💻 runners:
now pink is a runner for forgejo too
This commit is contained in:
parent
252d055027
commit
42899d79db
|
@ -43,8 +43,10 @@
|
|||
inherit system;
|
||||
modules = [
|
||||
./hosts/pink/root.nix
|
||||
./secrets/pink.nix
|
||||
./root.nix
|
||||
i2pd-exporter.nixosModules.default
|
||||
agenix.nixosModules.default
|
||||
home-manager.nixosModules.home-manager
|
||||
{
|
||||
home-manager.useGlobalPkgs = true;
|
||||
|
|
|
@ -9,6 +9,7 @@
|
|||
./services/dns.nix
|
||||
./services/endlessh.nix
|
||||
./services/i2pd.nix
|
||||
./services/actions-runner.nix
|
||||
#./services/hydra.nix
|
||||
|
||||
|
||||
|
@ -25,7 +26,7 @@
|
|||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
networking.hostName = "pink";
|
||||
networking.domain = "stuff.local";
|
||||
networking.domain = "4o1x5.dev";
|
||||
|
||||
users.users.pink = {
|
||||
isNormalUser = true;
|
||||
|
|
23
hosts/pink/services/actions-runner.nix
Normal file
23
hosts/pink/services/actions-runner.nix
Normal file
|
@ -0,0 +1,23 @@
|
|||
{ pkgs, config, ... }:
|
||||
{
|
||||
|
||||
services.gitea-actions-runner.instances = {
|
||||
root = {
|
||||
enable = true;
|
||||
url = "https://git.4o1x5.dev";
|
||||
tokenFile = config.age.secrets.actions-runner.path;
|
||||
settings = {
|
||||
container = {
|
||||
# TODO fix: networking
|
||||
# instead of using host, create a subnet that cannot contact other server on my network to avoid being haxxed
|
||||
network = "host";
|
||||
};
|
||||
};
|
||||
labels = [
|
||||
"ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
|
||||
];
|
||||
name = "${config.networking.hostName}@${config.networking.domain}";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
7
secrets/actions-runner.age
Normal file
7
secrets/actions-runner.age
Normal file
|
@ -0,0 +1,7 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 VxAJjg Qn5U+TQZkSgLpUd9RslXW46cJpJSHmrIB6EyYp6I9lM
|
||||
F9LTpgeTRVQrLDEu+y3oPdmglACitELkqRk1Bltks1k
|
||||
-> ssh-ed25519 j1TNiw HUY1D/Z8dzY+V+PoAG2mdf4LcAqeUeSxtvZVoac5lW8
|
||||
Ydf0OjZA5h2WMevjqj1Y8gvRMFmMYvmwV2u2pCTrluE
|
||||
--- 01ct0V0j57KgQZa9/kzQrlYX8NCEkfMdQ2GJogx3zm4
|
||||
兛O瞃驌 X3軴&%<25>肒h鸾`U撳谌mt_'<27>1p~9<>.丹鹈u9#'<27>骏尛r睇Ud衋鼂a瘄艜雳
|
4
secrets/pink.nix
Normal file
4
secrets/pink.nix
Normal file
|
@ -0,0 +1,4 @@
|
|||
{ pkgs, ... }: {
|
||||
age.secrets.actions-runner.file = ./actions-runner.age;
|
||||
}
|
||||
|
|
@ -4,21 +4,25 @@ let
|
|||
|
||||
carbon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGgB3WAu0WWaRog795SwgM2vUXXB1/oosIhXRZ9kPZ+P";
|
||||
lime = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPiO7+7mFkXQ5jYNSmGErC+C6js0CvSWw0Pe9NAtuL1W";
|
||||
pink = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNSR+kq1CzLQ9+AFKDBnOZLDOSFdDg2T8OU1KHrp89l";
|
||||
|
||||
systems = [ carbon ];
|
||||
in
|
||||
{
|
||||
# CARBON
|
||||
"synapse.age".publicKeys = [ grape carbon ];
|
||||
"anonymousoverflow.age".publicKeys = [ grape carbon ];
|
||||
"forgejo-runner.age".publicKeys = [ grape carbon ];
|
||||
|
||||
"piped.age".publicKeys = [ grape carbon ];
|
||||
# scribe
|
||||
"github-username.age".publicKeys = [ grape carbon ];
|
||||
"github-token.age".publicKeys = [ grape carbon ];
|
||||
"scribe-secret.age".publicKeys = [ grape carbon ];
|
||||
|
||||
# LIME
|
||||
"porkbun.age".publicKeys = [ grape lime ];
|
||||
"porkbun-user.age".publicKeys = [ grape lime ];
|
||||
|
||||
# PINK
|
||||
"actions-runner.age".publicKeys = [ grape pink ];
|
||||
|
||||
}
|
||||
|
|
Reference in a new issue