kat/nixfiles
1
0
Fork 0
mirror of https://github.com/kittywitch/nixfiles.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity

fix(forgejo-runner): maybe?
Some checks failed
flake-update / flake-update check (push) Has been cancelled
flake-update / flake-update (push) Has been cancelled
nodes / nodes-home-home-base (push) Failing after 24s
nodes / nodes check (push) Failing after 1m30s
nodes / nodes-home-home-graphical (push) Failing after 43s
nodes / nodes-home-home-neovim (push) Failing after 23s
nodes / nodes-nixos-mei (push) Failing after 23s
nodes / nodes-home-home-shell (push) Failing after 45s
nodes / nodes-nixos-mai (push) Failing after 44s

Browse source
This commit is contained in:
Kat Inskip 2025-10-13 09:09:58 -07:00
parent 69d80bde5b
commit 6fe1921360
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
6 changed files with 82 additions and 43 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/flake-update.yml vendored
View file

@ -5,6 +5,7 @@ env:
CI_CONFIG: ./ci/flake-cron.nix CI_CONFIG: ./ci/flake-cron.nix
CI_PLATFORM: gh-actions CI_PLATFORM: gh-actions
DISCORD_WEBHOOK_LINK: ${{ secrets.DISCORD_WEBHOOK_LINK }} DISCORD_WEBHOOK_LINK: ${{ secrets.DISCORD_WEBHOOK_LINK }}
NIX_CONFIG: ${{ secrets.NIX_CONFIG }}
jobs: jobs:
ci-check: ci-check:
name: flake-update check name: flake-update check
@ -52,6 +53,7 @@ jobs:
NF_CONFIG_ROOT: ${{ github.workspace }} NF_CONFIG_ROOT: ${{ github.workspace }}
NF_UPDATE_CACHIX_PUSH: '1' NF_UPDATE_CACHIX_PUSH: '1'
NF_UPDATE_GIT_COMMIT: '1' NF_UPDATE_GIT_COMMIT: '1'
NIX_CONFIG: ${{ secrets.NIX_CONFIG }}
id: flake-update id: flake-update
name: flake update build name: flake update build
run: nix run .#nf-update run: nix run .#nf-update

7
.github/workflows/nodes.yml vendored
View file

@ -5,6 +5,7 @@ env:
CI_CONFIG: ./ci/nodes.nix CI_CONFIG: ./ci/nodes.nix
CI_PLATFORM: gh-actions CI_PLATFORM: gh-actions
DISCORD_WEBHOOK_LINK: ${{ secrets.DISCORD_WEBHOOK_LINK }} DISCORD_WEBHOOK_LINK: ${{ secrets.DISCORD_WEBHOOK_LINK }}
NIX_CONFIG: ${{ secrets.NIX_CONFIG }}
jobs: jobs:
ci-check: ci-check:
name: nodes check name: nodes check
@ -51,6 +52,7 @@ jobs:
DISCORD_WEBHOOK_LINK: ${{ secrets.DISCORD_WEBHOOK_LINK }} DISCORD_WEBHOOK_LINK: ${{ secrets.DISCORD_WEBHOOK_LINK }}
NF_CONFIG_ROOT: ${{ github.workspace }} NF_CONFIG_ROOT: ${{ github.workspace }}
NF_UPDATE_CACHIX_PUSH: '1' NF_UPDATE_CACHIX_PUSH: '1'
NIX_CONFIG: ${{ secrets.NIX_CONFIG }}
id: home-base id: home-base
name: build home closure for home-base name: build home closure for home-base
run: nix run .#nf-build-system -- homeConfigurations.home-base.activationPackage run: nix run .#nf-build-system -- homeConfigurations.home-base.activationPackage
@ -113,6 +115,7 @@ jobs:
DISCORD_WEBHOOK_LINK: ${{ secrets.DISCORD_WEBHOOK_LINK }} DISCORD_WEBHOOK_LINK: ${{ secrets.DISCORD_WEBHOOK_LINK }}
NF_CONFIG_ROOT: ${{ github.workspace }} NF_CONFIG_ROOT: ${{ github.workspace }}
NF_UPDATE_CACHIX_PUSH: '1' NF_UPDATE_CACHIX_PUSH: '1'
NIX_CONFIG: ${{ secrets.NIX_CONFIG }}
id: home-graphical id: home-graphical
name: build home closure for home-graphical name: build home closure for home-graphical
run: nix run .#nf-build-system -- homeConfigurations.home-graphical.activationPackage run: nix run .#nf-build-system -- homeConfigurations.home-graphical.activationPackage
@ -175,6 +178,7 @@ jobs:
DISCORD_WEBHOOK_LINK: ${{ secrets.DISCORD_WEBHOOK_LINK }} DISCORD_WEBHOOK_LINK: ${{ secrets.DISCORD_WEBHOOK_LINK }}
NF_CONFIG_ROOT: ${{ github.workspace }} NF_CONFIG_ROOT: ${{ github.workspace }}
NF_UPDATE_CACHIX_PUSH: '1' NF_UPDATE_CACHIX_PUSH: '1'
NIX_CONFIG: ${{ secrets.NIX_CONFIG }}
id: home-neovim id: home-neovim
name: build home closure for home-neovim name: build home closure for home-neovim
run: nix run .#nf-build-system -- homeConfigurations.home-neovim.activationPackage run: nix run .#nf-build-system -- homeConfigurations.home-neovim.activationPackage
@ -237,6 +241,7 @@ jobs:
DISCORD_WEBHOOK_LINK: ${{ secrets.DISCORD_WEBHOOK_LINK }} DISCORD_WEBHOOK_LINK: ${{ secrets.DISCORD_WEBHOOK_LINK }}
NF_CONFIG_ROOT: ${{ github.workspace }} NF_CONFIG_ROOT: ${{ github.workspace }}
NF_UPDATE_CACHIX_PUSH: '1' NF_UPDATE_CACHIX_PUSH: '1'
NIX_CONFIG: ${{ secrets.NIX_CONFIG }}
id: home-shell id: home-shell
name: build home closure for home-shell name: build home closure for home-shell
run: nix run .#nf-build-system -- homeConfigurations.home-shell.activationPackage run: nix run .#nf-build-system -- homeConfigurations.home-shell.activationPackage
@ -299,6 +304,7 @@ jobs:
DISCORD_WEBHOOK_LINK: ${{ secrets.DISCORD_WEBHOOK_LINK }} DISCORD_WEBHOOK_LINK: ${{ secrets.DISCORD_WEBHOOK_LINK }}
NF_CONFIG_ROOT: ${{ github.workspace }} NF_CONFIG_ROOT: ${{ github.workspace }}
NF_UPDATE_CACHIX_PUSH: '1' NF_UPDATE_CACHIX_PUSH: '1'
NIX_CONFIG: ${{ secrets.NIX_CONFIG }}
id: mai id: mai
name: build system closure for mai name: build system closure for mai
run: nix run .#nf-build-system -- nixosConfigurations.mai.config.system.build.toplevel run: nix run .#nf-build-system -- nixosConfigurations.mai.config.system.build.toplevel
@ -361,6 +367,7 @@ jobs:
DISCORD_WEBHOOK_LINK: ${{ secrets.DISCORD_WEBHOOK_LINK }} DISCORD_WEBHOOK_LINK: ${{ secrets.DISCORD_WEBHOOK_LINK }}
NF_CONFIG_ROOT: ${{ github.workspace }} NF_CONFIG_ROOT: ${{ github.workspace }}
NF_UPDATE_CACHIX_PUSH: '1' NF_UPDATE_CACHIX_PUSH: '1'
NIX_CONFIG: ${{ secrets.NIX_CONFIG }}
id: mei id: mei
name: build system closure for mei name: build system closure for mei
run: nix run .#nf-build-system -- nixosConfigurations.mei.config.system.build.toplevel run: nix run .#nf-build-system -- nixosConfigurations.mei.config.system.build.toplevel

2
ci/flake-cron.nix
View file

@ -13,6 +13,7 @@ with lib; {
CACHIX_AUTH_TOKEN = "\${{ secrets.CACHIX_AUTH_TOKEN }}"; CACHIX_AUTH_TOKEN = "\${{ secrets.CACHIX_AUTH_TOKEN }}";
CACHIX_SIGNING_KEY = "\${{ secrets.CACHIX_SIGNING_KEY }}"; CACHIX_SIGNING_KEY = "\${{ secrets.CACHIX_SIGNING_KEY }}";
DISCORD_WEBHOOK_LINK = "\${{ secrets.DISCORD_WEBHOOK_LINK }}"; DISCORD_WEBHOOK_LINK = "\${{ secrets.DISCORD_WEBHOOK_LINK }}";
NIX_CONFIG = "\${{ secrets.NIX_CONFIG }}";
}; };
on = let on = let
paths = [ paths = [
@ -46,6 +47,7 @@ with lib; {
NF_UPDATE_GIT_COMMIT = "1"; NF_UPDATE_GIT_COMMIT = "1";
NF_UPDATE_CACHIX_PUSH = "1"; NF_UPDATE_CACHIX_PUSH = "1";
NF_CONFIG_ROOT = "\${{ github.workspace }}"; NF_CONFIG_ROOT = "\${{ github.workspace }}";
NIX_CONFIG = "\${{ secrets.NIX_CONFIG }}";
}; };
}; };
}; };

3
ci/nodes.nix
View file

@ -17,6 +17,7 @@ in {
CACHIX_AUTH_TOKEN = "\${{ secrets.CACHIX_AUTH_TOKEN }}"; CACHIX_AUTH_TOKEN = "\${{ secrets.CACHIX_AUTH_TOKEN }}";
CACHIX_SIGNING_KEY = "\${{ secrets.CACHIX_SIGNING_KEY }}"; CACHIX_SIGNING_KEY = "\${{ secrets.CACHIX_SIGNING_KEY }}";
DISCORD_WEBHOOK_LINK = "\${{ secrets.DISCORD_WEBHOOK_LINK }}"; DISCORD_WEBHOOK_LINK = "\${{ secrets.DISCORD_WEBHOOK_LINK }}";
NIX_CONFIG = "\${{ secrets.NIX_CONFIG }}";
}; };
on = let on = let
paths = [ paths = [
@ -41,6 +42,7 @@ in {
order = 500; order = 500;
run = "nix run .#nf-build-system -- nixosConfigurations.${name}.config.system.build.toplevel ${name} NixOS"; run = "nix run .#nf-build-system -- nixosConfigurations.${name}.config.system.build.toplevel ${name} NixOS";
env = { env = {
NIX_CONFIG = "\${{ secrets.NIX_CONFIG }}";
CACHIX_AUTH_TOKEN = "\${{ secrets.CACHIX_AUTH_TOKEN }}"; CACHIX_AUTH_TOKEN = "\${{ secrets.CACHIX_AUTH_TOKEN }}";
CACHIX_SIGNING_KEY = "\${{ secrets.CACHIX_SIGNING_KEY }}"; CACHIX_SIGNING_KEY = "\${{ secrets.CACHIX_SIGNING_KEY }}";
DISCORD_WEBHOOK_LINK = "\${{ secrets.DISCORD_WEBHOOK_LINK }}"; DISCORD_WEBHOOK_LINK = "\${{ secrets.DISCORD_WEBHOOK_LINK }}";
@ -56,6 +58,7 @@ in {
order = 500; order = 500;
run = "nix run .#nf-build-system -- homeConfigurations.${name}.activationPackage ${name} Home"; run = "nix run .#nf-build-system -- homeConfigurations.${name}.activationPackage ${name} Home";
env = { env = {
NIX_CONFIG = "\${{ secrets.NIX_CONFIG }}";
CACHIX_AUTH_TOKEN = "\${{ secrets.CACHIX_AUTH_TOKEN }}"; CACHIX_AUTH_TOKEN = "\${{ secrets.CACHIX_AUTH_TOKEN }}";
CACHIX_SIGNING_KEY = "\${{ secrets.CACHIX_SIGNING_KEY }}"; CACHIX_SIGNING_KEY = "\${{ secrets.CACHIX_SIGNING_KEY }}";
DISCORD_WEBHOOK_LINK = "\${{ secrets.DISCORD_WEBHOOK_LINK }}"; DISCORD_WEBHOOK_LINK = "\${{ secrets.DISCORD_WEBHOOK_LINK }}";

29
nixos/servers/forgejo-runner/forgejo-runner.nix
View file

@ -1,13 +1,37 @@
{ {
pkgs, pkgs,
config, config,
options,
lib,
... ...
}: { }: {
sops.secrets.forgejo-runner-token = { config = let
inherit (lib.attrsets) optionalAttrs;
colmenaTag = {
deployment.tags = ["forgejo-runner"];
};
in
(optionalAttrs (options ? deployment) colmenaTag)
// {
sops.secrets = {
forgejo-runner-token = {
format = "yaml"; format = "yaml";
sopsFile = ./forgejo-runner.yaml; sopsFile = ./forgejo-runner.yaml;
}; };
virtualisation.podman.enable = true; };
virtualisation.podman = {
enable = true;
defaultNetwork.settings = {
dns_enabled = true;
ipv6_enabled = true;
};
};
users.groups.gitea-runner = {};
users.users.gitea-runner = {
isSystemUser = true;
group = "gitea-runner";
};
networking.firewall.interfaces."podman*".allowedUDPPorts = [53];
services.gitea-actions-runner = { services.gitea-actions-runner = {
package = pkgs.forgejo-actions-runner; package = pkgs.forgejo-actions-runner;
instances.default = { instances.default = {
@ -45,4 +69,5 @@
arches.${pkgs.system}; arches.${pkgs.system};
}; };
}; };
};
} }

4
nixos/servers/forgejo-runner/forgejo-runner.yaml
View file

@ -92,8 +92,8 @@ sops:
RDdsVDNUci8xWmxGaXpwMlgyTGtSM1EKeMoFN8+WUpo6VZwQjVeUx4xTQEaEMxh+ RDdsVDNUci8xWmxGaXpwMlgyTGtSM1EKeMoFN8+WUpo6VZwQjVeUx4xTQEaEMxh+
zXGQOrMh2ZUpU0WbTHrivMxPd0nzFqJt15eUcuO41vggknR7GN0vJQ== zXGQOrMh2ZUpU0WbTHrivMxPd0nzFqJt15eUcuO41vggknR7GN0vJQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-10-13T14:27:51Z" lastmodified: "2025-10-13T16:08:32Z"
mac: ENC[AES256_GCM,data:cBGozOli5n7p0/jGKXcSda6T2h70aUnkJ19L9ZJjs+ah1GYE9gShUpsnLW+sFRPHxySy+HULGL2436iV0/m1lR+PszXMczUM+plm9s5n1uFsyjnFn2iLZjMTdjuQqi3UjzuKh+oUaYMuPWx9cvbYFu6e+T6QQG87RD/WwMcOpDU=,iv:woZFeBwzrPOoJaS/CvoZlXIYbip/Co+cqvSBn0dnkeg=,tag:WZPlqCiNVJXiopeLKXcNmA==,type:str] mac: ENC[AES256_GCM,data:9jtHZulwS2UtIQcploYwshLcdCUitTeeh2ct3SbdF1I+yVwvAQ/h4XTccVIVSEwgTo23FKp3LV8lfUiyymG5VA3HAuX5RBIEVvvh5vWJpLWkYGFQZKmfJZmAySgxmCtfVv6Uv8tJm6reOts3J2WIcxnhkA48AFykhKDO3zZpk0k=,iv:WndNMmz1AU8Zmq9MRggLa88MJh3Ux6CGEvTtFSge6CA=,tag:w8QWFPZRK3Ho3rxSkoj+Iw==,type:str]
pgp: pgp:
- created_at: "2025-10-13T14:17:40Z" - created_at: "2025-10-13T14:17:40Z"
enc: |- enc: |-