73 lines
1.3 KiB
Nix
73 lines
1.3 KiB
Nix
{
|
|
lib,
|
|
flake,
|
|
modulesPath,
|
|
config,
|
|
pkgs,
|
|
...
|
|
}:
|
|
|
|
let
|
|
inherit (flake) inputs;
|
|
inherit (inputs) self;
|
|
in
|
|
{
|
|
imports = [
|
|
self.nixosModules.default
|
|
"${modulesPath}/virtualisation/lxc-container.nix"
|
|
];
|
|
|
|
nix.settings = {
|
|
allowed-users = [
|
|
"root"
|
|
"@wheel"
|
|
"@builders"
|
|
"gitea-runner"
|
|
];
|
|
trusted-users = [
|
|
"root"
|
|
"gitea-runner"
|
|
];
|
|
};
|
|
sops.secrets.forgejo-runners-token = {
|
|
# owner = "gitea-runner";
|
|
# group = "gitea-runner";
|
|
mode = "0777";
|
|
};
|
|
sops.secrets.forgejo-nix-key = { };
|
|
nix.settings = {
|
|
secret-key-files = config.sops.secrets.forgejo-nix-key.path;
|
|
};
|
|
services.gitea-actions-runner = {
|
|
package = pkgs.forgejo-runner;
|
|
instances = {
|
|
native = {
|
|
enable = true;
|
|
url = "https://git.skdevstudios.com";
|
|
name = "nix";
|
|
labels = [
|
|
"native:host"
|
|
"nix"
|
|
];
|
|
tokenFile = config.sops.secrets.forgejo-runners-token.path;
|
|
hostPackages = with pkgs; [
|
|
openssh
|
|
nix
|
|
opentofu
|
|
nodejs
|
|
git
|
|
bash
|
|
coreutils
|
|
curl
|
|
];
|
|
};
|
|
};
|
|
};
|
|
networking = {
|
|
hostName = "forgejo-runner-tofu";
|
|
};
|
|
environment.systemPackages = with pkgs; [
|
|
cowsay
|
|
];
|
|
system.stateVersion = "25.05";
|
|
}
|