updated nix builders
This commit is contained in:
@@ -1,20 +1,7 @@
|
||||
{ pkgs, ... }:
|
||||
{ ... }:
|
||||
{
|
||||
imports = [ ./nix_builder.nix ];
|
||||
|
||||
users = {
|
||||
users.github-runners = {
|
||||
shell = pkgs.bash;
|
||||
isSystemUser = true;
|
||||
group = "github-runners";
|
||||
uid = 601;
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA/S8i+BNX/12JNKg+5EKGX7Aqimt5KM+ve3wt/SyWuO github-runners" # cspell:disable-line
|
||||
];
|
||||
};
|
||||
groups.github-runners.gid = 601;
|
||||
};
|
||||
|
||||
services.nix_builder.containers = {
|
||||
nix-builder-00.enable = true;
|
||||
nix-builder-01.enable = true;
|
||||
|
||||
@@ -23,12 +23,12 @@ in
|
||||
types.submodule (
|
||||
{ name, ... }:
|
||||
{
|
||||
options.enable = mkEnableOption "GitHub runner container";
|
||||
options.enable = mkEnableOption "Gitea runner container";
|
||||
}
|
||||
)
|
||||
);
|
||||
default = { };
|
||||
description = "GitHub runner container configurations";
|
||||
description = "Gitea runner container configurations";
|
||||
};
|
||||
};
|
||||
|
||||
@@ -43,7 +43,7 @@ in
|
||||
bindMounts = {
|
||||
storage = {
|
||||
hostPath = "/zfs/media/github-runners/${name}";
|
||||
mountPoint = "/zfs/media/github-runners/${name}";
|
||||
mountPoint = "/var/lib/gitea-runner/${name}";
|
||||
isReadOnly = false;
|
||||
};
|
||||
host-nix = {
|
||||
@@ -51,9 +51,9 @@ in
|
||||
hostPath = "/nix/var/nix/daemon-socket";
|
||||
isReadOnly = false;
|
||||
};
|
||||
pat = {
|
||||
hostPath = "${vars.secrets}/services/github-runners/runner_pat";
|
||||
mountPoint = "${vars.secrets}/services/github-runners/runner_pat";
|
||||
token = {
|
||||
hostPath = "${vars.secrets}/services/gitea-runners/registration-token";
|
||||
mountPoint = "${vars.secrets}/services/gitea-runners/registration-token";
|
||||
isReadOnly = true;
|
||||
};
|
||||
};
|
||||
@@ -92,43 +92,31 @@ in
|
||||
"nix-command"
|
||||
];
|
||||
sandbox = true;
|
||||
allowed-users = [ "github-runners" ];
|
||||
allowed-users = [ "gitea-runner" ];
|
||||
trusted-users = [
|
||||
"root"
|
||||
"github-runners"
|
||||
"gitea-runner"
|
||||
];
|
||||
};
|
||||
nixpkgs = {
|
||||
overlays = builtins.attrValues outputs.overlays;
|
||||
config.allowUnfree = true;
|
||||
};
|
||||
services.github-runners.${name} = {
|
||||
services.gitea-actions-runner.instances.${name} = {
|
||||
enable = true;
|
||||
replace = true;
|
||||
workDir = "/zfs/media/github-runners/${name}";
|
||||
url = "https://github.com/RichieCahill/dotfiles";
|
||||
extraLabels = [ "nixos" ];
|
||||
tokenFile = "${vars.secrets}/services/github-runners/runner_pat";
|
||||
user = "github-runners";
|
||||
group = "github-runners";
|
||||
extraPackages = with pkgs; [
|
||||
gitMinimal
|
||||
gh
|
||||
nixfmt
|
||||
name = "jeeves-${name}";
|
||||
url = "https://gitea.tmmworkshop.com";
|
||||
labels = [
|
||||
"self-hosted:host"
|
||||
"nixos:host"
|
||||
];
|
||||
tokenFile = "${vars.secrets}/services/gitea-runners/registration-token";
|
||||
hostPackages = with pkgs; [
|
||||
nixos-rebuild
|
||||
treefmt
|
||||
my_python
|
||||
];
|
||||
};
|
||||
users = {
|
||||
users.github-runners = {
|
||||
shell = pkgs.bash;
|
||||
isSystemUser = true;
|
||||
group = "github-runners";
|
||||
uid = 601;
|
||||
};
|
||||
groups.github-runners.gid = 601;
|
||||
};
|
||||
system.stateVersion = "24.05";
|
||||
};
|
||||
}
|
||||
|
||||
@@ -21,6 +21,10 @@ in
|
||||
createDatabase = false;
|
||||
};
|
||||
settings = {
|
||||
actions = {
|
||||
ENABLED = true;
|
||||
DEFAULT_ACTIONS_URL = "github";
|
||||
};
|
||||
service.DISABLE_REGISTRATION = true;
|
||||
server = {
|
||||
DOMAIN = "tmmworkshop.com";
|
||||
|
||||
Reference in New Issue
Block a user