Cloonar/nixos
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: Cloonar:439a580dfe45f5d2d2bdafb3e78dc35608691e07
Branches Tags
Cloonar:master
..
compare: Cloonar:27c85ff9d0cc7518f0bd00fd07e3b5962197cf01
Branches Tags
Cloonar:master

No commits in common. "439a580dfe45f5d2d2bdafb3e78dc35608691e07" and "27c85ff9d0cc7518f0bd00fd07e3b5962197cf01" have entirely different histories.
439a580dfe ... 27c85ff9d0

7 changed files with 9 additions and 132 deletions
Download patch file Download diff file Expand all files Collapse all files

44
hosts/fw/modules/gitea-runner-image-README.md
View file

@ -1,44 +0,0 @@
# Gitea Runner Docker Image
This directory contains the Dockerfile for the custom Gitea Actions runner image that includes additional dependencies needed for CI workflows.
## Included Tools
- **Base**: `shivammathur/node:latest` (includes Node.js and common development tools)
- **Chrome dependencies**: Full Puppeteer/Chromium dependencies for headless browser testing
- **webp**: WebP image format tools (`cwebp`, `dwebp`)
- **libavif-bin**: AVIF image format tools (`avifenc`, `avifdec`)
## Building the Image
```bash
cd hosts/fw/modules
docker build -f gitea-runner.Dockerfile -t git.cloonar.com/infrastructure/gitea-runner:latest .
```
## Pushing to Registry
First, authenticate with your Gitea container registry:
```bash
docker login git.cloonar.com
```
Then push the image:
```bash
docker push git.cloonar.com/infrastructure/gitea-runner:latest
```
## Using the Image
The image is already configured in `gitea-vm.nix` and will be used automatically by the Gitea Actions runners for jobs labeled with `ubuntu-latest`.
## Updating the Image
When you need to add new dependencies:
1. Edit `gitea-runner.Dockerfile`
2. Rebuild the image with the commands above
3. Push to the registry
4. Restart the runner VMs: `systemctl restart microvm@git-runner-1.service microvm@git-runner-2.service`

47
hosts/fw/modules/gitea-runner.Dockerfile
View file

@ -1,47 +0,0 @@
FROM shivammathur/node:latest
# Install Chrome dependencies for Puppeteer
RUN apt-get update && apt-get install -y \
ca-certificates \
fonts-liberation \
libappindicator3-1 \
libasound2t64 \
libatk-bridge2.0-0 \
libatk1.0-0 \
libc6 \
libcairo2 \
libcups2 \
libdbus-1-3 \
libexpat1 \
libfontconfig1 \
libgbm1 \
libgcc-s1 \
libglib2.0-0 \
libgtk-3-0 \
libnspr4 \
libnss3 \
libpango-1.0-0 \
libpangocairo-1.0-0 \
libstdc++6 \
libx11-6 \
libx11-xcb1 \
libxcb1 \
libxcomposite1 \
libxcursor1 \
libxdamage1 \
libxext6 \
libxfixes3 \
libxi6 \
libxrandr2 \
libxrender1 \
libxss1 \
libxtst6 \
lsb-release \
wget \
xdg-utils \
webp \
libavif-bin \
&& rm -rf /var/lib/apt/lists/*
# Verify installations
RUN cwebp -version && avifenc --version

3
hosts/fw/modules/gitea-vm.nix
View file

@ -55,8 +55,7 @@ in {
name = runner;
tokenFile = "/run/secrets/gitea-runner-token";
labels = [
# "ubuntu-latest:docker://shivammathur/node:latest"
"ubuntu-latest:docker://git.cloonar.com/infrastructure/gitea-runner:latest"
"ubuntu-latest:docker://shivammathur/node:latest"
];
settings = {
container = {

9
hosts/fw/modules/gitea.nix
View file

@ -70,9 +70,6 @@ in
sslCertificateKey = "/var/lib/acme/gitea/key.pem";
sslTrustedCertificate = "/var/lib/acme/gitea/chain.pem";
forceSSL = true;
extraConfig = ''
client_max_body_size 2048M;
'';
locations."/" = {
proxyPass = "http://localhost:3001/";
};
@ -112,12 +109,6 @@ in
USER = "gitea@cloonar.com";
};
actions.ENABLED=true;
attachment = {
MAX_SIZE = 2048; # 2GB in MB for general attachments
};
packages = {
ENABLED = true;
};
};
};

2
hosts/nb/users/dominik.nix
View file

@ -655,7 +655,7 @@ in
};
"tools.epicenter.works" = {
user = "root";
identityFile = "~/.ssh/epicenter_id_ed25519";
identityFile = "~/.ssh/epicenter.id_rsa";
};
"*.epicenter.works !tools.epicenter.works" = {
user = "dominik";

2
hosts/web-arm/sites/cloonar.com.nix
View file

@ -62,7 +62,7 @@ in {
#home = "/home/${domain}";
group = "nginx";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKKKJEgyfKyz5sf5GT0HYXiDmf36fnLe/exbXbRpsNJi"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC1CQqL1hQV3Lb6hqzDt2mgr0IasBRlIrdUCM+QibgKcU1VUWEJTo1nkcwgunnpUROtCQPRtlBZWwdqphKNrpMf3PkCPnjkcQC/2dGcFUXbkGq+5NaMnXpQnt7XAPyqxAT/9nCnXM9y3IBWjL9jN3C4l+yZHuMChi1a3q/6cNNH7WORkC1hq7MMyIvRCh6HDPwq1XCEj0w7O6m0iBmXIwiXyh3ly6ruWmkNQToPc1s2QuIE/w0yXoOF7Ubxtdf/GH2Yu0f+ztJrOveuiLlsNWx596lQwDlYa58ib0nPPtnFVf8od59F/UC8lOFtMsSY/d5ArOnqKjk6iWNaOh15WLr7wj9lrHJkiD+9fgXLyaaxVLt4NYGwyi7SZn7P1lHz6kjFr9UmRvfth6nGGoCvvfQZB8MAE0FhcTHb9fXC1m/NengWf40VQ8woZLZ4mRPWZBxrSnymgFiIvSYSqxnP3QNID4quaQ8sPyXYygbtt38qXAg/Ixyud0vgZN4H/rbW+DE="
];
};
users.groups.${domain} = {};

34
hosts/web-arm/sites/cloonar.dev.nix
View file

@ -14,42 +14,20 @@ in {
'';
locations."~* \.(jpe?g|png)$".extraConfig = ''
set $img_format Z;
# Check for AVIF support (highest priority)
if ($http_accept ~* "avif") {
set $img_format A;
}
if (-f $document_root/avif/$request_uri.avif) {
set $img_format "''${img_format}V";
}
# Serve AVIF if supported and available
if ($img_format = "AV") {
add_header Vary Accept;
rewrite ^ /avif/$request_uri.avif break;
}
# Reset and check for WebP support (fallback)
set $img_format Z;
set $red Z;
if ($http_accept ~* "webp") {
set $img_format W;
set $red A;
}
if (-f $document_root/webp/$request_uri.webp) {
set $img_format "''${img_format}P";
set $red "''${red}B";
}
# Serve WebP if supported and available
if ($img_format = "WP") {
if ($red = "AB") {
add_header Vary Accept;
rewrite ^ /webp/$request_uri.webp break;
rewrite ^ /webp/$request_uri.webp;
}
# If neither AVIF nor WebP matched, serve original format
add_header Vary Accept;
'';
locations."^~ /vcards/".extraConfig = ''
@ -62,7 +40,7 @@ in {
try_files $uri $uri/ /vcards/index.php$is_args$args;
'';
locations."~* \.(js|jpg|gif|png|webp|avif|css|woff2)$".extraConfig = ''
locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = ''
expires 365d;
add_header Pragma "public";
add_header Cache-Control "public";