diff --git a/.gitea/workflows/analysis.yaml b/.gitea/workflows/analysis.yaml new file mode 100644 index 0000000..adafc10 --- /dev/null +++ b/.gitea/workflows/analysis.yaml @@ -0,0 +1,15 @@ +on: [push] + +jobs: + analysis: + permissions: + contents: read + id-token: write + name: perform flake analysis + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@v4 + - uses: DeterminateSystems/nix-installer-action@main + - uses: DeterminateSystems/magic-nix-cache-action@main + - name: Check Nix flake inputs + uses: http://github.com/DeterminateSystems/flake-checker-action@main diff --git a/.gitea/workflows/analysis.yml b/.gitea/workflows/analysis.yml deleted file mode 100644 index 74772a9..0000000 --- a/.gitea/workflows/analysis.yml +++ /dev/null @@ -1,14 +0,0 @@ -on: [push] - -jobs: - build: - name: Build Nix targets - runs-on: ubuntu-22.04 - steps: - - uses: actions/checkout@v4 - - uses: http://github.com/cachix/install-nix-action@v18 - - uses: http://github.com/cachix/cachix-action@v12 - with: - name: statix - - name: Check Nix flake inputs - uses: http://github.com/DeterminateSystems/flake-checker-action@main diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml new file mode 100644 index 0000000..4b5307c --- /dev/null +++ b/.gitea/workflows/deploy.yaml @@ -0,0 +1,22 @@ +on: [push] + +jobs: + deploy: + permissions: + contents: read + id-token: write + name: build hive configuration + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@v4 + - uses: DeterminateSystems/nix-installer-action@main + - uses: DeterminateSystems/magic-nix-cache-action@main + - name: Install SSH key + uses: shimataro/ssh-key-action@v2 + with: + key: ${{ secrets.SSH_KEY }} + known_hosts: ${{ secrets.KNOWN_HOSTS }} + - uses: http://github.com/cachix/cachix-action@v16 + with: + name: colmena + - run: nix run .#colmena apply diff --git a/flake.lock b/flake.lock index c8a305c..ad6a845 100644 --- a/flake.lock +++ b/flake.lock @@ -8,11 +8,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1754433428, - "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=", + "lastModified": 1762618334, + "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", "owner": "ryantm", "repo": "agenix", - "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d", + "rev": "fcdea223397448d35d9b31f798479227e80183f6", "type": "github" }, "original": { @@ -30,11 +30,11 @@ "stable": "stable" }, "locked": { - "lastModified": 1755272288, - "narHash": "sha256-ypTPb2eKcOBbOoyvPV0j4ZOXs4kayo73/2KI456QnE0=", + "lastModified": 1762034856, + "narHash": "sha256-QVey3iP3UEoiFVXgypyjTvCrsIlA4ecx6Acaz5C8/PQ=", "owner": "zhaofengli", "repo": "colmena", - "rev": "5bf4ce6a24adba74a5184f4a9bef01d545a09473", + "rev": "349b035a5027f23d88eeb3bc41085d7ee29f18ed", "type": "github" }, "original": { @@ -49,11 +49,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1760309387, - "narHash": "sha256-yCjkJuQbt6DjdS1XJL2uwyLu1AcmDvlyMGojBq8Ua38=", + "lastModified": 1762095388, + "narHash": "sha256-7Q8LtcvKWHbP8znARRTOY2tpU5WoV6FHwp5TZJOI8Us=", "owner": "9001", "repo": "copyparty", - "rev": "d099e5e84e191d67a7bffa574ab39b6d0d4f6adf", + "rev": "ac085b8149ff50e03d260128596dd130ed1c7cae", "type": "github" }, "original": { @@ -91,11 +91,11 @@ ] }, "locked": { - "lastModified": 1758287904, - "narHash": "sha256-IGmaEf3Do8o5Cwp1kXBN1wQmZwQN3NLfq5t4nHtVtcU=", + "lastModified": 1762276996, + "narHash": "sha256-TtcPgPmp2f0FAnc+DMEw4ardEgv1SGNR3/WFGH0N19M=", "owner": "nix-community", "repo": "disko", - "rev": "67ff9807dd148e704baadbd4fd783b54282ca627", + "rev": "af087d076d3860760b3323f6b583f4d828c1ac17", "type": "github" }, "original": { @@ -233,11 +233,11 @@ "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1760234253, - "narHash": "sha256-ElkSuw4RxtyOY3mThezUpOM8c0fTNWlL0we/deGiTZU=", + "lastModified": 1762826586, + "narHash": "sha256-KlPcXOxxyv+KNcf7yNFQ4DGVFbOpITqHfvMcAUYrL7E=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "a82ae8f5079a134d33337cf211d7617f1268b301", + "rev": "1a4fa22ec6e9f2ece24fca273352463b75f6f7c0", "type": "github" }, "original": { @@ -311,11 +311,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1759994382, - "narHash": "sha256-wSK+3UkalDZRVHGCRikZ//CyZUJWDJkBDTQX1+G77Ow=", + "lastModified": 1762756533, + "narHash": "sha256-HiRDeUOD1VLklHeOmaKDzf+8Hb7vSWPVFcWwaTrpm+U=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5da4a26309e796daa7ffca72df93dbe53b8164c7", + "rev": "c2448301fb856e351aab33e64c33a3fc8bcf637d", "type": "github" }, "original": { @@ -340,36 +340,6 @@ } }, "nixpkgs_7": { - "locked": { - "lastModified": 1744440957, - "narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_8": { - "locked": { - "lastModified": 1744463964, - "narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=", - "rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650", - "revCount": 782401, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.782401%2Brev-2631b0b7abcea6e640ce31cd78ea58910d31e650/01962c8a-63c4-7abd-a3df-63a17b548cc7/source.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://flakehub.com/f/NixOS/nixpkgs/0.1.%2A.tar.gz" - } - }, - "nixpkgs_9": { "locked": { "lastModified": 1736549401, "narHash": "sha256-ibkQrMHxF/7TqAYcQE+tOnIsSEzXmMegzyBWza6uHKM=", @@ -385,56 +355,6 @@ "type": "github" } }, - "pyproject-build-systems": { - "inputs": { - "nixpkgs": [ - "striped-back", - "nixpkgs" - ], - "pyproject-nix": [ - "striped-back", - "pyproject-nix" - ], - "uv2nix": [ - "striped-back", - "uv2nix" - ] - }, - "locked": { - "lastModified": 1744599653, - "narHash": "sha256-nysSwVVjG4hKoOjhjvE6U5lIKA8sEr1d1QzEfZsannU=", - "owner": "pyproject-nix", - "repo": "build-system-pkgs", - "rev": "7dba6dbc73120e15b558754c26024f6c93015dd7", - "type": "github" - }, - "original": { - "owner": "pyproject-nix", - "repo": "build-system-pkgs", - "type": "github" - } - }, - "pyproject-nix": { - "inputs": { - "nixpkgs": [ - "striped-back", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1743438845, - "narHash": "sha256-1GSaoubGtvsLRwoYwHjeKYq40tLwvuFFVhGrG8J9Oek=", - "owner": "pyproject-nix", - "repo": "pyproject.nix", - "rev": "8063ec98edc459571d042a640b1c5e334ecfca1e", - "type": "github" - }, - "original": { - "owner": "pyproject-nix", - "repo": "pyproject.nix", - "type": "github" - } - }, "root": { "inputs": { "agenix": "agenix", @@ -444,8 +364,6 @@ "nix-minecraft": "nix-minecraft", "nixpkgs": "nixpkgs_5", "shoblog-front": "shoblog-front", - "striped-back": "striped-back", - "striped-front": "striped-front", "testing-grounds": "testing-grounds", "unstable": "unstable" } @@ -484,45 +402,6 @@ "type": "github" } }, - "striped-back": { - "inputs": { - "nixpkgs": "nixpkgs_7", - "pyproject-build-systems": "pyproject-build-systems", - "pyproject-nix": "pyproject-nix", - "uv2nix": "uv2nix" - }, - "locked": { - "lastModified": 1748719386, - "narHash": "sha256-nyXHemXPEKnqIVIYIorSbt64zRwMvijyGQGCW3zUUkc=", - "ref": "refs/heads/master", - "rev": "bdfd6f1f4aac6a00ae4509f14b3a63c84d169edf", - "revCount": 8, - "type": "git", - "url": "ssh://git@gitlab.com/striped1/striped-back" - }, - "original": { - "type": "git", - "url": "ssh://git@gitlab.com/striped1/striped-back" - } - }, - "striped-front": { - "inputs": { - "nixpkgs": "nixpkgs_8" - }, - "locked": { - "lastModified": 1748718798, - "narHash": "sha256-KUxbrUjRfuKjkJZLzKr11WEXLfPs38YrW/CMG6XbnbY=", - "ref": "refs/heads/master", - "rev": "a553f10147dad9e41829f67b247817a079f6f671", - "revCount": 11, - "type": "git", - "url": "ssh://git@gitlab.com/striped1/striped-front" - }, - "original": { - "type": "git", - "url": "ssh://git@gitlab.com/striped1/striped-front" - } - }, "systems": { "locked": { "lastModified": 1681028828, @@ -555,7 +434,7 @@ }, "testing-grounds": { "inputs": { - "nixpkgs": "nixpkgs_9" + "nixpkgs": "nixpkgs_7" }, "locked": { "lastModified": 1755527993, @@ -573,11 +452,11 @@ }, "unstable": { "locked": { - "lastModified": 1760038930, - "narHash": "sha256-Oncbh0UmHjSlxO7ErQDM3KM0A5/Znfofj2BSzlHLeVw=", + "lastModified": 1762596750, + "narHash": "sha256-rXXuz51Bq7DHBlfIjN7jO8Bu3du5TV+3DSADBX7/9YQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0b4defa2584313f3b781240b29d61f6f9f7e0df3", + "rev": "b6a8526db03f735b89dd5ff348f53f752e7ddc8e", "type": "github" }, "original": { @@ -586,31 +465,6 @@ "repo": "nixpkgs", "type": "github" } - }, - "uv2nix": { - "inputs": { - "nixpkgs": [ - "striped-back", - "nixpkgs" - ], - "pyproject-nix": [ - "striped-back", - "pyproject-nix" - ] - }, - "locked": { - "lastModified": 1744797880, - "narHash": "sha256-gt9JBkYjZAEvGwCG7RMAAAr0j2RsaRmOMj/vV0briXk=", - "owner": "pyproject-nix", - "repo": "uv2nix", - "rev": "3583e037163491ecd833f1d5d3eedf3869543c5d", - "type": "github" - }, - "original": { - "owner": "pyproject-nix", - "repo": "uv2nix", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index b5d2ac6..41196dd 100644 --- a/flake.nix +++ b/flake.nix @@ -18,8 +18,8 @@ nix-minecraft.url = "github:Infinidoge/nix-minecraft"; testing-grounds.url = "gitlab:shobu13/testing-grounds"; shoblog-front.url = "gitlab:shobu13/shoblog"; - striped-front.url = "git+ssh://git@gitlab.com/striped1/striped-front"; - striped-back.url = "git+ssh://git@gitlab.com/striped1/striped-back"; + # striped-front.url = "git+ssh://git@gitlab.com/striped1/striped-front"; + # striped-back.url = "git+ssh://git@gitlab.com/striped1/striped-back"; copyparty.url = "github:9001/copyparty"; @@ -38,8 +38,8 @@ disko, shoblog-front, - striped-front, - striped-back, + # striped-front, + # striped-back, nix-minecraft, testing-grounds, copyparty, @@ -78,7 +78,7 @@ ./modules/gitea/${name} ]; - deployment.targetHost = "thea.homelab.local"; + deployment.targetHost = "192.168.1.12"; }; sin = {name, nodes, pkgs, ...}: { @@ -92,7 +92,7 @@ ./modules/gitea/${name} ]; - deployment.targetHost = "sin.homelab.local"; + deployment.targetHost = "192.168.1.14"; }; }; devShells = forEachSupportedSystem ({ pkgs }: { @@ -109,5 +109,9 @@ ''; }; }); + + packages = forEachSupportedSystem ({pkgs}: { + inherit (colmena.packages."${pkgs.system}") colmena; + }); }; } diff --git a/hosts/sin/configuration.nix b/hosts/sin/configuration.nix index f09ba6e..c20320e 100644 --- a/hosts/sin/configuration.nix +++ b/hosts/sin/configuration.nix @@ -29,9 +29,11 @@ networking = { hostName = "sin"; - nameservers = [ "10.0.0.4" ]; + networkmanager.enable = true; - dhcpcd.extraConfig = "nohook resolv.conf"; + # nameservers = [ "10.0.0.4" ]; + + # dhcpcd.extraConfig = "nohook resolv.conf"; firewall = { allowedTCPPorts = [ diff --git a/hosts/sin/coredns/default.nix b/hosts/sin/coredns/default.nix index 2c24bc6..a30d4f4 100644 --- a/hosts/sin/coredns/default.nix +++ b/hosts/sin/coredns/default.nix @@ -1,6 +1,6 @@ {...}: { services.coredns = { - enable = true; + enable = false; config = '' homelab.local { log diff --git a/hosts/sin/homepage.nix b/hosts/sin/homepage.nix index af139bd..2369a3d 100644 --- a/hosts/sin/homepage.nix +++ b/hosts/sin/homepage.nix @@ -1,12 +1,12 @@ - -{inputs, pkgs, ...}: { +{ inputs, pkgs, ... }: +{ services.homepage-dashboard = { enable = true; openFirewall = true; allowedHosts = "dashboard.shobu.fr"; settings = { title = "Shobu's homelab dashboard"; - description = "a dashboard of free and wesome bullshit"; + description = "a dashboard of free and awesome bullshit"; startUrl = "https://dashboard.shobu.fr"; base = "https://dashboard.shobu.fr"; headerStyle = "boxed"; @@ -14,9 +14,9 @@ providers = { "finnhub" = "cuvq5e9r01qub8tv03g0cuvq5e9r01qub8tv03gg"; }; - + layout = [ - {"resources" = {};} + { "resources" = { }; } { "about me stuff" = { tab = "Public"; @@ -38,13 +38,13 @@ header = false; }; } - ]; + ]; }; widgets = [ { greeting = { - text = "Welcome on my services and links dashboard, make yourself home."; + text = "Welcome on my services and links dashboard, make yourself home. mlem"; }; } { @@ -78,7 +78,7 @@ icon = "https://bddtrans.shobu.fr/favicon.ico"; href = "https://bddtrans.shobu.fr"; } - ]; + ]; } ]; } @@ -103,7 +103,7 @@ ]; } ]; - + services = [ { "gayming" = [ @@ -146,7 +146,7 @@ type = "jellyseerr"; url = "https://jellyseerr.shobu.fr"; key = "MTczNzkyNzMxMzgwODk4N2FlZWJkLTQ0N2QtNGU0MS1iOWE1LTJmZmE3OTI4ZGQ5OQ=="; - }; + }; }; } { diff --git a/hosts/thea/configuration.nix b/hosts/thea/configuration.nix index 081df6c..c693dce 100644 --- a/hosts/thea/configuration.nix +++ b/hosts/thea/configuration.nix @@ -2,7 +2,9 @@ # your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). -{ config, lib, pkgs, nodes, ... }: +{ config, lib, pkgs, nodes, ... }:let + sin-address = "192.168.1.14"; +in { imports = @@ -22,9 +24,11 @@ networking = { hostName = "thea"; # Define your hostname. - nameservers = [ "10.0.0.4" ]; + networkmanager.enable = true; - dhcpcd.extraConfig = "nohook resolv.conf"; + # nameservers = [ "10.0.0.4" ]; + + # dhcpcd.extraConfig = "nohook resolv.conf"; firewall = { allowedTCPPorts = [ nodes.sin.config.services.gitea.settings.server.SSH_PORT ]; @@ -37,7 +41,7 @@ # TODO refactor this in the gitea/n100 module sourcePort = nodes.sin.config.services.gitea.settings.server.SSH_PORT; proto = "tcp"; - destination = "10.0.0.4:22"; + destination = "${sin-address}:22"; } ]; }; }; diff --git a/hosts/thea/nginx.nix b/hosts/thea/nginx.nix index a20c481..8c8016a 100644 --- a/hosts/thea/nginx.nix +++ b/hosts/thea/nginx.nix @@ -1,6 +1,8 @@ {inputs, ...}: let - striped-front = inputs.striped-front; + # striped-front = inputs.striped-front; + + sin-address = "192.168.1.14"; in { networking.firewall.allowedTCPPorts = [ 80 443 8448 ]; @@ -18,7 +20,7 @@ in { forceSSL = true; locations."/" = { - proxyPass = "http://10.0.0.4:${port}"; + proxyPass = "http://${sin-address}:${port}"; proxyWebsockets = true; extraConfig = '' proxy_ssl_server_name on; @@ -57,7 +59,7 @@ in { forceSSL = true; locations."/" = { - proxyPass = "http://10.0.0.4:8001"; + proxyPass = "http://${sin-address}:8001"; extraConfig = '' proxy_ssl_server_name on; ''; @@ -68,25 +70,25 @@ in { forceSSL = true; locations."/" = { - proxyPass = "http://10.0.0.4:8000"; + proxyPass = "http://${sin-address}:8000"; proxyWebsockets = true; extraConfig = '' proxy_ssl_server_name on; ''; }; }; - "striped.shobu.fr" = { - enableACME = true; - forceSSL = true; + # "striped.shobu.fr" = { + # enableACME = true; + # forceSSL = true; - root = "${striped-front.packages.x86_64-linux.default}/dist"; - }; + # root = "${striped-front.packages.x86_64-linux.default}/dist"; + # }; "dashboard.shobu.fr" = { enableACME = true; forceSSL = true; locations."/" = { - proxyPass = "http://10.0.0.4:8082"; + proxyPass = "http://${sin-address}:8082"; }; }; "git.shobu.fr" = { @@ -94,7 +96,7 @@ in { forceSSL = true; locations."/" = { - proxyPass = "http://10.0.0.4:3000"; + proxyPass = "http://${sin-address}:3000"; }; }; "files.shobu.fr" = { @@ -102,7 +104,7 @@ in { forceSSL = true; locations."/" = { - proxyPass = "http://10.0.0.4:8086"; + proxyPass = "http://${sin-address}:8086"; }; }; # "matrix.shobu.fr" = { @@ -111,9 +113,9 @@ in { # locations."/".extraConfig = '' # return 404; # ''; - # locations."/_matrix".proxyPass = "http://10.0.0.4:8008"; - # locations."/_synapse/client".proxyPass = "http://10.0.0.4:8008"; - # locations."/.well-known/matrix/server".proxyPass = "http://10.0.0.4:8008/.well-known/matrix/server"; + # locations."/_matrix".proxyPass = "http://${sin-address}:8008"; + # locations."/_synapse/client".proxyPass = "http://${sin-address}:8008"; + # locations."/.well-known/matrix/server".proxyPass = "http://${sin-address}:8008/.well-known/matrix/server"; # }; } ); diff --git a/hosts/thea/shares.nix b/hosts/thea/shares.nix index d7f4752..18cbd14 100644 --- a/hosts/thea/shares.nix +++ b/hosts/thea/shares.nix @@ -1,10 +1,13 @@ -{...}: { +{...}: let + sin-address = "192.168.1.14"; +in +{ boot.supportedFilesystems = [ "fuse.sshfs" ]; programs.fuse.userAllowOther = true; fileSystems = { "/mnt/shares/data" = { - device = "shobu@10.0.0.4:/mnt/data/"; + device = "shobu@${sin-address}:/mnt/data/"; fsType = "fuse.sshfs"; options = [ "debug" diff --git a/modules/gitea/thea/default.nix b/modules/gitea/thea/default.nix index 1ec2f54..7bbe523 100644 --- a/modules/gitea/thea/default.nix +++ b/modules/gitea/thea/default.nix @@ -1,10 +1,56 @@ -{nodes, ...}:{ +{ + nodes, + inputs, + pkgs, + ... +}: +let + sin-address = "192.168.1.14"; + unstable = import inputs.unstable { system = pkgs.system; }; +in +{ imports = [ ./virtualisation.nix ]; - networking.nat.forwardPorts = [{ - sourcePort = nodes.sin.config.services.gitea.settings.server.SSH_PORT; - proto = "tcp"; - destination = "10.0.0.4:22"; - }]; + networking.nat.forwardPorts = [ + { + sourcePort = nodes.sin.config.services.gitea.settings.server.SSH_PORT; + proto = "tcp"; + destination = "${sin-address}:22"; + } + ]; + + services.gitea-actions-runner.package = unstable.gitea-actions-runner; + + # services.gitea-actions-runner.instances = { + # "gitea.shobu.fr-runner" = { + # enable = true; + # name = "gitea.shobu.fr-runner"; + # url = nodes.sin.config.services.gitea.settings.server.ROOT_URL; + # token = "uEDPBW6Z9oItAKRtloVwis0LkPbD4OmV2w5esOhW"; + # labels = [ + # "ubuntu-22.04:docker://docker.gitea.com/runner-images:ubuntu-22.04" + # ]; + # settings = { + # cache = { + # # Enable cache server to use actions/cache. + # enabled = true; + # # The directory to store the cache data. + # # If it's empty, the cache data will be stored in $HOME/.cache/actcache. + # dir = ""; + # # The host of the cache server. + # # It's not for the address to listen, but the address to connect from job containers. + # # So 0.0.0.0 is a bad choice, leave it empty to detect automatically. + # host = ""; + # # The port of the cache server. + # # 0 means to use a random available port. + # port = 0; + # # The external cache server URL. Valid only when enable is true. + # # If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself. + # # The URL should generally end with "/". + # external_server = ""; + # }; + # }; + # }; + # }; } diff --git a/modules/gitea/thea/virtualisation.nix b/modules/gitea/thea/virtualisation.nix index d86eec8..b941d7b 100644 --- a/modules/gitea/thea/virtualisation.nix +++ b/modules/gitea/thea/virtualisation.nix @@ -1,4 +1,5 @@ -{nodes, pkgs, ...}: { +{ nodes, pkgs, ... }: +{ systemd.sockets.podman.socketConfig.Symlinks = [ "/run/docker.sock" ]; @@ -15,32 +16,34 @@ }; }; - virtualisation.oci-containers.containers = let - runner_config = pkgs.writeTextFile { - name = "config.yml"; - text = '' + virtualisation.oci-containers.containers = + let + runner_config = pkgs.writeTextFile { + name = "config.yml"; + text = '' container: - network: "bridge" + network: "host" ''; - }; - in { - gitea-runner = { - image = "gitea/act_runner@sha256:8477d5b61b655caad4449888bae39f1f34bebd27db56cb15a62dccb3dcf3a944"; - autoStart = true; - - # capabilities = { - # NET_RAW = true; - # }; - - environment = { - GITEA_INSTANCE_URL = nodes.sin.config.services.gitea.settings.server.ROOT_URL; - GITEA_RUNNER_REGISTRATION_TOKEN = "uEDPBW6Z9oItAKRtloVwis0LkPbD4OmV2w5esOhW"; - CONFIG_FILE = "/config.yml"; }; - volumes = [ - "/var/run/docker.sock:/var/run/docker.sock" - "${runner_config}:/config.yml:ro" - ]; + in + { + gitea-runner = { + image = "gitea/act_runner@sha256:8477d5b61b655caad4449888bae39f1f34bebd27db56cb15a62dccb3dcf3a944"; + autoStart = true; + + # capabilities = { + # NET_RAW = true; + # }; + + environment = { + GITEA_INSTANCE_URL = nodes.sin.config.services.gitea.settings.server.ROOT_URL; + GITEA_RUNNER_REGISTRATION_TOKEN = "uEDPBW6Z9oItAKRtloVwis0LkPbD4OmV2w5esOhW"; + CONFIG_FILE = "/config.yml"; + }; + volumes = [ + "/var/run/docker.sock:/var/run/docker.sock" + "${runner_config}:/config.yml:ro" + ]; + }; }; - }; }