52 lines
1.6 KiB
Nix
52 lines
1.6 KiB
Nix
{ pkgs, config, ... }: {
|
|
virtualisation = {
|
|
containers.enable = true;
|
|
podman = {
|
|
enable = true;
|
|
dockerCompat = true;
|
|
dockerSocket.enable = true;
|
|
defaultNetwork.settings.dns_enabled = true;
|
|
autoPrune.enable = true;
|
|
};
|
|
};
|
|
|
|
networking.firewall.trustedInterfaces = [
|
|
"podman*"
|
|
];
|
|
networking.firewall.interfaces."podman*".allowedUDPPorts = [ 53 ];
|
|
|
|
users.users.gitea-runner.isSystemUser = true;
|
|
users.users.gitea-runner.group = "gitea-runner";
|
|
users.groups.gitea-runner = {};
|
|
|
|
services.gitea-actions-runner = {
|
|
package = pkgs.forgejo-runner;
|
|
instances = {
|
|
ptigoron = {
|
|
enable = true;
|
|
name = "ptigoron";
|
|
url = "https://git.minish.link";
|
|
# Obtaining the path to the runner token file may differ
|
|
# tokenFile should be in format TOKEN=<secret>, since it's EnvironmentFile for systemd
|
|
tokenFile = config.age.secrets.ptigoron-token.path;
|
|
labels = [
|
|
"fedora-rawhide:docker://quay.io/fedora/fedora:rawhide"
|
|
"fedora-latest:docker://quay.io/fedora/fedora:latest"
|
|
"ubuntu-rolling:docker://ubuntu:rolling"
|
|
"ubuntu-latest:docker://ubuntu:latest"
|
|
"nixos-latest:docker://nixos/nix"
|
|
## optionally provide native execution on the host:
|
|
# "native:host"
|
|
];
|
|
};
|
|
};
|
|
};
|
|
|
|
systemd.services.gitea-runner-ptigoron.after = [ "forgejo.service" ];
|
|
|
|
age.secrets.ptigoron-token = {
|
|
file = ../../../secrets/zora/services/ptigoron-token.age;
|
|
owner = "gitea-runner";
|
|
group = "gitea-runner";
|
|
};
|
|
}
|