switch to native nix gitea action #3
40
flake.lock
40
flake.lock
|
@ -7,11 +7,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1688486545,
|
"lastModified": 1689239870,
|
||||||
"narHash": "sha256-rtFPwSOpqmf1PZgx7w0vgjOI/RI8b1AHdVZN1WQqilA=",
|
"narHash": "sha256-G19sYUrNeIOa8I+WXQ6dKS9Tvuavz8AyzyXNwTqLE94=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "disko",
|
"repo": "disko",
|
||||||
"rev": "15c4d57b41b6b57024aec015e5d30a4ed4713034",
|
"rev": "68eb09b1833301d729ae6e89583173b6ceaade1c",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -50,11 +50,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1688566943,
|
"lastModified": 1689077593,
|
||||||
"narHash": "sha256-J0RL5Tg97jQ6JisbalhkcloBMDI4Oo007ToIlLvCrXY=",
|
"narHash": "sha256-3qOgpWNhXy4P83b2NHbRX2SLpqEx/vDAM0Myb0iT2+w=",
|
||||||
"ref": "refs/heads/main",
|
"ref": "refs/heads/main",
|
||||||
"rev": "ffe31cffbdcc22fbf92bde02beda9b17aebe6a82",
|
"rev": "b1573761fd03b6d6ae2170211953e08a2f430b8c",
|
||||||
"revCount": 13,
|
"revCount": 14,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://git.clan.lol/clan/clan-homepage"
|
"url": "https://git.clan.lol/clan/clan-homepage"
|
||||||
},
|
},
|
||||||
|
@ -105,16 +105,16 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1688491638,
|
"lastModified": 1689247091,
|
||||||
"narHash": "sha256-xdBCaDDRKe7jWkXSCv+nMKIShMpr6uREhGmGJJWRxng=",
|
"narHash": "sha256-sg6yVZGU4yQ8vx/u/jeR7etUIQZhcc4Ss6PHNHAFZjU=",
|
||||||
"owner": "Mic92",
|
"owner": "Mic92",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "6f404ed21403960e252d1f9fffbb3db43301e30b",
|
"rev": "dc54601ce60a6e7b427d124550d43067ee605b53",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "Mic92",
|
"owner": "Mic92",
|
||||||
"ref": "cloud-init",
|
"ref": "daemon",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
|
@ -139,11 +139,11 @@
|
||||||
"nixpkgs-stable": []
|
"nixpkgs-stable": []
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1688268466,
|
"lastModified": 1689149796,
|
||||||
"narHash": "sha256-fArazqgYyEFiNcqa136zVYXihuqzRHNOOeVICayU2Yg=",
|
"narHash": "sha256-3FCUdayBHcxk6BZOxEIfa5UxbXNQzTc/VlN7ociI2Dw=",
|
||||||
"owner": "Mic92",
|
"owner": "Mic92",
|
||||||
"repo": "sops-nix",
|
"repo": "sops-nix",
|
||||||
"rev": "5ed3c22c1fa0515e037e36956a67fe7e32c92957",
|
"rev": "88b964df6981e4844c07be8c192aa6bdca768a10",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -159,11 +159,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1688384426,
|
"lastModified": 1689211908,
|
||||||
"narHash": "sha256-iUhJ2JYCyzioI/G0mqgDoSH3U0fcFhm6ShmMcB0dYyY=",
|
"narHash": "sha256-vkWZPUOA8L8X6s3OuVxHi+8NqVbeO3fkGkTJg2WtmdQ=",
|
||||||
"owner": "numtide",
|
"owner": "numtide",
|
||||||
"repo": "srvos",
|
"repo": "srvos",
|
||||||
"rev": "c9fa5cf4b6014807655bf8356b3cddc86f741b7a",
|
"rev": "e8ae8c0ac816b6388199a475bd6188943e47f5b9",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -179,11 +179,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1688026376,
|
"lastModified": 1689243103,
|
||||||
"narHash": "sha256-qJmkr9BWDpqblk4E9/rCsAEl39y2n4Ycw6KRopvpUcY=",
|
"narHash": "sha256-IfBt2AD8qCwZs+m6BlOGEitBIkVJ0iMscMueb6QYUk4=",
|
||||||
"owner": "numtide",
|
"owner": "numtide",
|
||||||
"repo": "treefmt-nix",
|
"repo": "treefmt-nix",
|
||||||
"rev": "df3f32b0cc253dfc7009b7317e8f0e7ccd70b1cf",
|
"rev": "f1dca68b908f3dd656b923b9fb62f7d755133662",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
@ -7,8 +7,8 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
inputs = {
|
inputs = {
|
||||||
# https://github.com/NixOS/nixpkgs/pull/241526
|
# https://github.com/NixOS/nixpkgs/pull/243252
|
||||||
nixpkgs.url = "github:Mic92/nixpkgs/cloud-init";
|
nixpkgs.url = "github:Mic92/nixpkgs/daemon";
|
||||||
flake-parts.url = "github:hercules-ci/flake-parts";
|
flake-parts.url = "github:hercules-ci/flake-parts";
|
||||||
flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
|
flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
|
||||||
treefmt-nix.url = "github:numtide/treefmt-nix";
|
treefmt-nix.url = "github:numtide/treefmt-nix";
|
||||||
|
@ -71,9 +71,6 @@
|
||||||
};
|
};
|
||||||
} // lib.optionalAttrs (!pkgs.stdenv.isDarwin) {
|
} // lib.optionalAttrs (!pkgs.stdenv.isDarwin) {
|
||||||
gitea = pkgs.callPackage ./pkgs/gitea { };
|
gitea = pkgs.callPackage ./pkgs/gitea { };
|
||||||
actions-runner = pkgs.callPackage ./pkgs/actions-runner.nix {
|
|
||||||
inherit inputs;
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
|
|
|
@ -1,20 +1,7 @@
|
||||||
{ config, self, pkgs, lib, ... }:
|
{ config, self, pkgs, lib, ... }:
|
||||||
|
|
||||||
let
|
|
||||||
inherit (self.packages.${pkgs.hostPlatform.system}) actions-runner;
|
|
||||||
in
|
|
||||||
{
|
{
|
||||||
systemd.services.gitea-actions-runner-nix-image = {
|
systemd.services.gitea-runner-nix-token = {
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
script = ''
|
|
||||||
${lib.getExe pkgs.podman} load --input=${actions-runner}
|
|
||||||
'';
|
|
||||||
serviceConfig = {
|
|
||||||
Type = "oneshot";
|
|
||||||
RemainAfterExit = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
systemd.services.gitea-actions-runner-nix-token = {
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
after = [ "gitea.service" ];
|
after = [ "gitea.service" ];
|
||||||
environment = {
|
environment = {
|
||||||
|
@ -26,28 +13,31 @@ in
|
||||||
token=$(${lib.getExe self.packages.${pkgs.hostPlatform.system}.gitea} actions generate-runner-token)
|
token=$(${lib.getExe self.packages.${pkgs.hostPlatform.system}.gitea} actions generate-runner-token)
|
||||||
echo "TOKEN=$token" > /var/lib/gitea-actions-runner/token
|
echo "TOKEN=$token" > /var/lib/gitea-actions-runner/token
|
||||||
'';
|
'';
|
||||||
|
unitConfig.ConditionPathExists = [ "!/var/lib/gitea-actions-runner/token" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
User = "gitea";
|
User = "gitea";
|
||||||
Group = "gitea";
|
Group = "gitea";
|
||||||
StateDirectory = "gitea-actions-runner";
|
StateDirectory = "gitea-actions-runner";
|
||||||
ConditionPathExists = [ "!/var/lib/gitea-actions-runner/token" ];
|
|
||||||
Type = "oneshot";
|
Type = "oneshot";
|
||||||
RemainAfterExit = true;
|
RemainAfterExit = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# Format of the token file:
|
|
||||||
virtualisation.podman.enable = true;
|
|
||||||
|
|
||||||
systemd.services.gitea-runner-nix = {
|
systemd.services.gitea-runner-nix = {
|
||||||
after = [
|
after = [ "gitea-runner-nix-token.service" ];
|
||||||
"gitea-actions-runner-nix-token.service"
|
requires = [ "gitea-runner-nix-token.service" ];
|
||||||
"gitea-actions-runner-nix-image.service"
|
# TODO: systemd confinment
|
||||||
];
|
#serviceConfig = {
|
||||||
requires = [
|
# Environment = [
|
||||||
"gitea-actions-runner-nix-token.service"
|
# "NIX_REMOTE=daemon"
|
||||||
"gitea-actions-runner-nix-image.service"
|
# "PAGER=cat"
|
||||||
];
|
# ];
|
||||||
|
# BindPaths = [
|
||||||
|
# "/nix/var/nix/daemon-socket/socket"
|
||||||
|
# "/run/nscd/socket"
|
||||||
|
# "/var/lib/drone"
|
||||||
|
# ];
|
||||||
|
#};
|
||||||
};
|
};
|
||||||
|
|
||||||
services.gitea-actions-runner.instances.nix = {
|
services.gitea-actions-runner.instances.nix = {
|
||||||
|
@ -59,8 +49,27 @@ in
|
||||||
url = config.services.gitea.settings.server.ROOT_URL;
|
url = config.services.gitea.settings.server.ROOT_URL;
|
||||||
# use your favourite nix secret manager to get a path for this
|
# use your favourite nix secret manager to get a path for this
|
||||||
tokenFile = "/var/lib/gitea-actions-runner/token";
|
tokenFile = "/var/lib/gitea-actions-runner/token";
|
||||||
labels = [
|
labels = [ "nix:host" ];
|
||||||
"nix:docker://${actions-runner.imageName}"
|
hostPackages = with pkgs; [
|
||||||
|
bash
|
||||||
|
coreutils
|
||||||
|
curl
|
||||||
|
gawk
|
||||||
|
gitMinimal
|
||||||
|
gnused
|
||||||
|
jq
|
||||||
|
nixUnstable
|
||||||
|
nodejs
|
||||||
|
wget
|
||||||
|
gnutar
|
||||||
|
bash
|
||||||
|
config.nix.package
|
||||||
|
gzip
|
||||||
];
|
];
|
||||||
|
settings = {
|
||||||
|
runner.envs = {
|
||||||
|
HOME = "/var/lib/gitea-runner/nix";
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,43 +0,0 @@
|
||||||
{ pkgs, inputs }:
|
|
||||||
let
|
|
||||||
# FIXME get rid of nix input?
|
|
||||||
base = import (inputs.nix + "/docker.nix") {
|
|
||||||
inherit pkgs;
|
|
||||||
name = "nix-ci-base";
|
|
||||||
maxLayers = 10;
|
|
||||||
extraPkgs = with pkgs; [
|
|
||||||
nodejs_20 # nodejs is needed for running most 3rdparty actions
|
|
||||||
# add any other pre-installed packages here
|
|
||||||
];
|
|
||||||
# do we want this at all?
|
|
||||||
channelURL = "https://nixos.org/channels/nixpkgs-unstable";
|
|
||||||
nixConf = {
|
|
||||||
substituters = [
|
|
||||||
"https://cache.nixos.org/"
|
|
||||||
"https://nix-community.cachix.org"
|
|
||||||
# insert any other binary caches here
|
|
||||||
];
|
|
||||||
trusted-public-keys = [
|
|
||||||
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
|
|
||||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
|
||||||
# insert the public keys for those binary caches here
|
|
||||||
];
|
|
||||||
# allow using the new flake commands in our workflows
|
|
||||||
experimental-features = [ "nix-command" "flakes" ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
in
|
|
||||||
pkgs.dockerTools.buildImage {
|
|
||||||
name = "nix-runner";
|
|
||||||
tag = "latest";
|
|
||||||
|
|
||||||
fromImage = base;
|
|
||||||
fromImageName = null;
|
|
||||||
fromImageTag = "latest";
|
|
||||||
|
|
||||||
copyToRoot = pkgs.buildEnv {
|
|
||||||
name = "image-root";
|
|
||||||
paths = [ pkgs.coreutils-full ];
|
|
||||||
pathsToLink = [ "/bin" ]; # add coreutuls (which includes sleep) to /bin
|
|
||||||
};
|
|
||||||
}
|
|
File diff suppressed because one or more lines are too long
Loading…
Reference in New Issue
Block a user