feat(aya): runner

2026-02-09 04:19:19 -08:00 · 2024-02-12 17:52:47 -08:00 · 2024-02-12 17:52:47 -08:00 · 585c758254
commit 585c758254
parent fc11fb8152
11 changed files with 785 additions and 32 deletions
--- a/systems/aya/nixos.nix
+++ b/systems/aya/nixos.nix
@ -1,8 +1,5 @@
 {
-  config,
  meta,
-  lib,
-  access,
  ...
 }: {
  imports = let
@ -12,8 +9,31 @@
    nixos.base
    nixos.reisen-ct
    nixos.tailscale
+    nixos.github-runner.zone
  ];

+  nix.gc = {
+    dates = "monthly";
+    options = "--delete-older-than 30d";
+  };
+
+  services.github-runner-zone = {
+    count = 16;
+    runnerSettings.networkNamespace.name = "ns1";
+  };
+
+  networking.namespaces.ns1 = {
+    dhcpcd.enable = true;
+    nftables = {
+      enable = true;
+      rejectLocaladdrs = true;
+      serviceSettings = rec {
+        wants = [ "localaddrs.service" ];
+        after = wants;
+      };
+    };
+    interfaces.eth1 = { };
+  };
  systemd.network.networks.eth0 = {
    name = "eth0";
    matchConfig = {
@ -24,6 +44,16 @@
    gateway = ["10.1.1.1"];
    DHCP = "no";
  };
+  systemd.network.networks.eth1 = {
+    name = "eth1";
+    matchConfig = {
+      MACAddress = "BC:24:11:C4:66:AA";
+      Type = "ether";
+    };
+    DHCP = "no";
+    slaac.enable = false;
+    mdns.enable = false;
+  };

  sops.defaultSopsFile = ./secrets.yaml;