Kabbone/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

hosts: server: get runner up and running

Browse Source
This commit is contained in:
Kabbone
2024-01-20 17:09:55 +01:00
parent fc026c4157
commit 1ff3ab8af9
9 changed files with 191 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
modules/services/server/default.nix
View File

@@ -13,6 +13,7 @@
[
./postgresql.nix
./gitea.nix
./microvm.nix
./nextcloud.nix
./matrix.nix
./coturn.nix

29
modules/services/server/gitea_runner.nix
View File

@@ -1,31 +1,36 @@
{ lib, config, pkgs, ... }:
let
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; # Nix Packages
in
{
imports = [ <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix> ];
virtualisation = {
podman ={
enable = true;
autoPrune.enable = true;
};
memorySize = 4096;
diskSize = 10240;
};
services.gitea-actions-runner.instances = {
nixrunner-test = {
serverrunner = {
enable = true;
url = "https://git.kabtop.de";
name = "nix_runner_test";
#tokenFile = "./gitea_token";
token = "vlUBkX5IbJKTBO3HAGqFM1fEOw2UqXpX87LcdJRY";
name = "Server runner";
tokenFile = config.age.secrets."services/gitea/serverrunner-token".path;
labels = [
"debian-latest:docker://node:18-bullseye"
"native:host"
];
hostPackages = with pkgs; [
bash
curl
gitMinimal
coreutils
wget
gnused
];
};
};
users.users.root.initialPassword = "babablup";
system.stateVersion = "23.11";
age.secrets."services/gitea/serverrunner-token" = {
file = ../../../secrets/services/gitea/serverrunner-token.age;
owner = "gitea-runner";
};
}

122
modules/services/server/microvm.nix Normal file
View File

@@ -0,0 +1,122 @@
{ config, microvm, nixpkgs, user, agenix, impermanence, ... }:
let
name = "gitea-runner";
in
{
microvm = {
autostart = [
name
];
vms = {
${name} = {
pkgs = import nixpkgs {
system = "x86_64-linux";
config.allowUnfree = true;
};
config = {
imports =
[ agenix.nixosModules.default ] ++
[ impermanence.nixosModules.impermanence ] ++
[( ./gitea_runner.nix )];
networking = {
hostName = "${name}";
firewall = {
enable = true;
allowedUDPPorts = [ ];
allowedTCPPorts = [ ];
};
};
systemd.network = {
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "*";
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
};
};
};
users.users.${user} = { # System User
isNormalUser = true;
extraGroups = [ "wheel" ];
uid = 2000;
openssh.authorizedKeys.keys = [
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo= kabbone@kabc"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIgo4IP8ISUohyAMiDc3zEe6ESUE3un7eN5FhVtxZHmcAAAABHNzaDo= kabbone@kabc"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKVDApb3vZ+i97V4xLJh8rUF6z5OVYfORlXYbLhdQO15AAAABHNzaDo= kabbone@hades.home.opel-online.de"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB0q++epdX7feQxvmC2m/CJEoJbkqtAJy6Ml6WKHxryZAAAABHNzaDo= kabbone@hades.home.opel-online.de"
];
};
services = {
openssh = {
enable = true;
settings.PasswordAuthentication = false;
hostKeys = [
{
path = "/persist/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
{
path = "/persist/etc/ssh/ssh_host_rsa_key";
type = "rsa";
bits = 4096;
}];
};
};
fileSystems."/persist".neededForBoot = nixpkgs.lib.mkForce true;
environment.persistence."/persist" = {
directories = [
"/var/lib/nixos"
"/var/log"
];
files = [
"/etc/machine-id"
];
};
microvm = {
hypervisor = "cloud-hypervisor";
vcpu = 4;
mem = 4096;
interfaces = [
{
type = "macvtap";
id = "vm-${name}";
mac = "04:00:00:00:00:01";
macvtap = {
link = "enp6s18";
mode = "bridge";
};
} ];
shares = [{
source = "/nix/store";
mountPoint = "/nix/.ro-store";
tag = "ro-store";
proto = "virtiofs";
}
{
source = "/etc/vm-persist/${name}";
mountPoint = "/persist";
tag = "persist";
proto = "virtiofs";
}];
#writableStoreOverlay = "/nix/.rw-store";
#storeOnDisk = true;
};
system.stateVersion = "23.05";
};
};
};
};
}