c3d2/nix-config
c3d2
/
nix-config
23
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity

hydra: fix and deploy gitea-actions-runner

This commit is contained in:
Astro 2024-04-12 23:40:39 +02:00
parent 416c19b109
commit 2062679a91
5 changed files with 62 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
flake.nix
View File

@ -369,6 +369,8 @@
gitea = nixosSystem' { gitea = nixosSystem' {
modules = [ modules = [
self.nixosModules.microvm self.nixosModules.microvm
self.nixosModules.gitea-actions-registrar
self.nixosModules.gitea-actions-runner
./hosts/gitea ./hosts/gitea
]; ];
}; };
@ -413,6 +415,7 @@
hydra = nixosSystem' { hydra = nixosSystem' {
modules = [ modules = [
self.nixosModules.cluster self.nixosModules.cluster
self.nixosModules.gitea-actions-runner
# skyflake.nixosModules.default # skyflake.nixosModules.default
./hosts/hydra ./hosts/hydra
]; ];
@ -759,6 +762,8 @@
./modules/microvm-host.nix ./modules/microvm-host.nix
]; ];
rpi-netboot = ./modules/rpi-netboot.nix; rpi-netboot = ./modules/rpi-netboot.nix;
gitea-actions-registrar = ./modules/gitea-actions-registrar.nix;
gitea-actions-runner = ./modules/gitea-actions-runner.nix;
}; };
# `nix develop` # `nix develop`

4
hosts/gitea/default.nix
View File

@ -46,7 +46,7 @@
settings = { settings = {
# we use drone for internal tasks and don't want people to execute code on our infrastructure # we use drone for internal tasks and don't want people to execute code on our infrastructure
actions.ENABLED = false; actions.ENABLED = true;
"cron.delete_generated_repository_avatars".ENABLED = true; "cron.delete_generated_repository_avatars".ENABLED = true;
"cron.repo_health_check".TIMEOUT = "300s"; "cron.repo_health_check".TIMEOUT = "300s";
database.LOG_SQL = false; database.LOG_SQL = false;
@ -108,6 +108,8 @@
}; };
}; };
gitea-actions.enableRegistrar = true;
nginx = { nginx = {
enable = true; enable = true;
virtualHosts."gitea.c3d2.de" = { virtualHosts."gitea.c3d2.de" = {

7
hosts/hydra/default.nix
View File

@ -124,6 +124,13 @@
]; ];
}; };
gitea-actions = {
enableRunner = true;
kvm = true;
zfsDataset = "hydra/data/podman";
giteaUrl = "https://gitea.c3d2.de";
};
hydra = { hydra = {
enable = true; enable = true;
buildMachinesFiles = [ buildMachinesFiles = [

30
modules/gitea-actions-registrar.nix Normal file
View File

@ -0,0 +1,30 @@
{ config, pkgs, lib, ... }:
let
cfg = config.services.gitea-actions;
in {
options.services.gitea-actions.enableRegistrar = lib.mkEnableOption "gitea";
config.systemd.services = lib.genAttrs (builtins.genList (n: "gitea-runner-nix${builtins.toString n}-token") cfg.numInstances) (name: {
wantedBy = [ "multi-user.target" ];
after =lib.optional config.services.gitea.enable "gitea.service";
unitConfig.ConditionPathExists = [ "!/var/lib/gitea-registration/${name}" ];
script = ''
set -euo pipefail
token=$(${lib.getExe config.services.gitea.package} actions generate-runner-token)
echo "TOKEN=$token" > /var/lib/gitea-registration/${name}
'';
environment = {
GITEA_CUSTOM = "/var/lib/gitea/custom";
GITEA_WORK_DIR = "/var/lib/gitea";
};
serviceConfig = {
User = "gitea";
Group = "gitea";
StateDirectory = "gitea-registration";
Type = "oneshot";
RemainAfterExit = true;
};
});
}

54
modules/gitea-actions-runner.nix
View File

@ -21,7 +21,13 @@ let
in { in {
options = { options = {
services.gitea-actions = { services.gitea-actions = {
enable = lib.mkEnableOption "gitea-actions"; enableRunner = lib.mkEnableOption "gitea-actions-runner";
giteaUrl = lib.mkOption {
type = lib.types.str;
default = config.services.gitea.settings.server.ROOT_URL;
};
numInstances = lib.mkOption { numInstances = lib.mkOption {
type = lib.types.ints.unsigned; type = lib.types.ints.unsigned;
default = 2; default = 2;
@ -46,10 +52,15 @@ in {
default = false; default = false;
description = "Enable KVM passthrough for the container"; description = "Enable KVM passthrough for the container";
}; };
zfsDataset = lib.mkOption {
type = lib.types.str;
default = "zroot/root/podman";
};
}; };
}; };
config = lib.mkIf cfg.enable (lib.mkMerge [ config = lib.mkIf cfg.enableRunner (lib.mkMerge [
{ {
systemd.services.gitea-runner-nix-image = { systemd.services.gitea-runner-nix-image = {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
@ -117,52 +128,21 @@ in {
}; };
} }
{ {
systemd.services = lib.genAttrs (builtins.genList (n: "gitea-runner-nix${builtins.toString n}-token") cfg.numInstances) (name: {
wantedBy = [ "multi-user.target" ];
after =lib.optional config.services.gitea.enable "gitea.service";
unitConfig.ConditionPathExists = [ "!/var/lib/gitea-registration/${name}" ];
script = ''
set -euo pipefail
token=$(${lib.getExe config.services.gitea.package} actions generate-runner-token)
echo "TOKEN=$token" > /var/lib/gitea-registration/${name}
'';
environment = {
GITEA_CUSTOM = "/var/lib/gitea/custom";
GITEA_WORK_DIR = "/var/lib/gitea";
};
serviceConfig = {
User = "gitea";
Group = "gitea";
StateDirectory = "gitea-registration";
Type = "oneshot";
RemainAfterExit = true;
};
});
virtualisation = { virtualisation = {
podman.enable = true; podman.enable = true;
containers = { containers = {
containersConf.settings.containers.dns_servers = config.networking.nameservers; containersConf.settings.containers.dns_servers = config.networking.nameservers;
storage.settings = { storage.settings.storage.options.zfs.fsname = lib.mkIf config.boot.zfs.enabled "${cfg.zfsDataset}";
storage.driver = if config.boot.zfs.enabled then "zfs" else "overlay";
storage.options.zfs.fsname = lib.mkIf config.boot.zfs.enabled "zroot/root/podman";
storage.graphroot = "/var/lib/containers/storage";
storage.runroot = "/run/containers/storage";
};
}; };
}; };
} }
{ {
systemd.services = lib.genAttrs (builtins.genList (n: "gitea-runner-nix${builtins.toString n}") cfg.numInstances) (name: { systemd.services = lib.genAttrs (builtins.genList (n: "gitea-runner-nix${builtins.toString n}") cfg.numInstances) (name: {
after = [ after = [
"${name}-token.service"
"gitea-runner-nix-image.service" "gitea-runner-nix-image.service"
]; ];
requires = [ requires = [
"${name}-token.service"
"gitea-runner-nix-image.service" "gitea-runner-nix-image.service"
]; ];
@ -220,9 +200,9 @@ in {
services.gitea-actions-runner.instances = lib.genAttrs (builtins.genList (n: "nix${builtins.toString n}") cfg.numInstances) (iname: { services.gitea-actions-runner.instances = lib.genAttrs (builtins.genList (n: "nix${builtins.toString n}") cfg.numInstances) (iname: {
enable = true; enable = true;
name = "nixos-runner"; name = config.networking.hostName;
url = config.services.gitea.settings.server.ROOT_URL; url = cfg.giteaUrl;
tokenFile = "/var/lib/gitea-registration/gitea-runner-${iname}-token"; tokenFile = "/var/lib/gitea-runner/${iname}/token";
labels = [ "nix:docker://gitea-runner-nix" ]; labels = [ "nix:docker://gitea-runner-nix" ];
settings.container = { settings.container = {
options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt${lib.optionalString cfg.kvm " --device /dev/kvm"} -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user gitea-actions"; options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt${lib.optionalString cfg.kvm " --device /dev/kvm"} -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user gitea-actions";