69 lines
1.7 KiB
Nix
69 lines
1.7 KiB
Nix
{ config, lib, pkgs, utils, ... }:
|
|
let inherit (utils) escapeSystemdPath;
|
|
in
|
|
{
|
|
|
|
virtualisation.podman.enable = true;
|
|
|
|
#nix.settings.trusted-users = [ "root" "gitea-runner"];
|
|
nix.settings.allowed-users = [ "*" "gitea-runner" ];
|
|
|
|
users.users.gitea-runner = {
|
|
isSystemUser = true;
|
|
group = "gitea-runner";
|
|
};
|
|
users.groups.gitea-runner = { };
|
|
|
|
clan.core.facts.services.gitea-runner = {
|
|
secret."gitea-runner.token" = { };
|
|
generator = {
|
|
prompt = "please enter your gitea-runner password";
|
|
path = with pkgs; [ coreutils ];
|
|
script = ''
|
|
echo "$prompt_value" > "$secrets"/gitea-runner.token
|
|
'';
|
|
};
|
|
};
|
|
|
|
systemd.services."gitea-runner-${escapeSystemdPath "git.ingolf-wagner.de"}" = {
|
|
serviceConfig = {
|
|
DynamicUser = lib.mkForce false;
|
|
};
|
|
};
|
|
|
|
services.gitea-actions-runner = {
|
|
package = pkgs.forgejo-runner;
|
|
instances."git.ingolf-wagner.de" = {
|
|
enable = true;
|
|
settings = {
|
|
runner = {
|
|
timeout = "12h";
|
|
};
|
|
};
|
|
hostPackages = [
|
|
pkgs.bash
|
|
pkgs.coreutils
|
|
pkgs.curl
|
|
pkgs.gawk
|
|
pkgs.gitMinimal
|
|
pkgs.gnused
|
|
pkgs.nodejs
|
|
pkgs.wget
|
|
pkgs.nix
|
|
pkgs.openssh
|
|
];
|
|
url = "https://git.ingolf-wagner.de";
|
|
tokenFile = config.clan.core.facts.services.gitea-runner.secret."gitea-runner.token".path;
|
|
name = "fick_deine_mudda";
|
|
labels = [
|
|
# provide a debian base with nodejs for actions
|
|
#"debian-latest:docker://node:18-bullseye"
|
|
# fake the ubuntu name, because node provides no ubuntu builds
|
|
#"ubuntu-latest:docker://node:18-bullseye"
|
|
# provide native execution on the host
|
|
"native:host"
|
|
];
|
|
};
|
|
};
|
|
|
|
}
|