diff --git a/flake.lock b/flake.lock index 0c22c0c..0b4f2dd 100644 --- a/flake.lock +++ b/flake.lock @@ -120,11 +120,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1711460390, - "narHash": "sha256-akSgjDZL6pVHEfSE6sz1DNSXuYX6hq+P/1Z5IoYWs7E=", + "lastModified": 1711668574, + "narHash": "sha256-u1dfs0ASQIEr1icTVrsKwg2xToIpn7ZXxW3RHfHxshg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "44733514b72e732bd49f5511bd0203dea9b9a434", + "rev": "219951b495fc2eac67b1456824cc1ec1fd2ee659", "type": "github" }, "original": { @@ -165,11 +165,11 @@ }, "secrets": { "locked": { - "lastModified": 1711743434, - "narHash": "sha256-fqeuUwSNBeWL4pSDsqIehH6Mgl3J8ZmEGPhmdD1gufo=", + "lastModified": 1711747594, + "narHash": "sha256-k8Ew/EDpcLJKs285SqEldFbiKSf9rsHz/g0btv8zFM8=", "ref": "refs/heads/master", - "rev": "c79b0434590226446576f6b19d474cb9e41dc6b2", - "revCount": 6, + "rev": "110dae44d26b6d973922b804213446d1c0165486", + "revCount": 7, "type": "git", "url": "ssh://git@git.caspervk.net/caspervk/nixos-secrets.git" }, diff --git a/hosts/sigma/default.nix b/hosts/sigma/default.nix index 355c9e1..1c002ce 100644 --- a/hosts/sigma/default.nix +++ b/hosts/sigma/default.nix @@ -5,6 +5,7 @@ ../../modules/server ./hardware.nix #./borg.nix + ./gitea.nix ./network.nix ]; diff --git a/hosts/sigma/gitea.nix b/hosts/sigma/gitea.nix new file mode 100644 index 0000000..720a3ad --- /dev/null +++ b/hosts/sigma/gitea.nix @@ -0,0 +1,40 @@ +{ + config, + pkgs, + secrets, + ... +}: { + # https://forgejo.org/docs/latest/admin/actions/ + services.gitea-actions-runner = { + package = pkgs.forgejo-actions-runner; + instances."default" = { + enable = true; + name = "default"; + url = "https://git.caspervk.net"; + # From https://git.caspervk.net/admin/actions/runners/ + tokenFile = config.age.secrets.gitea-actions-runner-token-file.path; + # The Forgejo runner relies on application containers (Docker, Podman, + # etc) to execute a workflow in an isolated environment. Labels are used + # to map jobs' `runs-on` to their runtime environment. Many common + # actions require bash, git and nodejs, as well as a filesystem that + # follows the filesystem hierarchy standard. + labels = [ + "debian-latest:docker://node:20-bullseye" + ]; + # https://forgejo.org/docs/latest/admin/actions/#configuration + settings = { + runner = { + # Default fetch interval is 2s -- no need to spam the server + fetch_interval = "5m"; + }; + }; + }; + }; + + age.secrets.gitea-actions-runner-token-file = { + file = "${secrets}/secrets/gitea-actions-runner-token-file.age"; + mode = "400"; + owner = "root"; + group = "root"; + }; +} diff --git a/overlays/default.nix b/overlays/default.nix index d854dcc..8fcb7cf 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -1,3 +1,3 @@ {...}: { - imports = []; + imports = [./forgejo-actions-runner.nix]; } diff --git a/overlays/forgejo-actions-runner.nix b/overlays/forgejo-actions-runner.nix new file mode 100644 index 0000000..4812939 --- /dev/null +++ b/overlays/forgejo-actions-runner.nix @@ -0,0 +1,24 @@ +{...}: { + # Running containers without /bin/sleep (such as nixos) requires newer + # forgejo act runner. See https://codeberg.org/forgejo/forgejo/issues/2611. + nixpkgs.overlays = [ + (final: prev: { + forgejo-actions-runner = prev.callPackage "${prev.path}/pkgs/development/tools/continuous-integration/forgejo-actions-runner" { + buildGoModule = args: + prev.buildGoModule (args + // rec { + version = "3.4.1"; + + src = prev.fetchFromGitea { + domain = "codeberg.org"; + owner = "forgejo"; + repo = "runner"; + rev = "v${version}"; + hash = "sha256-c8heIHt+EJ6LnZT4/6TTWd7v85VRHjH72bdje12un4M="; + }; + vendorHash = "sha256-FCCQZdAYRtJR3DGQIEvUzv+1kqvxVTGkwJwZSohq28s="; + }); + }; + }) + ]; +}