{ nixpkgs, pkgs, ... }: let hostname = "git-02"; json = pkgs.formats.json { }; in { microvm.vms = { # gitea = { # config = { # microvm = { # hypervisor = "cloud-hypervisor"; # shares = [ # { # source = "/nix/store"; # mountPoint = "/nix/.ro-store"; # tag = "ro-store"; # proto = "virtiofs"; # } # { # source = "/var/lib/acme/git.cloonar.com"; # mountPoint = "/var/lib/acme/${hostname}.cloonar.com"; # tag = "ro-cert"; # proto = "virtiofs"; # } # ]; # interfaces = [ # { # type = "tap"; # id = "vm-${hostname}"; # mac = "02:00:00:00:00:01"; # } # ]; # }; # # imports = [ # ../fleet.nix # ]; # # environment.systemPackages = with pkgs; [ # vim # my preferred editor # ]; # # networking = { # hostName = hostname; # firewall = { # enable = true; # allowedTCPPorts = [ 22 80 443 ]; # }; # }; # # services.nginx.enable = true; # services.nginx.virtualHosts."${hostname}.cloonar.com" = { # sslCertificate = "/var/lib/acme/${hostname}.cloonar.com/fullchain.pem"; # sslCertificateKey = "/var/lib/acme/${hostname}.cloonar.com/key.pem"; # sslTrustedCertificate = "/var/lib/acme/${hostname}.cloonar.com/chain.pem"; # forceSSL = true; # locations."/" = { # proxyPass = "http://localhost:3001/"; # }; # }; # # services.gitea = { # enable = true; # appName = "Cloonar Gitea server"; # Give the site a name # settings = { # server = { # ROOT_URL = "https://${hostname}.cloonar.com/"; # HTTP_PORT = 3001; # DOMAIN = "${hostname}.cloonar.com"; # }; # openid = { # ENABLE_OPENID_SIGNIN = true; # ENABLE_OPENID_SIGNUP = true; # WHITELISTED_URIS = "auth.cloonar.com"; # }; # service = { # DISABLE_REGISTRATION = true; # ALLOW_ONLY_EXTERNAL_REGISTRATION = true; # SHOW_REGISTRATION_BUTTON = false; # }; # actions.ENABLED=true; # }; # }; # # services.openssh.enable = true; # users.users.root.openssh.authorizedKeys.keys = [ # "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7" # "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRQuPqH5fdX3KEw7DXzWEdO3AlUn1oSmtJtHB71ICoH Generated By Termius" # ]; # # system.stateVersion = "22.05"; # }; # }; gitea-runner = { config = { microvm = { mem = 12288; shares = [ { source = "/nix/store"; mountPoint = "/nix/.ro-store"; tag = "ro-store"; proto = "virtiofs"; } { source = "/run/secrets"; mountPoint = "/run/secrets"; tag = "ro-token"; proto = "virtiofs"; } ]; volumes = [ { image = "rootfs.img"; mountPoint = "/"; size = 102400; } ]; interfaces = [ { type = "tap"; id = "vm-gitea-runner"; mac = "02:00:00:00:00:02"; } ]; }; environment.systemPackages = with pkgs; [ vim # my preferred editor ]; networking.hostName = "gitea-runner"; virtualisation.podman.enable = true; services.gitea-actions-runner.instances.vm = { enable = true; url = "https://git.cloonar.com"; name = "vm"; tokenFile = "/run/secrets/gitea-runner-token"; labels = [ "ubuntu-latest:docker://shivammathur/node:latest" ]; settings = { container = { network = "podman"; }; }; }; services.openssh.enable = true; users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRQuPqH5fdX3KEw7DXzWEdO3AlUn1oSmtJtHB71ICoH Generated By Termius" ]; system.stateVersion = "22.05"; }; }; }; sops.secrets.gitea-runner-token = {}; environment = { systemPackages = [ pkgs.qemu pkgs.quickemu ]; }; }