qo.is/infrastructure
3
0
Fork 0
Code Issues 12 Pull requests 2 Projects 1 Activity Actions

Compare commits

base: qo.is:7aa11749e9c0c7e171ebd7fcda4fe8d9a020ec01
Branches Tags
qo.is:main
qo.is:54-deploy-vms-automatically
qo.is:renovate/lock-file-maintenance
qo.is:18-caral
..
compare: qo.is:ec980bd86e6e55b2e20cc9fa15ff646e9dc23b50
Branches Tags
qo.is:54-deploy-vms-automatically
qo.is:renovate/lock-file-maintenance
qo.is:main
qo.is:18-caral

2 commits
7aa11749e9 ... ec980bd86e

Author SHA1 Message Date
Fabian Hauser
ec980bd86e fixup! Use specific git forgejo CI
All checks were successful
CI / build (push) Successful in 13m56s
Details
2024-10-03 14:29:08 +03:00
Fabian Hauser
6bbd0f0157 Use specific git forgejo CI
Some checks failed
CI / build (push) Failing after 0s
Details
2024-10-03 14:18:31 +03:00
3 changed files with 27 additions and 9 deletions
Show stats Expand all files Collapse all files

3
.github/workflows/ci.yml vendored
View file

@ -8,7 +8,8 @@ env:
jobs:
build:
runs-on: nix
runs-on: docker
container: nixpkgs/nix-flakes:nixos-24.05
steps:
- name: Initialize CI
uses: https://git.qo.is/qo.is/actions-nix-init@main

10
defaults/base-minimal/default.nix
View file

@ -78,6 +78,16 @@
'';
};
system.autoUpgrade = {
enable = true;
randomizedDelaySec = "30m";
flags = [
"--update-input"
"nixpkgs-nixos-2211"
"--commit-lock-file"
];
};
# Network services
networking.firewall = {
allowPing = true;

23
nixos-modules/qois/git-ci-runner/default.nix
View file

@ -32,8 +32,7 @@ with lib;
sops.secrets."forgejo/runner-registration-token".restartUnits = [
"gitea-runner-${defaultInstanceName}.service"
] ++genAttrs (genList (n: "gitea-runner-nix${builtins.toString n}.service") cfg.nixInstances)
;
];
virtualisation.podman = {
enable = true;
@ -61,6 +60,7 @@ with lib;
capacity = 30;
};
cache.enable = true; # TODO: This should probably be a central cache server?
# the default network that also respects our dns server settings
container.network = "host";
};
};
@ -142,10 +142,17 @@ with lib;
storage.runroot = "/run/containers/storage";
};
#virtualisation.containers.containersConf.settings = {
# # podman seems to not work with systemd-resolved
# containers.dns_servers = [
# "8.8.8.8"
# "8.8.4.4"
# ];
#};
}
{
systemd.services =
genAttrs (genList (n: "gitea-runner-nix${builtins.toString n}") cfg.nixInstances)
genAttrs (builtins.genList (n: "gitea-runner-nix${builtins.toString n}") cfg.nixInstances)
(name: {
after = [
"gitea-runner-nix-image.service"
@ -232,16 +239,15 @@ with lib;
mkdir -p $out/bin
for dir in ${
toString [
pkgs.bash
pkgs.coreutils
pkgs.findutils
pkgs.gnugrep
pkgs.gawk
pkgs.git
pkgs.gnugrep
pkgs.jq
pkgs.nix
pkgs.bash
pkgs.jq
pkgs.nodejs
pkgs.openssh
]
}; do
for bin in "$dir"/bin/*; do
@ -254,7 +260,7 @@ with lib;
cp -a "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" $out/etc/ssl/certs/ca-bundle.crt
'';
in
genAttrs (genList (n: "nix${builtins.toString n}") cfg.nixInstances) (name: {
genAttrs (builtins.genList (n: "nix${builtins.toString n}") cfg.nixInstances) (name: {
enable = true;
name = "${config.networking.hostName}-${name}";
url = "https://${cfg.domain}";
@ -262,6 +268,7 @@ with lib;
labels = [ "nix:docker://gitea-runner-nix" ];
settings = {
container.options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt --device /dev/kvm -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nixuser --device=/dev/kvm";
# the default network that also respects our dns server settings
container.network = "host";
container.valid_volumes = [
"/nix"