60 lines
No EOL
1.8 KiB
Nix
60 lines
No EOL
1.8 KiB
Nix
{ config, pkgs, ... }:
|
|
|
|
let
|
|
UID = 1126;
|
|
in {
|
|
desu.secrets.forgejo-runners-token = {};
|
|
desu.secrets.forgejo-runners-token-sf = {};
|
|
|
|
users.users.actions-runner = {
|
|
isNormalUser = true;
|
|
uid = 1126;
|
|
};
|
|
|
|
systemd.services.actions-runner-build-dind = {
|
|
description = "dind image builder for actions runner";
|
|
after = [ "docker.service" ];
|
|
wantedBy = [ "multi-user.target" ];
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
ExecStart = "${pkgs.docker}/bin/docker build -t local/actions-runner-dind ${pkgs.copyPathToStore ./image-dind}";
|
|
};
|
|
};
|
|
|
|
systemd.services.gitea-runner-koi.requires = [ "actions-runner-build-dind.service" ];
|
|
systemd.services.gitea-runner-koi-stupid-fish.requires = [ "actions-runner-build-dind.service" ];
|
|
|
|
services.gitea-actions-runner = {
|
|
package = pkgs.forgejo-runner;
|
|
instances.koi = {
|
|
name = "koi";
|
|
enable = true;
|
|
url = "https://git.stupid.fish";
|
|
tokenFile = config.desu.secrets.forgejo-runners-token-sf.path;
|
|
labels = [
|
|
"node18:docker://node:18-bullseye"
|
|
"node20:docker://node:20-bullseye"
|
|
"node22:docker://node:22-bullseye"
|
|
# fun fact: the actual image doesnt matter! it's only used to determine the runner
|
|
"docker:docker://node:22-bullseye"
|
|
];
|
|
settings = {
|
|
runner.capacity = 8;
|
|
};
|
|
};
|
|
|
|
# a separate runner for dind because it requires privileged mode and act-runner doesnt support setting --privileged for certain images
|
|
instances.koi-dind = {
|
|
name = "koi-dind";
|
|
enable = true;
|
|
url = "https://git.stupid.fish";
|
|
tokenFile = config.desu.secrets.forgejo-runners-token-sf.path;
|
|
labels = [
|
|
"docker-dind:docker://local/actions-runner-dind"
|
|
];
|
|
settings = {
|
|
container.privileged = true;
|
|
};
|
|
};
|
|
};
|
|
} |