harivansh-afk/nix
1
1
Fork 0
mirror of https://github.com/harivansh-afk/nix.git synced 2026-04-15 05:02:10 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

update runners

Browse source
This commit is contained in:
Harivansh Rathi 2026-04-06 02:04:57 +00:00
parent 84137476bd
commit ab03b04e8e
4 changed files with 103 additions and 123 deletions
Download patch file Download diff file Expand all files Collapse all files

2
hosts/netty/configuration.nix
View file

@ -19,7 +19,7 @@ in
./forgejo.nix ./forgejo.nix
./betternas.nix ./betternas.nix
./openclaw-gateway.nix ./openclaw-gateway.nix
./github-runners.nix ./forgejo-runner.nix
../../modules/base.nix ../../modules/base.nix
(modulesPath + "/profiles/minimal.nix") (modulesPath + "/profiles/minimal.nix")
(modulesPath + "/profiles/headless.nix") (modulesPath + "/profiles/headless.nix")

83
hosts/netty/forgejo-runner.nix Normal file
View file

@ -0,0 +1,83 @@
{
pkgs,
lib,
...
}:
let
cacheRoot = "/var/cache/forgejo-runner";
in
{
systemd.tmpfiles.rules = [
"d ${cacheRoot} 0750 forgejo-runner forgejo-runner -"
"d ${cacheRoot}/cargo 0750 forgejo-runner forgejo-runner -"
"d ${cacheRoot}/npm 0750 forgejo-runner forgejo-runner -"
"d ${cacheRoot}/pip 0750 forgejo-runner forgejo-runner -"
"d ${cacheRoot}/pre-commit 0750 forgejo-runner forgejo-runner -"
"d ${cacheRoot}/rustup 0750 forgejo-runner forgejo-runner -"
"d ${cacheRoot}/uv 0750 forgejo-runner forgejo-runner -"
"d ${cacheRoot}/actcache 0750 forgejo-runner forgejo-runner -"
];
services.gitea-actions-runner = {
package = pkgs.forgejo-runner;
instances.netty = {
enable = true;
name = "netty";
url = "https://git.harivan.sh";
tokenFile = "/etc/forgejo-runner/token";
labels = [
"native:host"
"ubuntu-latest:docker://node:20-bookworm"
];
hostPackages = with pkgs; [
bash
coreutils
curl
fd
gh
git
gnumake
gnused
gawk
jq
nodejs_22
pkg-config
pnpm
python3
python3Packages.pip
ripgrep
rustup
stdenv.cc
unzip
uv
wget
xz
zip
];
settings = {
log.level = "info";
runner = {
capacity = 2;
timeout = "3h";
envs = {
CARGO_HOME = "${cacheRoot}/cargo";
PIP_CACHE_DIR = "${cacheRoot}/pip";
PRE_COMMIT_HOME = "${cacheRoot}/pre-commit";
RUSTUP_HOME = "${cacheRoot}/rustup";
UV_CACHE_DIR = "${cacheRoot}/uv";
npm_config_cache = "${cacheRoot}/npm";
};
};
cache = {
enabled = true;
dir = "${cacheRoot}/actcache";
};
};
};
};
}

19
hosts/netty/forgejo.nix
View file

@ -1,11 +1,14 @@
{ {
pkgs, pkgs,
lib,
username, username,
... ...
}: }:
let let
forgejoDomain = "git.harivan.sh"; forgejoDomain = "git.harivan.sh";
forgejoApiUrl = "http://127.0.0.1:19300"; forgejoApiUrl = "http://127.0.0.1:19300";
gitCredentialFile = "/var/lib/forgejo/.git-credentials";
mirrorEnvFile = "/etc/forgejo-mirror.env";
in in
{ {
users.users.git = { users.users.git = {
@ -16,11 +19,23 @@ in
}; };
users.groups.git = { }; users.groups.git = { };
# Generate git credential store for GitHub mirror fetches.
# Appended after the module's own preStart (which handles app.ini and migrations).
# preStart runs as the forgejo user (git), and the env file is world-readable.
systemd.services.forgejo.preStart = lib.mkAfter ''
. ${mirrorEnvFile}
printf 'https://oauth2:%s@github.com\n' "$GITHUB_TOKEN" > ${gitCredentialFile}
chmod 600 ${gitCredentialFile}
'';
services.forgejo = { services.forgejo = {
enable = true; enable = true;
user = "git"; user = "git";
group = "git"; group = "git";
settings = { settings = {
"git.config" = {
"credential.helper" = "store --file ${gitCredentialFile}";
};
repository = { repository = {
FORCE_PRIVATE = true; FORCE_PRIVATE = true;
DEFAULT_PRIVATE = "private"; DEFAULT_PRIVATE = "private";
@ -41,6 +56,10 @@ in
DEFAULT_INTERVAL = "1h"; DEFAULT_INTERVAL = "1h";
MIN_INTERVAL = "10m"; MIN_INTERVAL = "10m";
}; };
actions = {
ENABLED = true;
DEFAULT_ACTIONS_URL = "https://github.com";
};
}; };
}; };

122
hosts/netty/github-runners.nix
View file

@ -1,122 +0,0 @@
{
pkgs,
lib,
...
}:
let
cacheRoot = "/var/cache/github-runner";
sanitize =
repo:
lib.toLower (
lib.replaceStrings
[ "." ]
[ "-" ]
repo
);
repos = [
"nix"
"deskctl"
"betterNAS"
];
workDir = repo: "/var/lib/github-runner/work/${repo}";
cacheDirs = [
"${cacheRoot}/cargo"
"${cacheRoot}/npm"
"${cacheRoot}/pip"
"${cacheRoot}/pre-commit"
"${cacheRoot}/rustup"
"${cacheRoot}/uv"
"${cacheRoot}/xdg-cache"
"${cacheRoot}/xdg-data"
];
mkRunner =
repo:
let
runnerId = sanitize repo;
in
lib.nameValuePair runnerId {
enable = true;
url = "https://github.com/harivansh-afk/${repo}";
tokenFile = "/etc/github-runner/token";
tokenType = "access";
name = "netty-${runnerId}";
replace = true;
user = "github-runner";
group = "github-runner";
workDir = workDir repo;
extraLabels = [
"netty"
"nix"
"cache"
];
extraPackages = with pkgs; [
curl
fd
gh
gnumake
jq
nodejs_22
pkg-config
pnpm
python3
python3Packages.pip
ripgrep
rustup
stdenv.cc
unzip
uv
wget
libx11
libx11.dev
libxtst
xvfb-run
xz
zip
];
extraEnvironment = {
CARGO_HOME = "${cacheRoot}/cargo";
PIP_CACHE_DIR = "${cacheRoot}/pip";
PRE_COMMIT_HOME = "${cacheRoot}/pre-commit";
RUSTUP_HOME = "${cacheRoot}/rustup";
UV_CACHE_DIR = "${cacheRoot}/uv";
XDG_CACHE_HOME = "${cacheRoot}/xdg-cache";
XDG_DATA_HOME = "${cacheRoot}/xdg-data";
npm_config_cache = "${cacheRoot}/npm";
};
serviceOverrides = {
IOSchedulingClass = "best-effort";
IOSchedulingPriority = 7;
Nice = 10;
ReadWritePaths = [ cacheRoot ];
};
};
in
{
users.users.github-runner = {
isSystemUser = true;
group = "github-runner";
home = "/var/lib/github-runner";
};
users.groups.github-runner = { };
nix.settings.trusted-users = [ "github-runner" ];
systemd.tmpfiles.rules =
[
"d /etc/github-runner 0750 root root -"
"d /var/cache/github-runner 0750 github-runner github-runner -"
"d /var/lib/github-runner 0750 github-runner github-runner -"
"d /var/lib/github-runner/work 0750 github-runner github-runner -"
]
++ map (dir: "d ${dir} 0750 github-runner github-runner -") cacheDirs
++ map (repo: "d ${workDir repo} 0750 github-runner github-runner -") repos;
services.github-runners = lib.listToAttrs (map mkRunner repos);
}