From 307fabb7ec7f916f85e85f116ee68b571fe50c4b Mon Sep 17 00:00:00 2001 From: L-Nafaryus Date: Fri, 3 May 2024 23:10:55 +0500 Subject: [PATCH] catarina: add gitea action runner --- .secrets | 2 +- flake.lock | 79 +++++-------------- flake.nix | 15 ++-- nixosConfigurations/astora/default.nix | 12 ++- nixosConfigurations/catarina/default.nix | 19 ++++- .../catarina/services/gitea.nix | 20 ++++- 6 files changed, 71 insertions(+), 76 deletions(-) diff --git a/.secrets b/.secrets index f8ed740..d4c4f1f 160000 --- a/.secrets +++ b/.secrets @@ -1 +1 @@ -Subproject commit f8ed74005067a0f97e022dc5ddf7a1c392f4a0cb +Subproject commit d4c4f1fcd08c45e9056968b346184f5f80282fa2 diff --git a/flake.lock b/flake.lock index 77a3df2..6a38ade 100644 --- a/flake.lock +++ b/flake.lock @@ -38,7 +38,7 @@ "devenv": "devenv", "fenix": "fenix_2", "home-manager": "home-manager_2", - "nixgl": "nixgl_2", + "nixgl": "nixgl", "nixos-mailserver": "nixos-mailserver_2", "nixpkgs": "nixpkgs_3", "sops-nix": "sops-nix" @@ -100,11 +100,11 @@ ] }, "locked": { - "lastModified": 1713738183, - "narHash": "sha256-qd/MuLm7OfKQKyd4FAMqV4H6zYyOfef5lLzRrmXwKJM=", + "lastModified": 1713979152, + "narHash": "sha256-apdecPuh8SOQnkEET/kW/UcfjCRb8JbV5BKjoH+DcP4=", "owner": "ipetkov", "repo": "crane", - "rev": "f6c6a2fb1b8bd9b65d65ca9342dd0eb180a63f11", + "rev": "a5eca68a2cf11adb32787fc141cddd29ac8eb79c", "type": "github" }, "original": { @@ -204,11 +204,11 @@ "rust-analyzer-src": [] }, "locked": { - "lastModified": 1713853552, - "narHash": "sha256-OOXi+9cSbst7Crah6UVxHe33O6HK91WgD2yU/p5/dqs=", + "lastModified": 1714112748, + "narHash": "sha256-jq6Cpf/pQH85p+uTwPPrGG8Ky/zUOTwMJ7mcqc5M4So=", "owner": "nix-community", "repo": "fenix", - "rev": "d596927635ddd8db224bbff6e4ccb08e42649eb5", + "rev": "3ae4b908a795b6a3824d401a0702e11a7157d7e1", "type": "github" }, "original": { @@ -308,21 +308,6 @@ } }, "flake-utils": { - "locked": { - "lastModified": 1659877975, - "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_2": { "inputs": { "systems": "systems_2" }, @@ -340,7 +325,7 @@ "type": "github" } }, - "flake-utils_3": { + "flake-utils_2": { "inputs": { "systems": "systems_3" }, @@ -358,7 +343,7 @@ "type": "github" } }, - "flake-utils_4": { + "flake-utils_3": { "locked": { "lastModified": 1659877975, "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", @@ -404,11 +389,11 @@ ] }, "locked": { - "lastModified": 1713818326, - "narHash": "sha256-aw3xbVPJauLk/bbrlakIYxKpeuMWzA2feGrkIpIuXd8=", + "lastModified": 1714042918, + "narHash": "sha256-4AItZA3EQIiSNAxliuYEJumw/LaVfrMv84gYyrs0r3U=", "owner": "nix-community", "repo": "home-manager", - "rev": "67de98ae6eed5ad6f91b1142356d71a87ba97f21", + "rev": "0c5704eceefcb7bb238a958f532a86e3b59d76db", "type": "github" }, "original": { @@ -526,28 +511,7 @@ }, "nixgl": { "inputs": { - "flake-utils": "flake-utils", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1713543440, - "narHash": "sha256-lnzZQYG0+EXl/6NkGpyIz+FEOc/DSEG57AP1VsdeNrM=", - "owner": "guibou", - "repo": "nixGL", - "rev": "310f8e49a149e4c9ea52f1adf70cdc768ec53f8a", - "type": "github" - }, - "original": { - "owner": "guibou", - "repo": "nixGL", - "type": "github" - } - }, - "nixgl_2": { - "inputs": { - "flake-utils": "flake-utils_4", + "flake-utils": "flake-utils_3", "nixpkgs": [ "oscuro", "bonfire", @@ -618,11 +582,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1713714899, - "narHash": "sha256-+z/XjO3QJs5rLE5UOf015gdVauVRQd2vZtsFkaXBq2Y=", + "lastModified": 1714076141, + "narHash": "sha256-Drmja/f5MRHZCskS6mvzFqxEaZMeciScCTFxWVLqWEY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6143fc5eeb9c4f00163267708e26191d1e918932", + "rev": "7bb2ccd8cdc44c91edba16c48d2c8f331fb3d856", "type": "github" }, "original": { @@ -764,7 +728,7 @@ }, "poetry2nix": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils", "nix-github-actions": "nix-github-actions", "nixpkgs": [ "oscuro", @@ -797,7 +761,7 @@ "devenv", "flake-compat" ], - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_2", "gitignore": "gitignore", "nixpkgs": [ "oscuro", @@ -826,7 +790,6 @@ "crane": "crane", "fenix": "fenix", "home-manager": "home-manager", - "nixgl": "nixgl", "nixos-mailserver": "nixos-mailserver", "nixpkgs": "nixpkgs", "oscuro": "oscuro", @@ -864,11 +827,11 @@ "nixpkgs-stable": "nixpkgs-stable_3" }, "locked": { - "lastModified": 1713775152, - "narHash": "sha256-xyP8h9jLQ0AmyPy40sIwL7/D03oVpXG9YHoYJ4ecYWA=", + "lastModified": 1713892811, + "narHash": "sha256-uIGmA2xq41vVFETCF1WW4fFWFT2tqBln+aXnWrvjGRE=", "owner": "Mic92", "repo": "sops-nix", - "rev": "4371a1301c4d36cc791069d90ae522613a3a335e", + "rev": "f1b0adc27265274e3b0c9b872a8f476a098679bd", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index e28d2ec..1c17351 100644 --- a/flake.nix +++ b/flake.nix @@ -12,10 +12,6 @@ url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; - nixgl = { - url = "github:guibou/nixGL"; - inputs.nixpkgs.follows = "nixpkgs"; - }; nixos-mailserver = { url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; inputs.nixpkgs.follows = "nixpkgs"; @@ -35,16 +31,15 @@ }; oscuro = { url = "github:L-Nafaryus/oscuro"; - inputs.nixpkgs.follows = "nixpkgs"; }; }; - outputs = inputs @ { self, nixpkgs, home-manager, nixgl, nixos-mailserver, sops-nix, crane, fenix, oscuro, ... }: { + outputs = { self, nixpkgs, home-manager, nixos-mailserver, sops-nix, crane, fenix, oscuro, ... }: { lib = import ./lib {}; nixosConfigurations = { - astora = with nixpkgs; lib.nixosSystem { + astora = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ home-manager.nixosModules.home-manager @@ -52,10 +47,10 @@ ./nixosModules/bonfire.nix self.nixosModules.spoofdpi ]; - specialArgs = { inherit inputs self; }; + specialArgs = { inherit self; }; }; - catarina = with nixpkgs; lib.nixosSystem { + catarina = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ nixos-mailserver.nixosModules.mailserver @@ -67,7 +62,7 @@ self.nixosModules.papermc self.nixosModules.qbittorrent-nox ]; - specialArgs = { inherit inputs self; }; + specialArgs = { inherit self; }; }; }; diff --git a/nixosConfigurations/astora/default.nix b/nixosConfigurations/astora/default.nix index e29bc6e..ce0cf4e 100644 --- a/nixosConfigurations/astora/default.nix +++ b/nixosConfigurations/astora/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, inputs, ... }: +{ pkgs, lib, ... }: { system.stateVersion = "23.11"; @@ -31,7 +31,6 @@ (final: prev: { blender = prev.blender.override { cudaSupport = true; }; }) - inputs.nixgl.overlay ]; }; @@ -150,4 +149,13 @@ programs.steam.enable = true; systemd.extraConfig = "DefaultLimitNOFILE=1048576"; + + virtualisation = { + containers.enable = true; + podman = { + enable = true; + dockerCompat = true; + defaultNetwork.settings.dns_enabled = true; + }; + }; } diff --git a/nixosConfigurations/catarina/default.nix b/nixosConfigurations/catarina/default.nix index 2a11032..c7648df 100644 --- a/nixosConfigurations/catarina/default.nix +++ b/nixosConfigurations/catarina/default.nix @@ -1,9 +1,11 @@ -{ config, pkgs, lib, inputs, self, ... }: -{ +{ config, pkgs, lib, self, ... }: +let bonfire-pkgs = self.packages.${pkgs.system}; +in { system.stateVersion = "23.11"; imports = [ - ./hardware.nix ./users.nix + ./hardware.nix + ./users.nix ./services/papermc.nix ./services/gitea.nix ]; @@ -33,7 +35,7 @@ config.allowUnfree = true; config.cudaSupport = false; config.packageOverrides = super: { - lego = self.packages.${pkgs.system}.lego; + lego = bonfire-pkgs.lego; }; }; @@ -192,6 +194,15 @@ discordTokenFile = config.sops.secrets.discordToken.path; }; + virtualisation = { + containers.enable = true; + podman = { + enable = true; + dockerCompat = true; + defaultNetwork.settings.dns_enabled = true; + }; + }; + # Packages environment.systemPackages = with pkgs; [ wget diff --git a/nixosConfigurations/catarina/services/gitea.nix b/nixosConfigurations/catarina/services/gitea.nix index 7189014..05fb6de 100644 --- a/nixosConfigurations/catarina/services/gitea.nix +++ b/nixosConfigurations/catarina/services/gitea.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, ... }: { services.postgresql = { enable = true; @@ -86,4 +86,22 @@ useACMEHost = "elnafo.ru"; locations."/".proxyPass = "http://127.0.0.1:3001"; }; + + services.gitea-actions-runner = { + instances = { + master = { + enable = true; + name = "master"; + url = config.services.gitea.settings.server.ROOT_URL; + tokenFile = config.sops.secrets."gitea-runner/master-token".path; + labels = [ + "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest" + "nix-minimal:docker://vcs.elnafo.ru/l-nafaryus/nix-minimal:latest" + "nix-runner:docker://vcs.elnafo.ru/l-nafaryus/nix-runner:latest" + ]; + settings.container.network = "host"; + }; + }; + }; + }