{ config, lib, nixpkgs, pkgs, ... }: let # hostname = "git-02"; # json = pkgs.formats.json { }; runners = ["git-runner-1" "git-runner-2"]; indexedRunners = lib.lists.imap1 (i: v: { name=v; value=i; }) runners; in { microvm.vms = lib.mapAttrs (runner: idx: { config = { microvm = { mem = 4048; shares = [ { source = "/nix/store"; mountPoint = "/nix/.ro-store"; tag = "ro-store"; proto = "virtiofs"; } { source = "/run/secrets"; mountPoint = "/run/secrets"; tag = "ro-token"; proto = "virtiofs"; } ]; volumes = [ { image = "rootfs.img"; mountPoint = "/"; size = 51200; } ]; interfaces = [ { type = "tap"; id = "vm-${runner}"; mac = "02:00:00:00:00:0${toString idx}"; } ]; }; systemd.network.networks."10-lan" = { matchConfig.PermanentMACAddress = "02:00:00:00:00:0${toString idx}"; address = [ "${config.networkPrefix}.97.5${toString idx}/24" ]; gateway = [ "${config.networkPrefix}.97.1" ]; dns = [ "${config.networkPrefix}.97.1" ]; }; networking.hostName = runner; virtualisation.podman.enable = true; services.gitea-actions-runner.instances.${runner} = { enable = true; url = "https://git.cloonar.com"; name = runner; tokenFile = "/run/secrets/gitea-runner-token"; labels = [ # "ubuntu-latest:docker://shivammathur/node:latest" "ubuntu-latest:docker://git.cloonar.com/infrastructure/gitea-runner:latest" ]; settings = { container = { network = "podman"; }; cache = { enabled = true; host = "${config.networkPrefix}.97.5${toString idx}"; # LAN IP of the machine running act_runner port = 8088; # any free TCP port }; }; }; services.openssh.enable = true; users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7" ]; system.stateVersion = "22.05"; }; }) (lib.listToAttrs (lib.lists.imap1 (i: v: { name=v; value=i; }) runners)); # microvm.vms = { # gitea = { # config = { # microvm = { # hypervisor = "cloud-hypervisor"; # shares = [ # { # source = "/nix/store"; # mountPoint = "/nix/.ro-store"; # tag = "ro-store"; # proto = "virtiofs"; # } # { # source = "/var/lib/acme/git.cloonar.com"; # mountPoint = "/var/lib/acme/${hostname}.cloonar.com"; # tag = "ro-cert"; # proto = "virtiofs"; # } # ]; # interfaces = [ # { # type = "tap"; # id = "vm-${hostname}"; # mac = "02:00:00:00:00:01"; # } # ]; # }; # # imports = [ # ../fleet.nix # ]; # # environment.systemPackages = with pkgs; [ # vim # my preferred editor # ]; # # networking = { # hostName = hostname; # firewall = { # enable = true; # allowedTCPPorts = [ 22 80 443 ]; # }; # }; # # services.nginx.enable = true; # services.nginx.virtualHosts."${hostname}.cloonar.com" = { # sslCertificate = "/var/lib/acme/${hostname}.cloonar.com/fullchain.pem"; # sslCertificateKey = "/var/lib/acme/${hostname}.cloonar.com/key.pem"; # sslTrustedCertificate = "/var/lib/acme/${hostname}.cloonar.com/chain.pem"; # forceSSL = true; # locations."/" = { # proxyPass = "http://localhost:3001/"; # }; # }; # # services.gitea = { # enable = true; # appName = "Cloonar Gitea server"; # Give the site a name # settings = { # server = { # ROOT_URL = "https://${hostname}.cloonar.com/"; # HTTP_PORT = 3001; # DOMAIN = "${hostname}.cloonar.com"; # }; # openid = { # ENABLE_OPENID_SIGNIN = true; # ENABLE_OPENID_SIGNUP = true; # WHITELISTED_URIS = "auth.cloonar.com"; # }; # service = { # DISABLE_REGISTRATION = true; # ALLOW_ONLY_EXTERNAL_REGISTRATION = true; # SHOW_REGISTRATION_BUTTON = false; # }; # actions.ENABLED=true; # }; # }; # # services.openssh.enable = true; # users.users.root.openssh.authorizedKeys.keys = [ # "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7" # "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRQuPqH5fdX3KEw7DXzWEdO3AlUn1oSmtJtHB71ICoH Generated By Termius" # ]; # # system.stateVersion = "22.05"; # }; # }; # # gitea-runner-1 = { # config = { # microvm = { # mem = 4048; # shares = [ # { # source = "/nix/store"; # mountPoint = "/nix/.ro-store"; # tag = "ro-store"; # proto = "virtiofs"; # } # { # source = "/run/secrets"; # mountPoint = "/run/secrets"; # tag = "ro-token"; # proto = "virtiofs"; # } # ]; # volumes = [ # { # image = "rootfs.img"; # mountPoint = "/"; # size = 102400; # } # ]; # interfaces = [ # { # type = "tap"; # id = "vm-gitea-runner-1"; # mac = "02:00:00:00:00:02"; # } # ]; # }; # # environment.systemPackages = with pkgs; [ # vim # my preferred editor # ]; # # networking.hostName = "gitea-runner"; # # virtualisation.podman.enable = true; # # services.gitea-actions-runner.instances.vm = { # enable = true; # url = "https://git.cloonar.com"; # name = "vm"; # tokenFile = "/run/secrets/gitea-runner-token"; # labels = [ # "ubuntu-latest:docker://shivammathur/node:latest" # ]; # settings = { # container = { # network = "podman"; # }; # }; # }; # # services.openssh.enable = true; # users.users.root.openssh.authorizedKeys.keys = [ # "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7" # "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRQuPqH5fdX3KEw7DXzWEdO3AlUn1oSmtJtHB71ICoH Generated By Termius" # ]; # # system.stateVersion = "22.05"; # }; # }; # }; sops.secrets.gitea-runner-token = {}; environment = { systemPackages = [ pkgs.qemu pkgs.quickemu ]; }; }