ci-runner: Init

This commit is contained in:
Simon Bruder 2024-07-19 11:50:11 +02:00
parent d7600be2e3
commit 9a3290b259
Signed by: simon
GPG key ID: 347FF8699CDA0776
7 changed files with 251 additions and 0 deletions

View file

@ -20,6 +20,7 @@ keys:
- &nazuna 0b8be5d87a10a0e68dda97212c4befad1f9e915c - &nazuna 0b8be5d87a10a0e68dda97212c4befad1f9e915c
- &yuzuru a1ee5bc0249163a047440ef2649e770ec6ea16e4 - &yuzuru a1ee5bc0249163a047440ef2649e770ec6ea16e4
- &koyomi a53d4ca8d2cf54613822c81d660e69babee42643 - &koyomi a53d4ca8d2cf54613822c81d660e69babee42643
- &ci-runner 20e376b89b30327fb82f12e8e8b72d52c3aa39ee
creation_rules: creation_rules:
- path_regex: machines/nunotaba/secrets\.yaml$ - path_regex: machines/nunotaba/secrets\.yaml$
key_groups: key_groups:
@ -105,6 +106,13 @@ creation_rules:
- *simon-alpha - *simon-alpha
- *simon-beta - *simon-beta
- *koyomi - *koyomi
- path_regex: machines/ci-runner/secrets\.yaml$
key_groups:
- pgp:
- *simon
- *simon-alpha
- *simon-beta
- *ci-runner
- path_regex: secrets\.yaml$ - path_regex: secrets\.yaml$
key_groups: key_groups:
- pgp: - pgp:

View file

@ -0,0 +1,28 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
xsFNBAAAAAABEADCLQ+QHuf+tfp88c7rUzPPLLsfSNvH4lPw57cIz0hCADDIyBfs
xZH+uSfBDX7EJyCdpRulpKeI+ixoMtpTo1sgLLnXTaiVY024+ZNtbHUtN28CuS5P
O1uBfWn8ska524DobfHsiIfWRlHrrOdQpgoFfNLIalgbDJv84ktkV92e4NXwp9fg
6/KzcR/LOwUr/ps/OV0+nXgWir9Kz7FepDBIu60UnMeqmqrpptFfxyhB9drps9m0
8wQwaqX+1H4MRNnDVcZEQSdyCHrb3ia7Nc/ysUtguRlhmCuUxRAg1iGoQ4CwDadQ
SgS8eofAmueoV0D0AM6zptFtHydX4U7ZYUeaVdEoKqAcl2IOEydSDg71bDrHDonc
II71WezXY8B76M9W7vvphYjql97x8Eb7HMiDecrqxpaOcnPDeGSy2J9+ENXUhVbk
tak2itzD7FXXpDy15Oam3zNAZV718TfyvsxjOq8xNIDUh1x5iDlR/YAOErro3qF/
fQWIGaKZDDllOpP6BxTR87x85w56i9yPRJ1jl5UvUYKkU30HrnIo/sScy4s1NeSH
XyIGHemm+8e1S2LYEQ/w2bnwKHHNS5kdfARMnaSpMurD+Pd9UBOHPn+M+ZVjX7hT
wCn8QJSJZiUA0b1lJ8YgbXRodHn9jdpZugQ8frtImcDE3Lq+H/VqzJm0tQARAQAB
zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT
AQgAFgUCAAAAAAkQ6LctUsOqOe4CGw8CGQEAAC2dEAABcy5TinEg/yr40qtrPmdR
+qw+B3CezIZOhkFVXJ5SnKSD6kNmijgJjloSJgpQf9qqDsZ8asWzZN79h5s9fqNa
GBn5jBBqoSLPtnNAvxiLk62iRyCbb7y645I1u5Cmg5eBPLjGpVrxI3rPcGojkBz7
1LjtxCY94JI7lRYMpN6qOvyQlrTOxlFDE+C/x60UeliNzL3Ld17O9iuqlSGiYpz4
kellyHF4zHvOcSmURmGmHDzPQvkLop81rCogMZkVoA0tg446U1sPdIo8HJZD+cLt
LXCNlyLU/MK7RCAG25+Z2KE43Z0xuXyNmHc0tpYOWs6oob7+ZmsWFObpyN6v69G/
rTnZbQCp/H/Rr19UbJhoEhDpB6J+6O1OlJXe5hUDiiIYpC6vtzJV8B0ERQ9Vr1TC
nCo+RaBJoPbkJySSO500G3/psQugsxBcxRtCy78cHV1B4fKEJM4e1Hi3VP2uhCju
gRaiLGikDy4rpQQxasszOO2Yt57OGV5qySnZ9hfDLhtmhmNjL2HazZlVT1um28j4
+DZQ7JUmjvlmzZPPt2fWG4k2zv6Xy1p2aLiuL+6TrQLjEyIMa41Lxf6bB7hlYo1Y
3Xl5yE94wvBx2+gKEArlqdrn/P8cdktHuGrELBwVaVgvHHtBM3qfzBik2lIRJMIx
haEIuBv/ZtSMbM/ItaAnJA==
=eW+j
-----END PGP PUBLIC KEY BLOCK-----

View file

@ -0,0 +1,15 @@
<!--
SPDX-FileCopyrightText: 2024 Simon Bruder <simon@sbruder.de>
SPDX-License-Identifier: CC-BY-SA-4.0
-->
# ci-runner
## Hardware
QEMU/KVM virtual machine on [koyomi](../koyomi/README.md).
## Purpose
It will serve as a CI runner for Forgejo.

View file

@ -0,0 +1,67 @@
# SPDX-FileCopyrightText: 2024 Simon Bruder <simon@sbruder.de>
#
# SPDX-License-Identifier: AGPL-3.0-or-later
{ config, pkgs, ... }:
{
imports = [
./hardware-configuration.nix
../../modules
];
sbruder = {
full = false;
};
networking.hostName = "ci-runner";
system.stateVersion = "24.05";
sops.secrets.forgejo-runner-token-personal = {
sopsFile = ./secrets.yaml;
};
services.gitea-actions-runner = {
package = pkgs.forgejo-runner;
instances = {
personal = {
enable = true;
name = "koyomi-vm";
url = "https://git.sbruder.de";
tokenFile = config.sops.secrets.forgejo-runner-token-personal.path;
labels = [
"nix:host"
];
settings = {
log.level = "warn"; # seems to have little effect
runner = {
capacity = 4;
timeout = "1h";
};
};
hostPackages = with pkgs; [
bash
coreutils
git
git-lfs
nix
nodejs
podman
];
};
};
};
virtualisation = {
podman = {
enable = true;
defaultNetwork.settings = {
ipv6_enabled = true;
};
};
containers.containersConf.settings = {
engine.cgroup_manager = "cgroupfs"; # systemd does not work for system user
};
};
}

View file

@ -0,0 +1,56 @@
# SPDX-FileCopyrightText: 2024 Simon Bruder <simon@sbruder.de>
#
# SPDX-License-Identifier: AGPL-3.0-or-later
{ modulesPath, ... }:
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
sbruder.machine.isVm = true;
boot = {
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
kernelParams = [ "console=ttyS0" ];
initrd = {
availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk" ];
kernelModules = [ ];
};
loader = {
grub.enable = false;
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/e1a9b0bb-9f04-498c-ac2f-aad9da4639f3";
fsType = "btrfs";
options = [ "compress=zstd" "discard" "noatime" "ssd" ]; # for some reason, the kernel assumes rotational
};
"/boot" = {
device = "/dev/disk/by-uuid/7A51-7897";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
};
networking = {
useDHCP = false;
usePredictableInterfaceNames = false;
};
systemd.network = {
enable = true;
networks = {
eth0 = {
name = "eth0";
DHCP = "yes";
domains = [ "sbruder.de" ];
};
};
};
}

View file

@ -0,0 +1,72 @@
forgejo-runner-token-personal: ENC[AES256_GCM,data:U2VmQW3mO+3lNBczxU5MmKjseCICXcu1q9g4xctrJMl7Hcau0Hfy2IT8YzaEnTo=,iv:IRf+5sTyx20cMyUCg8jffDiSIuNgVRySD7eqOlzzAXY=,tag:vLEo/E2VUZ4Uu/vTFDomUw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2024-07-19T10:19:26Z"
mac: ENC[AES256_GCM,data:9btw7oa8ZNJYYW/TmsQYRMdW493PFV0oae/bp3r9mLZ8i272BJmvrsrLjuRTuyo9aMiE4DqtQ217723hMt+p7Q6WHqwgamlDU8PjZVCN3Q6t2dH7oZuTSq3bWxm4MQJH2fB77Bfk1M9YiUdNt4Lm/Mz1pxy8zLHCHWoLqN3XErI=,iv:JybjhZE0czAZhSByPGRJBnWwr/Y1y7D05G1WxiOgWh4=,tag:gT5qRCK+b2Gt7bG8jpl2VQ==,type:str]
pgp:
- created_at: "2024-07-19T10:09:12Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DLHeEFiC484ASAQdAV+XCpuYtwJAQ0tudjofCp9kLhagt3iFPOZxMVm7Wu38w
7h11CkDL2crHptPFundK0cVC1C149l8fpTRM3w6HzrqrYeSb2rVB3sTJnquWE6vc
hF4Dub78fMESoMASAQdAyxaxQvNwxAVVLs2zfhpaEVJMJTVb2X8Re28T5oyzBTsw
vfLrp2aF9f6aR0rKawCdWCtbkdT84RqjcmFeRFm80aKg/moUOsEGKrJIom8bvzgC
hF4DM6AcvgVUx2MSAQdAkmk2DPVyggHcMG98DGidvPx2lx6f1jUctmu4bgCOCXow
JmC3Navjws1ki32t3AYO18VLzTdJnnoUZsMgKIZjrmTYq1SYEbZF7YkHpFKyD2P/
1GgBCQIQznxhAwr2Y1EfOOIurUCAFioUkb00NYurpRtXkwlq6zXj+g3mqy4oIxwE
G8PWC0Gd5DDf3vgY8gu+yIPdQYVtPEmcgdVAuf2URXeZzOYkYdME9aHjmOkZZLgl
q+rcko9nXtgqfQ==
=a7Tl
-----END PGP MESSAGE-----
fp: 6CD375BD0741F67E5A289BC333A01CBE0554C763
- created_at: "2024-07-19T10:09:12Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4Dub78fMESoMASAQdAn4gu062b6uphH7aptsB+qJsJvw5j1jeEijaiN3g3HCEw
7efyFGEXz5Jr3QBkvA86zzzw4uaj6s8jcpGkygPgVxkid+wNPNE7Od2GxwsQ7Rzs
1GgBCQIQznKTHLTufQbnTxtYWdZ7Vd7d90/hl9ZkGRXCq5llvppaYkuO+RO3HeW1
Z4hAPFKrvOjNctb/Puh9kbmQ2g02KFdzs1xUvq3+Ma6gI+WeefV/R/VewAVve8+2
G/CwY+iDECvL1A==
=QVmD
-----END PGP MESSAGE-----
fp: 0C8AF4B4320A511384DF6B5BB9BEFC7CC112A0C0
- created_at: "2024-07-19T10:09:12Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DLHeEFiC484ASAQdAwLuRB1t778hUtgsjaQisVwMhBudnSIOtrBFehLU5Smow
AA29mIR2539iMz/Qkdjoumj3IIKGu6a/fBeu0eLUcZqSt5PtpMKMDnF47HeRv/QQ
1GgBCQIQGjEJcIaQyjBPuHyxUNryt6M72ed5eKsnsHBhe+xmwc8AFliP2rt/kZOn
yJGjhMrFAib5i8rRDQiW+HlDHKZeGxsX3yLGdOSI9KfIFvawcYV8pxDFzIca/3X1
TcVFed7B2BUIow==
=6bPt
-----END PGP MESSAGE-----
fp: 403215E0F99D2582C7055C512C77841620B8F380
- created_at: "2024-07-19T10:09:12Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA+i3LVLDqjnuARAArF6aiDcKtyilbZXdBga+6nAqwBdpeYfXlnTMUztFLRYs
cSSe2HKu6J9G1oMqpZuNcGLUXgrdKk8PO3YmivWcPubQ0ruiorgzmSnXDhYvij7+
b9b3dSWXwe82sdCVlSQZRNeapeb1hW8wcrKSoFDUYyIl3HdlxFcB1Y7hKe3XpzAy
UMxgZ8B+Ne1JOHZw97YhZmr834F7/i4vCUv/US+dGd5Fl4a3bX/8ft43T0uj5JWW
PsbjZa2LIuV6dhXu8URraQHj24Z2xM/PSSmm277MzFiXVT/0jWHe38iXLxsp7/KV
hFYqbH49P7gTC7GWJ0xHJaICWXR9WJKSttc5ue8sMkf4rj3C/ULmxS7uKbUn4FgD
Po4XCOSanZZZos4Tz/KxExLjDioJbCBUSBVQUP07RRDyVjIEe4GlOG7QCVgqty6U
LJk7sQLgFOsCgaMGuA5u5hulWx7YDHqaZxKwWZ4ME8huoP2F7L4HzoWJGK33chCR
1t+p/cnflcz459bSGmDMjprZAtD2XFD08/GbDqS7rotPy0h+dnbT7TnvHrFFGjd2
Qw8SIytL0D0KcqKOIXztwtt30RqTMp3CnV22NasGJsbhshAV3zVheI/8dA6UuB4r
kltGrz+O+Z7HMwuYKKTUzz3C29VJYYhPlf4uq3kF+JJZC6ZQUNAoD5rgVDeZDyDS
WAEqbel5S7ImX3oAsIF21iI11jsbWHS1/PjHdsBQdSeBzVXooiRfVa/e4ixgk8S1
tbJl8GcvK4vdDxW689A86w7DoquocXRzJIYsKB/GVfsrTlTofAwPjHY=
=bQn7
-----END PGP MESSAGE-----
fp: 20e376b89b30327fb82f12e8e8b72d52c3aa39ee
unencrypted_suffix: _unencrypted
version: 3.8.1

View file

@ -85,4 +85,9 @@ in
targetHost = "koyomi.sbruder.de"; targetHost = "koyomi.sbruder.de";
}; };
ci-runner = {
system = "x86_64-linux";
targetHost = "ci-runner.sbruder.de";
};
} }