hosts: server: get runner up and running
This commit is contained in:
@@ -13,7 +13,7 @@
|
||||
enable = true;
|
||||
url = "https://git.kabtop.de";
|
||||
name = "Homerunner";
|
||||
tokenFile = config.age.secrets."services/gitea/runner-token".path;
|
||||
tokenFile = config.age.secrets."services/gitea/homerunner-token".path;
|
||||
labels = [
|
||||
"debian-latest:docker://node:18-bullseye"
|
||||
"native:host"
|
||||
@@ -25,13 +25,12 @@
|
||||
coreutils
|
||||
wget
|
||||
gnused
|
||||
# agenix.packages.x86_64-linux.default
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
age.secrets."services/gitea/runner-token" = {
|
||||
file = ../../../secrets/services/gitea/runner-token.age;
|
||||
age.secrets."services/gitea/homerunner-token" = {
|
||||
file = ../../../secrets/services/gitea/homerunner-token.age;
|
||||
owner = "gitea-runner";
|
||||
};
|
||||
}
|
||||
|
||||
@@ -114,7 +114,8 @@ in
|
||||
#writableStoreOverlay = "/nix/.rw-store";
|
||||
#storeOnDisk = true;
|
||||
};
|
||||
system.stateVersion = "23.05";
|
||||
|
||||
system.stateVersion = "23.05";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
@@ -13,6 +13,7 @@
|
||||
[
|
||||
./postgresql.nix
|
||||
./gitea.nix
|
||||
./microvm.nix
|
||||
./nextcloud.nix
|
||||
./matrix.nix
|
||||
./coturn.nix
|
||||
|
||||
@@ -1,31 +1,36 @@
|
||||
{ lib, config, pkgs, ... }:
|
||||
|
||||
let
|
||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; # Nix Packages
|
||||
in
|
||||
{
|
||||
imports = [ <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix> ];
|
||||
virtualisation = {
|
||||
podman ={
|
||||
enable = true;
|
||||
autoPrune.enable = true;
|
||||
};
|
||||
memorySize = 4096;
|
||||
diskSize = 10240;
|
||||
};
|
||||
|
||||
services.gitea-actions-runner.instances = {
|
||||
nixrunner-test = {
|
||||
serverrunner = {
|
||||
enable = true;
|
||||
url = "https://git.kabtop.de";
|
||||
name = "nix_runner_test";
|
||||
#tokenFile = "./gitea_token";
|
||||
token = "vlUBkX5IbJKTBO3HAGqFM1fEOw2UqXpX87LcdJRY";
|
||||
name = "Server runner";
|
||||
tokenFile = config.age.secrets."services/gitea/serverrunner-token".path;
|
||||
labels = [
|
||||
"debian-latest:docker://node:18-bullseye"
|
||||
"native:host"
|
||||
];
|
||||
hostPackages = with pkgs; [
|
||||
bash
|
||||
curl
|
||||
gitMinimal
|
||||
coreutils
|
||||
wget
|
||||
gnused
|
||||
];
|
||||
};
|
||||
};
|
||||
users.users.root.initialPassword = "babablup";
|
||||
system.stateVersion = "23.11";
|
||||
|
||||
age.secrets."services/gitea/serverrunner-token" = {
|
||||
file = ../../../secrets/services/gitea/serverrunner-token.age;
|
||||
owner = "gitea-runner";
|
||||
};
|
||||
}
|
||||
|
||||
122
modules/services/server/microvm.nix
Normal file
122
modules/services/server/microvm.nix
Normal file
@@ -0,0 +1,122 @@
|
||||
{ config, microvm, nixpkgs, user, agenix, impermanence, ... }:
|
||||
let
|
||||
name = "gitea-runner";
|
||||
in
|
||||
{
|
||||
microvm = {
|
||||
autostart = [
|
||||
name
|
||||
];
|
||||
vms = {
|
||||
${name} = {
|
||||
|
||||
pkgs = import nixpkgs {
|
||||
system = "x86_64-linux";
|
||||
config.allowUnfree = true;
|
||||
};
|
||||
|
||||
config = {
|
||||
imports =
|
||||
[ agenix.nixosModules.default ] ++
|
||||
[ impermanence.nixosModules.impermanence ] ++
|
||||
[( ./gitea_runner.nix )];
|
||||
|
||||
networking = {
|
||||
hostName = "${name}";
|
||||
|
||||
firewall = {
|
||||
enable = true;
|
||||
allowedUDPPorts = [ ];
|
||||
allowedTCPPorts = [ ];
|
||||
};
|
||||
};
|
||||
systemd.network = {
|
||||
enable = true;
|
||||
networks = {
|
||||
"10-lan" = {
|
||||
matchConfig.Name = "*";
|
||||
networkConfig = {
|
||||
DHCP = "yes";
|
||||
IPv6AcceptRA = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
users.users.${user} = { # System User
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "wheel" ];
|
||||
uid = 2000;
|
||||
openssh.authorizedKeys.keys = [
|
||||
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo= kabbone@kabc"
|
||||
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIgo4IP8ISUohyAMiDc3zEe6ESUE3un7eN5FhVtxZHmcAAAABHNzaDo= kabbone@kabc"
|
||||
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKVDApb3vZ+i97V4xLJh8rUF6z5OVYfORlXYbLhdQO15AAAABHNzaDo= kabbone@hades.home.opel-online.de"
|
||||
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB0q++epdX7feQxvmC2m/CJEoJbkqtAJy6Ml6WKHxryZAAAABHNzaDo= kabbone@hades.home.opel-online.de"
|
||||
];
|
||||
};
|
||||
services = {
|
||||
openssh = {
|
||||
enable = true;
|
||||
settings.PasswordAuthentication = false;
|
||||
hostKeys = [
|
||||
{
|
||||
path = "/persist/etc/ssh/ssh_host_ed25519_key";
|
||||
type = "ed25519";
|
||||
}
|
||||
{
|
||||
path = "/persist/etc/ssh/ssh_host_rsa_key";
|
||||
type = "rsa";
|
||||
bits = 4096;
|
||||
}];
|
||||
};
|
||||
};
|
||||
|
||||
fileSystems."/persist".neededForBoot = nixpkgs.lib.mkForce true;
|
||||
|
||||
environment.persistence."/persist" = {
|
||||
directories = [
|
||||
"/var/lib/nixos"
|
||||
"/var/log"
|
||||
];
|
||||
|
||||
files = [
|
||||
"/etc/machine-id"
|
||||
];
|
||||
};
|
||||
|
||||
microvm = {
|
||||
hypervisor = "cloud-hypervisor";
|
||||
vcpu = 4;
|
||||
mem = 4096;
|
||||
interfaces = [
|
||||
{
|
||||
type = "macvtap";
|
||||
id = "vm-${name}";
|
||||
mac = "04:00:00:00:00:01";
|
||||
macvtap = {
|
||||
link = "enp6s18";
|
||||
mode = "bridge";
|
||||
};
|
||||
} ];
|
||||
shares = [{
|
||||
source = "/nix/store";
|
||||
mountPoint = "/nix/.ro-store";
|
||||
tag = "ro-store";
|
||||
proto = "virtiofs";
|
||||
}
|
||||
{
|
||||
source = "/etc/vm-persist/${name}";
|
||||
mountPoint = "/persist";
|
||||
tag = "persist";
|
||||
proto = "virtiofs";
|
||||
}];
|
||||
#writableStoreOverlay = "/nix/.rw-store";
|
||||
#storeOnDisk = true;
|
||||
};
|
||||
|
||||
system.stateVersion = "23.05";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
Reference in New Issue
Block a user