From 42899d79db00dc0bb69efa0309810fd507ef7061 Mon Sep 17 00:00:00 2001 From: 4o1x5 <4o1x5@4o1x5.dev> Date: Wed, 12 Jun 2024 18:09:08 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=92=BB=20runners:=20now=20pink=20is=20a?= =?UTF-8?q?=20runner=20for=20forgejo=20too?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- flake.nix | 2 ++ hosts/pink/root.nix | 3 ++- hosts/pink/services/actions-runner.nix | 23 +++++++++++++++++++++++ secrets/actions-runner.age | 7 +++++++ secrets/pink.nix | 4 ++++ secrets/secrets.nix | 8 ++++++-- 6 files changed, 44 insertions(+), 3 deletions(-) create mode 100644 hosts/pink/services/actions-runner.nix create mode 100644 secrets/actions-runner.age create mode 100644 secrets/pink.nix diff --git a/flake.nix b/flake.nix index 67f1294..a3311fc 100644 --- a/flake.nix +++ b/flake.nix @@ -43,8 +43,10 @@ inherit system; modules = [ ./hosts/pink/root.nix + ./secrets/pink.nix ./root.nix i2pd-exporter.nixosModules.default + agenix.nixosModules.default home-manager.nixosModules.home-manager { home-manager.useGlobalPkgs = true; diff --git a/hosts/pink/root.nix b/hosts/pink/root.nix index b4ea665..715724e 100644 --- a/hosts/pink/root.nix +++ b/hosts/pink/root.nix @@ -9,6 +9,7 @@ ./services/dns.nix ./services/endlessh.nix ./services/i2pd.nix + ./services/actions-runner.nix #./services/hydra.nix @@ -25,7 +26,7 @@ boot.loader.efi.canTouchEfiVariables = true; networking.hostName = "pink"; - networking.domain = "stuff.local"; + networking.domain = "4o1x5.dev"; users.users.pink = { isNormalUser = true; diff --git a/hosts/pink/services/actions-runner.nix b/hosts/pink/services/actions-runner.nix new file mode 100644 index 0000000..fdcad0b --- /dev/null +++ b/hosts/pink/services/actions-runner.nix @@ -0,0 +1,23 @@ +{ pkgs, config, ... }: +{ + + services.gitea-actions-runner.instances = { + root = { + enable = true; + url = "https://git.4o1x5.dev"; + tokenFile = config.age.secrets.actions-runner.path; + settings = { + container = { + # TODO fix: networking + # instead of using host, create a subnet that cannot contact other server on my network to avoid being haxxed + network = "host"; + }; + }; + labels = [ + "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest" + ]; + name = "${config.networking.hostName}@${config.networking.domain}"; + }; + }; +} + diff --git a/secrets/actions-runner.age b/secrets/actions-runner.age new file mode 100644 index 0000000..e293003 --- /dev/null +++ b/secrets/actions-runner.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 VxAJjg Qn5U+TQZkSgLpUd9RslXW46cJpJSHmrIB6EyYp6I9lM +F9LTpgeTRVQrLDEu+y3oPdmglACitELkqRk1Bltks1k +-> ssh-ed25519 j1TNiw HUY1D/Z8dzY+V+PoAG2mdf4LcAqeUeSxtvZVoac5lW8 +Ydf0OjZA5h2WMevjqj1Y8gvRMFmMYvmwV2u2pCTrluE +--- 01ct0V0j57KgQZa9/kzQrlYX8NCEkfMdQ2GJogx3zm4 +ƒ¿O²Yò“ X3ÝO&%¥qÃKhð½`U“åÚÈmt_'„1p~9«Ù.µ¤ðÃu9#'¬ë¿¥Œ­ríûUdÐaü{a¯|Å•ö¨ \ No newline at end of file diff --git a/secrets/pink.nix b/secrets/pink.nix new file mode 100644 index 0000000..5c75053 --- /dev/null +++ b/secrets/pink.nix @@ -0,0 +1,4 @@ +{ pkgs, ... }: { + age.secrets.actions-runner.file = ./actions-runner.age; +} + diff --git a/secrets/secrets.nix b/secrets/secrets.nix index afac64c..e1efe10 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -4,21 +4,25 @@ let carbon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGgB3WAu0WWaRog795SwgM2vUXXB1/oosIhXRZ9kPZ+P"; lime = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPiO7+7mFkXQ5jYNSmGErC+C6js0CvSWw0Pe9NAtuL1W"; + pink = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNSR+kq1CzLQ9+AFKDBnOZLDOSFdDg2T8OU1KHrp89l"; + systems = [ carbon ]; in { + # CARBON "synapse.age".publicKeys = [ grape carbon ]; "anonymousoverflow.age".publicKeys = [ grape carbon ]; "forgejo-runner.age".publicKeys = [ grape carbon ]; - "piped.age".publicKeys = [ grape carbon ]; - # scribe "github-username.age".publicKeys = [ grape carbon ]; "github-token.age".publicKeys = [ grape carbon ]; "scribe-secret.age".publicKeys = [ grape carbon ]; + # LIME "porkbun.age".publicKeys = [ grape lime ]; "porkbun-user.age".publicKeys = [ grape lime ]; + # PINK + "actions-runner.age".publicKeys = [ grape pink ]; }