diff --git a/ops/nixos/lib/forgejo-runner-cacher.nix b/ops/nixos/lib/forgejo-runner-cacher.nix new file mode 100644 index 0000000000..fd43778bd4 --- /dev/null +++ b/ops/nixos/lib/forgejo-runner-cacher.nix @@ -0,0 +1,54 @@ +# SPDX-FileCopyrightText: 2020 Luke Granger-Brown +# +# SPDX-License-Identifier: Apache-2.0 + +{ depot, lib, pkgs, utils, config, ... }: + +let + cfg = config.my.forgejo-runner; +in { + options.my.forgejo-runner = { + enable = lib.mkEnableOption "forgejo runner"; + + enablePodman = lib.mkEnableOption "forgejo runner with Podman labels"; + + selfHostedLabels = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = []; + }; + }; + + config = lib.mkMerge [ + (lib.mkIf cfg.enable { + my.vault.secrets.forgejo-runner-environment = { + restartUnits = ["gitea-runner-${utils.escapeSystemdPath config.services.gitea-actions-runner.instances.depot.name}.service"]; + group = "root"; + template = '' + {{ with secret "kv/apps/forgejo-runner" }} + TOKEN={{ .Data.data.TOKEN }} + {{ end }} + ''; + }; + services.gitea-actions-runner = { + package = pkgs.forgejo-runner; + instances.depot = { + enable = true; + name = config.networking.hostName; + url = "https://git.lukegb.com"; + tokenFile = config.my.vault.secrets.forgejo-runner-environment.path; + labels = map (label: "${label}:host://-self-hosted") cfg.selfHostedLabels; + }; + }; + + nix.gc.automatic = false; + }) (lib.mkIf (cfg.enable && cfg.enablePodman) { + services.gitea-actions-runner.instances.depot.labels = lib.mkAfter [ + "debian-latest:docker://node:22-bookworm" + "lix:docker://git.lix.systems/lix-project/lix:${pkgs.lix.version}" + ]; + virtualisation.podman = { + enable = true; + dockerSocket.enable = true; + }; + })]; +} diff --git a/ops/nixos/lib/gitlab-runner-cacher.nix b/ops/nixos/lib/gitlab-runner-cacher.nix deleted file mode 100644 index ceffdabd0e..0000000000 --- a/ops/nixos/lib/gitlab-runner-cacher.nix +++ /dev/null @@ -1,42 +0,0 @@ -# SPDX-FileCopyrightText: 2020 Luke Granger-Brown -# -# SPDX-License-Identifier: Apache-2.0 - -{ depot, lib, pkgs, config, ... }: -{ - my.vault.secrets.gitlab-runner-environment = { - restartUnits = ["gitlab-runner.service"]; - group = "root"; - template = '' - {{ with secret "kv/apps/gitlab-runner" }} - {{ .Data.data.environment }} - {{ end }} - ''; - }; - services.gitlab-runner = { - enable = true; - settings.concurrent = 1; - services = { - deployer = { - registrationConfigFile = config.my.vault.secrets.gitlab-runner-environment.path; - executor = "shell"; - tagList = [ "cacher" ]; - }; - }; - gracefulTermination = true; - gracefulTimeout = "4min"; - package = depot.nix.pkgs.heptapod-runner; - extraPackages = with pkgs; [ - git - depot.nix.pkgs.heptapod-runner-mercurial - ]; - }; - users.users.gitlab-runner = { - isNormalUser = true; - group = "nogroup"; - createHome = true; - home = "/srv/gitlab-runner"; - }; - - nix.gc.automatic = false; -} diff --git a/ops/nixos/rexxar/default.nix b/ops/nixos/rexxar/default.nix index 10ad6e7acf..6d10dbad94 100644 --- a/ops/nixos/rexxar/default.nix +++ b/ops/nixos/rexxar/default.nix @@ -8,7 +8,7 @@ ../lib/zfs.nix ./bgp.nix ../lib/bgp.nix - ../lib/gitlab-runner-cacher.nix + ../lib/forgejo-runner-cacher.nix #../lib/nixbuild-distributed.nix # error: build of '/nix/store/3r7456yr8r9g4fl7w6xbgqlbsdjwfvr4-stdlib-pkgs.json.drv' on 'ssh://eu.nixbuild.net' failed: unexpected: Built outputs are invalid ../lib/hackyplayer.nix ../lib/emfminiserv.nix @@ -299,6 +299,12 @@ }; my.ip.tailscale = "100.97.110.48"; my.ip.tailscale6 = "fd7a:115c:a1e0::3a01:6e30"; + + my.forgejo-runner = { + enable = true; + enablePodman = false; # NAT is hard. + selfHostedLabels = [ "cacher" ]; + }; #my.coredns.bind = [ "bond0" "tailscale0" "127.0.0.1" "::1" ]; services.openssh.hostKeys = [ diff --git a/ops/vault/cfg/config.nix b/ops/vault/cfg/config.nix index 1445a695ae..68db2bd5ae 100644 --- a/ops/vault/cfg/config.nix +++ b/ops/vault/cfg/config.nix @@ -66,7 +66,7 @@ } ''; my.apps.authentik = {}; - my.apps.gitlab-runner = {}; + my.apps.forgejo-runner = {}; my.apps.plex-pass = {}; my.apps.ads-b = {}; my.apps.nixbuild = {}; @@ -78,19 +78,18 @@ my.apps.bsky-pds = {}; my.servers.etheroute-lon01.apps = [ "pomerium" ]; - my.servers.bvm-forgejo.apps = [ "pomerium" ]; + my.servers.bvm-forgejo.apps = [ "pomerium" "forgejo-runner" ]; my.servers.howl.apps = [ "nixbuild" ]; my.servers.porcorosso.apps = [ "quotesdb" "nixbuild" ]; my.servers.nausicaa.apps = [ "quotesdb" "nixbuild" "hacky-vouchproxy" "hackyplayer" "emfminiserv" ]; my.servers.totoro.apps = [ "sslrenew-raritan" "deluge" "quotesdb" "authentik" "ads-b" "nixbuild" "tumblrandom" ]; my.servers.clouvider-fra01.apps = [ "deluge" ]; - my.servers.clouvider-lon01.apps = [ "quotesdb" "gitlab-runner" "nixbuild" ]; - my.servers.cofractal-ams01.apps = [ "deluge" "gitlab-runner" "nixbuild" ]; + my.servers.clouvider-lon01.apps = [ "quotesdb" "nixbuild" ]; + my.servers.cofractal-ams01.apps = [ "deluge" "nixbuild" ]; my.servers.bvm-twitterchiver.apps = [ "twitterchiver" ]; my.servers.bvm-matrix.apps = [ "turn" "matrix-synapse" ]; my.servers.bvm-prosody.apps = [ "turn" ]; - my.servers.bvm-heptapod.apps = [ "gitlab-runner" ]; my.servers.bvm-nixosmgmt.apps = [ "plex-pass" ]; my.servers.bvm-netbox.apps = [ "netbox" ]; - my.servers.rexxar.apps = [ "deluge" "gitlab-runner" "nixbuild" "hacky-vouchproxy" "hackyplayer" "emfminiserv" "fup" "bsky-pds" ]; + my.servers.rexxar.apps = [ "deluge" "forgejo-runner" "nixbuild" "hacky-vouchproxy" "hackyplayer" "emfminiserv" "fup" "bsky-pds" ]; }