feat: add another gitea runner
This commit is contained in:
@@ -1,8 +1,72 @@
|
|||||||
{ nixpkgs, pkgs, ... }: let
|
{ lib, nixpkgs, pkgs, ... }: let
|
||||||
hostname = "git-02";
|
# hostname = "git-02";
|
||||||
json = pkgs.formats.json { };
|
# json = pkgs.formats.json { };
|
||||||
|
runners = ["git-runner-1" "git-runner-2"];
|
||||||
|
indexedRunners = lib.lists.imap1 (i: v: { name=v; value=i; }) runners;
|
||||||
in {
|
in {
|
||||||
microvm.vms = {
|
microvm.vms = lib.mapAttrs (runner: idx: {
|
||||||
|
config = {
|
||||||
|
microvm = {
|
||||||
|
mem = 4048;
|
||||||
|
shares = [
|
||||||
|
{
|
||||||
|
source = "/nix/store";
|
||||||
|
mountPoint = "/nix/.ro-store";
|
||||||
|
tag = "ro-store";
|
||||||
|
proto = "virtiofs";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
source = "/run/secrets";
|
||||||
|
mountPoint = "/run/secrets";
|
||||||
|
tag = "ro-token";
|
||||||
|
proto = "virtiofs";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
volumes = [
|
||||||
|
{
|
||||||
|
image = "rootfs.img";
|
||||||
|
mountPoint = "/";
|
||||||
|
size = 51200;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
interfaces = [
|
||||||
|
{
|
||||||
|
type = "tap";
|
||||||
|
id = "vm-${runner}";
|
||||||
|
mac = "02:00:00:00:00:0${toString idx}";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.hostName = runner;
|
||||||
|
|
||||||
|
virtualisation.podman.enable = true;
|
||||||
|
|
||||||
|
services.gitea-actions-runner.instances.${runner} = {
|
||||||
|
enable = true;
|
||||||
|
url = "https://git.cloonar.com";
|
||||||
|
name = runner;
|
||||||
|
tokenFile = "/run/secrets/gitea-runner-token";
|
||||||
|
labels = [
|
||||||
|
"ubuntu-latest:docker://shivammathur/node:latest"
|
||||||
|
];
|
||||||
|
settings = {
|
||||||
|
container = {
|
||||||
|
network = "podman";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.openssh.enable = true;
|
||||||
|
users.users.root.openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7"
|
||||||
|
];
|
||||||
|
|
||||||
|
system.stateVersion = "22.05";
|
||||||
|
};
|
||||||
|
}) (lib.listToAttrs (lib.lists.imap1 (i: v: { name=v; value=i; }) runners));
|
||||||
|
|
||||||
|
# microvm.vms = {
|
||||||
# gitea = {
|
# gitea = {
|
||||||
# config = {
|
# config = {
|
||||||
# microvm = {
|
# microvm = {
|
||||||
@@ -89,74 +153,74 @@ in {
|
|||||||
# system.stateVersion = "22.05";
|
# system.stateVersion = "22.05";
|
||||||
# };
|
# };
|
||||||
# };
|
# };
|
||||||
|
#
|
||||||
gitea-runner = {
|
# gitea-runner-1 = {
|
||||||
config = {
|
# config = {
|
||||||
microvm = {
|
# microvm = {
|
||||||
mem = 12288;
|
# mem = 4048;
|
||||||
shares = [
|
# shares = [
|
||||||
{
|
# {
|
||||||
source = "/nix/store";
|
# source = "/nix/store";
|
||||||
mountPoint = "/nix/.ro-store";
|
# mountPoint = "/nix/.ro-store";
|
||||||
tag = "ro-store";
|
# tag = "ro-store";
|
||||||
proto = "virtiofs";
|
# proto = "virtiofs";
|
||||||
}
|
# }
|
||||||
{
|
# {
|
||||||
source = "/run/secrets";
|
# source = "/run/secrets";
|
||||||
mountPoint = "/run/secrets";
|
# mountPoint = "/run/secrets";
|
||||||
tag = "ro-token";
|
# tag = "ro-token";
|
||||||
proto = "virtiofs";
|
# proto = "virtiofs";
|
||||||
}
|
# }
|
||||||
];
|
# ];
|
||||||
volumes = [
|
# volumes = [
|
||||||
{
|
# {
|
||||||
image = "rootfs.img";
|
# image = "rootfs.img";
|
||||||
mountPoint = "/";
|
# mountPoint = "/";
|
||||||
size = 102400;
|
# size = 102400;
|
||||||
}
|
# }
|
||||||
];
|
# ];
|
||||||
interfaces = [
|
# interfaces = [
|
||||||
{
|
# {
|
||||||
type = "tap";
|
# type = "tap";
|
||||||
id = "vm-gitea-runner";
|
# id = "vm-gitea-runner-1";
|
||||||
mac = "02:00:00:00:00:02";
|
# mac = "02:00:00:00:00:02";
|
||||||
}
|
# }
|
||||||
];
|
# ];
|
||||||
};
|
# };
|
||||||
|
#
|
||||||
environment.systemPackages = with pkgs; [
|
# environment.systemPackages = with pkgs; [
|
||||||
vim # my preferred editor
|
# vim # my preferred editor
|
||||||
];
|
# ];
|
||||||
|
#
|
||||||
networking.hostName = "gitea-runner";
|
# networking.hostName = "gitea-runner";
|
||||||
|
#
|
||||||
virtualisation.podman.enable = true;
|
# virtualisation.podman.enable = true;
|
||||||
|
#
|
||||||
services.gitea-actions-runner.instances.vm = {
|
# services.gitea-actions-runner.instances.vm = {
|
||||||
enable = true;
|
# enable = true;
|
||||||
url = "https://git.cloonar.com";
|
# url = "https://git.cloonar.com";
|
||||||
name = "vm";
|
# name = "vm";
|
||||||
tokenFile = "/run/secrets/gitea-runner-token";
|
# tokenFile = "/run/secrets/gitea-runner-token";
|
||||||
labels = [
|
# labels = [
|
||||||
"ubuntu-latest:docker://shivammathur/node:latest"
|
# "ubuntu-latest:docker://shivammathur/node:latest"
|
||||||
];
|
# ];
|
||||||
settings = {
|
# settings = {
|
||||||
container = {
|
# container = {
|
||||||
network = "podman";
|
# network = "podman";
|
||||||
};
|
# };
|
||||||
};
|
# };
|
||||||
};
|
# };
|
||||||
|
#
|
||||||
services.openssh.enable = true;
|
# services.openssh.enable = true;
|
||||||
users.users.root.openssh.authorizedKeys.keys = [
|
# users.users.root.openssh.authorizedKeys.keys = [
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7"
|
# "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7"
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRQuPqH5fdX3KEw7DXzWEdO3AlUn1oSmtJtHB71ICoH Generated By Termius"
|
# "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRQuPqH5fdX3KEw7DXzWEdO3AlUn1oSmtJtHB71ICoH Generated By Termius"
|
||||||
];
|
# ];
|
||||||
|
#
|
||||||
system.stateVersion = "22.05";
|
# system.stateVersion = "22.05";
|
||||||
};
|
# };
|
||||||
};
|
# };
|
||||||
};
|
# };
|
||||||
|
|
||||||
sops.secrets.gitea-runner-token = {};
|
sops.secrets.gitea-runner-token = {};
|
||||||
|
|
||||||
|
|||||||
@@ -92,6 +92,7 @@ in
|
|||||||
DISABLE_REGISTRATION = false;
|
DISABLE_REGISTRATION = false;
|
||||||
ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
|
ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
|
||||||
SHOW_REGISTRATION_BUTTON = false;
|
SHOW_REGISTRATION_BUTTON = false;
|
||||||
|
ENABLE_NOTIFY_MAIL = true;
|
||||||
};
|
};
|
||||||
mailer = {
|
mailer = {
|
||||||
ENABLED = true;
|
ENABLED = true;
|
||||||
|
|||||||
@@ -4,11 +4,13 @@
|
|||||||
gitea = 10002;
|
gitea = 10002;
|
||||||
gitea-runner = 10003;
|
gitea-runner = 10003;
|
||||||
podman = 10004;
|
podman = 10004;
|
||||||
|
foundry-vtt = 10005;
|
||||||
};
|
};
|
||||||
gids = {
|
gids = {
|
||||||
unbound = 10001;
|
unbound = 10001;
|
||||||
gitea = 10002;
|
gitea = 10002;
|
||||||
gitea-runner = 10003;
|
gitea-runner = 10003;
|
||||||
podman = 10004;
|
podman = 10004;
|
||||||
|
foundry-vtt = 10005;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -111,6 +111,9 @@ let
|
|||||||
|
|
||||||
"\"web.hilgenberg-gmbh.de IN A 91.107.197.169\""
|
"\"web.hilgenberg-gmbh.de IN A 91.107.197.169\""
|
||||||
|
|
||||||
|
# gaming
|
||||||
|
"\"foundry-vtt.cloonar.com IN A 10.42.97.5\""
|
||||||
|
|
||||||
"\"deconz.cloonar.multimedia IN A 10.42.97.22\""
|
"\"deconz.cloonar.multimedia IN A 10.42.97.22\""
|
||||||
"\"metz.cloonar.multimedia IN A 10.42.99.10\""
|
"\"metz.cloonar.multimedia IN A 10.42.99.10\""
|
||||||
# "\"ps5.cloonar.multimedia IN A 10.42.99.12\""
|
# "\"ps5.cloonar.multimedia IN A 10.42.99.12\""
|
||||||
@@ -270,12 +273,12 @@ in {
|
|||||||
do
|
do
|
||||||
if echo "''\${1}" | grep -Eq '.*\.(cloonar.com|cloonar.multimedia|cloonar.smart)'; then
|
if echo "''\${1}" | grep -Eq '.*\.(cloonar.com|cloonar.multimedia|cloonar.smart)'; then
|
||||||
echo ''\${hostname} ''\$2 ''\${address}
|
echo ''\${hostname} ''\$2 ''\${address}
|
||||||
unbound-control local_data ''\${hostname} ''\$2 ''\${address}
|
unbound-control local_data ''\${hostname} ''\$2 ''\${address} > /dev/null 2>&1
|
||||||
if [[ "''\$2" == "A" ]] ; then
|
if [[ "''\$2" == "A" ]] ; then
|
||||||
echo ''\${address} | while IFS=. read -r ip0 ip1 ip2 ip3
|
echo ''\${address} | while IFS=. read -r ip0 ip1 ip2 ip3
|
||||||
do
|
do
|
||||||
unbound-control local_data ''\${ip3}.''\${ip2}.''\${ip1}.''\${ip0}.ip4.arpa. PTR ''\${hostname}
|
unbound-control local_data ''\${ip3}.''\${ip2}.''\${ip1}.''\${ip0}.ip4.arpa. PTR ''\${hostname} > /dev/null 2>&1
|
||||||
unbound-control local_data ''\${ip3}.''\${ip2}.''\${ip1}.''\${ip0}.in-addr.arpa. PTR ''\${hostname}
|
unbound-control local_data ''\${ip3}.''\${ip2}.''\${ip1}.''\${ip0}.in-addr.arpa. PTR ''\${hostname} > /dev/null 2>&1
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
@@ -291,14 +294,14 @@ in {
|
|||||||
domain=cloonar.smart
|
domain=cloonar.smart
|
||||||
fi
|
fi
|
||||||
if [[ "''\${hostname}" != *. ]]; then
|
if [[ "''\${hostname}" != *. ]]; then
|
||||||
unbound-control local_data ''\${hostname}.''\${domain} ''\$2 ''\${address}
|
unbound-control local_data ''\${hostname}.''\${domain} ''\$2 ''\${address} > /dev/null 2>&1
|
||||||
else
|
else
|
||||||
unbound-control local_data ''\${hostname}''\${domain} ''\$2 ''\${address}
|
unbound-control local_data ''\${hostname}''\${domain} ''\$2 ''\${address} > /dev/null 2>&1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
fi
|
fi
|
||||||
unbound-control local_data ''\${ip3}.''\${ip2}.''\${ip1}.''\${ip0}.ip4.arpa. PTR ''\${hostname}
|
unbound-control local_data ''\${ip3}.''\${ip2}.''\${ip1}.''\${ip0}.ip4.arpa. PTR ''\${hostname} > /dev/null 2>&1
|
||||||
unbound-control local_data ''\${ip3}.''\${ip2}.''\${ip1}.''\${ip0}.in-addr.arpa. PTR ''\${hostname}
|
unbound-control local_data ''\${ip3}.''\${ip2}.''\${ip1}.''\${ip0}.in-addr.arpa. PTR ''\${hostname} > /dev/null 2>&1
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|||||||
Reference in New Issue
Block a user