diff --git a/config/arachnide/configuration.nix b/config/arachnide/configuration.nix index e5e008b..8af596f 100644 --- a/config/arachnide/configuration.nix +++ b/config/arachnide/configuration.nix @@ -11,6 +11,7 @@ /var/src/modules/nginx.nix /var/src/modules/nixin-web.nix /var/src/modules/forgejo.nix + /var/src/modules/forgejo-runner.nix ]; # Bootloader. @@ -59,6 +60,14 @@ in lib.strings.trim pwd; }; + nixin.forge-runner = { + token-file = "/etc/forgejo/runner.token"; + #token = let + # pwd = builtins.readFile ; + #in lib.strings.trim pwd; + url = "https://forge.lab12.fr"; + }; + # Enable ip forwarding to route packets for the local network connected to enp3s0 boot.kernel.sysctl = { diff --git a/krops.nix b/krops.nix index 49a7806..514e467 100644 --- a/krops.nix +++ b/krops.nix @@ -38,9 +38,35 @@ let target = "root@192.168.36.6"; }; + register-runner = pkgs.krops.writeCommand "register-forgejo-runner" { + source = source "arachnide"; + target = lib.mkTarget "douzeb@192.168.36.9" // { + port = "144"; + sudo = true; + }; + command = targetPath: '' + forgejo forgejo-cli actions register --name local-runner --secret $(head -n 1 /var/src/secrets/forgejo-runner-secret) + ''; + }; + + gen-runner-token = pkgs.krops.writeCommand "generate-forgejo-runner-token" { + source = source "arachnide"; + target = lib.mkTarget "douzeb@192.168.36.9" // { + port = "144"; + sudo = true; + }; + command = targetPath: '' + mkdir -p /etc/forgejo + echo "TOKEN=$(forgejo forgejo-cli actions generate-runner-token)" > /etc/forgejo/runner.token + cat /etc/forgejo/runner.token + ''; + }; + in { arachnide = arachnide; dromadaire = dromadaire; all = pkgs.writeScript "deploy-all-servers" (lib.concatStringsSep "\n" [ arachnide dromadaire ]); + register-runner = register-runner; + gen-runner-token = gen-runner-token; } diff --git a/modules/forgejo-runner.nix b/modules/forgejo-runner.nix new file mode 100644 index 0000000..42ebf4b --- /dev/null +++ b/modules/forgejo-runner.nix @@ -0,0 +1,53 @@ +# Forgejo +{ config, pkgs, lib, ... }: + +let + inherit (lib) mkOption mkDefault; +in +{ + options = { + nixin.forge-runner = { + token-file = mkOption { type = lib.types.str; }; + #token = mkOption { type = lib.types.str; }; + url = mkOption { type = lib.types.str; }; + }; + }; + + config = { + virtualisation.containers.enable = true; + virtualisation.podman = { + enable = true; + + # Create a `docker` alias for podman, to use it as a drop-in replacement + #dockerCompat = true; + + # Required for containers under podman-compose to be able to talk to each other. + defaultNetwork.settings.dns_enabled = true; + }; + + services.gitea-actions-runner = { + package = pkgs.forgejo-runner; + instances.default = { + enable = true; + name = "local-runner"; + url = "${config.nixin.forge-runner.url}"; + tokenFile = "${config.nixin.forge-runner.token-file}"; + #token = "${config.nixin.forge-runner.token}"; + labels = [ + # provide a debian base with nodejs for actions + "debian-latest:docker://node:20-bookworm" + # fake the ubuntu name, because node provides no ubuntu builds + "ubuntu-latest:docker://node:20-bookworm" + # nixos + "nixos:docker://nixos/nix:latest" + # provide native execution on the host + #"native:host" + ]; + }; + }; + + # Open ports in the firewall. + networking.firewall.allowedUDPPorts = [ 53 ]; + + }; +}