hydra: fix and deploy gitea-actions-runner
This commit is contained in:
parent
416c19b109
commit
2062679a91
|
@ -369,6 +369,8 @@
|
||||||
gitea = nixosSystem' {
|
gitea = nixosSystem' {
|
||||||
modules = [
|
modules = [
|
||||||
self.nixosModules.microvm
|
self.nixosModules.microvm
|
||||||
|
self.nixosModules.gitea-actions-registrar
|
||||||
|
self.nixosModules.gitea-actions-runner
|
||||||
./hosts/gitea
|
./hosts/gitea
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
@ -413,6 +415,7 @@
|
||||||
hydra = nixosSystem' {
|
hydra = nixosSystem' {
|
||||||
modules = [
|
modules = [
|
||||||
self.nixosModules.cluster
|
self.nixosModules.cluster
|
||||||
|
self.nixosModules.gitea-actions-runner
|
||||||
# skyflake.nixosModules.default
|
# skyflake.nixosModules.default
|
||||||
./hosts/hydra
|
./hosts/hydra
|
||||||
];
|
];
|
||||||
|
@ -759,6 +762,8 @@
|
||||||
./modules/microvm-host.nix
|
./modules/microvm-host.nix
|
||||||
];
|
];
|
||||||
rpi-netboot = ./modules/rpi-netboot.nix;
|
rpi-netboot = ./modules/rpi-netboot.nix;
|
||||||
|
gitea-actions-registrar = ./modules/gitea-actions-registrar.nix;
|
||||||
|
gitea-actions-runner = ./modules/gitea-actions-runner.nix;
|
||||||
};
|
};
|
||||||
|
|
||||||
# `nix develop`
|
# `nix develop`
|
||||||
|
|
|
@ -46,7 +46,7 @@
|
||||||
|
|
||||||
settings = {
|
settings = {
|
||||||
# we use drone for internal tasks and don't want people to execute code on our infrastructure
|
# we use drone for internal tasks and don't want people to execute code on our infrastructure
|
||||||
actions.ENABLED = false;
|
actions.ENABLED = true;
|
||||||
"cron.delete_generated_repository_avatars".ENABLED = true;
|
"cron.delete_generated_repository_avatars".ENABLED = true;
|
||||||
"cron.repo_health_check".TIMEOUT = "300s";
|
"cron.repo_health_check".TIMEOUT = "300s";
|
||||||
database.LOG_SQL = false;
|
database.LOG_SQL = false;
|
||||||
|
@ -108,6 +108,8 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
gitea-actions.enableRegistrar = true;
|
||||||
|
|
||||||
nginx = {
|
nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
virtualHosts."gitea.c3d2.de" = {
|
virtualHosts."gitea.c3d2.de" = {
|
||||||
|
|
|
@ -124,6 +124,13 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
gitea-actions = {
|
||||||
|
enableRunner = true;
|
||||||
|
kvm = true;
|
||||||
|
zfsDataset = "hydra/data/podman";
|
||||||
|
giteaUrl = "https://gitea.c3d2.de";
|
||||||
|
};
|
||||||
|
|
||||||
hydra = {
|
hydra = {
|
||||||
enable = true;
|
enable = true;
|
||||||
buildMachinesFiles = [
|
buildMachinesFiles = [
|
||||||
|
|
30
modules/gitea-actions-registrar.nix
Normal file
30
modules/gitea-actions-registrar.nix
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
let
|
||||||
|
cfg = config.services.gitea-actions;
|
||||||
|
in {
|
||||||
|
options.services.gitea-actions.enableRegistrar = lib.mkEnableOption "gitea";
|
||||||
|
|
||||||
|
config.systemd.services = lib.genAttrs (builtins.genList (n: "gitea-runner-nix${builtins.toString n}-token") cfg.numInstances) (name: {
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
after =lib.optional config.services.gitea.enable "gitea.service";
|
||||||
|
unitConfig.ConditionPathExists = [ "!/var/lib/gitea-registration/${name}" ];
|
||||||
|
script = ''
|
||||||
|
set -euo pipefail
|
||||||
|
token=$(${lib.getExe config.services.gitea.package} actions generate-runner-token)
|
||||||
|
echo "TOKEN=$token" > /var/lib/gitea-registration/${name}
|
||||||
|
'';
|
||||||
|
|
||||||
|
environment = {
|
||||||
|
GITEA_CUSTOM = "/var/lib/gitea/custom";
|
||||||
|
GITEA_WORK_DIR = "/var/lib/gitea";
|
||||||
|
};
|
||||||
|
|
||||||
|
serviceConfig = {
|
||||||
|
User = "gitea";
|
||||||
|
Group = "gitea";
|
||||||
|
StateDirectory = "gitea-registration";
|
||||||
|
Type = "oneshot";
|
||||||
|
RemainAfterExit = true;
|
||||||
|
};
|
||||||
|
});
|
||||||
|
}
|
|
@ -21,7 +21,13 @@ let
|
||||||
in {
|
in {
|
||||||
options = {
|
options = {
|
||||||
services.gitea-actions = {
|
services.gitea-actions = {
|
||||||
enable = lib.mkEnableOption "gitea-actions";
|
enableRunner = lib.mkEnableOption "gitea-actions-runner";
|
||||||
|
|
||||||
|
giteaUrl = lib.mkOption {
|
||||||
|
type = lib.types.str;
|
||||||
|
default = config.services.gitea.settings.server.ROOT_URL;
|
||||||
|
};
|
||||||
|
|
||||||
numInstances = lib.mkOption {
|
numInstances = lib.mkOption {
|
||||||
type = lib.types.ints.unsigned;
|
type = lib.types.ints.unsigned;
|
||||||
default = 2;
|
default = 2;
|
||||||
|
@ -46,10 +52,15 @@ in {
|
||||||
default = false;
|
default = false;
|
||||||
description = "Enable KVM passthrough for the container";
|
description = "Enable KVM passthrough for the container";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
zfsDataset = lib.mkOption {
|
||||||
|
type = lib.types.str;
|
||||||
|
default = "zroot/root/podman";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = lib.mkIf cfg.enable (lib.mkMerge [
|
config = lib.mkIf cfg.enableRunner (lib.mkMerge [
|
||||||
{
|
{
|
||||||
systemd.services.gitea-runner-nix-image = {
|
systemd.services.gitea-runner-nix-image = {
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
@ -117,52 +128,21 @@ in {
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
systemd.services = lib.genAttrs (builtins.genList (n: "gitea-runner-nix${builtins.toString n}-token") cfg.numInstances) (name: {
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
after =lib.optional config.services.gitea.enable "gitea.service";
|
|
||||||
unitConfig.ConditionPathExists = [ "!/var/lib/gitea-registration/${name}" ];
|
|
||||||
script = ''
|
|
||||||
set -euo pipefail
|
|
||||||
token=$(${lib.getExe config.services.gitea.package} actions generate-runner-token)
|
|
||||||
echo "TOKEN=$token" > /var/lib/gitea-registration/${name}
|
|
||||||
'';
|
|
||||||
|
|
||||||
environment = {
|
|
||||||
GITEA_CUSTOM = "/var/lib/gitea/custom";
|
|
||||||
GITEA_WORK_DIR = "/var/lib/gitea";
|
|
||||||
};
|
|
||||||
|
|
||||||
serviceConfig = {
|
|
||||||
User = "gitea";
|
|
||||||
Group = "gitea";
|
|
||||||
StateDirectory = "gitea-registration";
|
|
||||||
Type = "oneshot";
|
|
||||||
RemainAfterExit = true;
|
|
||||||
};
|
|
||||||
});
|
|
||||||
|
|
||||||
virtualisation = {
|
virtualisation = {
|
||||||
podman.enable = true;
|
podman.enable = true;
|
||||||
containers = {
|
containers = {
|
||||||
containersConf.settings.containers.dns_servers = config.networking.nameservers;
|
containersConf.settings.containers.dns_servers = config.networking.nameservers;
|
||||||
storage.settings = {
|
storage.settings.storage.options.zfs.fsname = lib.mkIf config.boot.zfs.enabled "${cfg.zfsDataset}";
|
||||||
storage.driver = if config.boot.zfs.enabled then "zfs" else "overlay";
|
|
||||||
storage.options.zfs.fsname = lib.mkIf config.boot.zfs.enabled "zroot/root/podman";
|
|
||||||
storage.graphroot = "/var/lib/containers/storage";
|
|
||||||
storage.runroot = "/run/containers/storage";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
systemd.services = lib.genAttrs (builtins.genList (n: "gitea-runner-nix${builtins.toString n}") cfg.numInstances) (name: {
|
systemd.services = lib.genAttrs (builtins.genList (n: "gitea-runner-nix${builtins.toString n}") cfg.numInstances) (name: {
|
||||||
after = [
|
after = [
|
||||||
"${name}-token.service"
|
|
||||||
"gitea-runner-nix-image.service"
|
"gitea-runner-nix-image.service"
|
||||||
];
|
];
|
||||||
|
|
||||||
requires = [
|
requires = [
|
||||||
"${name}-token.service"
|
|
||||||
"gitea-runner-nix-image.service"
|
"gitea-runner-nix-image.service"
|
||||||
];
|
];
|
||||||
|
|
||||||
|
@ -220,9 +200,9 @@ in {
|
||||||
|
|
||||||
services.gitea-actions-runner.instances = lib.genAttrs (builtins.genList (n: "nix${builtins.toString n}") cfg.numInstances) (iname: {
|
services.gitea-actions-runner.instances = lib.genAttrs (builtins.genList (n: "nix${builtins.toString n}") cfg.numInstances) (iname: {
|
||||||
enable = true;
|
enable = true;
|
||||||
name = "nixos-runner";
|
name = config.networking.hostName;
|
||||||
url = config.services.gitea.settings.server.ROOT_URL;
|
url = cfg.giteaUrl;
|
||||||
tokenFile = "/var/lib/gitea-registration/gitea-runner-${iname}-token";
|
tokenFile = "/var/lib/gitea-runner/${iname}/token";
|
||||||
labels = [ "nix:docker://gitea-runner-nix" ];
|
labels = [ "nix:docker://gitea-runner-nix" ];
|
||||||
settings.container = {
|
settings.container = {
|
||||||
options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt${lib.optionalString cfg.kvm " --device /dev/kvm"} -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user gitea-actions";
|
options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt${lib.optionalString cfg.kvm " --device /dev/kvm"} -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user gitea-actions";
|
||||||
|
|
Loading…
Reference in New Issue
Block a user