Use official nixos module for gitea actions runner

2023-10-15 17:57:16 -06:00 · 2023-10-15 17:57:16 -06:00 · 0446d18712
commit 0446d18712
parent d2bbbb827e
8 changed files with 43 additions and 58 deletions
--- a/common/server/default.nix
+++ b/common/server/default.nix
@ -10,7 +10,6 @@
    ./matrix.nix
    ./zerobin.nix
    ./gitea.nix
-    ./gitea-runner.nix
    ./privatebin/privatebin.nix
    ./radio.nix
    ./samba.nix
--- a/common/server/gitea-runner.nix
+++ b/common/server/gitea-runner.nix
@ -1,52 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-let
-  cfg = config.services.gitea-runner;
-in
-{
-  options.services.gitea-runner = {
-    enable = lib.mkEnableOption "Enables gitea runner";
-    dataDir = lib.mkOption {
-      default = "/var/lib/gitea-runner";
-      type = lib.types.str;
-      description = lib.mdDoc "gitea runner data directory.";
-    };
-  };
-
-  config = lib.mkIf cfg.enable {
-    virtualisation.docker.enable = true;
-
-    users.users.gitea-runner = {
-      description = "Gitea Runner Service";
-      home = cfg.dataDir;
-      useDefaultShell = true;
-      group = "gitea-runner";
-      isSystemUser = true;
-      createHome = true;
-      extraGroups = [
-        "docker" # allow creating docker containers
-      ];
-    };
-    users.groups.gitea-runner = { };
-
-    systemd.services.gitea-runner = {
-      description = "Gitea Runner";
-
-      serviceConfig = {
-        WorkingDirectory = cfg.dataDir;
-        User = "gitea-runner";
-        Group = "gitea-runner";
-      };
-
-      requires = [ "network-online.target" ];
-      after = [ "network.target" "network-online.target" ];
-      wantedBy = [ "multi-user.target" ];
-
-      path = with pkgs; [ gitea-actions-runner ];
-
-      script = ''
-        exec act_runner daemon
-      '';
-    };
-  };
-}
--- a/machines/phil/default.nix
+++ b/machines/phil/default.nix
@ -6,5 +6,17 @@
  ];

  networking.hostName = "phil";
-  services.gitea-runner.enable = true;
+
+  services.gitea-actions-runner.instances.inst = {
+    enable = true;
+    name = config.networking.hostName;
+    url = "https://git.neet.dev/";
+    tokenFile = "/run/agenix/gitea-actions-runner-token";
+    labels = [
+      "debian-latest:docker://catthehacker/ubuntu:act-latest"
+      "ubuntu-latest:docker://catthehacker/ubuntu:act-latest"
+    ];
+  };
+  virtualisation.docker.enable = true;
+  age.secrets.gitea-actions-runner-token.file = ../../secrets/gitea-actions-runner-token.age;
 }
--- a/machines/phil/properties.nix
+++ b/machines/phil/properties.nix
@ -8,8 +8,8 @@

  systemRoles = [
    "server"
-    "gitea-runner"
    "nix-builder"
+    "gitea-actions-runner"
  ];

  hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBlgRPpuUkZqe8/lHugRPm/m2vcN9psYhh5tENHZt9I2";
--- a/machines/storage/s0/default.nix
+++ b/machines/storage/s0/default.nix
@ -9,9 +9,20 @@

  # system.autoUpgrade.enable = true;

-  # gitea runner and allow it to build ARM derivations
-  services.gitea-runner.enable = true;
-  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
+  # gitea runner and allow it to build ARM derivationsFV
+  services.gitea-actions-runner.instances.inst = {
+    enable = true;
+    name = config.networking.hostName;
+    url = "https://git.neet.dev/";
+    tokenFile = "/run/agenix/gitea-actions-runner-token";
+    labels = [
+      "debian-latest:docker://catthehacker/ubuntu:act-latest"
+      "ubuntu-latest:docker://catthehacker/ubuntu:act-latest"
+    ];
+  };
+  virtualisation.podman.enable = true;
+  age.secrets.gitea-actions-runner-token.file = ../../../secrets/gitea-actions-runner-token.age;
+  boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; # todo: still needed?
  nix.gc.automatic = lib.mkForce false; # allow the nix store to serve as a build cache

  # binary cache
--- a/machines/storage/s0/properties.nix
+++ b/machines/storage/s0/properties.nix
@ -10,6 +10,7 @@
    "server"
    "pia"
    "binary-cache"
+    "gitea-actions-runner"
  ];

  hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAwiXcUFtAvZCayhu4+AIcF+Ktrdgv9ee/mXSIhJbp4q";
--- a/secrets/gitea-actions-runner-token.age
+++ b/secrets/gitea-actions-runner-token.age
@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> ssh-ed25519 WBT1Hw ucC+p6pRevUWJIVqG5DfXSO4W0PjR2lUW7tY924FVHA
+te6rrH/nsn/Pn4mySjQ0mv2M3ZTCOwbglCcnH2ZiUJQ
+-> ssh-ed25519 hPp1nw 1nmzowG+nzD8ixyqTU+duUxV3g4yWo7RqKJ+dDlf0g8
+ln3CyhUYuZ71EdyqIPBdeRP98dun4cs9uZnxAGadDG0
+-> ssh-ed25519 dMQYog pHRtIaJr39QqD7xqX2ovUf8QfUPwDl58TmqHa1xhSDQ
+dr8tYQ3oFrQehq2326jimOCRDX6Zrsq/epQbVA8+UPw
+-> I)m(V&-grease i5{
+lYnHQc5cQahDoah2rPlIlGOLc49nTDp+aHPB
+--- AdMW2y8Z9XmbxzmvSAP9NKqgj2JGgkimXJqcXIFPdtI
+]°m]pmòžY.Ø½¢âÞzÀhÑ<68>Sß!fI~Åpô³ˆ]¦KÅ‹Còü\KHgÎí_ÇÌ»§6ÌÑðÜ–Üj”)ü«@á‹[¿
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -43,4 +43,7 @@ with roles;
  # backups
  "backblaze-s3-backups.age".publicKeys = personal ++ server;
  "restic-password.age".publicKeys = personal ++ server;
+
+  # gitea actions runner
+  "gitea-actions-runner-token.age".publicKeys = gitea-actions-runner;
 }