From 748796b11e9e72705f6f8f3e0b2ca84b5db13512 Mon Sep 17 00:00:00 2001 From: Lyes Saadi Date: Thu, 18 Dec 2025 01:00:23 +0100 Subject: [PATCH] Adding a forgejo runner --- flake.lock | 48 ++++++++++++------------ hosts/zora/default.nix | 1 + modules/server/biggoron/runner.nix | 30 +++++++++++++++ secrets.nix | 1 + secrets/zora/services/ptigoron-token.age | 8 ++++ users/lyes/desktop/packages.nix | 6 ++- 6 files changed, 68 insertions(+), 26 deletions(-) create mode 100644 modules/server/biggoron/runner.nix create mode 100644 secrets/zora/services/ptigoron-token.age diff --git a/flake.lock b/flake.lock index 1fb32f6..17976ee 100644 --- a/flake.lock +++ b/flake.lock @@ -68,11 +68,11 @@ ] }, "locked": { - "lastModified": 1764627417, - "narHash": "sha256-D6xc3Rl8Ab6wucJWdvjNsGYGSxNjQHzRc2EZ6eeQ6l4=", + "lastModified": 1765794845, + "narHash": "sha256-YD5QWlGnusNbZCqR3pxG8tRxx9yUXayLZfAJRWspq2s=", "owner": "nix-community", "repo": "disko", - "rev": "5a88a6eceb8fd732b983e72b732f6f4b8269bef3", + "rev": "7194cfe5b7a3660726b0fe7296070eaef601cae9", "type": "github" }, "original": { @@ -173,11 +173,11 @@ ] }, "locked": { - "lastModified": 1765202646, - "narHash": "sha256-Cgceqa+xPgI8JiS1fMaviGw4dthTeW2RqE6RUR4OcS8=", + "lastModified": 1765860045, + "narHash": "sha256-7Lxp/PfOy4h3QIDtmWG/EgycaswqRSkDX4DGtet14NE=", "owner": "nix-community", "repo": "home-manager", - "rev": "caa47b637d877124ac891a64abc14de09fce1675", + "rev": "09de9577d47d8bffb11c449b6a3d24e32ac16c99", "type": "github" }, "original": { @@ -195,11 +195,11 @@ ] }, "locked": { - "lastModified": 1762964643, - "narHash": "sha256-RYHN8O/Aja59XDji6WSJZPkJpYVUfpSkyH+PEupBJqM=", + "lastModified": 1765682243, + "narHash": "sha256-yeCxFV/905Wr91yKt5zrVvK6O2CVXWRMSrxqlAZnLp0=", "owner": "nix-community", "repo": "home-manager", - "rev": "827f2a23373a774a8805f84ca5344654c31f354b", + "rev": "58bf3ecb2d0bba7bdf363fc8a6c4d49b4d509d03", "type": "github" }, "original": { @@ -295,11 +295,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1764939437, - "narHash": "sha256-4TLFHUwXraw9Df5mXC/vCrJgb50CRr3CzUzF0Mn3CII=", + "lastModified": 1765687488, + "narHash": "sha256-7YAJ6xgBAQ/Nr+7MI13Tui1ULflgAdKh63m1tfYV7+M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "00d2457e2f608b4be6fe8b470b0a36816324b0ae", + "rev": "d02bcc33948ca19b0aaa0213fe987ceec1f4ebe1", "type": "github" }, "original": { @@ -311,11 +311,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1764950072, - "narHash": "sha256-BmPWzogsG2GsXZtlT+MTcAWeDK5hkbGRZTeZNW42fwA=", + "lastModified": 1765779637, + "narHash": "sha256-KJ2wa/BLSrTqDjbfyNx70ov/HdgNBCBBSQP3BIzKnv4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f61125a668a320878494449750330ca58b78c557", + "rev": "1306659b587dc277866c7b69eb97e5f07864d8c4", "type": "github" }, "original": { @@ -327,11 +327,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1764950072, - "narHash": "sha256-BmPWzogsG2GsXZtlT+MTcAWeDK5hkbGRZTeZNW42fwA=", + "lastModified": 1765779637, + "narHash": "sha256-KJ2wa/BLSrTqDjbfyNx70ov/HdgNBCBBSQP3BIzKnv4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f61125a668a320878494449750330ca58b78c557", + "rev": "1306659b587dc277866c7b69eb97e5f07864d8c4", "type": "github" }, "original": { @@ -343,11 +343,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1762977756, - "narHash": "sha256-4PqRErxfe+2toFJFgcRKZ0UI9NSIOJa+7RXVtBhy4KE=", + "lastModified": 1765472234, + "narHash": "sha256-9VvC20PJPsleGMewwcWYKGzDIyjckEz8uWmT0vCDYK0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c5ae371f1a6a7fd27823bc500d9390b38c05fa55", + "rev": "2fbfb1d73d239d2402a8fe03963e37aab15abe8b", "type": "github" }, "original": { @@ -410,11 +410,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1765175766, - "narHash": "sha256-M4zs4bVUv0UNuVGspwwlcGs5FpCDt52LQBA5a9nj5Lg=", + "lastModified": 1765946036, + "narHash": "sha256-R/qaIkzqm00qBMr8onM6ZZFX49lvsQLZ79adVubqjts=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "5126a8426773dc213a8c0f0d646aca116194dab6", + "rev": "7db019a64483743a8d92319baafbbe71b687d0a1", "type": "github" }, "original": { diff --git a/hosts/zora/default.nix b/hosts/zora/default.nix index 4a85520..86578e4 100644 --- a/hosts/zora/default.nix +++ b/hosts/zora/default.nix @@ -23,6 +23,7 @@ ../../modules/server/kalif ../../modules/server/maistro ../../modules/server/biggoron + ../../modules/server/biggoron/runner.nix # disko.nixosModules.disko agenix.nixosModules.default diff --git a/modules/server/biggoron/runner.nix b/modules/server/biggoron/runner.nix new file mode 100644 index 0000000..131794c --- /dev/null +++ b/modules/server/biggoron/runner.nix @@ -0,0 +1,30 @@ +{ pkgs, config, ... }: { + virtualisation.podman.enable = true; + + services.gitea-actions-runner = { + package = pkgs.forgejo-runner; + instances.default = { + enable = true; + name = "ptigoron"; + url = "https://git.lyes.eu"; + # Obtaining the path to the runner token file may differ + # tokenFile should be in format TOKEN=, since it's EnvironmentFile for systemd + tokenFile = config.age.secrets.ptigoron-token.path; + labels = [ + "fedora-rawhide:docker://quay.io/fedora/fedora:rawhide" + "fedora-latest:docker://quay.io/fedora/fedora:latest" + "ubuntu-rolling:docker://ubuntu:rolling" + "ubuntu-latest:docker://ubuntu:latest" + "nixos-latest:docker://nixos/nix" + ## optionally provide native execution on the host: + # "native:host" + ]; + }; + }; + + age.secrets.ptigoron-token = { + file = ../../../secrets/zora/services/ptigoron-token.age; + owner = "gitea-runner"; + group = "gitea-runner"; + }; +} diff --git a/secrets.nix b/secrets.nix index 2549bcc..e32cdf5 100644 --- a/secrets.nix +++ b/secrets.nix @@ -21,4 +21,5 @@ in "secrets/zora/services/kalif-conf.age".publicKeys = all; "secrets/zora/services/biggoron-db-pass.age".publicKeys = all; "secrets/zora/services/biggoron-admin-pass.age".publicKeys = all; + "secrets/zora/services/ptigoron-token.age".publicKeys = all; } diff --git a/secrets/zora/services/ptigoron-token.age b/secrets/zora/services/ptigoron-token.age new file mode 100644 index 0000000..c0b50e8 --- /dev/null +++ b/secrets/zora/services/ptigoron-token.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 whuRpQ iTmQuwMm3HQfhqD/taD2jXfQZVcBAPefjiUag5gs1y8 +gHM6s6IvgYLUHWh9pzzaOGkHUX+QMP/atYYuSV/xXkw +-> ssh-ed25519 TFqgIg RuRYXNFQnTEHapB08/hj30v3B7BV9pHNNCvWW5ntgm8 +l0JibkKAQI/T2pjuseDKziL8bGZlkU5FTH/2O5xkWNw +--- 6PtJOPY+HFbWpyOXT57T635wAobrg3IoWxz6gIm7OMM +gM~(3 f`znS]g1%\5 +WdluʖziՊ} \ No newline at end of file diff --git a/users/lyes/desktop/packages.nix b/users/lyes/desktop/packages.nix index 4f04d0a..a768f1c 100644 --- a/users/lyes/desktop/packages.nix +++ b/users/lyes/desktop/packages.nix @@ -42,6 +42,7 @@ in { # Image gimp inkscape + pixieditor # Video mpv @@ -100,6 +101,7 @@ in { gcc rustup python3 + zola ocaml ocamlPackages.ocaml-lsp ocamlPackages.ocamlformat @@ -127,14 +129,14 @@ in { coqPackages.metarocq-utils coqPackages.metarocq-template-rocq coqPackages.vscoq-language-server - numworks-udev-rules - zola # Why3 why3 alt-ergo cvc4 cvc5 z3 + # CryptoVerif + cryptoverif # Containers & VMs toolbox