feat: adding another runner to speed up deployment

Closes #139
2025-02-12 22:30:23 +00:00 · 2025-02-12 22:30:23 +00:00 · c57ca6ab11
commit c57ca6ab11
parent 7ed5cf1b80
8 changed files with 63 additions and 49 deletions
--- a/applications/git/forgejo_runner.nix
+++ b/applications/git/forgejo_runner.nix
@ -15,21 +15,23 @@ in {
  options.services.skynet."${name}" = {
    enable = mkEnableOption "Skynet ForgeJo Runner";

-    runner = {
-      name = mkOption {
-        type = types.str;
-        default = config.networking.hostName;
-      };
+    name = mkOption {
+      type = types.str;
+      default = config.networking.hostName;
+    };

-      website = mkOption {
-        default = "https://forgejo.skynet.ie";
-        type = types.str;
-      };
+    website = mkOption {
+      default = "https://forgejo.skynet.ie";
+      type = types.str;
+    };

-      user = mkOption {
-        default = "gitea-runner";
-        type = types.str;
-      };
+    user = mkOption {
+      default = "gitea-runner";
+      type = types.str;
+    };
+
+    secret = mkOption {
+      type = types.path;
    };
  };

@ -40,23 +42,23 @@ in {
    ];

    age.secrets.forgejo_runner_token = {
-      file = ../../secrets/forgejo/runners/token.age;
-      owner = cfg.runner.user;
-      group = cfg.runner.user;
+      file = cfg.secret;
+      owner = cfg.user;
+      group = cfg.user;
    };

    # make sure the ssh config stuff is in teh right palce
    systemd.tmpfiles.rules = [
-      #"d  /home/${cfg.runner.user}             0755 ${cfg.runner.user} ${cfg.runner.user}"
-      "L+ /home/${cfg.runner.user}/.ssh/config 0755 ${cfg.runner.user} ${cfg.runner.user}  -   ${./ssh_config}"
+      #"d  /home/${cfg.user}             0755 ${cfg.user} ${cfg.user}"
+      "L+ /home/${cfg.user}/.ssh/config 0755 ${cfg.user} ${cfg.user}  -   ${./ssh_config}"
    ];
    age.secrets.forgejo_runner_ssh = {
      file = ../../secrets/forgejo/runners/ssh.age;
      mode = "600";
-      owner = "${cfg.runner.user}";
-      group = "${cfg.runner.user}";
+      owner = "${cfg.user}";
+      group = "${cfg.user}";
      symlink = false;
-      path = "/home/${cfg.runner.user}/.ssh/skynet/root";
+      path = "/home/${cfg.user}/.ssh/skynet/root";
    };

    nix = {
@ -94,14 +96,14 @@ in {
    # give teh runner user a home to store teh ssh config stuff
    systemd.services.gitea-runner-default.serviceConfig = {
      DynamicUser = lib.mkForce false;
-      User = lib.mkForce cfg.runner.user;
+      User = lib.mkForce cfg.user;
    };
    users = {
-      groups."${cfg.runner.user}" = {};
-      users."${cfg.runner.user}" = {
+      groups."${cfg.user}" = {};
+      users."${cfg.user}" = {
        #isSystemUser = true;
        isNormalUser = true;
-        group = cfg.runner.user;
+        group = cfg.user;
        createHome = true;
        shell = pkgs.bash;
      };
@ -118,8 +120,8 @@ in {
      package = pkgs.forgejo-actions-runner;
      instances.default = {
        enable = true;
-        name = cfg.runner.name;
-        url = cfg.runner.website;
+        name = cfg.name;
+        url = cfg.website;
        tokenFile = config.age.secrets.forgejo_runner_token.path;
        labels = [
          ## optionally provide native execution on the host:
--- a/machines/glados.nix
+++ b/machines/glados.nix
@ -28,6 +28,7 @@ in {
  imports = [
    ../applications/git/gitlab.nix
    ../applications/git/forgejo.nix
+    ../applications/git/forgejo_runner.nix
  ];

  deployment = {
@ -43,5 +44,9 @@ in {
    backup.enable = true;
    gitlab.enable = true;
    forgejo.enable = true;
+    forgejo_runner = {
+      enable = true;
+      secret = ../secrets/forgejo/runners/token2.age;
+    };
  };
 }
--- a/machines/wheatly.nix
+++ b/machines/wheatly.nix
@ -39,6 +39,9 @@ in {
  services.skynet = {
    host = host;
    backup.enable = true;
-    forgejo_runner.enable = true;
+    forgejo_runner = {
+      enable = true;
+      secret = ../secrets/forgejo/runners/token1.age;
+    };
  };
 }
--- a/secrets/forgejo/runners/ssh.age
+++ b/secrets/forgejo/runners/ssh.age
--- a/secrets/forgejo/runners/token.age
+++ b/secrets/forgejo/runners/token.age
@ -1,19 +0,0 @@
-age-encryption.org/v1
-> ssh-ed25519 V1pwNA kZ6MC1GXuminn2Hlomkep1wIv1lp6KpJOJcpXkhQWWM
-K1B58FSyb4QpINlhuvVv4dGFNjTChU1KNoezZcS/a6Y
-> ssh-ed25519 4PzZog pbxwzRvcsOgY9hd48BZEOH6VHFLn93gJ8yDHQyNIiSI
-Fa/Z6si9vyox/pmPvWTndyYCQxo7tcvdlRuTgw6IY9g
-> ssh-ed25519 dA0vRg OW2y/LkN/287NVuRRlSpihR+k/MZ+a0R5cIrHFne6RI
-U0ZqipfDlpz9LeXKNWkl7tYCnsBjSQz8q4mETBVEalI
-> ssh-ed25519 5Nd93w jDy3i1Z1NWYqdVdw4h+maaBjokVWNrSfHtSQotb2bWg
-PtgX9L78wpJHiX4lmP+H0bfRZd/tNfHrUEAShJ38ss8
-> ssh-ed25519 q8eJgg BCaUEZ3H3BglgKPAbl/ITQaEv9Jc2rRAoFuPXhy4WFI
-DMqJu0vjDJ8rIXLSL17Dx4Aoq8Uhdo4jU8g1jTSvMK4
-> ssh-ed25519 KVr8rw dKk0SN9SXTQsPwMFiKKMuoRwzTHJB8kr33nadRzBoDc
-m2xPKYFMC/y5fKkgaBc+5TVg9ZH+zVSM9I4I3htSm7I
-> ssh-ed25519 fia1eQ NGl1o/38iTm6QiQB7pl0NBkohMZGLMeaXZ37TV184B4
-zk/DTLhuGfhDU3gNA7S0BjGOowteEhR9v5oNmOkWTGU
-> ssh-ed25519 CqOTGQ JbZYKqGfWeVu/JEAAeC6wE4QvKLEeidvggQnm6beJxA
-ArogOkTDAnvC1SKPkSGapNix2W6yvku1QFOFs9bvuGA
--- yWZoUAOfSIL4FbWSAvhVkOEbUA1u3XPGKB1gNka/xfo
-Á¡þzòõ´lÐþÈ‘ L‚´C$’ì?Hc´®ìì|¥çÛ¹„.-øýÜå¡jõ	©lÂ}9:KÓ®U…Á^§<>í¯Ì“ôŽIO6µ
--- a/secrets/forgejo/runners/token1.age
+++ b/secrets/forgejo/runners/token1.age
--- a/secrets/forgejo/runners/token2.age
+++ b/secrets/forgejo/runners/token2.age
@ -0,0 +1,21 @@
+age-encryption.org/v1
+-> ssh-ed25519 V1pwNA DmSENr+7db9t/epcMdOAjr2qt4rSHWopkuS3/xyz+xY
+ClfO4iYTReIp6jvUBqQutkXx4XRJ++u8EsspNdDZ8kw
+-> ssh-ed25519 4PzZog QzQ5iPiSSruoDS+PDNI+/6PnIYEnnFTvnrxK4W2ZK3Y
+iTETtsauc6clML06hoMr7kinsOirURTECfB/PzJaFT4
+-> ssh-ed25519 dA0vRg UCPTgYh2/8JTajlTIgvk64eKNNMHe4ZxIDILxIGAL18
+Qj0ZS/iNwusCONf9Rh05ftd4cHSmWz7bLZ8HHtQewMo
+-> ssh-ed25519 5Nd93w D/87p469o+CW9TOqQb4C+3a9+xRvZ4bzk7vr0wXhdRk
+E/uvMfpOPvWosWS4s18f+xmexQcpJ0NED1N35pL5IjI
+-> ssh-ed25519 q8eJgg pSW+R1LjAdCTL/ys1X93jSSC+ga1phB8iYqAJ1Ic0yw
+IFl+195woVbHjz23w3mxBPkjtbfke3C+jYacWWKOpio
+-> ssh-ed25519 KVr8rw KfPs+1IA7M7dYqkUW9vty+xl/8loMZDgVFee/ZR+F0M
+mTK9yjQR18aKfw/xEdfsnGXPKxqDi1bKPj2mLtB2Xg4
+-> ssh-ed25519 fia1eQ M7nASBk9cGmZmMHf115JAazAEx3tS+sIVB49KlXltWc
+YJ48iqVSJQooltbXvw+olKC4ZZt9a92TR2uQ0xROAPY
+-> ssh-ed25519 CqOTGQ CeIqatgAbFS8oNy3fOOJdIkLM0X9AwV2zbpQHcOcICM
+qAHOkFsbM5fTxcpLFz9Iz16MVBA1oVqlxUADrLxDRrA
+-> ssh-ed25519 uZzB3g eA/GpdA5UKoleGcq9BHwj59Hz86YX7oF3LoG6zZ1ogE
+sIs5D3s72gVGglG37S0eDLUTEzuy2U9Nbi03aOJ3W4c
+--- rkCxZNLeKI9HMNZnwiFRaL1AsIUYtXYJT/YyJ1UMRqc
+!VpÒ-p®<70>|ô†ùÞÞ_toüÎáUÈkÝïútÓ`˜@
¼ÞxzWÚº³•G<E280A2>üîF÷=Ë]i»YÌ;YOiéÌ}¤J™÷/Ö,
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -77,6 +77,7 @@ let

  gitlab_runners = [
    wheatly
+    glados
  ];

  grafana = [
@ -117,7 +118,8 @@ in {
  "gitlab/runners/runner01.age".publicKeys = users ++ gitlab_runners;
  "gitlab/runners/runner02.age".publicKeys = users ++ gitlab_runners;

-  "forgejo/runners/token.age".publicKeys = users ++ gitlab_runners;
+  "forgejo/runners/token1.age".publicKeys = users ++ gitlab_runners;
+  "forgejo/runners/token2.age".publicKeys = users ++ gitlab_runners;
  "forgejo/runners/ssh.age".publicKeys = users ++ gitlab_runners;

  # for ldap
@ -130,7 +132,7 @@ in {
  "backup/restic_pw.age".publicKeys = users ++ restic;

  # discord bot and discord
-  "discord/token.age".publicKeys = users ++ discord;
+  "discord/token1.age".publicKeys = users ++ discord;

  # email stuff
  "email/details.age".publicKeys = users ++ ldap ++ discord;