tsuki/gitea-runners: init

2024-06-09 15:25:47 +02:00 · 2024-06-09 15:25:47 +02:00 · 37a43a2bd9
parent 4af33b066d
commit 37a43a2bd9
3 changed files with 36 additions and 2 deletions
--- a/hosts/tsuki/configuration.nix
+++ b/hosts/tsuki/configuration.nix
@ -8,6 +8,7 @@
    ./services/atuin.nix
    ./services/borg.nix
    ./services/gitea
+    ./services/gitea-runners.nix
    ./services/grafana
    ./services/headscale.nix
    ./services/hedgedoc.nix
--- a/hosts/tsuki/services/gitea-runners.nix
+++ b/hosts/tsuki/services/gitea-runners.nix
@ -0,0 +1,29 @@
+{ config, pkgs, lib, ... }:
+{
+  virtualisation.podman.enable = true;
+  virtualisation.podman.autoPrune.enable = true;
+  networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 5353 ];
+
+  sops.secrets."gitea/runners/ping".restartUnits = [ "gitea-runner-ping.service" ];
+  sops.secrets."gitea/runners/pong".restartUnits = [ "gitea-runner-pong.service" ];
+
+  services.gitea-actions-runner.instances = let
+    mkRunner = name: {
+      ${name} = {
+        enable = true;
+        name = "git-runner-${name}";
+        url = "https://git.pvv.ntnu.no";
+        labels = [
+	        "debian-latest:docker://node:latest"
+	        "ubuntu-latest:docker://node:latest"
+	        "debian-latest-personal:docker://node:latest"
+	        "ubuntu-latest-personal:docker://node:latest"
+	      ];
+        tokenFile = config.sops.secrets."gitea/runners/${name}".path;
+      };
+    };
+  in lib.foldl (a: b: a // b) { } [
+    (mkRunner "ping")
+    (mkRunner "pong")
+  ];
+}
--- a/secrets/default.yaml
+++ b/secrets/default.yaml
@ -1,6 +1,10 @@
 github:
    tokens:
        prometheus_exporter: ENC[AES256_GCM,data:Uybn/X2kgRKrtoLfgOYU/vR9PS/9JTX4MVuXJBCq2ZH5O2O1W5wfUg==,iv:8Q/kKd3r6G70wU4eLtqpf1obWeErNv5mNrpOQxB6tl8=,tag:PrCMzieirVaCbUT94iVKbg==,type:str]
+gitea:
+    runners:
+        ping: ENC[AES256_GCM,data:DRyw59+KE0n/qEr+Az7r8ulZr3dk1u6hVT1SVqKywW4DgtUr1eLj7DGOXvHxug==,iv:W49dNY/V+6KPuQeN5rdWw6Ed+w/oOy9ey+hRRz7Oxdc=,tag:ILzIKgvLs+8RVpHsSuMHrA==,type:str]
+        pong: ENC[AES256_GCM,data:VwpNj/FRSkc5/s6aZPaiBwIaj9VBfp6wcnDFkWmTWC6xRWevMUYKv3jHPhD/ZA==,iv:0uVgjmrF4jIa+Eg3Gofb+2eFa1MdZHb9eR4BcWBpkeQ=,tag:YsXjKqeksU9JcXl+5REXFQ==,type:str]
 jupyter:
    password: ENC[AES256_GCM,data:mm0EHzhK9AqErfsoWWJ5+3ym+VXgEcZ+qadTy3f+NtA=,iv:ntGxklA5oDbGbo3j3ffbAvzGE4c9Ay/SfCWdA6bqzP4=,tag:KG1luMcSjBFm0LVKnoTvGA==,type:str]
 grafana:
@ -70,8 +74,8 @@ sops:
            cElPYm5qK2lkTWZ1UGd6TU1NV2h4OTgK8Ecv58Ybnc6iYMjtSKTT1fYbNf4yyFgX
            rjQ2sU8Rqc04MqixnAkF2zSDaaJ0vqwf22MvbO3bYhpqOHwiTMbRLg==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-01-23T05:31:44Z"
-    mac: ENC[AES256_GCM,data:BmSIU2VYYhetuQ5ooBr8y+YSTJnUoglGaVfOzW+Hx+qNDDR+PHHoOSHnciuQonMjQz1KX4lBmxAYKyeOi7ZjyZe7kYYPMcOkHZjYk+GihXJ2ncCnK+dyoPVMGfe2oR38cnilI8YcczuQDGLfkuBT08lSbzV+LMtTQXBQoOlgmM0=,iv:2Uflf2ShABEImYjqRQ5piuB5Y5kJ7IIME/8zdmewgBI=,tag:thuF8OWuAs5t8mNpKmVK7w==,type:str]
+    lastmodified: "2024-04-29T23:29:34Z"
+    mac: ENC[AES256_GCM,data:LWQjZvheJai3q8ASsN4l3LlbKjWB8/4z4si74D/aly6UIoUEJ8ALsUvWCWb64UCGHOfUfXjFPs5NaoTXcbXpATrl3tN0/hur6fdrHc4n96TpFGTtEj5Dy+SsNg2+oMJV3r5XAMIPhlDD9ZhUb2kyhhema063V3oY1ni7e5d/Kxg=,iv:hzH/JDU5WN5haGpv41jnziPZuXS/CQyGFq4N6Zcg55I=,tag:Q9ujo2azvDyyyTHNnLHQgw==,type:str]
    pgp:
        - created_at: "2023-05-08T00:49:52Z"
          enc: |