Richie/dotfiles
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity

working nix builder

Browse Source
This commit is contained in:
Richie Cahill
2026-05-02 17:10:02 -04:00
parent fe9a2912e1
commit 3a86148352
1 changed files with 31 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
systems/jeeves/runners/nix_builder.nix
+31 -9
View File
@@ -2,6 +2,7 @@
config,
lib,
outputs,
utils,
...
}:
@@ -9,6 +10,8 @@ with lib;
let
vars = import ../vars.nix;
cfg = config.services.nix_builder;
runnerUsername = "gitea-runner";
runnerUserid = 601;
in
{
options.services.nix_builder = {
@@ -33,6 +36,15 @@ in
};
config = {
users = {
users.${runnerUsername} = {
isSystemUser = true;
group = runnerUsername;
uid = runnerUserid;
};
groups.${runnerUsername}.gid = runnerUserid;
};
containers = mapAttrs (
name: containerCfg:
mkIf containerCfg.enable {
@@ -41,19 +53,14 @@ in
hostBridge = cfg.bridgeName;
ephemeral = true;
bindMounts = {
storage = {
hostPath = "/zfs/media/github-runners/${name}";
mountPoint = "/var/lib/gitea-runner/${name}";
isReadOnly = false;
};
host-nix = {
mountPoint = "/host-nix/var/nix/daemon-socket";
hostPath = "/nix/var/nix/daemon-socket";
isReadOnly = false;
};
token = {
hostPath = "${vars.secrets}/services/gitea-runners/registration-token";
mountPoint = "${vars.secrets}/services/gitea-runners/registration-token";
hostPath = "${vars.secrets}/services/gitea-runners";
mountPoint = "/run/secrets/gitea-runners";
isReadOnly = true;
};
};
@@ -102,21 +109,36 @@ in
overlays = builtins.attrValues outputs.overlays;
config.allowUnfree = true;
};
users = {
users.${runnerUsername} = {
isSystemUser = true;
group = runnerUsername;
uid = runnerUserid;
};
groups.${runnerUsername}.gid = runnerUserid;
};
services.gitea-actions-runner.instances.${name} = {
enable = true;
name = "jeeves-${name}";
url = "https://gitea.tmmworkshop.com";
url = "http://192.168.99.14:6443/";
labels = [
"self-hosted:host"
"nixos:host"
];
tokenFile = "${vars.secrets}/services/gitea-runners/registration-token";
tokenFile = "/run/secrets/gitea-runners/registration-token";
hostPackages = with pkgs; [
nixos-rebuild
treefmt
my_python
];
};
systemd.services."gitea-runner-${utils.escapeSystemdPath name}" = {
serviceConfig = {
DynamicUser = mkForce false;
User = mkForce runnerUsername;
Group = mkForce runnerUsername;
};
};
system.stateVersion = "24.05";
};
}