💻 runners:

now pink is a runner for forgejo too
This commit is contained in:
2005 2024-06-12 18:09:08 +02:00
parent 252d055027
commit 42899d79db
6 changed files with 44 additions and 3 deletions

View file

@ -43,8 +43,10 @@
inherit system; inherit system;
modules = [ modules = [
./hosts/pink/root.nix ./hosts/pink/root.nix
./secrets/pink.nix
./root.nix ./root.nix
i2pd-exporter.nixosModules.default i2pd-exporter.nixosModules.default
agenix.nixosModules.default
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
{ {
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;

View file

@ -9,6 +9,7 @@
./services/dns.nix ./services/dns.nix
./services/endlessh.nix ./services/endlessh.nix
./services/i2pd.nix ./services/i2pd.nix
./services/actions-runner.nix
#./services/hydra.nix #./services/hydra.nix
@ -25,7 +26,7 @@
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "pink"; networking.hostName = "pink";
networking.domain = "stuff.local"; networking.domain = "4o1x5.dev";
users.users.pink = { users.users.pink = {
isNormalUser = true; isNormalUser = true;

View file

@ -0,0 +1,23 @@
{ pkgs, config, ... }:
{
services.gitea-actions-runner.instances = {
root = {
enable = true;
url = "https://git.4o1x5.dev";
tokenFile = config.age.secrets.actions-runner.path;
settings = {
container = {
# TODO fix: networking
# instead of using host, create a subnet that cannot contact other server on my network to avoid being haxxed
network = "host";
};
};
labels = [
"ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
];
name = "${config.networking.hostName}@${config.networking.domain}";
};
};
}

View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 VxAJjg Qn5U+TQZkSgLpUd9RslXW46cJpJSHmrIB6EyYp6I9lM
F9LTpgeTRVQrLDEu+y3oPdmglACitELkqRk1Bltks1k
-> ssh-ed25519 j1TNiw HUY1D/Z8dzY+V+PoAG2mdf4LcAqeUeSxtvZVoac5lW8
Ydf0OjZA5h2WMevjqj1Y8gvRMFmMYvmwV2u2pCTrluE
--- 01ct0V0j57KgQZa9/kzQrlYX8NCEkfMdQ2GJogx3zm4
O瞃驌 X3軴&%<25>肒h鸾`U撳谌mt_'<27>1p~9<>.丹鹈u9#'<27>骏尛r睇Ud衋鼂a瘄艜雳

4
secrets/pink.nix Normal file
View file

@ -0,0 +1,4 @@
{ pkgs, ... }: {
age.secrets.actions-runner.file = ./actions-runner.age;
}

View file

@ -4,21 +4,25 @@ let
carbon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGgB3WAu0WWaRog795SwgM2vUXXB1/oosIhXRZ9kPZ+P"; carbon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGgB3WAu0WWaRog795SwgM2vUXXB1/oosIhXRZ9kPZ+P";
lime = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPiO7+7mFkXQ5jYNSmGErC+C6js0CvSWw0Pe9NAtuL1W"; lime = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPiO7+7mFkXQ5jYNSmGErC+C6js0CvSWw0Pe9NAtuL1W";
pink = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNSR+kq1CzLQ9+AFKDBnOZLDOSFdDg2T8OU1KHrp89l";
systems = [ carbon ]; systems = [ carbon ];
in in
{ {
# CARBON
"synapse.age".publicKeys = [ grape carbon ]; "synapse.age".publicKeys = [ grape carbon ];
"anonymousoverflow.age".publicKeys = [ grape carbon ]; "anonymousoverflow.age".publicKeys = [ grape carbon ];
"forgejo-runner.age".publicKeys = [ grape carbon ]; "forgejo-runner.age".publicKeys = [ grape carbon ];
"piped.age".publicKeys = [ grape carbon ]; "piped.age".publicKeys = [ grape carbon ];
# scribe
"github-username.age".publicKeys = [ grape carbon ]; "github-username.age".publicKeys = [ grape carbon ];
"github-token.age".publicKeys = [ grape carbon ]; "github-token.age".publicKeys = [ grape carbon ];
"scribe-secret.age".publicKeys = [ grape carbon ]; "scribe-secret.age".publicKeys = [ grape carbon ];
# LIME
"porkbun.age".publicKeys = [ grape lime ]; "porkbun.age".publicKeys = [ grape lime ];
"porkbun-user.age".publicKeys = [ grape lime ]; "porkbun-user.age".publicKeys = [ grape lime ];
# PINK
"actions-runner.age".publicKeys = [ grape pink ];
} }