WIP: ci-runner: Init

2024-07-19 11:50:11 +02:00 · 2024-07-19 11:50:11 +02:00 · bdb1e45173
parent 900d7fac74
commit bdb1e45173
4 changed files with 124 additions and 0 deletions
--- a/machines/ci-runner/README.md
+++ b/machines/ci-runner/README.md
@ -0,0 +1,15 @@
+<!--
+SPDX-FileCopyrightText: 2024 Simon Bruder <simon@sbruder.de>
+
+SPDX-License-Identifier: CC-BY-SA-4.0
+-->
+
+# ci-runner
+
+## Hardware
+
+QEMU/KVM virtual machine on [koyomi](../koyomi/README.md).
+
+## Purpose
+
+It will serve as a CI runner for Forgejo.
--- a/machines/ci-runner/configuration.nix
+++ b/machines/ci-runner/configuration.nix
@ -0,0 +1,31 @@
+# SPDX-FileCopyrightText: 2024 Simon Bruder <simon@sbruder.de>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+{ pkgs, ... }:
+
+{
+  imports = [
+    ./hardware-configuration.nix
+    ../../modules
+  ];
+
+  sbruder = {
+    full = false;
+    #wireguard.home.enable = true;
+  };
+
+  networking.hostName = "ci-runner";
+
+  system.stateVersion = "24.05";
+
+  #services.gitea-actions-runner = {
+  #  package = pkgs.forgejo-runner;
+  #  instances = {
+  #    personal = {
+  #      enable = true;
+  #      url = "https://git.sbruder.de";
+  #    };
+  #  };
+  #};
+}
--- a/machines/ci-runner/hardware-configuration.nix
+++ b/machines/ci-runner/hardware-configuration.nix
@ -0,0 +1,73 @@
+# SPDX-FileCopyrightText: 2024 Simon Bruder <simon@sbruder.de>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+{ lib, modulesPath, ... }:
+
+{
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+  ];
+
+  sbruder.machine.isVm = true;
+
+  boot = {
+    kernelModules = [ ];
+    extraModulePackages = [ ];
+    kernelParams = [ "ip=dhcp" ];
+    initrd = {
+      availableKernelModules = [ "aesni_intel" "ahci" "sd_mod" "sr_mod" "virtio_net" "virtio_pci" "xhci_pci" ];
+      kernelModules = [ ];
+      network = {
+        enable = true; # remote unlocking
+        # For some reason, the DHCP server does not transmit the static route to the gateway in a form udhcpc understands.
+        # This works around this, but is arguably quite hacky.
+        postCommands = ''
+          ip route add 85.215.73.1 dev eth0
+          ip route add default via 85.215.73.1 dev eth0
+        '';
+      };
+      luks.devices."root".device = "/dev/disk/by-uuid/d166ff83-dcc6-4700-95b5-bffae202d985";
+    };
+    loader.grub.device = "/dev/vda";
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-uuid/3c91488f-0505-4df6-bf76-96a539dcc27a";
+      fsType = "btrfs";
+      options = [ "compress=zstd" "discard" "noatime" "ssd" ]; # for some reason, the kernel assumes rotational
+    };
+    "/boot" = {
+      device = "/dev/disk/by-uuid/f271b335-9174-47a9-bcca-04ce59ce5708";
+      fsType = "ext2";
+    };
+  };
+
+  swapDevices = [
+    {
+      device = "/dev/disk/by-partuuid/5edbf393-b83e-4d3f-82d1-f07870df40ed";
+      randomEncryption.enable = true;
+    }
+  ];
+
+  zramSwap = {
+    enable = true;
+    memoryPercent = 150;
+  };
+
+  networking = {
+    useDHCP = false;
+    usePredictableInterfaceNames = false;
+  };
+  systemd.network = {
+    enable = true;
+    networks = {
+      eth0 = {
+        name = "eth0";
+        DHCP = "yes";
+        domains = [ "sbruder.de" ];
+      };
+    };
+  };
+}
--- a/machines/default.nix
+++ b/machines/default.nix
@ -85,4 +85,9 @@ in

    targetHost = "koyomi.sbruder.de";
  };
+  ci-runner = {
+    system = "x86_64-linux";
+
+    targetHost = "ci-runner.sbruder.de";
+  };
 }