ar/nibylandia
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ci: run from hswaw forgejo on our own hosts
Some checks reported warnings
CI / nixos (push) Has been cancelled
Details

Browse source
This commit is contained in:
Robert Gerus 2023-10-15 01:29:23 +02:00
parent ba4aff00f2
commit 652a41706d
6 changed files with 101 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
.ci.sh
View file

@ -2,17 +2,14 @@
set -eou pipefail
export NIX_CONFIG="use-xdg-base-directories = true"
compgen -c
nix profile install nixpkgs#nixos-rebuild
for hostOutput in $(nix eval --raw --impure --expr '
with import <nixpkgs> { };
(lib.mapAttrsToList (n: v: n)
(lib.attrsets.filterAttrs (n: v: v.pkgs.system == pkgs.system)
(builtins.getFlake(builtins.toString ./.)).outputs.nixosConfigurations))
'); do
nixos-rebuild build --flake ".#${hostOutput}"
done
~/.local/state/nix/profile/bin/nixos-rebuild build --flake ".#ciTest"
# for hostOutput in $(nix eval --raw --impure --expr '
# with import <nixpkgs> { };
# (lib.mapAttrsToList (name: value: value)
# (builtins.getFlake(builtins.toString ./.)).outputs.nixosConfigurations)[0]'
# ); do
# ~/.local/state/nix/profile/bin/nixos-rebuild build --flake ".#${hostOutput}"
# done
#

15
.forgejo/workflows/ci.yml Normal file
View file

@ -0,0 +1,15 @@
name: CI
on:
pull_request:
push:
branches: [main]
jobs:
nixos:
runs-on: self-hosted
steps:
- uses: https://github.com/actions/checkout@v4
- uses: https://github.com/DeterminateSystems/nix-installer-action@main
- uses: https://github.com/DeterminateSystems/magic-nix-cache-action@main
- run: ./.ci.sh

69
flake.nix
View file

@ -26,7 +26,8 @@
outputs = { self, nixpkgs, nix-formatter-pack, nix-index-database, deploy-rs
, agenix, lanzaboote, microvm, simple-nixos-mailserver, ... }:
let
forAllSystems = nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" ];
systems = [ "x86_64-linux" "aarch64-linux" ];
forAllSystems = nixpkgs.lib.genAttrs systems;
pkgsForDeploy =
forAllSystems (system: import nixpkgs { inherit system; });
deployPkgs = forAllSystems (system:
@ -113,29 +114,61 @@
nibylandia-gaming.imports = [ ./modules/gaming.nix ];
nibylandia-monitoring.imports = [ ./modules/monitoring.nix ];
nibylandia-ci-runners.imports = [
({ config, pkgs, lib, ... }:
let gitea-runner-directory = "/var/lib/gitea-runner";
in {
age.secrets.gitea-runner-token = {
file = ./secrets/gitea-runner-token-${config.networking.hostName}.age;
group = "docker";
};
virtualisation.docker.enable = true;
services.gitea-actions-runner.package =
pkgs.forgejo-actions-runner;
services.gitea-actions-runner.instances.nix = {
enable = true;
name = config.networking.hostName;
tokenFile = config.age.secrets.gitea-runner-token.path;
labels = [ "nixos-${pkgs.system}:host" "nixos:host" "nixos:docker://nixos/nix:master" ];
url = "https://code.hackerspace.pl";
settings = {
cache.enabled = true;
host.workdir_parent =
"${gitea-runner-directory}/action-cache-dir";
};
hostPackages = with pkgs; [
bash
coreutils
curl
gawk
git-lfs
nixFlakes
gitFull
gnused
nodejs
wget
];
};
systemd.services.gitea-runner-nix.environment = {
XDG_CONFIG_HOME = gitea-runner-directory;
XDG_CACHE_HOME = "${gitea-runner-directory}/.cache";
};
})
];
};
nixosConfigurations = with self.nixosModules; {
ciTest = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
nibylandia-common
{
nibylandia-boot.uefi.enable = true;
fileSystems."/" = {
device = "none";
fsType = "tmpfs";
options = [ "defaults" "size=8G" "mode=755" ];
};
}
];
};
scylla = nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = [
nibylandia-common
nibylandia-ci-runners
./nixos/scylla
];
@ -191,6 +224,8 @@
nibylandia-common
nibylandia-secureboot
nibylandia-monitoring
nibylandia-ci-runners
simple-nixos-mailserver.nixosModule
./nixos/zorigami

2
secrets.nix
View file

@ -49,6 +49,8 @@ in {
"secrets/mail/keycloakPlain.age".publicKeys = ar ++ [ zorigami ];
"secrets/keycloakDatabase.age".publicKeys = ar ++ [ zorigami ];
"secrets/synapseExtraConfig.age".publicKeys = ar ++ [ zorigami ];
"secrets/gitea-runner-token-zorigami.age".publicKeys = ar ++ [ zorigami ];
"secrets/gitea-runner-token-scylla.age".publicKeys = ar ++ [ scylla ];
inherit ar;
}

12
secrets/gitea-runner-token-scylla.age Normal file
View file

@ -0,0 +1,12 @@
age-encryption.org/v1
-> ssh-ed25519 kY4Rgg GlH9wNkjx7qy7J/jbQv4qfacW6iz33its6tH1f9bkAk
MI+wMI59DcBfnKDYEc6EbjeSbOU2XEQdqsYjxzaLxVI
-> ssh-ed25519 grc4Uw +PBc3OBfou+hHNQsYFkGi2/RkQoFQ8Gmwzm12XJuNhM
AeSiCItTdeR7SDYZefR8mzD3HV10hWTMSndtoEoJ3Ok
-> ssh-ed25519 CJl5MQ uQPbCrToxNIUa4z/OD06qKNK7oVDOnBq1iQ1MaIhVWQ
4KmL1OHWm7KHv47/T7WT3DCaWQCKCI/8fnFBN8M69iY
-> cFj-grease mw<;B=c +zP
PSu98aSDwCWyIbLhj5oDMeXDRLDh6Dlbh0a0I8bOf02smiFzbJBFfuTYNA0ioZTu
qACwWD2Rg8PT15NRpQgjn2KFMA
--- XP+tudENbYfalUUPY75weoXDwzFmCGdku4LKMG+UhqI
Cv³.žt±ó\Ïî¯ñƒxËÆÚµÖcÂd¥óÇ€˜œ“?,¨£g<ß'Ï P"@£W%OY/Ýu1ºè>óü`Ò)úñÉÞÆ!s

11
secrets/gitea-runner-token-zorigami.age Normal file
View file

@ -0,0 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 kY4Rgg wEFXZWeeje/T0B76EQAkfKlTOxlBYDBejKT93d8/00I
FS5MPSW7wzYA2WqS/HszroyxRmyiNfUJS8yZvHTBbBw
-> ssh-ed25519 grc4Uw 5Q+JXYIHuRIZySt2GfDGq6noNJy3neCaQhy7R4LPrW4
vli4pZCS2uu6CGEI7lYg8bKrWoNrXB3YJLdQ2ftbqnQ
-> ssh-ed25519 DLT88w +MGk99tdIjRei7rAPPdKN90TNJOwvJKqtWau6yfuTXs
2j3SdUmRFEqpYrLMzT5IfxvSvhdUYjAqUaKD0L/bE2I
-> ~%h;es-grease \p<"Jkv
JHax9BVFglrzkMz5g9Ey
--- 3pM9fmTNcB6JtcxCIsDikCEsymOIrMAHtI08iTYRJYA
l\t}Z˜ìÄIÆ|³AÊúÒù!–ñÝ ŽËþüüyQ/®òJ<Ç8{'Q/7Æ™[&lkÕ»²âëm²¿šE­Ÿrt-:«Ý8ñÛ