diff --git a/hosts/kazuki/default.nix b/hosts/kazuki/default.nix index 80f1423..8f2557b 100644 --- a/hosts/kazuki/default.nix +++ b/hosts/kazuki/default.nix @@ -27,5 +27,12 @@ }; common.hercules.enable = true; + common.github-runner = { + enable = true; + runners.settei = { + url = "https://github.com/nrabulinski/settei"; + instances = 2; + }; + }; }; } diff --git a/hosts/kogata/default.nix b/hosts/kogata/default.nix index da463f8..e5dc94a 100644 --- a/hosts/kogata/default.nix +++ b/hosts/kogata/default.nix @@ -14,5 +14,9 @@ environment.systemPackages = with pkgs; [teams]; common.hercules.enable = true; + common.github-runner = { + enable = true; + runners.settei.url = "https://github.com/nrabulinski/settei"; + }; }; } diff --git a/hosts/legion/default.nix b/hosts/legion/default.nix index 603b48b..7f71d1b 100644 --- a/hosts/legion/default.nix +++ b/hosts/legion/default.nix @@ -38,5 +38,12 @@ users.users.${username}.hashedPasswordFile = config.age.secrets.niko-pass.path; common.hercules.enable = true; + common.github-runner = { + enable = true; + runners.settei = { + url = "https://github.com/nrabulinski/settei"; + instances = 4; + }; + }; }; } diff --git a/hosts/ude/default.nix b/hosts/ude/default.nix index 1913f08..a6be5ef 100644 --- a/hosts/ude/default.nix +++ b/hosts/ude/default.nix @@ -22,7 +22,10 @@ services.hercules-ci-agent.settings.concurrentTasks = 6; common.github-runner = { enable = true; - runners.settei.url = "https://github.com/nrabulinski/settei"; + runners.settei = { + url = "https://github.com/nrabulinski/settei"; + instances = 6; + }; }; services.nginx = { diff --git a/modules/system/common/github-runner.nix b/modules/system/common/github-runner.nix index 12163b9..dd65051 100644 --- a/modules/system/common/github-runner.nix +++ b/modules/system/common/github-runner.nix @@ -17,19 +17,28 @@ }; linuxConfig = lib.optionalAttrs isLinux { - services.github-runners = - lib.mapAttrs (name: cfg: { - enable = true; - tokenFile = config.age.secrets.github-token.path; - inherit (cfg) name url; - ephemeral = true; - user = github-runner-user; - serviceOverrides = { - DynamicUser = false; - }; - extraLabels = ["nix"]; - }) - cfg.runners; + services.github-runners = lib.pipe cfg.runners [ + (lib.mapAttrsToList ( + name: cfg: + lib.genList (i: + lib.nameValuePair + "${name}-${toString i}" + { + enable = true; + tokenFile = config.age.secrets.github-token.path; + inherit (cfg) url; + name = "${cfg.name}-${toString i}"; + user = github-runner-user; + serviceOverrides = { + DynamicUser = false; + }; + extraLabels = ["nix"]; + }) + cfg.instances + )) + lib.flatten + lib.listToAttrs + ]; users = { users.${github-runner-user} = { @@ -59,6 +68,10 @@ in { url = mkOption { type = types.str; }; + instances = mkOption { + type = types.int; + default = 1; + }; }; })); }; diff --git a/secrets/alert-nrab-lol-pass.age b/secrets/alert-nrab-lol-pass.age index 321ccf7..371a235 100644 --- a/secrets/alert-nrab-lol-pass.age +++ b/secrets/alert-nrab-lol-pass.age @@ -1,7 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 84j9mw mwmdWJGJ/XJNFdlu3rfdwPZwArc4k0jCyg0IOt7Woms -mR9gZHcrQpfIBahm1F4Mi8peBjMqRtcqvKiNat15mE0 --> ssh-ed25519 GKhvwg 56FsOXlgqk60VEJCbw6MxVm7rdNLTHhZLec+B3uiXyI -Tr5+EuPuCOUEH3+snhq/Pt7RRzT0N5GTi8+kBL5W+JE ---- GsG8dZ4Pm4fmdeTAB3FK9hpeuoLK3vBDgNZtGCWULj8 -M囧-f57Il滁梯 蠛鋤熿Bs潶躺蹑| u埪蘇qy_c嵦P炼zy2e0阞湢4轰S鹌2雊b^=u黌d袕) \ No newline at end of file +-> ssh-ed25519 84j9mw tfUR84yYxwWvNBmxvhsZHGtaIruTij97ZI50cJSL/Qg +O4l3r8XdWzLZuxp5BolTS7XOfbDvwj1Ybbl1TPSrtSY +-> ssh-ed25519 GKhvwg DItnbkoSp8LfS6MZsKZ8njOnbtiqYufdEHr+dbb8i0M +NYOrpEIWujBGLdBWyHJmtTTdvlhVlpDaI1r3RM8K9zg +--- Lyzm1dKlnSIdBYB2tQuDEbGy9Gf/KlHfOAPw3NT15Xs +夛69匑#JQ绥#;)? 8/0绻8龈脐Z 鹻麽尪S熹癧種弡憆Jb挬縎~櫨zk極'4 \ No newline at end of file diff --git a/secrets/alert-plain-pass.age b/secrets/alert-plain-pass.age index 6810937..8ebd447 100644 --- a/secrets/alert-plain-pass.age +++ b/secrets/alert-plain-pass.age @@ -1,7 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 ioPMHA 4EqxwfHCz9VJQPMfULLbAr9eaesivV9BE1ERyrH91xY -M2l3meRzStyjlG9enK3ObCeglXP6cOfiYzrqcw0in2U --> ssh-ed25519 GKhvwg 2CjaggQgGYNEfP/IBME/T0cueM5KY94nK5VbbXw4Tj8 -Mi0Sig6qtnBtKVEiw7uBQqyLdqxw6OuJzAbu7USrR40 ---- OfhXRbqvSTxx9Sv/Ke7IHMSZrkVF/dmCqabmt5fbhP8 -際r瀖-iB侈.趝2籡P跃d!e籁 Um1鴞d屓 \ No newline at end of file +-> ssh-ed25519 ioPMHA ataMxkoppMnkRaCScXAtEohUU3WE8fEYxBeaZYOQoXE +WcBLxLGjV1uawwi5C70+XMEo7Z+UfWspPbWW+mQDqhc +-> ssh-ed25519 GKhvwg 01u8Pl4uXUryHlKVkgywl0glUBEtVjdNxXCPexoqvFE +mVlJz6NKCto+Re1Ps64+yg1Ztf6sWWPX91TKyerIXa0 +--- b/8Zb9zbaU7zLm0OXMsWrIx0Iahq/oKkxcQLhkDsutA +"Ζ>k榣R塍泒="-u:晢8":鞠(D眸釽儐到䲣猵 \ No newline at end of file diff --git a/secrets/attic-creds.age b/secrets/attic-creds.age index 49aa31d..393a98b 100644 --- a/secrets/attic-creds.age +++ b/secrets/attic-creds.age @@ -1,8 +1,8 @@ age-encryption.org/v1 --> ssh-ed25519 84j9mw L1Lee3U0LWtn6zx0M5pA+VpiRtx903AYyVPmeaciumA -dfEtGwEhEtBGnltkRFT2KMUl/tC1b8bYCLKtut0S75g --> ssh-ed25519 GKhvwg Ybp7LvImp228BXqj9IfahYkdCZdO5NgPGol+GacnfQM -hSU9nhgpeOgRDQHDpO9mFPdu52R6y2/lfYCI01/3ypA ---- YnhUF2kfu+Va5YyMjZcySvd4dSbvz5CMIAkbX+2iUQ4 -'凛Q ~ 什"#厏,齌6!橤~字7S魙昕駱-笶 +蘚 -)稑,2巉.牸|M9 z俿' 濲"'6_篬.rq輳8ぽ|y>鎉c"簞w虷 裒蠜E殆顒蝐畣Ni慾銢育炞䲢7 0 嫃駫 \ No newline at end of file +-> ssh-ed25519 84j9mw v0YsgTbyCuVI0uAXTeCR6XSORbwJxVpegx+adh15aw8 +HvNFhJmh8MEybRtG92IlsQZXYeDyvh0vsiu0f08CXy0 +-> ssh-ed25519 GKhvwg MrFFxPlJ7JBvUhl2QByLvRIigGmBT2J/123O90srXx0 +f8dGUqoJbQjH1epgvTte161wRn/sas6AayOvqgEcfc0 +--- s1v3ZB9lVmLob/xQ48C/xa3DnXZhoJr0zVk/X5VfdJU +袪苇+碾O爜PU夂u螔M搷嵈阚x爷鎂G')此次nS.>4賮婶盷怸:pPT4UB騹?J<&dZ汼棌"2_(义 +I肘玀汒?幆B抽I塚P:湑俭%O価r綶&0紸埄?[J ssh-ed25519 IFuY+w UcPjVl8nIr6sgfsxOrYmgi46rAsfdCRy9iTGkQAOaSE -vKislIP2yoQahKTpAE0d8P3ZdyyCHThy4u6vshtOQAI --> ssh-ed25519 GKhvwg 2ZS+VXjZFBj3n9RoJD8Ynn6Rur6Abs5loOtebFIang0 -/47vHgkd8KPnM1sPWjqFDSdTk3LiUQNmO9X0HodHjS8 ---- MBuCzebM317ShOJsMaGMdUR83avwx/Ig84l1q2Fv6Ng -五0撆藔〤;╠-廂覕1 "%?怶栎辀甉%帳k鄿WU3}簜-祔M,@嘷♀\ QUPmJ \ No newline at end of file +-> ssh-ed25519 IFuY+w O/FQauaFhUwbinIrTM7/cRbolpvUWXNKJBxrMoUVJF0 +GKPP4rmiC2YQs/ythlp+UwPEchVg5PMQ4zr1Kapukmw +-> ssh-ed25519 84j9mw 4R3KhL7n/7/bLOwipVLST25sjANznNtdPCOUDS8Ztmg +JjrQ/BWgrBly4SyEskM0I4Q1tnyVytOA6TmwFAKilr8 +-> ssh-ed25519 GKhvwg Fi1Ji7ohIublP7bzYWhHZeWVg6dB9SJClTZx9iGIxk4 +FH8JIjI+oPJTcQARh50PhegayJw6Bm71QglpB40Y5VE +--- Vzb2XFEK08ENArloqCy6gAU4laVkKo+0kKAJ8d/uzgo + I蕍VX碠+,n豱3\{'S9葡/蔚>I;q\港瑞鑷d慦9T坣餷 *=桢哛)1C绌鑸R \ No newline at end of file diff --git a/secrets/hercules-cache.age b/secrets/hercules-cache.age index 034c1c1..1acf80e 100644 Binary files a/secrets/hercules-cache.age and b/secrets/hercules-cache.age differ diff --git a/secrets/hercules-secrets.age b/secrets/hercules-secrets.age index eef4c8f..67f3294 100644 Binary files a/secrets/hercules-secrets.age and b/secrets/hercules-secrets.age differ diff --git a/secrets/hercules-token.age b/secrets/hercules-token.age index f6a958f..547375c 100644 Binary files a/secrets/hercules-token.age and b/secrets/hercules-token.age differ diff --git a/secrets/leet-nrab-lol-pass.age b/secrets/leet-nrab-lol-pass.age index 147eacc..1d5f709 100644 Binary files a/secrets/leet-nrab-lol-pass.age and b/secrets/leet-nrab-lol-pass.age differ diff --git a/secrets/legion-niko-pass.age b/secrets/legion-niko-pass.age index 15ead82..52fb6ef 100644 --- a/secrets/legion-niko-pass.age +++ b/secrets/legion-niko-pass.age @@ -1,7 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 ioPMHA BCoFRArzhiWzaXVtF1qkiPxL+M5WuLsrUqH9T8hh7D0 -3be6hdQ8hjRLCuN91pB8X/WhvwfpvPifsICFOxAUxlY --> ssh-ed25519 GKhvwg 0L+oViZLW+pKKDmP2H4uv1PDAE423vqAHpPltN+euhU -zDVev9k/LRuqUWvSjFxCE0H+yt8xniV/Au0Z+49zY9M ---- 1UkToOyXP7ljQ+KTcSfNydUd8J1rm3QeyabusJiZqAM -J)2鯽 ^6歹掍棈顰J嵬5忽1i 佉摀c牓骱Z殐P ssh-ed25519 ioPMHA kdyCpSDZA4wsaPClpGwicXN3bLytnBT2RmRD14tjdDs +vRNd1HuCBYTD2Co9G+Edb3T5ecTLzjTBWWn/J26y8gA +-> ssh-ed25519 GKhvwg 5MZxra/oc5lMPmx7Y2mPJ0axSQrZm+Vc9ep8vWu3Mm4 +vGC56lhi+uwLBx4Khne+YoHkNi6pH6srRFDyNKqr/8s +--- NfSPAUies7aRBOwFmVUbcBzkPxfTnonEqP/Iot6Mc/M +{綹i鷏4m*(稞嬄O缸寚顗r昝簄<廽47薶[Kd,#殖.鎊s饺b鄻j膚竅L鯭甚''O鑎'6Ν傄c?~DMZ骽'q玍 \ No newline at end of file diff --git a/secrets/nrab-lol-cf.age b/secrets/nrab-lol-cf.age index bfa6272..32e5c77 100644 --- a/secrets/nrab-lol-cf.age +++ b/secrets/nrab-lol-cf.age @@ -1,7 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 84j9mw QEsw7uvxEdZ/2Bab/bGd9/Ap5psN7p5RudFZJFZQ3kM -UZCthc92ptbwxxe8nFnhvdedkpt6Y/nJf8GI0qdQRcc --> ssh-ed25519 GKhvwg BIAW4Jad+tcsVXR6ibhWvvuvXCNQ1seZR1HGym11Mz8 -9NHhqlljWYoH8t1s4vvgzUjfL5lxVPVEY/pDiDP9h1I ---- dyefPpAwwsQ4xLsUBr3L5VYBhhdVKOYaCrabI042cCk -_凌庴ofV炁!藔v^>'榒氹qW'CшE貃j篷7俖)|t6{粆裵宣溍一#幇烥楏汼费钬砩>Q希"C \ No newline at end of file +-> ssh-ed25519 84j9mw Ao9xAby1hDTHybu6IkkpSYj2+fIrp7RyPtD4UhDcllU +JagJ33GdoNif6fv4x679IkFUVKIB5s+q8p/86pYWG/k +-> ssh-ed25519 GKhvwg wWBJKWZBeHz19y6/YHooVoeNtyS45+ff3zwZ+uTLTBo +NjgD+eZzt6lYZlN+TgpYQxTJ+JhjHY56vktCoLpvGLE +--- ebDqhUoYKbGEfLWElIgwD8nPei/6dWKTRyLuT3AgG0w +昈莑k齨橐螸袟v嵣醝%(垅326d倔WN$i)闵zz^c设 :@墭l|Vkd赔科[X_)黨?糨UaC} \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 2a5dd38..6164cf5 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -57,6 +57,7 @@ in { ]; "github-token.age".publicKeys = [ keys.system.ude + keys.system.kazuki keys.other.bootstrap ]; } diff --git a/secrets/storage-box-creds.age b/secrets/storage-box-creds.age index 20a50c1..941510f 100644 --- a/secrets/storage-box-creds.age +++ b/secrets/storage-box-creds.age @@ -1,7 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 84j9mw Ne+o6QDh4zL7sYize81+CsErRJqFPVPvqgKof1NaGXE -cxgH4T1TL1QNebEpJjbhtNzsruScnfiJmooyu1H1hqA --> ssh-ed25519 GKhvwg D7vjyGI59njgGefZ0siA84egRuXDBJKHMykAfejvbiE -F6g9/HZYUGvH8fwXvn0jUbBpouloFbyD6cSYyj6efcY ---- 6wPtAFTNJYMqW26PpAHohjNjryx/XL7UIo7+91CFjZY -諳贩>鄀N陯2徦梋4籰#髆o 挍傰 `%0X X)C:骩鑋崘 婛鲜佃+淙*t鑝 \ No newline at end of file +-> ssh-ed25519 84j9mw flAGDRU7ONCpOxgQvudxjl2H8U4LB3ATxOF6/Q04QnA +KTudGd6ePDARxgM3pxNbcFvmHKOsrr1+5pMhoBOOn8c +-> ssh-ed25519 GKhvwg xyDU0Bfmt/ib35pF8PcZAi4mBwbsMlyacUqNnBlAyG0 +fjyIGDjOaLgb1qzejoxDEUZiMGuXwRKc1p9Az0qy20I +--- rLpJ72c+QSvu+8LMOJp1XRrtlNmH6xU8ObnvilPzl4I +0=v2銾绡弊R襲逓弫 yジ.,&舒鋼唼文9!俒A`$茐 莅q謠顳]萕!覤k \ No newline at end of file diff --git a/secrets/vault-cert-env.age b/secrets/vault-cert-env.age index 6dbadfd..7ff0cc2 100644 --- a/secrets/vault-cert-env.age +++ b/secrets/vault-cert-env.age @@ -1,7 +1,8 @@ age-encryption.org/v1 --> ssh-ed25519 84j9mw eje98xFWmQ76FVbbuu1fIJSN26sxalB3hQeCZe86tGw -2hIPVSC1oLwY/AtEhKa0qUenw8nBBOY5uC74B0O4ohs --> ssh-ed25519 GKhvwg e4D3PZQrTW3DHV9YLD9d9wvirIhCNJCBVqI/BKC6CWA -jpQnjh4yhLJdjeBcjlyP+aRZfSI++7j8PxlIwbQ00Qw ---- eU8hHBZ0+PiVjH1SetgWVronyegyAZclWnIdxHmeO8Q -)b#pBJx謴纪%稐嶚阛q(lPǐ{+j伎>l# \ No newline at end of file +-> ssh-ed25519 84j9mw hvZRPX7KPlenU4WVrYxW9LrmjGuJyUv3L8Vf07QvIDA +1r+hIxsH22OlbqmPnhBO+8IYAgF+MyzYIslzfyKYkHQ +-> ssh-ed25519 GKhvwg WvQ3d2G+R3vLmBmz5P7zEP/0/xNgmg09sMEzbVGy11c +joIgz1+t5czRm3Mz7H+aggPJCU3EsfLunRc3T0CTZOM +--- 8Vd7XSFbf48XVttovVQcS4eVwn3tf6eTEUN5HHn+r14 +-涖P敞p>9RS:d砈7艶蝊D-&晾袓Yz5d涒管0鉷d$麂i骵: +殱鼟u:.2N]#W*s茗)苳cy 鸜t. \ No newline at end of file