Øystein Tveit
edb448f7a0
All checks were successful
Eval nix flake / evals (push) Successful in 4m22s
42 lines
1.2 KiB
Nix
42 lines
1.2 KiB
Nix
{ config, lib, values, ... }:
|
|
let
|
|
mkRunner = name: {
|
|
# This is unfortunately state, and has to be generated one at a time :(
|
|
# To do that, comment out all except one of the runners, fill in its token
|
|
# inside the sops file, rebuild the system, and only after this runner has
|
|
# successfully registered will gitea give you the next token.
|
|
# - oysteikt Sep 2023
|
|
sops.secrets."gitea/runners/${name}".restartUnits = [
|
|
"gitea-runner-${name}.service"
|
|
];
|
|
|
|
services.gitea-actions-runner.instances = {
|
|
${name} = {
|
|
enable = true;
|
|
name = "git-runner-${name}"; url = "https://git.pvv.ntnu.no";
|
|
labels = [
|
|
"debian-latest:docker://node:current-bookworm"
|
|
"ubuntu-latest:docker://node:current-bookworm"
|
|
];
|
|
tokenFile = config.sops.secrets."gitea/runners/${name}".path;
|
|
};
|
|
};
|
|
};
|
|
in
|
|
lib.mkMerge [
|
|
(mkRunner "alpha")
|
|
(mkRunner "beta")
|
|
(mkRunner "epsilon")
|
|
{
|
|
virtualisation.podman = {
|
|
enable = true;
|
|
defaultNetwork.settings.dns_enabled = true;
|
|
autoPrune.enable = true;
|
|
};
|
|
|
|
networking.dhcpcd.IPv6rs = false;
|
|
|
|
networking.firewall.interfaces."podman+".allowedUDPPorts = [53 5353];
|
|
}
|
|
]
|