💻 runners:
now pink is a runner for forgejo too
This commit is contained in:
parent
252d055027
commit
42899d79db
|
@ -43,8 +43,10 @@
|
||||||
inherit system;
|
inherit system;
|
||||||
modules = [
|
modules = [
|
||||||
./hosts/pink/root.nix
|
./hosts/pink/root.nix
|
||||||
|
./secrets/pink.nix
|
||||||
./root.nix
|
./root.nix
|
||||||
i2pd-exporter.nixosModules.default
|
i2pd-exporter.nixosModules.default
|
||||||
|
agenix.nixosModules.default
|
||||||
home-manager.nixosModules.home-manager
|
home-manager.nixosModules.home-manager
|
||||||
{
|
{
|
||||||
home-manager.useGlobalPkgs = true;
|
home-manager.useGlobalPkgs = true;
|
||||||
|
|
|
@ -9,6 +9,7 @@
|
||||||
./services/dns.nix
|
./services/dns.nix
|
||||||
./services/endlessh.nix
|
./services/endlessh.nix
|
||||||
./services/i2pd.nix
|
./services/i2pd.nix
|
||||||
|
./services/actions-runner.nix
|
||||||
#./services/hydra.nix
|
#./services/hydra.nix
|
||||||
|
|
||||||
|
|
||||||
|
@ -25,7 +26,7 @@
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
networking.hostName = "pink";
|
networking.hostName = "pink";
|
||||||
networking.domain = "stuff.local";
|
networking.domain = "4o1x5.dev";
|
||||||
|
|
||||||
users.users.pink = {
|
users.users.pink = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
|
|
23
hosts/pink/services/actions-runner.nix
Normal file
23
hosts/pink/services/actions-runner.nix
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
{ pkgs, config, ... }:
|
||||||
|
{
|
||||||
|
|
||||||
|
services.gitea-actions-runner.instances = {
|
||||||
|
root = {
|
||||||
|
enable = true;
|
||||||
|
url = "https://git.4o1x5.dev";
|
||||||
|
tokenFile = config.age.secrets.actions-runner.path;
|
||||||
|
settings = {
|
||||||
|
container = {
|
||||||
|
# TODO fix: networking
|
||||||
|
# instead of using host, create a subnet that cannot contact other server on my network to avoid being haxxed
|
||||||
|
network = "host";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
labels = [
|
||||||
|
"ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
|
||||||
|
];
|
||||||
|
name = "${config.networking.hostName}@${config.networking.domain}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
7
secrets/actions-runner.age
Normal file
7
secrets/actions-runner.age
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 VxAJjg Qn5U+TQZkSgLpUd9RslXW46cJpJSHmrIB6EyYp6I9lM
|
||||||
|
F9LTpgeTRVQrLDEu+y3oPdmglACitELkqRk1Bltks1k
|
||||||
|
-> ssh-ed25519 j1TNiw HUY1D/Z8dzY+V+PoAG2mdf4LcAqeUeSxtvZVoac5lW8
|
||||||
|
Ydf0OjZA5h2WMevjqj1Y8gvRMFmMYvmwV2u2pCTrluE
|
||||||
|
--- 01ct0V0j57KgQZa9/kzQrlYX8NCEkfMdQ2GJogx3zm4
|
||||||
|
兛O瞃驌 X3軴&%<25>肒h鸾`U撳谌mt_'<27>1p~9<>.丹鹈u9#'<27>骏尛r睇Ud衋鼂a瘄艜雳
|
4
secrets/pink.nix
Normal file
4
secrets/pink.nix
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
{ pkgs, ... }: {
|
||||||
|
age.secrets.actions-runner.file = ./actions-runner.age;
|
||||||
|
}
|
||||||
|
|
|
@ -4,21 +4,25 @@ let
|
||||||
|
|
||||||
carbon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGgB3WAu0WWaRog795SwgM2vUXXB1/oosIhXRZ9kPZ+P";
|
carbon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGgB3WAu0WWaRog795SwgM2vUXXB1/oosIhXRZ9kPZ+P";
|
||||||
lime = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPiO7+7mFkXQ5jYNSmGErC+C6js0CvSWw0Pe9NAtuL1W";
|
lime = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPiO7+7mFkXQ5jYNSmGErC+C6js0CvSWw0Pe9NAtuL1W";
|
||||||
|
pink = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNSR+kq1CzLQ9+AFKDBnOZLDOSFdDg2T8OU1KHrp89l";
|
||||||
|
|
||||||
systems = [ carbon ];
|
systems = [ carbon ];
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
# CARBON
|
||||||
"synapse.age".publicKeys = [ grape carbon ];
|
"synapse.age".publicKeys = [ grape carbon ];
|
||||||
"anonymousoverflow.age".publicKeys = [ grape carbon ];
|
"anonymousoverflow.age".publicKeys = [ grape carbon ];
|
||||||
"forgejo-runner.age".publicKeys = [ grape carbon ];
|
"forgejo-runner.age".publicKeys = [ grape carbon ];
|
||||||
|
|
||||||
"piped.age".publicKeys = [ grape carbon ];
|
"piped.age".publicKeys = [ grape carbon ];
|
||||||
# scribe
|
|
||||||
"github-username.age".publicKeys = [ grape carbon ];
|
"github-username.age".publicKeys = [ grape carbon ];
|
||||||
"github-token.age".publicKeys = [ grape carbon ];
|
"github-token.age".publicKeys = [ grape carbon ];
|
||||||
"scribe-secret.age".publicKeys = [ grape carbon ];
|
"scribe-secret.age".publicKeys = [ grape carbon ];
|
||||||
|
|
||||||
|
# LIME
|
||||||
"porkbun.age".publicKeys = [ grape lime ];
|
"porkbun.age".publicKeys = [ grape lime ];
|
||||||
"porkbun-user.age".publicKeys = [ grape lime ];
|
"porkbun-user.age".publicKeys = [ grape lime ];
|
||||||
|
|
||||||
|
# PINK
|
||||||
|
"actions-runner.age".publicKeys = [ grape pink ];
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Reference in a new issue