on: ubuntu-latest` and `docker/login-action` or `docker/build-and-push-action` does not work.
|
|
|
|
nix.settings.allowed-users = [
|
|
"*"
|
|
"gitea-runner"
|
|
];
|
|
|
|
users.users.gitea-runner = {
|
|
isSystemUser = true;
|
|
group = "gitea-runner";
|
|
};
|
|
users.groups.gitea-runner = { };
|
|
|
|
clan.core.facts.services.gitea-runner = {
|
|
secret."gitea-runner.token" = { };
|
|
generator = {
|
|
prompt = "please enter your gitea-runner password";
|
|
path = with pkgs; [ coreutils ];
|
|
script = ''
|
|
echo "TOKEN=$prompt_value" > "$secrets"/gitea-runner.token
|
|
'';
|
|
};
|
|
};
|
|
|
|
systemd.services."gitea-runner-orbi" = {
|
|
serviceConfig = {
|
|
DynamicUser = lib.mkForce false;
|
|
};
|
|
environment = {
|
|
# make docker build output readable
|
|
BUILDKIT_PROGRESS = "plain";
|
|
};
|
|
};
|
|
|
|
services.gitea-actions-runner = {
|
|
package = pkgs.forgejo-runner;
|
|
instances."orbi" = {
|
|
enable = true;
|
|
settings = {
|
|
runner = {
|
|
timeout = "12h";
|
|
};
|
|
#container.network = "host";
|
|
#container.network = "bridge";
|
|
#container.docker_host = "unix:///var/run/podman/podman.sock";
|
|
};
|
|
hostPackages = [
|
|
pkgs.bash
|
|
pkgs.coreutils
|
|
pkgs.curl
|
|
pkgs.gawk
|
|
pkgs.gitMinimal
|
|
pkgs.gnused
|
|
pkgs.nodejs
|
|
pkgs.wget
|
|
pkgs.nix
|
|
pkgs.openssh
|
|
pkgs.podman
|
|
pkgs.docker
|
|
];
|
|
url = "https://git.ingolf-wagner.de";
|
|
tokenFile = config.clan.core.facts.services.gitea-runner.secret."gitea-runner.token".path;
|
|
name = "orbi";
|
|
|
|
labels = [
|
|
# The labels of a runner are used to determine which jobs the runner can run, and how to run them.
|
|
# Like: "macos-arm64:host" or "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
|
|
# Find more images provided by Gitea at https://gitea.com/gitea/runner-images .
|
|
# If it's empty when registering, it will ask for inputting labels.
|
|
# If it's empty when execute `daemon`, will use labels in `.runner` file.
|
|
"ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
|
|
"ubuntu-22.04:docker://gitea/runner-images:ubuntu-22.04"
|
|
"ubuntu-20.04:docker://gitea/runner-images:ubuntu-20.04"
|
|
|
|
# provide native execution on the host
|
|
"native:host"
|
|
|
|
# provide a debian base with nodejs for actions
|
|
#"debian-latest:docker://node:18-bullseye"
|
|
# fake the ubuntu name, because node provides no ubuntu builds
|
|
#"ubuntu-latest:docker://node:18-bullseye"
|
|
];
|
|
};
|
|
};
|
|
|
|
}
|