Cloonar/nixos
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: Cloonar:439a580dfe45f5d2d2bdafb3e78dc35608691e07
Branches Tags
Cloonar:master
..
compare: Cloonar:27c85ff9d0cc7518f0bd00fd07e3b5962197cf01
Branches Tags
Cloonar:master

No commits in common. "439a580dfe45f5d2d2bdafb3e78dc35608691e07" and "27c85ff9d0cc7518f0bd00fd07e3b5962197cf01" have entirely different histories.
439a580dfe ... 27c85ff9d0

7 changed files with 9 additions and 132 deletions
Download patch file Download diff file Expand all files Collapse all files

44
hosts/fw/modules/gitea-runner-image-README.md
View file

@ -1,44 +0,0 @@
# Gitea Runner Docker Image
This directory contains the Dockerfile for the custom Gitea Actions runner image that includes additional dependencies needed for CI workflows.
## Included Tools
- **Base**: `shivammathur/node:latest` (includes Node.js and common development tools)
- **Chrome dependencies**: Full Puppeteer/Chromium dependencies for headless browser testing
- **webp**: WebP image format tools (`cwebp`, `dwebp`)
- **libavif-bin**: AVIF image format tools (`avifenc`, `avifdec`)
## Building the Image
```bash
cd hosts/fw/modules
docker build -f gitea-runner.Dockerfile -t git.cloonar.com/infrastructure/gitea-runner:latest .
```
## Pushing to Registry
First, authenticate with your Gitea container registry:
```bash
docker login git.cloonar.com
```
Then push the image:
```bash
docker push git.cloonar.com/infrastructure/gitea-runner:latest
```
## Using the Image
The image is already configured in `gitea-vm.nix` and will be used automatically by the Gitea Actions runners for jobs labeled with `ubuntu-latest`.
## Updating the Image
When you need to add new dependencies:
1. Edit `gitea-runner.Dockerfile`
2. Rebuild the image with the commands above
3. Push to the registry
4. Restart the runner VMs: `systemctl restart microvm@git-runner-1.service microvm@git-runner-2.service`

47
hosts/fw/modules/gitea-runner.Dockerfile
View file

@ -1,47 +0,0 @@
FROM shivammathur/node:latest
# Install Chrome dependencies for Puppeteer
RUN apt-get update && apt-get install -y \
ca-certificates \
fonts-liberation \
libappindicator3-1 \
libasound2t64 \
libatk-bridge2.0-0 \
libatk1.0-0 \
libc6 \
libcairo2 \
libcups2 \
libdbus-1-3 \
libexpat1 \
libfontconfig1 \
libgbm1 \
libgcc-s1 \
libglib2.0-0 \
libgtk-3-0 \
libnspr4 \
libnss3 \
libpango-1.0-0 \
libpangocairo-1.0-0 \
libstdc++6 \
libx11-6 \
libx11-xcb1 \
libxcb1 \
libxcomposite1 \
libxcursor1 \
libxdamage1 \
libxext6 \
libxfixes3 \
libxi6 \
libxrandr2 \
libxrender1 \
libxss1 \
libxtst6 \
lsb-release \
wget \
xdg-utils \
webp \
libavif-bin \
&& rm -rf /var/lib/apt/lists/*
# Verify installations
RUN cwebp -version && avifenc --version

3
hosts/fw/modules/gitea-vm.nix
View file

@ -55,8 +55,7 @@ in {
name = runner; name = runner;
tokenFile = "/run/secrets/gitea-runner-token"; tokenFile = "/run/secrets/gitea-runner-token";
labels = [ labels = [
# "ubuntu-latest:docker://shivammathur/node:latest" "ubuntu-latest:docker://shivammathur/node:latest"
"ubuntu-latest:docker://git.cloonar.com/infrastructure/gitea-runner:latest"
]; ];
settings = { settings = {
container = { container = {

9
hosts/fw/modules/gitea.nix
View file

@ -70,9 +70,6 @@ in
sslCertificateKey = "/var/lib/acme/gitea/key.pem"; sslCertificateKey = "/var/lib/acme/gitea/key.pem";
sslTrustedCertificate = "/var/lib/acme/gitea/chain.pem"; sslTrustedCertificate = "/var/lib/acme/gitea/chain.pem";
forceSSL = true; forceSSL = true;
extraConfig = ''
client_max_body_size 2048M;
'';
locations."/" = { locations."/" = {
proxyPass = "http://localhost:3001/"; proxyPass = "http://localhost:3001/";
}; };
@ -112,12 +109,6 @@ in
USER = "gitea@cloonar.com"; USER = "gitea@cloonar.com";
}; };
actions.ENABLED=true; actions.ENABLED=true;
attachment = {
MAX_SIZE = 2048; # 2GB in MB for general attachments
};
packages = {
ENABLED = true;
};
}; };
}; };

2
hosts/nb/users/dominik.nix
View file

@ -655,7 +655,7 @@ in
}; };
"tools.epicenter.works" = { "tools.epicenter.works" = {
user = "root"; user = "root";
identityFile = "~/.ssh/epicenter_id_ed25519"; identityFile = "~/.ssh/epicenter.id_rsa";
}; };
"*.epicenter.works !tools.epicenter.works" = { "*.epicenter.works !tools.epicenter.works" = {
user = "dominik"; user = "dominik";

2
hosts/web-arm/sites/cloonar.com.nix
View file

@ -62,7 +62,7 @@ in {
#home = "/home/${domain}"; #home = "/home/${domain}";
group = "nginx"; group = "nginx";
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKKKJEgyfKyz5sf5GT0HYXiDmf36fnLe/exbXbRpsNJi" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC1CQqL1hQV3Lb6hqzDt2mgr0IasBRlIrdUCM+QibgKcU1VUWEJTo1nkcwgunnpUROtCQPRtlBZWwdqphKNrpMf3PkCPnjkcQC/2dGcFUXbkGq+5NaMnXpQnt7XAPyqxAT/9nCnXM9y3IBWjL9jN3C4l+yZHuMChi1a3q/6cNNH7WORkC1hq7MMyIvRCh6HDPwq1XCEj0w7O6m0iBmXIwiXyh3ly6ruWmkNQToPc1s2QuIE/w0yXoOF7Ubxtdf/GH2Yu0f+ztJrOveuiLlsNWx596lQwDlYa58ib0nPPtnFVf8od59F/UC8lOFtMsSY/d5ArOnqKjk6iWNaOh15WLr7wj9lrHJkiD+9fgXLyaaxVLt4NYGwyi7SZn7P1lHz6kjFr9UmRvfth6nGGoCvvfQZB8MAE0FhcTHb9fXC1m/NengWf40VQ8woZLZ4mRPWZBxrSnymgFiIvSYSqxnP3QNID4quaQ8sPyXYygbtt38qXAg/Ixyud0vgZN4H/rbW+DE="
]; ];
}; };
users.groups.${domain} = {}; users.groups.${domain} = {};

34
hosts/web-arm/sites/cloonar.dev.nix
View file

@ -14,42 +14,20 @@ in {
''; '';
locations."~* \.(jpe?g|png)$".extraConfig = '' locations."~* \.(jpe?g|png)$".extraConfig = ''
set $img_format Z; set $red Z;
# Check for AVIF support (highest priority)
if ($http_accept ~* "avif") {
set $img_format A;
}
if (-f $document_root/avif/$request_uri.avif) {
set $img_format "''${img_format}V";
}
# Serve AVIF if supported and available
if ($img_format = "AV") {
add_header Vary Accept;
rewrite ^ /avif/$request_uri.avif break;
}
# Reset and check for WebP support (fallback)
set $img_format Z;
if ($http_accept ~* "webp") { if ($http_accept ~* "webp") {
set $img_format W; set $red A;
} }
if (-f $document_root/webp/$request_uri.webp) { if (-f $document_root/webp/$request_uri.webp) {
set $img_format "''${img_format}P"; set $red "''${red}B";
} }
# Serve WebP if supported and available if ($red = "AB") {
if ($img_format = "WP") {
add_header Vary Accept; add_header Vary Accept;
rewrite ^ /webp/$request_uri.webp break; rewrite ^ /webp/$request_uri.webp;
} }
# If neither AVIF nor WebP matched, serve original format
add_header Vary Accept;
''; '';
locations."^~ /vcards/".extraConfig = '' locations."^~ /vcards/".extraConfig = ''
@ -62,7 +40,7 @@ in {
try_files $uri $uri/ /vcards/index.php$is_args$args; try_files $uri $uri/ /vcards/index.php$is_args$args;
''; '';
locations."~* \.(js|jpg|gif|png|webp|avif|css|woff2)$".extraConfig = '' locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = ''
expires 365d; expires 365d;
add_header Pragma "public"; add_header Pragma "public";
add_header Cache-Control "public"; add_header Cache-Control "public";