cpu-fix #24
12
flake.lock
12
flake.lock
|
@ -82,16 +82,16 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1689638193,
|
"lastModified": 1689838306,
|
||||||
"narHash": "sha256-7SCl/TEswRCtVSFD9p2SXKH4iWbXDmly2O1oYsxidDc=",
|
"narHash": "sha256-rKQERGxsbP+Mkkwgepmy/a3KgYYdbFR7vTgEZ6GMoIA=",
|
||||||
"owner": "DavHau",
|
"owner": "Mic92",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "2ab9f837047affd23ebf27b0175aff34d6b9e7e3",
|
"rev": "4bfb50dc6d66a86e61c6b38f567f7770d54db53e",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "DavHau",
|
"owner": "Mic92",
|
||||||
"ref": "gitea",
|
"ref": "daemon",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,7 +8,7 @@
|
||||||
|
|
||||||
inputs = {
|
inputs = {
|
||||||
# https://github.com/NixOS/nixpkgs/pull/243252
|
# https://github.com/NixOS/nixpkgs/pull/243252
|
||||||
nixpkgs.url = "github:DavHau/nixpkgs/gitea";
|
nixpkgs.url = "github:Mic92/nixpkgs/daemon";
|
||||||
flake-parts.url = "github:hercules-ci/flake-parts";
|
flake-parts.url = "github:hercules-ci/flake-parts";
|
||||||
flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
|
flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
|
||||||
treefmt-nix.url = "github:numtide/treefmt-nix";
|
treefmt-nix.url = "github:numtide/treefmt-nix";
|
||||||
|
@ -43,8 +43,9 @@
|
||||||
inputs.treefmt-nix.flakeModule
|
inputs.treefmt-nix.flakeModule
|
||||||
./targets/flake-module.nix
|
./targets/flake-module.nix
|
||||||
./modules/flake-module.nix
|
./modules/flake-module.nix
|
||||||
|
./pkgs/flake-module.nix
|
||||||
];
|
];
|
||||||
perSystem = { config, pkgs, inputs', ... }: {
|
perSystem = { pkgs, inputs', ... }: {
|
||||||
treefmt = {
|
treefmt = {
|
||||||
projectRootFile = "flake.nix";
|
projectRootFile = "flake.nix";
|
||||||
programs.terraform.enable = true;
|
programs.terraform.enable = true;
|
||||||
|
@ -70,9 +71,6 @@
|
||||||
]))
|
]))
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
inherit (pkgs.callPackage ./pkgs/renovate { }) renovate;
|
|
||||||
} // lib.optionalAttrs (!pkgs.stdenv.isDarwin) {
|
|
||||||
gitea = pkgs.callPackage ./pkgs/gitea { };
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
|
|
|
@ -1,6 +1,19 @@
|
||||||
{ config, self, pkgs, lib, ... }:
|
{ config, self, pkgs, lib, ... }:
|
||||||
|
let
|
||||||
|
inherit (self.packages.${pkgs.hostPlatform.system}) actions-runner;
|
||||||
|
in
|
||||||
{
|
{
|
||||||
|
systemd.services.gitea-runner-nix-image = {
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
script = ''
|
||||||
|
${lib.getExe pkgs.podman} load --input=${actions-runner}
|
||||||
|
'';
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
RemainAfterExit = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
systemd.services.gitea-runner-nix-token = {
|
systemd.services.gitea-runner-nix-token = {
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
after = [ "gitea.service" ];
|
after = [ "gitea.service" ];
|
||||||
|
@ -11,21 +24,30 @@
|
||||||
script = ''
|
script = ''
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
token=$(${lib.getExe self.packages.${pkgs.hostPlatform.system}.gitea} actions generate-runner-token)
|
token=$(${lib.getExe self.packages.${pkgs.hostPlatform.system}.gitea} actions generate-runner-token)
|
||||||
echo "TOKEN=$token" > /var/lib/gitea-actions-runner/token
|
echo "TOKEN=$token" > /var/lib/gitea-runner/token
|
||||||
'';
|
'';
|
||||||
unitConfig.ConditionPathExists = [ "!/var/lib/gitea-actions-runner/token" ];
|
unitConfig.ConditionPathExists = [ "!/var/lib/gitea-runner/token" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
User = "gitea";
|
User = "gitea";
|
||||||
Group = "gitea";
|
Group = "gitea";
|
||||||
StateDirectory = "gitea-actions-runner";
|
StateDirectory = "gitea-runner";
|
||||||
Type = "oneshot";
|
Type = "oneshot";
|
||||||
RemainAfterExit = true;
|
RemainAfterExit = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# Format of the token file:
|
||||||
|
virtualisation.podman.enable = true;
|
||||||
|
|
||||||
systemd.services.gitea-runner-nix = {
|
systemd.services.gitea-runner-nix = {
|
||||||
after = [ "gitea-runner-nix-token.service" ];
|
after = [
|
||||||
requires = [ "gitea-runner-nix-token.service" ];
|
"gitea-runner-nix-token.service"
|
||||||
|
"gitea-runner-nix-image.service"
|
||||||
|
];
|
||||||
|
requires = [
|
||||||
|
"gitea-runner-nix-token.service"
|
||||||
|
"gitea-runner-nix-image.service"
|
||||||
|
];
|
||||||
|
|
||||||
# TODO: systemd confinment
|
# TODO: systemd confinment
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
|
@ -109,8 +131,8 @@
|
||||||
# otherwise you need to set it manually
|
# otherwise you need to set it manually
|
||||||
url = config.services.gitea.settings.server.ROOT_URL;
|
url = config.services.gitea.settings.server.ROOT_URL;
|
||||||
# use your favourite nix secret manager to get a path for this
|
# use your favourite nix secret manager to get a path for this
|
||||||
tokenFile = "/var/lib/gitea-actions-runner/token";
|
tokenFile = "/var/lib/gitea-runner/token";
|
||||||
labels = [ "nix:host" ];
|
labels = [ "nix:docker://${actions-runner.imageName}" ];
|
||||||
hostPackages = with pkgs; [
|
hostPackages = with pkgs; [
|
||||||
bash
|
bash
|
||||||
coreutils
|
coreutils
|
||||||
|
|
43
pkgs/actions-runner.nix
Normal file
43
pkgs/actions-runner.nix
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
{ pkgs, inputs }:
|
||||||
|
let
|
||||||
|
# FIXME get rid of nix input?
|
||||||
|
base = import (inputs.nix + "/docker.nix") {
|
||||||
|
inherit pkgs;
|
||||||
|
name = "nix-ci-base";
|
||||||
|
maxLayers = 10;
|
||||||
|
extraPkgs = with pkgs; [
|
||||||
|
nodejs_20 # nodejs is needed for running most 3rdparty actions
|
||||||
|
# add any other pre-installed packages here
|
||||||
|
];
|
||||||
|
# do we want this at all?
|
||||||
|
channelURL = "https://nixos.org/channels/nixpkgs-unstable";
|
||||||
|
nixConf = {
|
||||||
|
substituters = [
|
||||||
|
"https://cache.nixos.org/"
|
||||||
|
"https://nix-community.cachix.org"
|
||||||
|
# insert any other binary caches here
|
||||||
|
];
|
||||||
|
trusted-public-keys = [
|
||||||
|
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
|
||||||
|
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||||
|
# insert the public keys for those binary caches here
|
||||||
|
];
|
||||||
|
# allow using the new flake commands in our workflows
|
||||||
|
experimental-features = [ "nix-command" "flakes" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
in
|
||||||
|
pkgs.dockerTools.buildImage {
|
||||||
|
name = "nix-runner";
|
||||||
|
tag = "latest";
|
||||||
|
|
||||||
|
fromImage = base;
|
||||||
|
fromImageName = null;
|
||||||
|
fromImageTag = "latest";
|
||||||
|
|
||||||
|
copyToRoot = pkgs.buildEnv {
|
||||||
|
name = "image-root";
|
||||||
|
paths = [ pkgs.coreutils-full ];
|
||||||
|
pathsToLink = [ "/bin" ]; # add coreutuls (which includes sleep) to /bin
|
||||||
|
};
|
||||||
|
}
|
12
pkgs/flake-module.nix
Normal file
12
pkgs/flake-module.nix
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
{ lib, inputs, ... }: {
|
||||||
|
perSystem = { pkgs, inputs', ... }: {
|
||||||
|
packages = {
|
||||||
|
inherit (pkgs.callPackage ./renovate { }) renovate;
|
||||||
|
} // lib.optionalAttrs (!pkgs.stdenv.isDarwin) {
|
||||||
|
gitea = pkgs.callPackage ./gitea { };
|
||||||
|
actions-runner = pkgs.callPackage ./actions-runner.nix {
|
||||||
|
inherit inputs;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user