Skynet/nixos
7
1
Fork 0
Code Issues 43 Pull requests 1 Projects Releases Packages Wiki Activity Actions

feat: adding another runner to speed up deployment

Browse source 
Closes #139
This commit is contained in:
silver 2025-02-12 22:30:23 +00:00
parent 7ed5cf1b80
commit c57ca6ab11
Signed by: silver
GPG key ID: 36F93D61BAD3FD7D
8 changed files with 63 additions and 49 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
applications/git/forgejo_runner.nix
View file

@ -15,7 +15,6 @@ in {
options.services.skynet."${name}" = { options.services.skynet."${name}" = {
enable = mkEnableOption "Skynet ForgeJo Runner"; enable = mkEnableOption "Skynet ForgeJo Runner";
runner = {
name = mkOption { name = mkOption {
type = types.str; type = types.str;
default = config.networking.hostName; default = config.networking.hostName;
@ -30,6 +29,9 @@ in {
default = "gitea-runner"; default = "gitea-runner";
type = types.str; type = types.str;
}; };
secret = mkOption {
type = types.path;
}; };
}; };
@ -40,23 +42,23 @@ in {
]; ];
age.secrets.forgejo_runner_token = { age.secrets.forgejo_runner_token = {
file = ../../secrets/forgejo/runners/token.age; file = cfg.secret;
owner = cfg.runner.user; owner = cfg.user;
group = cfg.runner.user; group = cfg.user;
}; };
# make sure the ssh config stuff is in teh right palce # make sure the ssh config stuff is in teh right palce
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
#"d /home/${cfg.runner.user} 0755 ${cfg.runner.user} ${cfg.runner.user}" #"d /home/${cfg.user} 0755 ${cfg.user} ${cfg.user}"
"L+ /home/${cfg.runner.user}/.ssh/config 0755 ${cfg.runner.user} ${cfg.runner.user} - ${./ssh_config}" "L+ /home/${cfg.user}/.ssh/config 0755 ${cfg.user} ${cfg.user} - ${./ssh_config}"
]; ];
age.secrets.forgejo_runner_ssh = { age.secrets.forgejo_runner_ssh = {
file = ../../secrets/forgejo/runners/ssh.age; file = ../../secrets/forgejo/runners/ssh.age;
mode = "600"; mode = "600";
owner = "${cfg.runner.user}"; owner = "${cfg.user}";
group = "${cfg.runner.user}"; group = "${cfg.user}";
symlink = false; symlink = false;
path = "/home/${cfg.runner.user}/.ssh/skynet/root"; path = "/home/${cfg.user}/.ssh/skynet/root";
}; };
nix = { nix = {
@ -94,14 +96,14 @@ in {
# give teh runner user a home to store teh ssh config stuff # give teh runner user a home to store teh ssh config stuff
systemd.services.gitea-runner-default.serviceConfig = { systemd.services.gitea-runner-default.serviceConfig = {
DynamicUser = lib.mkForce false; DynamicUser = lib.mkForce false;
User = lib.mkForce cfg.runner.user; User = lib.mkForce cfg.user;
}; };
users = { users = {
groups."${cfg.runner.user}" = {}; groups."${cfg.user}" = {};
users."${cfg.runner.user}" = { users."${cfg.user}" = {
#isSystemUser = true; #isSystemUser = true;
isNormalUser = true; isNormalUser = true;
group = cfg.runner.user; group = cfg.user;
createHome = true; createHome = true;
shell = pkgs.bash; shell = pkgs.bash;
}; };
@ -118,8 +120,8 @@ in {
package = pkgs.forgejo-actions-runner; package = pkgs.forgejo-actions-runner;
instances.default = { instances.default = {
enable = true; enable = true;
name = cfg.runner.name; name = cfg.name;
url = cfg.runner.website; url = cfg.website;
tokenFile = config.age.secrets.forgejo_runner_token.path; tokenFile = config.age.secrets.forgejo_runner_token.path;
labels = [ labels = [
## optionally provide native execution on the host: ## optionally provide native execution on the host:

5
machines/glados.nix
View file

@ -28,6 +28,7 @@ in {
imports = [ imports = [
../applications/git/gitlab.nix ../applications/git/gitlab.nix
../applications/git/forgejo.nix ../applications/git/forgejo.nix
../applications/git/forgejo_runner.nix
]; ];
deployment = { deployment = {
@ -43,5 +44,9 @@ in {
backup.enable = true; backup.enable = true;
gitlab.enable = true; gitlab.enable = true;
forgejo.enable = true; forgejo.enable = true;
forgejo_runner = {
enable = true;
secret = ../secrets/forgejo/runners/token2.age;
};
}; };
} }

5
machines/wheatly.nix
View file

@ -39,6 +39,9 @@ in {
services.skynet = { services.skynet = {
host = host; host = host;
backup.enable = true; backup.enable = true;
forgejo_runner.enable = true; forgejo_runner = {
enable = true;
secret = ../secrets/forgejo/runners/token1.age;
};
}; };
} }

BIN
secrets/forgejo/runners/ssh.age
View file

Binary file not shown.

19
secrets/forgejo/runners/token.age
View file

@ -1,19 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 V1pwNA kZ6MC1GXuminn2Hlomkep1wIv1lp6KpJOJcpXkhQWWM
K1B58FSyb4QpINlhuvVv4dGFNjTChU1KNoezZcS/a6Y
-> ssh-ed25519 4PzZog pbxwzRvcsOgY9hd48BZEOH6VHFLn93gJ8yDHQyNIiSI
Fa/Z6si9vyox/pmPvWTndyYCQxo7tcvdlRuTgw6IY9g
-> ssh-ed25519 dA0vRg OW2y/LkN/287NVuRRlSpihR+k/MZ+a0R5cIrHFne6RI
U0ZqipfDlpz9LeXKNWkl7tYCnsBjSQz8q4mETBVEalI
-> ssh-ed25519 5Nd93w jDy3i1Z1NWYqdVdw4h+maaBjokVWNrSfHtSQotb2bWg
PtgX9L78wpJHiX4lmP+H0bfRZd/tNfHrUEAShJ38ss8
-> ssh-ed25519 q8eJgg BCaUEZ3H3BglgKPAbl/ITQaEv9Jc2rRAoFuPXhy4WFI
DMqJu0vjDJ8rIXLSL17Dx4Aoq8Uhdo4jU8g1jTSvMK4
-> ssh-ed25519 KVr8rw dKk0SN9SXTQsPwMFiKKMuoRwzTHJB8kr33nadRzBoDc
m2xPKYFMC/y5fKkgaBc+5TVg9ZH+zVSM9I4I3htSm7I
-> ssh-ed25519 fia1eQ NGl1o/38iTm6QiQB7pl0NBkohMZGLMeaXZ37TV184B4
zk/DTLhuGfhDU3gNA7S0BjGOowteEhR9v5oNmOkWTGU
-> ssh-ed25519 CqOTGQ JbZYKqGfWeVu/JEAAeC6wE4QvKLEeidvggQnm6beJxA
ArogOkTDAnvC1SKPkSGapNix2W6yvku1QFOFs9bvuGA
--- yWZoUAOfSIL4FbWSAvhVkOEbUA1u3XPGKB1gNka/xfo
Á¡þzòõ´lÐþÈ L´C$’ì?Hc´®ìì|¥çÛ¹„.-øýÜå¡jõ ©lÂ}9:KÓ®U…Á^§<>í¯Ì“ôŽIO6µ

BIN
secrets/forgejo/runners/token1.age Normal file
View file

Binary file not shown.

21
secrets/forgejo/runners/token2.age Normal file
View file

@ -0,0 +1,21 @@
age-encryption.org/v1
-> ssh-ed25519 V1pwNA DmSENr+7db9t/epcMdOAjr2qt4rSHWopkuS3/xyz+xY
ClfO4iYTReIp6jvUBqQutkXx4XRJ++u8EsspNdDZ8kw
-> ssh-ed25519 4PzZog QzQ5iPiSSruoDS+PDNI+/6PnIYEnnFTvnrxK4W2ZK3Y
iTETtsauc6clML06hoMr7kinsOirURTECfB/PzJaFT4
-> ssh-ed25519 dA0vRg UCPTgYh2/8JTajlTIgvk64eKNNMHe4ZxIDILxIGAL18
Qj0ZS/iNwusCONf9Rh05ftd4cHSmWz7bLZ8HHtQewMo
-> ssh-ed25519 5Nd93w D/87p469o+CW9TOqQb4C+3a9+xRvZ4bzk7vr0wXhdRk
E/uvMfpOPvWosWS4s18f+xmexQcpJ0NED1N35pL5IjI
-> ssh-ed25519 q8eJgg pSW+R1LjAdCTL/ys1X93jSSC+ga1phB8iYqAJ1Ic0yw
IFl+195woVbHjz23w3mxBPkjtbfke3C+jYacWWKOpio
-> ssh-ed25519 KVr8rw KfPs+1IA7M7dYqkUW9vty+xl/8loMZDgVFee/ZR+F0M
mTK9yjQR18aKfw/xEdfsnGXPKxqDi1bKPj2mLtB2Xg4
-> ssh-ed25519 fia1eQ M7nASBk9cGmZmMHf115JAazAEx3tS+sIVB49KlXltWc
YJ48iqVSJQooltbXvw+olKC4ZZt9a92TR2uQ0xROAPY
-> ssh-ed25519 CqOTGQ CeIqatgAbFS8oNy3fOOJdIkLM0X9AwV2zbpQHcOcICM
qAHOkFsbM5fTxcpLFz9Iz16MVBA1oVqlxUADrLxDRrA
-> ssh-ed25519 uZzB3g eA/GpdA5UKoleGcq9BHwj59Hz86YX7oF3LoG6zZ1ogE
sIs5D3s72gVGglG37S0eDLUTEzuy2U9Nbi03aOJ3W4c
--- rkCxZNLeKI9HMNZnwiFRaL1AsIUYtXYJT/YyJ1UMRqc
!VpÒ-p®<70>|ô†ùÞÞ_toüÎá UÈkÝïútÓ`˜@ ¼ÞxzWÚº³ •G<E280A2>üîF÷=Ë]i»YÌ;YOiéÌ}¤J™÷/Ö,

6
secrets/secrets.nix
View file

@ -77,6 +77,7 @@ let
gitlab_runners = [ gitlab_runners = [
wheatly wheatly
glados
]; ];
grafana = [ grafana = [
@ -117,7 +118,8 @@ in {
"gitlab/runners/runner01.age".publicKeys = users ++ gitlab_runners; "gitlab/runners/runner01.age".publicKeys = users ++ gitlab_runners;
"gitlab/runners/runner02.age".publicKeys = users ++ gitlab_runners; "gitlab/runners/runner02.age".publicKeys = users ++ gitlab_runners;
"forgejo/runners/token.age".publicKeys = users ++ gitlab_runners; "forgejo/runners/token1.age".publicKeys = users ++ gitlab_runners;
"forgejo/runners/token2.age".publicKeys = users ++ gitlab_runners;
"forgejo/runners/ssh.age".publicKeys = users ++ gitlab_runners; "forgejo/runners/ssh.age".publicKeys = users ++ gitlab_runners;
# for ldap # for ldap
@ -130,7 +132,7 @@ in {
"backup/restic_pw.age".publicKeys = users ++ restic; "backup/restic_pw.age".publicKeys = users ++ restic;
# discord bot and discord # discord bot and discord
"discord/token.age".publicKeys = users ++ discord; "discord/token1.age".publicKeys = users ++ discord;
# email stuff # email stuff
"email/details.age".publicKeys = users ++ ldap ++ discord; "email/details.age".publicKeys = users ++ ldap ++ discord;