diff --git a/flake.nix b/flake.nix index a755347d..51687bee 100644 --- a/flake.nix +++ b/flake.nix @@ -369,6 +369,8 @@ gitea = nixosSystem' { modules = [ self.nixosModules.microvm + self.nixosModules.gitea-actions-registrar + self.nixosModules.gitea-actions-runner ./hosts/gitea ]; }; @@ -413,6 +415,7 @@ hydra = nixosSystem' { modules = [ self.nixosModules.cluster + self.nixosModules.gitea-actions-runner # skyflake.nixosModules.default ./hosts/hydra ]; @@ -759,6 +762,8 @@ ./modules/microvm-host.nix ]; rpi-netboot = ./modules/rpi-netboot.nix; + gitea-actions-registrar = ./modules/gitea-actions-registrar.nix; + gitea-actions-runner = ./modules/gitea-actions-runner.nix; }; # `nix develop` diff --git a/hosts/gitea/default.nix b/hosts/gitea/default.nix index 24bba570..34e305ca 100644 --- a/hosts/gitea/default.nix +++ b/hosts/gitea/default.nix @@ -46,7 +46,7 @@ settings = { # we use drone for internal tasks and don't want people to execute code on our infrastructure - actions.ENABLED = false; + actions.ENABLED = true; "cron.delete_generated_repository_avatars".ENABLED = true; "cron.repo_health_check".TIMEOUT = "300s"; database.LOG_SQL = false; @@ -108,6 +108,8 @@ }; }; + gitea-actions.enableRegistrar = true; + nginx = { enable = true; virtualHosts."gitea.c3d2.de" = { diff --git a/hosts/hydra/default.nix b/hosts/hydra/default.nix index 2018fe40..1130e9f8 100644 --- a/hosts/hydra/default.nix +++ b/hosts/hydra/default.nix @@ -124,6 +124,13 @@ ]; }; + gitea-actions = { + enableRunner = true; + kvm = true; + zfsDataset = "hydra/data/podman"; + giteaUrl = "https://gitea.c3d2.de"; + }; + hydra = { enable = true; buildMachinesFiles = [ diff --git a/modules/gitea-actions-registrar.nix b/modules/gitea-actions-registrar.nix new file mode 100644 index 00000000..d47dd5cb --- /dev/null +++ b/modules/gitea-actions-registrar.nix @@ -0,0 +1,30 @@ +{ config, pkgs, lib, ... }: +let + cfg = config.services.gitea-actions; +in { + options.services.gitea-actions.enableRegistrar = lib.mkEnableOption "gitea"; + + config.systemd.services = lib.genAttrs (builtins.genList (n: "gitea-runner-nix${builtins.toString n}-token") cfg.numInstances) (name: { + wantedBy = [ "multi-user.target" ]; + after =lib.optional config.services.gitea.enable "gitea.service"; + unitConfig.ConditionPathExists = [ "!/var/lib/gitea-registration/${name}" ]; + script = '' + set -euo pipefail + token=$(${lib.getExe config.services.gitea.package} actions generate-runner-token) + echo "TOKEN=$token" > /var/lib/gitea-registration/${name} + ''; + + environment = { + GITEA_CUSTOM = "/var/lib/gitea/custom"; + GITEA_WORK_DIR = "/var/lib/gitea"; + }; + + serviceConfig = { + User = "gitea"; + Group = "gitea"; + StateDirectory = "gitea-registration"; + Type = "oneshot"; + RemainAfterExit = true; + }; + }); +} diff --git a/modules/gitea-actions-runner.nix b/modules/gitea-actions-runner.nix index ac0c1d00..56693a7b 100644 --- a/modules/gitea-actions-runner.nix +++ b/modules/gitea-actions-runner.nix @@ -21,7 +21,13 @@ let in { options = { services.gitea-actions = { - enable = lib.mkEnableOption "gitea-actions"; + enableRunner = lib.mkEnableOption "gitea-actions-runner"; + + giteaUrl = lib.mkOption { + type = lib.types.str; + default = config.services.gitea.settings.server.ROOT_URL; + }; + numInstances = lib.mkOption { type = lib.types.ints.unsigned; default = 2; @@ -46,10 +52,15 @@ in { default = false; description = "Enable KVM passthrough for the container"; }; + + zfsDataset = lib.mkOption { + type = lib.types.str; + default = "zroot/root/podman"; + }; }; }; - config = lib.mkIf cfg.enable (lib.mkMerge [ + config = lib.mkIf cfg.enableRunner (lib.mkMerge [ { systemd.services.gitea-runner-nix-image = { wantedBy = [ "multi-user.target" ]; @@ -117,52 +128,21 @@ in { }; } { - systemd.services = lib.genAttrs (builtins.genList (n: "gitea-runner-nix${builtins.toString n}-token") cfg.numInstances) (name: { - wantedBy = [ "multi-user.target" ]; - after =lib.optional config.services.gitea.enable "gitea.service"; - unitConfig.ConditionPathExists = [ "!/var/lib/gitea-registration/${name}" ]; - script = '' - set -euo pipefail - token=$(${lib.getExe config.services.gitea.package} actions generate-runner-token) - echo "TOKEN=$token" > /var/lib/gitea-registration/${name} - ''; - - environment = { - GITEA_CUSTOM = "/var/lib/gitea/custom"; - GITEA_WORK_DIR = "/var/lib/gitea"; - }; - - serviceConfig = { - User = "gitea"; - Group = "gitea"; - StateDirectory = "gitea-registration"; - Type = "oneshot"; - RemainAfterExit = true; - }; - }); - virtualisation = { podman.enable = true; containers = { containersConf.settings.containers.dns_servers = config.networking.nameservers; - storage.settings = { - storage.driver = if config.boot.zfs.enabled then "zfs" else "overlay"; - storage.options.zfs.fsname = lib.mkIf config.boot.zfs.enabled "zroot/root/podman"; - storage.graphroot = "/var/lib/containers/storage"; - storage.runroot = "/run/containers/storage"; - }; + storage.settings.storage.options.zfs.fsname = lib.mkIf config.boot.zfs.enabled "${cfg.zfsDataset}"; }; }; } { systemd.services = lib.genAttrs (builtins.genList (n: "gitea-runner-nix${builtins.toString n}") cfg.numInstances) (name: { after = [ - "${name}-token.service" "gitea-runner-nix-image.service" ]; requires = [ - "${name}-token.service" "gitea-runner-nix-image.service" ]; @@ -220,9 +200,9 @@ in { services.gitea-actions-runner.instances = lib.genAttrs (builtins.genList (n: "nix${builtins.toString n}") cfg.numInstances) (iname: { enable = true; - name = "nixos-runner"; - url = config.services.gitea.settings.server.ROOT_URL; - tokenFile = "/var/lib/gitea-registration/gitea-runner-${iname}-token"; + name = config.networking.hostName; + url = cfg.giteaUrl; + tokenFile = "/var/lib/gitea-runner/${iname}/token"; labels = [ "nix:docker://gitea-runner-nix" ]; settings.container = { options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt${lib.optionalString cfg.kvm " --device /dev/kvm"} -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user gitea-actions";