hydra: fix and deploy gitea-actions-runner

2024-04-12 23:40:39 +02:00 · 2024-04-12 23:40:39 +02:00 · 2062679a91
parent 416c19b109
commit 2062679a91
5 changed files with 62 additions and 38 deletions
--- a/flake.nix
+++ b/flake.nix
@ -369,6 +369,8 @@
        gitea = nixosSystem' {
          modules = [
            self.nixosModules.microvm
+            self.nixosModules.gitea-actions-registrar
+            self.nixosModules.gitea-actions-runner
            ./hosts/gitea
          ];
        };
@ -413,6 +415,7 @@
        hydra = nixosSystem' {
          modules = [
            self.nixosModules.cluster
+            self.nixosModules.gitea-actions-runner
            # skyflake.nixosModules.default
            ./hosts/hydra
          ];
@ -759,6 +762,8 @@
          ./modules/microvm-host.nix
        ];
        rpi-netboot = ./modules/rpi-netboot.nix;
+        gitea-actions-registrar = ./modules/gitea-actions-registrar.nix;
+        gitea-actions-runner = ./modules/gitea-actions-runner.nix;
      };

      # `nix develop`
--- a/hosts/gitea/default.nix
+++ b/hosts/gitea/default.nix
@ -46,7 +46,7 @@

      settings = {
        # we use drone for internal tasks and don't want people to execute code on our infrastructure
-        actions.ENABLED = false;
+        actions.ENABLED = true;
        "cron.delete_generated_repository_avatars".ENABLED = true;
        "cron.repo_health_check".TIMEOUT = "300s";
        database.LOG_SQL = false;
@ -108,6 +108,8 @@
      };
    };

+    gitea-actions.enableRegistrar = true;
+
    nginx = {
      enable = true;
      virtualHosts."gitea.c3d2.de" = {
--- a/hosts/hydra/default.nix
+++ b/hosts/hydra/default.nix
@ -124,6 +124,13 @@
      ];
    };

+    gitea-actions = {
+      enableRunner = true;
+      kvm = true;
+      zfsDataset = "hydra/data/podman";
+      giteaUrl = "https://gitea.c3d2.de";
+    };
+
    hydra = {
      enable = true;
      buildMachinesFiles = [
--- a/modules/gitea-actions-registrar.nix
+++ b/modules/gitea-actions-registrar.nix
@ -0,0 +1,30 @@
+{ config, pkgs, lib, ... }:
+let
+  cfg = config.services.gitea-actions;
+in {
+  options.services.gitea-actions.enableRegistrar = lib.mkEnableOption "gitea";
+
+  config.systemd.services = lib.genAttrs (builtins.genList (n: "gitea-runner-nix${builtins.toString n}-token") cfg.numInstances) (name: {
+    wantedBy = [ "multi-user.target" ];
+    after =lib.optional config.services.gitea.enable "gitea.service";
+    unitConfig.ConditionPathExists = [ "!/var/lib/gitea-registration/${name}" ];
+    script = ''
+      set -euo pipefail
+      token=$(${lib.getExe config.services.gitea.package} actions generate-runner-token)
+      echo "TOKEN=$token" > /var/lib/gitea-registration/${name}
+    '';
+
+    environment = {
+      GITEA_CUSTOM = "/var/lib/gitea/custom";
+      GITEA_WORK_DIR = "/var/lib/gitea";
+    };
+
+    serviceConfig = {
+      User = "gitea";
+      Group = "gitea";
+      StateDirectory = "gitea-registration";
+      Type = "oneshot";
+      RemainAfterExit = true;
+    };
+  });
+}
--- a/modules/gitea-actions-runner.nix
+++ b/modules/gitea-actions-runner.nix
@ -21,7 +21,13 @@ let
 in {
  options = {
    services.gitea-actions = {
-      enable = lib.mkEnableOption "gitea-actions";
+      enableRunner = lib.mkEnableOption "gitea-actions-runner";
+
+      giteaUrl = lib.mkOption {
+        type = lib.types.str;
+        default = config.services.gitea.settings.server.ROOT_URL;
+      };
+
      numInstances = lib.mkOption {
        type = lib.types.ints.unsigned;
        default = 2;
@ -46,10 +52,15 @@ in {
        default = false;
        description = "Enable KVM passthrough for the container";
      };
+
+      zfsDataset = lib.mkOption {
+        type = lib.types.str;
+        default = "zroot/root/podman";
+      };
    };
  };

-  config = lib.mkIf cfg.enable (lib.mkMerge [
+  config = lib.mkIf cfg.enableRunner (lib.mkMerge [
    {
      systemd.services.gitea-runner-nix-image = {
        wantedBy = [ "multi-user.target" ];
@ -117,52 +128,21 @@ in {
      };
    }
    {
-      systemd.services = lib.genAttrs (builtins.genList (n: "gitea-runner-nix${builtins.toString n}-token") cfg.numInstances) (name: {
-        wantedBy = [ "multi-user.target" ];
-        after =lib.optional config.services.gitea.enable "gitea.service";
-        unitConfig.ConditionPathExists = [ "!/var/lib/gitea-registration/${name}" ];
-        script = ''
-          set -euo pipefail
-          token=$(${lib.getExe config.services.gitea.package} actions generate-runner-token)
-          echo "TOKEN=$token" > /var/lib/gitea-registration/${name}
-        '';
-
-        environment = {
-          GITEA_CUSTOM = "/var/lib/gitea/custom";
-          GITEA_WORK_DIR = "/var/lib/gitea";
-        };
-
-        serviceConfig = {
-          User = "gitea";
-          Group = "gitea";
-          StateDirectory = "gitea-registration";
-          Type = "oneshot";
-          RemainAfterExit = true;
-        };
-      });
-
      virtualisation = {
        podman.enable = true;
        containers = {
          containersConf.settings.containers.dns_servers = config.networking.nameservers;
-          storage.settings = {
-            storage.driver = if config.boot.zfs.enabled then "zfs" else "overlay";
-            storage.options.zfs.fsname = lib.mkIf config.boot.zfs.enabled "zroot/root/podman";
-            storage.graphroot = "/var/lib/containers/storage";
-            storage.runroot = "/run/containers/storage";
-          };
+          storage.settings.storage.options.zfs.fsname = lib.mkIf config.boot.zfs.enabled "${cfg.zfsDataset}";
        };
      };
    }
    {
      systemd.services = lib.genAttrs (builtins.genList (n: "gitea-runner-nix${builtins.toString n}") cfg.numInstances) (name: {
        after = [
-          "${name}-token.service"
          "gitea-runner-nix-image.service"
        ];

        requires = [
-          "${name}-token.service"
          "gitea-runner-nix-image.service"
        ];

@ -220,9 +200,9 @@ in {

      services.gitea-actions-runner.instances = lib.genAttrs (builtins.genList (n: "nix${builtins.toString n}") cfg.numInstances) (iname: {
        enable = true;
-        name = "nixos-runner";
-        url = config.services.gitea.settings.server.ROOT_URL;
-        tokenFile = "/var/lib/gitea-registration/gitea-runner-${iname}-token";
+        name = config.networking.hostName;
+        url = cfg.giteaUrl;
+        tokenFile = "/var/lib/gitea-runner/${iname}/token";
        labels = [ "nix:docker://gitea-runner-nix" ];
        settings.container = {
          options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt${lib.optionalString cfg.kvm " --device /dev/kvm"} -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user gitea-actions";