45 lines
1.3 KiB
Nix
45 lines
1.3 KiB
Nix
{ pkgs, config, ... }: {
|
|
virtualisation = {
|
|
containers.enable = true;
|
|
podman = {
|
|
enable = true;
|
|
dockerCompat = true;
|
|
defaultNetwork.settings.dns_enabled = true;
|
|
};
|
|
};
|
|
|
|
networking.firewall.trustedInterfaces = [
|
|
"podman*"
|
|
];
|
|
|
|
users.users.gitea-runner.isSystemUser = true;
|
|
users.users.gitea-runner.group = "gitea-runner";
|
|
users.groups.gitea-runner = {};
|
|
|
|
services.gitea-actions-runner = {
|
|
package = pkgs.forgejo-runner;
|
|
instances.default = {
|
|
enable = true;
|
|
name = "ptigoron";
|
|
url = "https://git.lyes.eu";
|
|
# Obtaining the path to the runner token file may differ
|
|
# tokenFile should be in format TOKEN=<secret>, since it's EnvironmentFile for systemd
|
|
tokenFile = config.age.secrets.ptigoron-token.path;
|
|
labels = [
|
|
"fedora-rawhide:docker://quay.io/fedora/fedora:rawhide"
|
|
"fedora-latest:docker://quay.io/fedora/fedora:latest"
|
|
"ubuntu-rolling:docker://ubuntu:rolling"
|
|
"ubuntu-latest:docker://ubuntu:latest"
|
|
"nixos-latest:docker://nixos/nix"
|
|
## optionally provide native execution on the host:
|
|
# "native:host"
|
|
];
|
|
};
|
|
};
|
|
|
|
age.secrets.ptigoron-token = {
|
|
file = ../../../secrets/zora/services/ptigoron-token.age;
|
|
owner = "gitea-runner";
|
|
group = "gitea-runner";
|
|
};
|
|
}
|