qo.is/infrastructure
3
0
Fork 0
Code Issues 10 Pull requests 1 Projects Activity Actions

Compare commits

base: qo.is:ec980bd86e6e55b2e20cc9fa15ff646e9dc23b50
Branches Tags
qo.is:main
qo.is:renovate/lock-file-maintenance
qo.is:update-deploy-flags
qo.is:18-caral
..
compare: qo.is:7aa11749e9c0c7e171ebd7fcda4fe8d9a020ec01
Branches Tags
qo.is:renovate/lock-file-maintenance
qo.is:update-deploy-flags
qo.is:main
qo.is:18-caral

3 commits
ec980bd86e ... 7aa11749e9

Author SHA1 Message Date
Fabian Hauser
7aa11749e9 Run CI on nix
Some checks failed
CI / build (push) Failing after 1m34s
Details
2024-10-03 14:45:34 +03:00
Fabian Hauser
7b7dba5f47 Remove defunct nixos auto upgrade 2024-10-03 14:42:56 +03:00
Fabian Hauser
e83c74ac1d Use specific git forgejo CI 2024-10-03 14:42:56 +03:00
3 changed files with 9 additions and 27 deletions
Show stats Expand all files Collapse all files

3
.github/workflows/ci.yml vendored
View file

@ -8,8 +8,7 @@ env:
jobs:
build:
runs-on: docker
container: nixpkgs/nix-flakes:nixos-24.05
runs-on: nix
steps:
- name: Initialize CI
uses: https://git.qo.is/qo.is/actions-nix-init@main

10
defaults/base-minimal/default.nix
View file

@ -78,16 +78,6 @@
'';
};
system.autoUpgrade = {
enable = true;
randomizedDelaySec = "30m";
flags = [
"--update-input"
"nixpkgs-nixos-2211"
"--commit-lock-file"
];
};
# Network services
networking.firewall = {
allowPing = true;

23
nixos-modules/qois/git-ci-runner/default.nix
View file

@ -32,7 +32,8 @@ with lib;
sops.secrets."forgejo/runner-registration-token".restartUnits = [
"gitea-runner-${defaultInstanceName}.service"
];
] ++genAttrs (genList (n: "gitea-runner-nix${builtins.toString n}.service") cfg.nixInstances)
;
virtualisation.podman = {
enable = true;
@ -60,7 +61,6 @@ with lib;
capacity = 30;
};
cache.enable = true; # TODO: This should probably be a central cache server?
# the default network that also respects our dns server settings
container.network = "host";
};
};
@ -142,17 +142,10 @@ with lib;
storage.runroot = "/run/containers/storage";
};
#virtualisation.containers.containersConf.settings = {
# # podman seems to not work with systemd-resolved
# containers.dns_servers = [
# "8.8.8.8"
# "8.8.4.4"
# ];
#};
}
{
systemd.services =
genAttrs (builtins.genList (n: "gitea-runner-nix${builtins.toString n}") cfg.nixInstances)
genAttrs (genList (n: "gitea-runner-nix${builtins.toString n}") cfg.nixInstances)
(name: {
after = [
"gitea-runner-nix-image.service"
@ -239,15 +232,16 @@ with lib;
mkdir -p $out/bin
for dir in ${
toString [
pkgs.bash
pkgs.coreutils
pkgs.findutils
pkgs.gnugrep
pkgs.gawk
pkgs.git
pkgs.nix
pkgs.bash
pkgs.gnugrep
pkgs.jq
pkgs.nix
pkgs.nodejs
pkgs.openssh
]
}; do
for bin in "$dir"/bin/*; do
@ -260,7 +254,7 @@ with lib;
cp -a "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" $out/etc/ssl/certs/ca-bundle.crt
'';
in
genAttrs (builtins.genList (n: "nix${builtins.toString n}") cfg.nixInstances) (name: {
genAttrs (genList (n: "nix${builtins.toString n}") cfg.nixInstances) (name: {
enable = true;
name = "${config.networking.hostName}-${name}";
url = "https://${cfg.domain}";
@ -268,7 +262,6 @@ with lib;
labels = [ "nix:docker://gitea-runner-nix" ];
settings = {
container.options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt --device /dev/kvm -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nixuser --device=/dev/kvm";
# the default network that also respects our dns server settings
container.network = "host";
container.valid_volumes = [
"/nix"