From bdb1e45173e58dc58685545af5a01235f83b7be6 Mon Sep 17 00:00:00 2001 From: Simon Bruder Date: Fri, 19 Jul 2024 11:50:11 +0200 Subject: [PATCH] WIP: ci-runner: Init --- machines/ci-runner/README.md | 15 ++++ machines/ci-runner/configuration.nix | 31 ++++++++ machines/ci-runner/hardware-configuration.nix | 73 +++++++++++++++++++ machines/default.nix | 5 ++ 4 files changed, 124 insertions(+) create mode 100644 machines/ci-runner/README.md create mode 100644 machines/ci-runner/configuration.nix create mode 100644 machines/ci-runner/hardware-configuration.nix diff --git a/machines/ci-runner/README.md b/machines/ci-runner/README.md new file mode 100644 index 0000000..70e8f30 --- /dev/null +++ b/machines/ci-runner/README.md @@ -0,0 +1,15 @@ + + +# ci-runner + +## Hardware + +QEMU/KVM virtual machine on [koyomi](../koyomi/README.md). + +## Purpose + +It will serve as a CI runner for Forgejo. diff --git a/machines/ci-runner/configuration.nix b/machines/ci-runner/configuration.nix new file mode 100644 index 0000000..592a6aa --- /dev/null +++ b/machines/ci-runner/configuration.nix @@ -0,0 +1,31 @@ +# SPDX-FileCopyrightText: 2024 Simon Bruder +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +{ pkgs, ... }: + +{ + imports = [ + ./hardware-configuration.nix + ../../modules + ]; + + sbruder = { + full = false; + #wireguard.home.enable = true; + }; + + networking.hostName = "ci-runner"; + + system.stateVersion = "24.05"; + + #services.gitea-actions-runner = { + # package = pkgs.forgejo-runner; + # instances = { + # personal = { + # enable = true; + # url = "https://git.sbruder.de"; + # }; + # }; + #}; +} diff --git a/machines/ci-runner/hardware-configuration.nix b/machines/ci-runner/hardware-configuration.nix new file mode 100644 index 0000000..a5db70a --- /dev/null +++ b/machines/ci-runner/hardware-configuration.nix @@ -0,0 +1,73 @@ +# SPDX-FileCopyrightText: 2024 Simon Bruder +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +{ lib, modulesPath, ... }: + +{ + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + sbruder.machine.isVm = true; + + boot = { + kernelModules = [ ]; + extraModulePackages = [ ]; + kernelParams = [ "ip=dhcp" ]; + initrd = { + availableKernelModules = [ "aesni_intel" "ahci" "sd_mod" "sr_mod" "virtio_net" "virtio_pci" "xhci_pci" ]; + kernelModules = [ ]; + network = { + enable = true; # remote unlocking + # For some reason, the DHCP server does not transmit the static route to the gateway in a form udhcpc understands. + # This works around this, but is arguably quite hacky. + postCommands = '' + ip route add 85.215.73.1 dev eth0 + ip route add default via 85.215.73.1 dev eth0 + ''; + }; + luks.devices."root".device = "/dev/disk/by-uuid/d166ff83-dcc6-4700-95b5-bffae202d985"; + }; + loader.grub.device = "/dev/vda"; + }; + + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/3c91488f-0505-4df6-bf76-96a539dcc27a"; + fsType = "btrfs"; + options = [ "compress=zstd" "discard" "noatime" "ssd" ]; # for some reason, the kernel assumes rotational + }; + "/boot" = { + device = "/dev/disk/by-uuid/f271b335-9174-47a9-bcca-04ce59ce5708"; + fsType = "ext2"; + }; + }; + + swapDevices = [ + { + device = "/dev/disk/by-partuuid/5edbf393-b83e-4d3f-82d1-f07870df40ed"; + randomEncryption.enable = true; + } + ]; + + zramSwap = { + enable = true; + memoryPercent = 150; + }; + + networking = { + useDHCP = false; + usePredictableInterfaceNames = false; + }; + systemd.network = { + enable = true; + networks = { + eth0 = { + name = "eth0"; + DHCP = "yes"; + domains = [ "sbruder.de" ]; + }; + }; + }; +} diff --git a/machines/default.nix b/machines/default.nix index c9ff626..af84020 100644 --- a/machines/default.nix +++ b/machines/default.nix @@ -85,4 +85,9 @@ in targetHost = "koyomi.sbruder.de"; }; + ci-runner = { + system = "x86_64-linux"; + + targetHost = "ci-runner.sbruder.de"; + }; }