Format
This commit is contained in:
parent
8e2718f443
commit
6c3a02220d
|
@ -1,7 +1,10 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
{
|
{
|
||||||
c3d2.hq.statistics.enable = true;
|
c3d2 = {
|
||||||
c3d2.deployment.server = "server10";
|
deployment.server = "server10";
|
||||||
|
hq.statistics.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
microvm = {
|
microvm = {
|
||||||
mem = 8 * 1024;
|
mem = 8 * 1024;
|
||||||
vcpu = 8;
|
vcpu = 8;
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, lib, ... }:
|
||||||
let
|
let
|
||||||
cfg = config.services.gitea-actions;
|
cfg = config.services.gitea-actions;
|
||||||
in {
|
in {
|
||||||
|
@ -6,7 +6,7 @@ in {
|
||||||
|
|
||||||
config.systemd.services = lib.genAttrs (builtins.genList (n: "gitea-runner-nix${builtins.toString n}-token") cfg.numInstances) (name: {
|
config.systemd.services = lib.genAttrs (builtins.genList (n: "gitea-runner-nix${builtins.toString n}-token") cfg.numInstances) (name: {
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
after =lib.optional config.services.gitea.enable "gitea.service";
|
after = lib.optional config.services.gitea.enable "gitea.service";
|
||||||
unitConfig.ConditionPathExists = [ "!/var/lib/gitea-registration/${name}" ];
|
unitConfig.ConditionPathExists = [ "!/var/lib/gitea-registration/${name}" ];
|
||||||
script = ''
|
script = ''
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
|
@ -3,7 +3,7 @@ let
|
||||||
cfg = config.services.gitea-actions;
|
cfg = config.services.gitea-actions;
|
||||||
storeDeps = pkgs.buildEnv {
|
storeDeps = pkgs.buildEnv {
|
||||||
name = "store-deps";
|
name = "store-deps";
|
||||||
paths = ((with pkgs; [
|
paths = (with pkgs; [
|
||||||
bash
|
bash
|
||||||
cacert
|
cacert
|
||||||
coreutils
|
coreutils
|
||||||
|
@ -16,7 +16,7 @@ let
|
||||||
nix
|
nix
|
||||||
nodejs
|
nodejs
|
||||||
openssh
|
openssh
|
||||||
]) ++ cfg.storeDependencies);
|
]) ++ cfg.storeDependencies;
|
||||||
};
|
};
|
||||||
in {
|
in {
|
||||||
options = {
|
options = {
|
||||||
|
@ -69,7 +69,7 @@ in {
|
||||||
script = ''
|
script = ''
|
||||||
set -eu -o pipefail
|
set -eu -o pipefail
|
||||||
mkdir -p etc/nix
|
mkdir -p etc/nix
|
||||||
|
|
||||||
# Create an unpriveleged user that we can use also without the run-as-user.sh script
|
# Create an unpriveleged user that we can use also without the run-as-user.sh script
|
||||||
touch etc/passwd etc/group
|
touch etc/passwd etc/group
|
||||||
groupid=$(cut -d: -f3 < <(getent group gitea-actions))
|
groupid=$(cut -d: -f3 < <(getent group gitea-actions))
|
||||||
|
@ -77,36 +77,36 @@ in {
|
||||||
groupadd --prefix $(pwd) --gid "$groupid" gitea-actions
|
groupadd --prefix $(pwd) --gid "$groupid" gitea-actions
|
||||||
emptypassword='$y$j9T$dLJlazrLCVKcOQ/zmu60E1$bAkbdgDaiz7niknOCasvKW3Tjxeca6WA/1fNe4UpeeC'
|
emptypassword='$y$j9T$dLJlazrLCVKcOQ/zmu60E1$bAkbdgDaiz7niknOCasvKW3Tjxeca6WA/1fNe4UpeeC'
|
||||||
useradd --prefix $(pwd) -p "$emptypassword" -m -d /tmp -u "$userid" -g "$groupid" -G gitea-actions gitea-actions
|
useradd --prefix $(pwd) -p "$emptypassword" -m -d /tmp -u "$userid" -g "$groupid" -G gitea-actions gitea-actions
|
||||||
|
|
||||||
cat <<NIX_CONFIG > etc/nix/nix.conf
|
cat <<NIX_CONFIG > etc/nix/nix.conf
|
||||||
experimental-features = nix-command flakes
|
experimental-features = nix-command flakes
|
||||||
${cfg.additionalFlakeConfig}
|
${cfg.additionalFlakeConfig}
|
||||||
NIX_CONFIG
|
NIX_CONFIG
|
||||||
|
|
||||||
cat <<NSSWITCH > etc/nsswitch.conf
|
cat <<NSSWITCH > etc/nsswitch.conf
|
||||||
passwd: files mymachines systemd
|
passwd: files mymachines systemd
|
||||||
group: files mymachines systemd
|
group: files mymachines systemd
|
||||||
shadow: files
|
shadow: files
|
||||||
|
|
||||||
hosts: files mymachines dns myhostname
|
hosts: files mymachines dns myhostname
|
||||||
networks: files
|
networks: files
|
||||||
|
|
||||||
ethers: files
|
ethers: files
|
||||||
services: files
|
services: files
|
||||||
protocols: files
|
protocols: files
|
||||||
rpc: files
|
rpc: files
|
||||||
NSSWITCH
|
NSSWITCH
|
||||||
|
|
||||||
# list the content as it will be imported into the container
|
# list the content as it will be imported into the container
|
||||||
tar -cv . | tar -tvf -
|
tar -cv . | tar -tvf -
|
||||||
tar -cv . | podman import - gitea-runner-nix
|
tar -cv . | podman import - gitea-runner-nix
|
||||||
'';
|
'';
|
||||||
|
|
||||||
path = [
|
path = with pkgs; [
|
||||||
config.virtualisation.podman.package
|
config.virtualisation.podman.package
|
||||||
pkgs.getent
|
getent
|
||||||
pkgs.gnutar
|
gnutar
|
||||||
pkgs.shadow
|
shadow
|
||||||
];
|
];
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
|
@ -116,7 +116,7 @@ in {
|
||||||
RemainAfterExit = true;
|
RemainAfterExit = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
users = {
|
users = {
|
||||||
groups.gitea-actions = { };
|
groups.gitea-actions = { };
|
||||||
users.gitea-actions = {
|
users.gitea-actions = {
|
||||||
|
|
Loading…
Reference in New Issue