ci: switch to new docker container for nix
Some checks failed
build / test (push) Failing after 14m47s
Some checks failed
build / test (push) Failing after 14m47s
This commit is contained in:
parent
696ab8ec20
commit
493d12400f
|
@ -1,18 +1,15 @@
|
||||||
{ config, self, pkgs, lib, ... }:
|
{ config, self, pkgs, lib, ... }:
|
||||||
let
|
|
||||||
inherit (self.packages.${pkgs.hostPlatform.system}) actions-runner;
|
|
||||||
in
|
|
||||||
{
|
{
|
||||||
systemd.services.gitea-runner-nix-image = {
|
#systemd.services.gitea-runner-nix-image = {
|
||||||
wantedBy = [ "multi-user.target" ];
|
# wantedBy = [ "multi-user.target" ];
|
||||||
script = ''
|
# script = ''
|
||||||
${lib.getExe pkgs.podman} load --input=${actions-runner}
|
# ${lib.getExe pkgs.podman} load --input=${actions-runner}
|
||||||
'';
|
# '';
|
||||||
serviceConfig = {
|
# serviceConfig = {
|
||||||
Type = "oneshot";
|
# Type = "oneshot";
|
||||||
RemainAfterExit = true;
|
# RemainAfterExit = true;
|
||||||
};
|
# };
|
||||||
};
|
#};
|
||||||
|
|
||||||
systemd.services.gitea-runner-nix-token = {
|
systemd.services.gitea-runner-nix-token = {
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
@ -24,13 +21,13 @@ in
|
||||||
script = ''
|
script = ''
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
token=$(${lib.getExe self.packages.${pkgs.hostPlatform.system}.gitea} actions generate-runner-token)
|
token=$(${lib.getExe self.packages.${pkgs.hostPlatform.system}.gitea} actions generate-runner-token)
|
||||||
echo "TOKEN=$token" > /var/lib/gitea-runner/token
|
echo "TOKEN=$token" > /var/lib/gitea-registration/token
|
||||||
'';
|
'';
|
||||||
unitConfig.ConditionPathExists = [ "!/var/lib/gitea-runner/token" ];
|
unitConfig.ConditionPathExists = [ "!/var/lib/gitea-registration/token" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
User = "gitea";
|
User = "gitea";
|
||||||
Group = "gitea";
|
Group = "gitea";
|
||||||
StateDirectory = "gitea-runner";
|
StateDirectory = "gitea-registration";
|
||||||
Type = "oneshot";
|
Type = "oneshot";
|
||||||
RemainAfterExit = true;
|
RemainAfterExit = true;
|
||||||
};
|
};
|
||||||
|
@ -42,11 +39,9 @@ in
|
||||||
systemd.services.gitea-runner-nix = {
|
systemd.services.gitea-runner-nix = {
|
||||||
after = [
|
after = [
|
||||||
"gitea-runner-nix-token.service"
|
"gitea-runner-nix-token.service"
|
||||||
"gitea-runner-nix-image.service"
|
|
||||||
];
|
];
|
||||||
requires = [
|
requires = [
|
||||||
"gitea-runner-nix-token.service"
|
"gitea-runner-nix-token.service"
|
||||||
"gitea-runner-nix-image.service"
|
|
||||||
];
|
];
|
||||||
|
|
||||||
# TODO: systemd confinment
|
# TODO: systemd confinment
|
||||||
|
@ -123,7 +118,12 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services.gitea-actions-runner.instances.nix = {
|
services.gitea-actions-runner.instances.nix = let
|
||||||
|
extraBins = pkgs.runCommand "extra-bins" {} ''
|
||||||
|
mkdir -p $out
|
||||||
|
ln -s ${pkgs.nodejs}/bin/node $out/node
|
||||||
|
'';
|
||||||
|
in {
|
||||||
enable = true;
|
enable = true;
|
||||||
name = "nix-runner";
|
name = "nix-runner";
|
||||||
# take the git root url from the gitea config
|
# take the git root url from the gitea config
|
||||||
|
@ -131,31 +131,10 @@ in
|
||||||
# otherwise you need to set it manually
|
# otherwise you need to set it manually
|
||||||
url = config.services.gitea.settings.server.ROOT_URL;
|
url = config.services.gitea.settings.server.ROOT_URL;
|
||||||
# use your favourite nix secret manager to get a path for this
|
# use your favourite nix secret manager to get a path for this
|
||||||
tokenFile = "/var/lib/gitea-runner/token";
|
tokenFile = "/var/lib/gitea-registration/token";
|
||||||
labels = [ "nix:docker://${actions-runner.imageName}" ];
|
labels = [ "nix:docker://mic92/nix-unstable-static" ];
|
||||||
hostPackages = with pkgs; [
|
|
||||||
bash
|
|
||||||
coreutils
|
|
||||||
curl
|
|
||||||
gawk
|
|
||||||
gitMinimal
|
|
||||||
gnused
|
|
||||||
jq
|
|
||||||
nixUnstable
|
|
||||||
nodejs
|
|
||||||
wget
|
|
||||||
gnutar
|
|
||||||
bash
|
|
||||||
config.nix.package
|
|
||||||
gzip
|
|
||||||
];
|
|
||||||
settings = {
|
settings = {
|
||||||
runner.envs = {
|
container.options = "-v /nix:/nix -v ${extraBins}:/host/bin --user nix";
|
||||||
HOME = "/var/lib/gitea-runner/nix";
|
|
||||||
# unset the token so it doesn't leak into the runner
|
|
||||||
TOKEN = "";
|
|
||||||
PAGER = "cat";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user