clan/clan-infra
10
0
Fork 1
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

scale up gitea runner
All checks were successful
checks / test (pull_request) Successful in 35s
Details
build / test (pull_request) Successful in 38s
Details

Browse Source
This commit is contained in:
Jörg Thalheim 2023-10-04 20:44:40 +02:00
parent 14dc340e8d
commit 84c9caf7f6
1 changed files with 143 additions and 139 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
modules/web01/gitea/actions-runner.nix
View File

@ -12,8 +12,9 @@ let
mkdir -p $out/etc/ssl/certs mkdir -p $out/etc/ssl/certs
cp -a "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" $out/etc/ssl/certs/ca-bundle.crt cp -a "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" $out/etc/ssl/certs/ca-bundle.crt
''; '';
numInstances = 10;
in in
{ lib.mkMerge [{
# everything here has no dependencies on the store # everything here has no dependencies on the store
systemd.services.gitea-runner-nix-image = { systemd.services.gitea-runner-nix-image = {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
@ -71,8 +72,9 @@ in
isSystemUser = true; isSystemUser = true;
}; };
users.groups.nixuser = { }; users.groups.nixuser = { };
}
systemd.services.gitea-runner-nix-token = { {
systemd.services = lib.genAttrs (builtins.genList (n: "gitea-runner-nix${builtins.toString n}-token") numInstances) (name: {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "gitea.service" ]; after = [ "gitea.service" ];
environment = { environment = {
@ -82,9 +84,9 @@ in
script = '' script = ''
set -euo pipefail set -euo pipefail
token=$(${lib.getExe self.packages.${pkgs.hostPlatform.system}.gitea} actions generate-runner-token) token=$(${lib.getExe self.packages.${pkgs.hostPlatform.system}.gitea} actions generate-runner-token)
echo "TOKEN=$token" > /var/lib/gitea-registration/token echo "TOKEN=$token" > /var/lib/gitea-registration/${name}
''; '';
unitConfig.ConditionPathExists = [ "!/var/lib/gitea-registration/token" ]; unitConfig.ConditionPathExists = [ "!/var/lib/gitea-registration/${name}" ];
serviceConfig = { serviceConfig = {
User = "gitea"; User = "gitea";
Group = "gitea"; Group = "gitea";
@ -92,13 +94,14 @@ in
Type = "oneshot"; Type = "oneshot";
RemainAfterExit = true; RemainAfterExit = true;
}; };
}; });
# Format of the token file: # Format of the token file:
virtualisation = { virtualisation = {
podman.enable = true; podman.enable = true;
podman.extraPackages = [ pkgs.zfs ]; podman.extraPackages = [ pkgs.zfs ];
}; };
virtualisation.containers.storage.settings = { virtualisation.containers.storage.settings = {
storage.driver = "zfs"; storage.driver = "zfs";
storage.graphroot = "/var/lib/containers/storage"; storage.graphroot = "/var/lib/containers/storage";
@ -110,14 +113,15 @@ in
# podman seems to not work with systemd-resolved # podman seems to not work with systemd-resolved
containers.dns_servers = [ "8.8.8.8" "8.8.4.4" ]; containers.dns_servers = [ "8.8.8.8" "8.8.4.4" ];
}; };
}
systemd.services.gitea-runner-nix = { {
systemd.services = lib.genAttrs (builtins.genList (n: "gitea-runner-nix${builtins.toString n}") numInstances) (name: {
after = [ after = [
"gitea-runner-nix-token.service" "${name}-token.service"
"gitea-runner-nix-image.service" "gitea-runner-nix-image.service"
]; ];
requires = [ requires = [
"gitea-runner-nix-token.service" "${name}-token.service"
"gitea-runner-nix-image.service" "gitea-runner-nix-image.service"
]; ];
@ -186,9 +190,9 @@ in
# want to consult the systemd docs if using both. # want to consult the systemd docs if using both.
DynamicUser = true; DynamicUser = true;
}; };
}; });
services.gitea-actions-runner.instances.nix = { services.gitea-actions-runner.instances = lib.genAttrs (builtins.genList (n: "nix${builtins.toString n}") numInstances) (name: {
enable = true; enable = true;
name = "nix-runner"; name = "nix-runner";
# take the git root url from the gitea config # take the git root url from the gitea config
@ -196,7 +200,7 @@ in
# otherwise you need to set it manually # otherwise you need to set it manually
url = config.services.gitea.settings.server.ROOT_URL; url = config.services.gitea.settings.server.ROOT_URL;
# use your favourite nix secret manager to get a path for this # use your favourite nix secret manager to get a path for this
tokenFile = "/var/lib/gitea-registration/token"; tokenFile = "/var/lib/gitea-registration/gitea-runner-${name}-token";
labels = [ "nix:docker://gitea-runner-nix" ]; labels = [ "nix:docker://gitea-runner-nix" ];
settings = { settings = {
container.options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt --device /dev/kvm -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nixuser --device=/dev/kvm"; container.options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt --device /dev/kvm -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nixuser --device=/dev/kvm";
@ -208,5 +212,5 @@ in
"${storeDeps}/etc/ssl" "${storeDeps}/etc/ssl"
]; ];
}; };
}; });
} }]