working nix builder
This commit is contained in:
@@ -2,6 +2,7 @@
|
|||||||
config,
|
config,
|
||||||
lib,
|
lib,
|
||||||
outputs,
|
outputs,
|
||||||
|
utils,
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
|
|
||||||
@@ -9,6 +10,8 @@ with lib;
|
|||||||
let
|
let
|
||||||
vars = import ../vars.nix;
|
vars = import ../vars.nix;
|
||||||
cfg = config.services.nix_builder;
|
cfg = config.services.nix_builder;
|
||||||
|
runnerUsername = "gitea-runner";
|
||||||
|
runnerUserid = 601;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options.services.nix_builder = {
|
options.services.nix_builder = {
|
||||||
@@ -33,6 +36,15 @@ in
|
|||||||
};
|
};
|
||||||
|
|
||||||
config = {
|
config = {
|
||||||
|
users = {
|
||||||
|
users.${runnerUsername} = {
|
||||||
|
isSystemUser = true;
|
||||||
|
group = runnerUsername;
|
||||||
|
uid = runnerUserid;
|
||||||
|
};
|
||||||
|
groups.${runnerUsername}.gid = runnerUserid;
|
||||||
|
};
|
||||||
|
|
||||||
containers = mapAttrs (
|
containers = mapAttrs (
|
||||||
name: containerCfg:
|
name: containerCfg:
|
||||||
mkIf containerCfg.enable {
|
mkIf containerCfg.enable {
|
||||||
@@ -41,19 +53,14 @@ in
|
|||||||
hostBridge = cfg.bridgeName;
|
hostBridge = cfg.bridgeName;
|
||||||
ephemeral = true;
|
ephemeral = true;
|
||||||
bindMounts = {
|
bindMounts = {
|
||||||
storage = {
|
|
||||||
hostPath = "/zfs/media/github-runners/${name}";
|
|
||||||
mountPoint = "/var/lib/gitea-runner/${name}";
|
|
||||||
isReadOnly = false;
|
|
||||||
};
|
|
||||||
host-nix = {
|
host-nix = {
|
||||||
mountPoint = "/host-nix/var/nix/daemon-socket";
|
mountPoint = "/host-nix/var/nix/daemon-socket";
|
||||||
hostPath = "/nix/var/nix/daemon-socket";
|
hostPath = "/nix/var/nix/daemon-socket";
|
||||||
isReadOnly = false;
|
isReadOnly = false;
|
||||||
};
|
};
|
||||||
token = {
|
token = {
|
||||||
hostPath = "${vars.secrets}/services/gitea-runners/registration-token";
|
hostPath = "${vars.secrets}/services/gitea-runners";
|
||||||
mountPoint = "${vars.secrets}/services/gitea-runners/registration-token";
|
mountPoint = "/run/secrets/gitea-runners";
|
||||||
isReadOnly = true;
|
isReadOnly = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
@@ -102,21 +109,36 @@ in
|
|||||||
overlays = builtins.attrValues outputs.overlays;
|
overlays = builtins.attrValues outputs.overlays;
|
||||||
config.allowUnfree = true;
|
config.allowUnfree = true;
|
||||||
};
|
};
|
||||||
|
users = {
|
||||||
|
users.${runnerUsername} = {
|
||||||
|
isSystemUser = true;
|
||||||
|
group = runnerUsername;
|
||||||
|
uid = runnerUserid;
|
||||||
|
};
|
||||||
|
groups.${runnerUsername}.gid = runnerUserid;
|
||||||
|
};
|
||||||
services.gitea-actions-runner.instances.${name} = {
|
services.gitea-actions-runner.instances.${name} = {
|
||||||
enable = true;
|
enable = true;
|
||||||
name = "jeeves-${name}";
|
name = "jeeves-${name}";
|
||||||
url = "https://gitea.tmmworkshop.com";
|
url = "http://192.168.99.14:6443/";
|
||||||
labels = [
|
labels = [
|
||||||
"self-hosted:host"
|
"self-hosted:host"
|
||||||
"nixos:host"
|
"nixos:host"
|
||||||
];
|
];
|
||||||
tokenFile = "${vars.secrets}/services/gitea-runners/registration-token";
|
tokenFile = "/run/secrets/gitea-runners/registration-token";
|
||||||
hostPackages = with pkgs; [
|
hostPackages = with pkgs; [
|
||||||
nixos-rebuild
|
nixos-rebuild
|
||||||
treefmt
|
treefmt
|
||||||
my_python
|
my_python
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
systemd.services."gitea-runner-${utils.escapeSystemdPath name}" = {
|
||||||
|
serviceConfig = {
|
||||||
|
DynamicUser = mkForce false;
|
||||||
|
User = mkForce runnerUsername;
|
||||||
|
Group = mkForce runnerUsername;
|
||||||
|
};
|
||||||
|
};
|
||||||
system.stateVersion = "24.05";
|
system.stateVersion = "24.05";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user