From bb8e720ddf20731781b6bf44c76c0044d59e2312 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Sat, 31 Jan 2026 15:04:35 +0100 Subject: [PATCH] feat: fw add forgejo runner --- hosts/fw/configuration.nix | 3 +- hosts/fw/modules/forgejo-runner.nix | 87 +++++++++++++++++++++++++++++ 2 files changed, 89 insertions(+), 1 deletion(-) create mode 100644 hosts/fw/modules/forgejo-runner.nix diff --git a/hosts/fw/configuration.nix b/hosts/fw/configuration.nix index 38a3669..f41b36c 100644 --- a/hosts/fw/configuration.nix +++ b/hosts/fw/configuration.nix @@ -33,6 +33,7 @@ # microvm ./modules/microvm.nix ./modules/gitea-vm.nix + ./modules/forgejo-runner.nix # ./modules/vscode-server.nix # Add VS Code Server microvm ./modules/ai-mailer.nix @@ -79,7 +80,7 @@ networkPrefix = "10.42"; # Systemd services to monitor - services.victoriametrics.monitoredServices = [ "ai-mailer" "container@git" "microvm@git-runner-" ]; + services.victoriametrics.monitoredServices = [ "ai-mailer" "container@git" "microvm@git-runner-" "microvm@fj-runner-" ]; nixpkgs.overlays = [ (import ./utils/overlays/packages.nix) diff --git a/hosts/fw/modules/forgejo-runner.nix b/hosts/fw/modules/forgejo-runner.nix new file mode 100644 index 0000000..06befd1 --- /dev/null +++ b/hosts/fw/modules/forgejo-runner.nix @@ -0,0 +1,87 @@ +{ config, lib, pkgs, ... }: let + # Short names to fit Linux interface name limit (15 chars for vm-fj-runner-1) + runners = ["fj-runner-1" "fj-runner-2"]; + # Offset by 5 to avoid conflicts with Gitea runners (01-02) + runnerOffset = 5; +in { + microvm.vms = lib.mapAttrs (runner: idx: { + config = { + microvm = { + mem = 8096; + shares = [ + { + source = "/nix/store"; + mountPoint = "/nix/.ro-store"; + tag = "ro-store"; + proto = "virtiofs"; + } + { + source = "/run/secrets"; + mountPoint = "/run/secrets"; + tag = "ro-token"; + proto = "virtiofs"; + } + ]; + volumes = [ + { + image = "rootfs.img"; + mountPoint = "/"; + size = 51200; + } + ]; + interfaces = [ + { + type = "tap"; + id = "vm-${runner}"; + mac = "02:00:00:00:00:0${toString (idx + runnerOffset)}"; + } + ]; + }; + + systemd.network.networks."10-lan" = { + matchConfig.PermanentMACAddress = "02:00:00:00:00:0${toString (idx + runnerOffset)}"; + address = [ "${config.networkPrefix}.97.5${toString (idx + runnerOffset)}/24" ]; + gateway = [ "${config.networkPrefix}.97.1" ]; + dns = [ "${config.networkPrefix}.97.1" ]; + }; + + networking.hostName = runner; + + virtualisation.podman.enable = true; + + services.gitea-actions-runner.instances.${runner} = { + enable = true; + url = "https://forgejo.cloonar.com"; + name = runner; + tokenFile = "/run/secrets/forgejo-runner-token"; + labels = [ + "ubuntu-latest:docker://git.cloonar.com/infrastructure/gitea-runner:1.0.0" + ]; + settings = { + container = { + network = "podman"; + }; + cache = { + enabled = true; + host = "${config.networkPrefix}.97.5${toString (idx + runnerOffset)}"; + port = 8088; + }; + }; + }; + + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7" + ]; + + networking.firewall = { + enable = true; + allowedTCPPorts = [ 8088 ]; + }; + + system.stateVersion = "22.05"; + }; + }) (lib.listToAttrs (lib.lists.imap1 (i: v: { name=v; value=i; }) runners)); + + sops.secrets.forgejo-runner-token = {}; +}