diff --git a/systems/jeeves/runners/default.nix b/systems/jeeves/runners/default.nix index 849006e..e24101d 100644 --- a/systems/jeeves/runners/default.nix +++ b/systems/jeeves/runners/default.nix @@ -1,20 +1,7 @@ -{ pkgs, ... }: +{ ... }: { imports = [ ./nix_builder.nix ]; - users = { - users.github-runners = { - shell = pkgs.bash; - isSystemUser = true; - group = "github-runners"; - uid = 601; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA/S8i+BNX/12JNKg+5EKGX7Aqimt5KM+ve3wt/SyWuO github-runners" # cspell:disable-line - ]; - }; - groups.github-runners.gid = 601; - }; - services.nix_builder.containers = { nix-builder-00.enable = true; nix-builder-01.enable = true; diff --git a/systems/jeeves/runners/nix_builder.nix b/systems/jeeves/runners/nix_builder.nix index bd686c6..e38ee04 100644 --- a/systems/jeeves/runners/nix_builder.nix +++ b/systems/jeeves/runners/nix_builder.nix @@ -23,12 +23,12 @@ in types.submodule ( { name, ... }: { - options.enable = mkEnableOption "GitHub runner container"; + options.enable = mkEnableOption "Gitea runner container"; } ) ); default = { }; - description = "GitHub runner container configurations"; + description = "Gitea runner container configurations"; }; }; @@ -43,7 +43,7 @@ in bindMounts = { storage = { hostPath = "/zfs/media/github-runners/${name}"; - mountPoint = "/zfs/media/github-runners/${name}"; + mountPoint = "/var/lib/gitea-runner/${name}"; isReadOnly = false; }; host-nix = { @@ -51,9 +51,9 @@ in hostPath = "/nix/var/nix/daemon-socket"; isReadOnly = false; }; - pat = { - hostPath = "${vars.secrets}/services/github-runners/runner_pat"; - mountPoint = "${vars.secrets}/services/github-runners/runner_pat"; + token = { + hostPath = "${vars.secrets}/services/gitea-runners/registration-token"; + mountPoint = "${vars.secrets}/services/gitea-runners/registration-token"; isReadOnly = true; }; }; @@ -92,43 +92,31 @@ in "nix-command" ]; sandbox = true; - allowed-users = [ "github-runners" ]; + allowed-users = [ "gitea-runner" ]; trusted-users = [ "root" - "github-runners" + "gitea-runner" ]; }; nixpkgs = { overlays = builtins.attrValues outputs.overlays; config.allowUnfree = true; }; - services.github-runners.${name} = { + services.gitea-actions-runner.instances.${name} = { enable = true; - replace = true; - workDir = "/zfs/media/github-runners/${name}"; - url = "https://github.com/RichieCahill/dotfiles"; - extraLabels = [ "nixos" ]; - tokenFile = "${vars.secrets}/services/github-runners/runner_pat"; - user = "github-runners"; - group = "github-runners"; - extraPackages = with pkgs; [ - gitMinimal - gh - nixfmt + name = "jeeves-${name}"; + url = "https://gitea.tmmworkshop.com"; + labels = [ + "self-hosted:host" + "nixos:host" + ]; + tokenFile = "${vars.secrets}/services/gitea-runners/registration-token"; + hostPackages = with pkgs; [ nixos-rebuild treefmt my_python ]; }; - users = { - users.github-runners = { - shell = pkgs.bash; - isSystemUser = true; - group = "github-runners"; - uid = 601; - }; - groups.github-runners.gid = 601; - }; system.stateVersion = "24.05"; }; } diff --git a/systems/jeeves/services/gitea.nix b/systems/jeeves/services/gitea.nix index 5f511e8..2ea98c4 100644 --- a/systems/jeeves/services/gitea.nix +++ b/systems/jeeves/services/gitea.nix @@ -21,6 +21,10 @@ in createDatabase = false; }; settings = { + actions = { + ENABLED = true; + DEFAULT_ACTIONS_URL = "github"; + }; service.DISABLE_REGISTRATION = true; server = { DOMAIN = "tmmworkshop.com";