nrabulinski/settei
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

modules/system/common: github-runner module

Browse source
This commit is contained in:
Nikodem Rabuliński 2024-02-10 21:40:13 +01:00
parent 0d51bd1aa8
commit 1d4a0a82d3
4 changed files with 77 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

5
hosts/ude/default.nix
View file

@ -8,7 +8,6 @@
imports = [ imports = [
"${modulesPath}/profiles/qemu-guest.nix" "${modulesPath}/profiles/qemu-guest.nix"
./disks.nix ./disks.nix
./github-runner.nix
]; ];
nixpkgs.hostPlatform = "aarch64-linux"; nixpkgs.hostPlatform = "aarch64-linux";
@ -21,6 +20,10 @@
common.hercules.enable = true; common.hercules.enable = true;
services.hercules-ci-agent.settings.concurrentTasks = 6; services.hercules-ci-agent.settings.concurrentTasks = 6;
common.github-runner = {
enable = true;
runners.settei.url = "https://github.com/nrabulinski/settei";
};
services.nginx = { services.nginx = {
enable = true; enable = true;

27
hosts/ude/github-runner.nix
View file

@ -1,27 +0,0 @@
{config, ...}: let
github-runner-user = "github-runner";
in {
age.secrets.github-token = {
file = ../../secrets/github-token.age;
owner = github-runner-user;
};
services.github-runners.settei = {
enable = true;
tokenFile = config.age.secrets.github-token.path;
url = "https://github.com/nrabulinski/settei";
ephemeral = true;
user = github-runner-user;
serviceOverrides = {
DynamicUser = false;
};
};
users = {
users.${github-runner-user} = {
isSystemUser = true;
group = github-runner-user;
};
groups.${github-runner-user} = {};
};
}

1
modules/system/common/default.nix
View file

@ -61,6 +61,7 @@ in {
imports = [ imports = [
(import ./hercules.nix {inherit isLinux;}) (import ./hercules.nix {inherit isLinux;})
(import ./user.nix {inherit isLinux;}) (import ./user.nix {inherit isLinux;})
(import ./github-runner.nix {inherit isLinux;})
]; ];
config = lib.mkMerge [ config = lib.mkMerge [

72
modules/system/common/github-runner.nix Normal file
View file

@ -0,0 +1,72 @@
{isLinux}: {
config,
lib,
pkgs,
...
}: let
inherit (lib) mkOption types;
github-runner-user = "github-runner";
cfg = config.common.github-runner;
sharedConfig = {
age.secrets.github-token = {
file = ../../../secrets/github-token.age;
owner = github-runner-user;
};
};
linuxConfig = lib.optionalAttrs isLinux {
services.github-runners =
lib.mapAttrs (name: cfg: {
enable = true;
tokenFile = config.age.secrets.github-token.path;
inherit (cfg) name url;
ephemeral = true;
user = github-runner-user;
serviceOverrides = {
DynamicUser = false;
};
extraLabels = ["nix"];
})
cfg.runners;
users = {
users.${github-runner-user} = {
isSystemUser = true;
group = github-runner-user;
};
groups.${github-runner-user} = {};
};
};
darwinConfig = lib.optionalAttrs (!isLinux) {
warnings = lib.singleton "common.github-runner doesn't do anything on darwin yet";
};
in {
_file = ./github-runner.nix;
options.common.github-runner = {
enable = lib.mkEnableOption "using this machine as a self-hosted github runner";
runners = mkOption {
type = with types;
attrsOf (submodule ({name, ...}: {
options = {
name = mkOption {
type = types.str;
default = "${name}-${config.networking.hostName}";
};
url = mkOption {
type = types.str;
};
};
}));
};
};
config = lib.mkIf cfg.enable (lib.mkMerge [
sharedConfig
linuxConfig
darwinConfig
]);
}