ci-runner: Init
This commit is contained in:
parent
d7600be2e3
commit
9a3290b259
|
@ -20,6 +20,7 @@ keys:
|
|||
- &nazuna 0b8be5d87a10a0e68dda97212c4befad1f9e915c
|
||||
- &yuzuru a1ee5bc0249163a047440ef2649e770ec6ea16e4
|
||||
- &koyomi a53d4ca8d2cf54613822c81d660e69babee42643
|
||||
- &ci-runner 20e376b89b30327fb82f12e8e8b72d52c3aa39ee
|
||||
creation_rules:
|
||||
- path_regex: machines/nunotaba/secrets\.yaml$
|
||||
key_groups:
|
||||
|
@ -105,6 +106,13 @@ creation_rules:
|
|||
- *simon-alpha
|
||||
- *simon-beta
|
||||
- *koyomi
|
||||
- path_regex: machines/ci-runner/secrets\.yaml$
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *simon
|
||||
- *simon-alpha
|
||||
- *simon-beta
|
||||
- *ci-runner
|
||||
- path_regex: secrets\.yaml$
|
||||
key_groups:
|
||||
- pgp:
|
||||
|
|
28
keys/machines/ci-runner.asc
Normal file
28
keys/machines/ci-runner.asc
Normal file
|
@ -0,0 +1,28 @@
|
|||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
xsFNBAAAAAABEADCLQ+QHuf+tfp88c7rUzPPLLsfSNvH4lPw57cIz0hCADDIyBfs
|
||||
xZH+uSfBDX7EJyCdpRulpKeI+ixoMtpTo1sgLLnXTaiVY024+ZNtbHUtN28CuS5P
|
||||
O1uBfWn8ska524DobfHsiIfWRlHrrOdQpgoFfNLIalgbDJv84ktkV92e4NXwp9fg
|
||||
6/KzcR/LOwUr/ps/OV0+nXgWir9Kz7FepDBIu60UnMeqmqrpptFfxyhB9drps9m0
|
||||
8wQwaqX+1H4MRNnDVcZEQSdyCHrb3ia7Nc/ysUtguRlhmCuUxRAg1iGoQ4CwDadQ
|
||||
SgS8eofAmueoV0D0AM6zptFtHydX4U7ZYUeaVdEoKqAcl2IOEydSDg71bDrHDonc
|
||||
II71WezXY8B76M9W7vvphYjql97x8Eb7HMiDecrqxpaOcnPDeGSy2J9+ENXUhVbk
|
||||
tak2itzD7FXXpDy15Oam3zNAZV718TfyvsxjOq8xNIDUh1x5iDlR/YAOErro3qF/
|
||||
fQWIGaKZDDllOpP6BxTR87x85w56i9yPRJ1jl5UvUYKkU30HrnIo/sScy4s1NeSH
|
||||
XyIGHemm+8e1S2LYEQ/w2bnwKHHNS5kdfARMnaSpMurD+Pd9UBOHPn+M+ZVjX7hT
|
||||
wCn8QJSJZiUA0b1lJ8YgbXRodHn9jdpZugQ8frtImcDE3Lq+H/VqzJm0tQARAQAB
|
||||
zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT
|
||||
AQgAFgUCAAAAAAkQ6LctUsOqOe4CGw8CGQEAAC2dEAABcy5TinEg/yr40qtrPmdR
|
||||
+qw+B3CezIZOhkFVXJ5SnKSD6kNmijgJjloSJgpQf9qqDsZ8asWzZN79h5s9fqNa
|
||||
GBn5jBBqoSLPtnNAvxiLk62iRyCbb7y645I1u5Cmg5eBPLjGpVrxI3rPcGojkBz7
|
||||
1LjtxCY94JI7lRYMpN6qOvyQlrTOxlFDE+C/x60UeliNzL3Ld17O9iuqlSGiYpz4
|
||||
kellyHF4zHvOcSmURmGmHDzPQvkLop81rCogMZkVoA0tg446U1sPdIo8HJZD+cLt
|
||||
LXCNlyLU/MK7RCAG25+Z2KE43Z0xuXyNmHc0tpYOWs6oob7+ZmsWFObpyN6v69G/
|
||||
rTnZbQCp/H/Rr19UbJhoEhDpB6J+6O1OlJXe5hUDiiIYpC6vtzJV8B0ERQ9Vr1TC
|
||||
nCo+RaBJoPbkJySSO500G3/psQugsxBcxRtCy78cHV1B4fKEJM4e1Hi3VP2uhCju
|
||||
gRaiLGikDy4rpQQxasszOO2Yt57OGV5qySnZ9hfDLhtmhmNjL2HazZlVT1um28j4
|
||||
+DZQ7JUmjvlmzZPPt2fWG4k2zv6Xy1p2aLiuL+6TrQLjEyIMa41Lxf6bB7hlYo1Y
|
||||
3Xl5yE94wvBx2+gKEArlqdrn/P8cdktHuGrELBwVaVgvHHtBM3qfzBik2lIRJMIx
|
||||
haEIuBv/ZtSMbM/ItaAnJA==
|
||||
=eW+j
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
15
machines/ci-runner/README.md
Normal file
15
machines/ci-runner/README.md
Normal file
|
@ -0,0 +1,15 @@
|
|||
<!--
|
||||
SPDX-FileCopyrightText: 2024 Simon Bruder <simon@sbruder.de>
|
||||
|
||||
SPDX-License-Identifier: CC-BY-SA-4.0
|
||||
-->
|
||||
|
||||
# ci-runner
|
||||
|
||||
## Hardware
|
||||
|
||||
QEMU/KVM virtual machine on [koyomi](../koyomi/README.md).
|
||||
|
||||
## Purpose
|
||||
|
||||
It will serve as a CI runner for Forgejo.
|
67
machines/ci-runner/configuration.nix
Normal file
67
machines/ci-runner/configuration.nix
Normal file
|
@ -0,0 +1,67 @@
|
|||
# SPDX-FileCopyrightText: 2024 Simon Bruder <simon@sbruder.de>
|
||||
#
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
../../modules
|
||||
];
|
||||
|
||||
sbruder = {
|
||||
full = false;
|
||||
};
|
||||
|
||||
networking.hostName = "ci-runner";
|
||||
|
||||
system.stateVersion = "24.05";
|
||||
|
||||
sops.secrets.forgejo-runner-token-personal = {
|
||||
sopsFile = ./secrets.yaml;
|
||||
};
|
||||
|
||||
services.gitea-actions-runner = {
|
||||
package = pkgs.forgejo-runner;
|
||||
instances = {
|
||||
personal = {
|
||||
enable = true;
|
||||
name = "koyomi-vm";
|
||||
url = "https://git.sbruder.de";
|
||||
tokenFile = config.sops.secrets.forgejo-runner-token-personal.path;
|
||||
labels = [
|
||||
"nix:host"
|
||||
];
|
||||
settings = {
|
||||
log.level = "warn"; # seems to have little effect
|
||||
runner = {
|
||||
capacity = 4;
|
||||
timeout = "1h";
|
||||
};
|
||||
};
|
||||
hostPackages = with pkgs; [
|
||||
bash
|
||||
coreutils
|
||||
git
|
||||
git-lfs
|
||||
nix
|
||||
nodejs
|
||||
podman
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
virtualisation = {
|
||||
podman = {
|
||||
enable = true;
|
||||
defaultNetwork.settings = {
|
||||
ipv6_enabled = true;
|
||||
};
|
||||
};
|
||||
containers.containersConf.settings = {
|
||||
engine.cgroup_manager = "cgroupfs"; # systemd does not work for system user
|
||||
};
|
||||
};
|
||||
}
|
56
machines/ci-runner/hardware-configuration.nix
Normal file
56
machines/ci-runner/hardware-configuration.nix
Normal file
|
@ -0,0 +1,56 @@
|
|||
# SPDX-FileCopyrightText: 2024 Simon Bruder <simon@sbruder.de>
|
||||
#
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
{ modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
(modulesPath + "/profiles/qemu-guest.nix")
|
||||
];
|
||||
|
||||
sbruder.machine.isVm = true;
|
||||
|
||||
boot = {
|
||||
kernelModules = [ "kvm-intel" ];
|
||||
extraModulePackages = [ ];
|
||||
kernelParams = [ "console=ttyS0" ];
|
||||
initrd = {
|
||||
availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk" ];
|
||||
kernelModules = [ ];
|
||||
};
|
||||
loader = {
|
||||
grub.enable = false;
|
||||
systemd-boot.enable = true;
|
||||
efi.canTouchEfiVariables = true;
|
||||
};
|
||||
};
|
||||
|
||||
fileSystems = {
|
||||
"/" = {
|
||||
device = "/dev/disk/by-uuid/e1a9b0bb-9f04-498c-ac2f-aad9da4639f3";
|
||||
fsType = "btrfs";
|
||||
options = [ "compress=zstd" "discard" "noatime" "ssd" ]; # for some reason, the kernel assumes rotational
|
||||
};
|
||||
"/boot" = {
|
||||
device = "/dev/disk/by-uuid/7A51-7897";
|
||||
fsType = "vfat";
|
||||
options = [ "fmask=0022" "dmask=0022" ];
|
||||
};
|
||||
};
|
||||
|
||||
networking = {
|
||||
useDHCP = false;
|
||||
usePredictableInterfaceNames = false;
|
||||
};
|
||||
systemd.network = {
|
||||
enable = true;
|
||||
networks = {
|
||||
eth0 = {
|
||||
name = "eth0";
|
||||
DHCP = "yes";
|
||||
domains = [ "sbruder.de" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
72
machines/ci-runner/secrets.yaml
Normal file
72
machines/ci-runner/secrets.yaml
Normal file
|
@ -0,0 +1,72 @@
|
|||
forgejo-runner-token-personal: ENC[AES256_GCM,data:U2VmQW3mO+3lNBczxU5MmKjseCICXcu1q9g4xctrJMl7Hcau0Hfy2IT8YzaEnTo=,iv:IRf+5sTyx20cMyUCg8jffDiSIuNgVRySD7eqOlzzAXY=,tag:vLEo/E2VUZ4Uu/vTFDomUw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age: []
|
||||
lastmodified: "2024-07-19T10:19:26Z"
|
||||
mac: ENC[AES256_GCM,data:9btw7oa8ZNJYYW/TmsQYRMdW493PFV0oae/bp3r9mLZ8i272BJmvrsrLjuRTuyo9aMiE4DqtQ217723hMt+p7Q6WHqwgamlDU8PjZVCN3Q6t2dH7oZuTSq3bWxm4MQJH2fB77Bfk1M9YiUdNt4Lm/Mz1pxy8zLHCHWoLqN3XErI=,iv:JybjhZE0czAZhSByPGRJBnWwr/Y1y7D05G1WxiOgWh4=,tag:gT5qRCK+b2Gt7bG8jpl2VQ==,type:str]
|
||||
pgp:
|
||||
- created_at: "2024-07-19T10:09:12Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hF4DLHeEFiC484ASAQdAV+XCpuYtwJAQ0tudjofCp9kLhagt3iFPOZxMVm7Wu38w
|
||||
7h11CkDL2crHptPFundK0cVC1C149l8fpTRM3w6HzrqrYeSb2rVB3sTJnquWE6vc
|
||||
hF4Dub78fMESoMASAQdAyxaxQvNwxAVVLs2zfhpaEVJMJTVb2X8Re28T5oyzBTsw
|
||||
vfLrp2aF9f6aR0rKawCdWCtbkdT84RqjcmFeRFm80aKg/moUOsEGKrJIom8bvzgC
|
||||
hF4DM6AcvgVUx2MSAQdAkmk2DPVyggHcMG98DGidvPx2lx6f1jUctmu4bgCOCXow
|
||||
JmC3Navjws1ki32t3AYO18VLzTdJnnoUZsMgKIZjrmTYq1SYEbZF7YkHpFKyD2P/
|
||||
1GgBCQIQznxhAwr2Y1EfOOIurUCAFioUkb00NYurpRtXkwlq6zXj+g3mqy4oIxwE
|
||||
G8PWC0Gd5DDf3vgY8gu+yIPdQYVtPEmcgdVAuf2URXeZzOYkYdME9aHjmOkZZLgl
|
||||
q+rcko9nXtgqfQ==
|
||||
=a7Tl
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 6CD375BD0741F67E5A289BC333A01CBE0554C763
|
||||
- created_at: "2024-07-19T10:09:12Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hF4Dub78fMESoMASAQdAn4gu062b6uphH7aptsB+qJsJvw5j1jeEijaiN3g3HCEw
|
||||
7efyFGEXz5Jr3QBkvA86zzzw4uaj6s8jcpGkygPgVxkid+wNPNE7Od2GxwsQ7Rzs
|
||||
1GgBCQIQznKTHLTufQbnTxtYWdZ7Vd7d90/hl9ZkGRXCq5llvppaYkuO+RO3HeW1
|
||||
Z4hAPFKrvOjNctb/Puh9kbmQ2g02KFdzs1xUvq3+Ma6gI+WeefV/R/VewAVve8+2
|
||||
G/CwY+iDECvL1A==
|
||||
=QVmD
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 0C8AF4B4320A511384DF6B5BB9BEFC7CC112A0C0
|
||||
- created_at: "2024-07-19T10:09:12Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hF4DLHeEFiC484ASAQdAwLuRB1t778hUtgsjaQisVwMhBudnSIOtrBFehLU5Smow
|
||||
AA29mIR2539iMz/Qkdjoumj3IIKGu6a/fBeu0eLUcZqSt5PtpMKMDnF47HeRv/QQ
|
||||
1GgBCQIQGjEJcIaQyjBPuHyxUNryt6M72ed5eKsnsHBhe+xmwc8AFliP2rt/kZOn
|
||||
yJGjhMrFAib5i8rRDQiW+HlDHKZeGxsX3yLGdOSI9KfIFvawcYV8pxDFzIca/3X1
|
||||
TcVFed7B2BUIow==
|
||||
=6bPt
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 403215E0F99D2582C7055C512C77841620B8F380
|
||||
- created_at: "2024-07-19T10:09:12Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA+i3LVLDqjnuARAArF6aiDcKtyilbZXdBga+6nAqwBdpeYfXlnTMUztFLRYs
|
||||
cSSe2HKu6J9G1oMqpZuNcGLUXgrdKk8PO3YmivWcPubQ0ruiorgzmSnXDhYvij7+
|
||||
b9b3dSWXwe82sdCVlSQZRNeapeb1hW8wcrKSoFDUYyIl3HdlxFcB1Y7hKe3XpzAy
|
||||
UMxgZ8B+Ne1JOHZw97YhZmr834F7/i4vCUv/US+dGd5Fl4a3bX/8ft43T0uj5JWW
|
||||
PsbjZa2LIuV6dhXu8URraQHj24Z2xM/PSSmm277MzFiXVT/0jWHe38iXLxsp7/KV
|
||||
hFYqbH49P7gTC7GWJ0xHJaICWXR9WJKSttc5ue8sMkf4rj3C/ULmxS7uKbUn4FgD
|
||||
Po4XCOSanZZZos4Tz/KxExLjDioJbCBUSBVQUP07RRDyVjIEe4GlOG7QCVgqty6U
|
||||
LJk7sQLgFOsCgaMGuA5u5hulWx7YDHqaZxKwWZ4ME8huoP2F7L4HzoWJGK33chCR
|
||||
1t+p/cnflcz459bSGmDMjprZAtD2XFD08/GbDqS7rotPy0h+dnbT7TnvHrFFGjd2
|
||||
Qw8SIytL0D0KcqKOIXztwtt30RqTMp3CnV22NasGJsbhshAV3zVheI/8dA6UuB4r
|
||||
kltGrz+O+Z7HMwuYKKTUzz3C29VJYYhPlf4uq3kF+JJZC6ZQUNAoD5rgVDeZDyDS
|
||||
WAEqbel5S7ImX3oAsIF21iI11jsbWHS1/PjHdsBQdSeBzVXooiRfVa/e4ixgk8S1
|
||||
tbJl8GcvK4vdDxW689A86w7DoquocXRzJIYsKB/GVfsrTlTofAwPjHY=
|
||||
=bQn7
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 20e376b89b30327fb82f12e8e8b72d52c3aa39ee
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
|
@ -85,4 +85,9 @@ in
|
|||
|
||||
targetHost = "koyomi.sbruder.de";
|
||||
};
|
||||
ci-runner = {
|
||||
system = "x86_64-linux";
|
||||
|
||||
targetHost = "ci-runner.sbruder.de";
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue