sin_serhao/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add gitea jobs and runner configuration
All checks were successful
/ perform flake analysis (push) Successful in 32s
Details
/ build hive configuration (push) Successful in 8m44s
Details

Browse Source 
build and deploy colmena hive using gitea actions
This commit is contained in:
shobu 2025-11-12 00:10:13 +01:00 committed by Awen Lelu
parent 733a125f77
commit 65a47967da
13 changed files with 194 additions and 253 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
.gitea/workflows/analysis.yaml Normal file
View File

@ -0,0 +1,15 @@
on: [push]
jobs:
analysis:
permissions:
contents: read
id-token: write
name: perform flake analysis
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@main
- uses: DeterminateSystems/magic-nix-cache-action@main
- name: Check Nix flake inputs
uses: http://github.com/DeterminateSystems/flake-checker-action@main

14
.gitea/workflows/analysis.yml
View File

@ -1,14 +0,0 @@
on: [push]
jobs:
build:
name: Build Nix targets
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: http://github.com/cachix/install-nix-action@v18
- uses: http://github.com/cachix/cachix-action@v12
with:
name: statix
- name: Check Nix flake inputs
uses: http://github.com/DeterminateSystems/flake-checker-action@main

22
.gitea/workflows/deploy.yaml Normal file
View File

@ -0,0 +1,22 @@
on: [push]
jobs:
deploy:
permissions:
contents: read
id-token: write
name: build hive configuration
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@main
- uses: DeterminateSystems/magic-nix-cache-action@main
- name: Install SSH key
uses: shimataro/ssh-key-action@v2
with:
key: ${{ secrets.SSH_KEY }}
known_hosts: ${{ secrets.KNOWN_HOSTS }}
- uses: http://github.com/cachix/cachix-action@v16
with:
name: colmena
- run: nix run .#colmena apply

190
flake.lock generated
View File

@ -8,11 +8,11 @@
"systems": "systems"
},
"locked": {
"lastModified": 1754433428,
"narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=",
"lastModified": 1762618334,
"narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=",
"owner": "ryantm",
"repo": "agenix",
"rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d",
"rev": "fcdea223397448d35d9b31f798479227e80183f6",
"type": "github"
},
"original": {
@ -30,11 +30,11 @@
"stable": "stable"
},
"locked": {
"lastModified": 1755272288,
"narHash": "sha256-ypTPb2eKcOBbOoyvPV0j4ZOXs4kayo73/2KI456QnE0=",
"lastModified": 1762034856,
"narHash": "sha256-QVey3iP3UEoiFVXgypyjTvCrsIlA4ecx6Acaz5C8/PQ=",
"owner": "zhaofengli",
"repo": "colmena",
"rev": "5bf4ce6a24adba74a5184f4a9bef01d545a09473",
"rev": "349b035a5027f23d88eeb3bc41085d7ee29f18ed",
"type": "github"
},
"original": {
@ -49,11 +49,11 @@
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1760309387,
"narHash": "sha256-yCjkJuQbt6DjdS1XJL2uwyLu1AcmDvlyMGojBq8Ua38=",
"lastModified": 1762095388,
"narHash": "sha256-7Q8LtcvKWHbP8znARRTOY2tpU5WoV6FHwp5TZJOI8Us=",
"owner": "9001",
"repo": "copyparty",
"rev": "d099e5e84e191d67a7bffa574ab39b6d0d4f6adf",
"rev": "ac085b8149ff50e03d260128596dd130ed1c7cae",
"type": "github"
},
"original": {
@ -91,11 +91,11 @@
]
},
"locked": {
"lastModified": 1758287904,
"narHash": "sha256-IGmaEf3Do8o5Cwp1kXBN1wQmZwQN3NLfq5t4nHtVtcU=",
"lastModified": 1762276996,
"narHash": "sha256-TtcPgPmp2f0FAnc+DMEw4ardEgv1SGNR3/WFGH0N19M=",
"owner": "nix-community",
"repo": "disko",
"rev": "67ff9807dd148e704baadbd4fd783b54282ca627",
"rev": "af087d076d3860760b3323f6b583f4d828c1ac17",
"type": "github"
},
"original": {
@ -233,11 +233,11 @@
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1760234253,
"narHash": "sha256-ElkSuw4RxtyOY3mThezUpOM8c0fTNWlL0we/deGiTZU=",
"lastModified": 1762826586,
"narHash": "sha256-KlPcXOxxyv+KNcf7yNFQ4DGVFbOpITqHfvMcAUYrL7E=",
"owner": "Infinidoge",
"repo": "nix-minecraft",
"rev": "a82ae8f5079a134d33337cf211d7617f1268b301",
"rev": "1a4fa22ec6e9f2ece24fca273352463b75f6f7c0",
"type": "github"
},
"original": {
@ -311,11 +311,11 @@
},
"nixpkgs_5": {
"locked": {
"lastModified": 1759994382,
"narHash": "sha256-wSK+3UkalDZRVHGCRikZ//CyZUJWDJkBDTQX1+G77Ow=",
"lastModified": 1762756533,
"narHash": "sha256-HiRDeUOD1VLklHeOmaKDzf+8Hb7vSWPVFcWwaTrpm+U=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5da4a26309e796daa7ffca72df93dbe53b8164c7",
"rev": "c2448301fb856e351aab33e64c33a3fc8bcf637d",
"type": "github"
},
"original": {
@ -340,36 +340,6 @@
}
},
"nixpkgs_7": {
"locked": {
"lastModified": 1744440957,
"narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_8": {
"locked": {
"lastModified": 1744463964,
"narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=",
"rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650",
"revCount": 782401,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.782401%2Brev-2631b0b7abcea6e640ce31cd78ea58910d31e650/01962c8a-63c4-7abd-a3df-63a17b548cc7/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/NixOS/nixpkgs/0.1.%2A.tar.gz"
}
},
"nixpkgs_9": {
"locked": {
"lastModified": 1736549401,
"narHash": "sha256-ibkQrMHxF/7TqAYcQE+tOnIsSEzXmMegzyBWza6uHKM=",
@ -385,56 +355,6 @@
"type": "github"
}
},
"pyproject-build-systems": {
"inputs": {
"nixpkgs": [
"striped-back",
"nixpkgs"
],
"pyproject-nix": [
"striped-back",
"pyproject-nix"
],
"uv2nix": [
"striped-back",
"uv2nix"
]
},
"locked": {
"lastModified": 1744599653,
"narHash": "sha256-nysSwVVjG4hKoOjhjvE6U5lIKA8sEr1d1QzEfZsannU=",
"owner": "pyproject-nix",
"repo": "build-system-pkgs",
"rev": "7dba6dbc73120e15b558754c26024f6c93015dd7",
"type": "github"
},
"original": {
"owner": "pyproject-nix",
"repo": "build-system-pkgs",
"type": "github"
}
},
"pyproject-nix": {
"inputs": {
"nixpkgs": [
"striped-back",
"nixpkgs"
]
},
"locked": {
"lastModified": 1743438845,
"narHash": "sha256-1GSaoubGtvsLRwoYwHjeKYq40tLwvuFFVhGrG8J9Oek=",
"owner": "pyproject-nix",
"repo": "pyproject.nix",
"rev": "8063ec98edc459571d042a640b1c5e334ecfca1e",
"type": "github"
},
"original": {
"owner": "pyproject-nix",
"repo": "pyproject.nix",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
@ -444,8 +364,6 @@
"nix-minecraft": "nix-minecraft",
"nixpkgs": "nixpkgs_5",
"shoblog-front": "shoblog-front",
"striped-back": "striped-back",
"striped-front": "striped-front",
"testing-grounds": "testing-grounds",
"unstable": "unstable"
}
@ -484,45 +402,6 @@
"type": "github"
}
},
"striped-back": {
"inputs": {
"nixpkgs": "nixpkgs_7",
"pyproject-build-systems": "pyproject-build-systems",
"pyproject-nix": "pyproject-nix",
"uv2nix": "uv2nix"
},
"locked": {
"lastModified": 1748719386,
"narHash": "sha256-nyXHemXPEKnqIVIYIorSbt64zRwMvijyGQGCW3zUUkc=",
"ref": "refs/heads/master",
"rev": "bdfd6f1f4aac6a00ae4509f14b3a63c84d169edf",
"revCount": 8,
"type": "git",
"url": "ssh://git@gitlab.com/striped1/striped-back"
},
"original": {
"type": "git",
"url": "ssh://git@gitlab.com/striped1/striped-back"
}
},
"striped-front": {
"inputs": {
"nixpkgs": "nixpkgs_8"
},
"locked": {
"lastModified": 1748718798,
"narHash": "sha256-KUxbrUjRfuKjkJZLzKr11WEXLfPs38YrW/CMG6XbnbY=",
"ref": "refs/heads/master",
"rev": "a553f10147dad9e41829f67b247817a079f6f671",
"revCount": 11,
"type": "git",
"url": "ssh://git@gitlab.com/striped1/striped-front"
},
"original": {
"type": "git",
"url": "ssh://git@gitlab.com/striped1/striped-front"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
@ -555,7 +434,7 @@
},
"testing-grounds": {
"inputs": {
"nixpkgs": "nixpkgs_9"
"nixpkgs": "nixpkgs_7"
},
"locked": {
"lastModified": 1755527993,
@ -573,11 +452,11 @@
},
"unstable": {
"locked": {
"lastModified": 1760038930,
"narHash": "sha256-Oncbh0UmHjSlxO7ErQDM3KM0A5/Znfofj2BSzlHLeVw=",
"lastModified": 1762596750,
"narHash": "sha256-rXXuz51Bq7DHBlfIjN7jO8Bu3du5TV+3DSADBX7/9YQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0b4defa2584313f3b781240b29d61f6f9f7e0df3",
"rev": "b6a8526db03f735b89dd5ff348f53f752e7ddc8e",
"type": "github"
},
"original": {
@ -586,31 +465,6 @@
"repo": "nixpkgs",
"type": "github"
}
},
"uv2nix": {
"inputs": {
"nixpkgs": [
"striped-back",
"nixpkgs"
],
"pyproject-nix": [
"striped-back",
"pyproject-nix"
]
},
"locked": {
"lastModified": 1744797880,
"narHash": "sha256-gt9JBkYjZAEvGwCG7RMAAAr0j2RsaRmOMj/vV0briXk=",
"owner": "pyproject-nix",
"repo": "uv2nix",
"rev": "3583e037163491ecd833f1d5d3eedf3869543c5d",
"type": "github"
},
"original": {
"owner": "pyproject-nix",
"repo": "uv2nix",
"type": "github"
}
}
},
"root": "root",

16
flake.nix
View File

@ -18,8 +18,8 @@
nix-minecraft.url = "github:Infinidoge/nix-minecraft";
testing-grounds.url = "gitlab:shobu13/testing-grounds";
shoblog-front.url = "gitlab:shobu13/shoblog";
striped-front.url = "git+ssh://git@gitlab.com/striped1/striped-front";
striped-back.url = "git+ssh://git@gitlab.com/striped1/striped-back";
# striped-front.url = "git+ssh://git@gitlab.com/striped1/striped-front";
# striped-back.url = "git+ssh://git@gitlab.com/striped1/striped-back";
copyparty.url = "github:9001/copyparty";
@ -38,8 +38,8 @@
disko,
shoblog-front,
striped-front,
striped-back,
# striped-front,
# striped-back,
nix-minecraft,
testing-grounds,
copyparty,
@ -78,7 +78,7 @@
./modules/gitea/${name}
];
deployment.targetHost = "thea.homelab.local";
deployment.targetHost = "192.168.1.12";
};
sin = {name, nodes, pkgs, ...}: {
@ -92,7 +92,7 @@
./modules/gitea/${name}
];
deployment.targetHost = "sin.homelab.local";
deployment.targetHost = "192.168.1.14";
};
};
devShells = forEachSupportedSystem ({ pkgs }: {
@ -109,5 +109,9 @@
'';
};
});
packages = forEachSupportedSystem ({pkgs}: {
inherit (colmena.packages."${pkgs.system}") colmena;
});
};
}

6
hosts/sin/configuration.nix
View File

@ -29,9 +29,11 @@
networking = {
hostName = "sin";
nameservers = [ "10.0.0.4" ];
networkmanager.enable = true;
dhcpcd.extraConfig = "nohook resolv.conf";
# nameservers = [ "10.0.0.4" ];
# dhcpcd.extraConfig = "nohook resolv.conf";
firewall = {
allowedTCPPorts = [

2
hosts/sin/coredns/default.nix
View File

@ -1,6 +1,6 @@
{...}: {
services.coredns = {
enable = true;
enable = false;
config = ''
homelab.local {
log

10
hosts/sin/homepage.nix
View File

@ -1,12 +1,12 @@
{inputs, pkgs, ...}: {
{ inputs, pkgs, ... }:
{
services.homepage-dashboard = {
enable = true;
openFirewall = true;
allowedHosts = "dashboard.shobu.fr";
settings = {
title = "Shobu's homelab dashboard";
description = "a dashboard of free and wesome bullshit";
description = "a dashboard of free and awesome bullshit";
startUrl = "https://dashboard.shobu.fr";
base = "https://dashboard.shobu.fr";
headerStyle = "boxed";
@ -16,7 +16,7 @@
};
layout = [
{"resources" = {};}
{ "resources" = { }; }
{
"about me stuff" = {
tab = "Public";
@ -44,7 +44,7 @@
widgets = [
{
greeting = {
text = "Welcome on my services and links dashboard, make yourself home.";
text = "Welcome on my services and links dashboard, make yourself home. mlem";
};
}
{

12
hosts/thea/configuration.nix
View File

@ -2,7 +2,9 @@
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, nodes, ... }:
{ config, lib, pkgs, nodes, ... }:let
sin-address = "192.168.1.14";
in
{
imports =
@ -22,9 +24,11 @@
networking = {
hostName = "thea"; # Define your hostname.
nameservers = [ "10.0.0.4" ];
networkmanager.enable = true;
dhcpcd.extraConfig = "nohook resolv.conf";
# nameservers = [ "10.0.0.4" ];
# dhcpcd.extraConfig = "nohook resolv.conf";
firewall = {
allowedTCPPorts = [ nodes.sin.config.services.gitea.settings.server.SSH_PORT ];
@ -37,7 +41,7 @@
# TODO refactor this in the gitea/n100 module
sourcePort = nodes.sin.config.services.gitea.settings.server.SSH_PORT;
proto = "tcp";
destination = "10.0.0.4:22";
destination = "${sin-address}:22";
} ];
};
};

32
hosts/thea/nginx.nix
View File

@ -1,6 +1,8 @@
{inputs, ...}:
let
striped-front = inputs.striped-front;
# striped-front = inputs.striped-front;
sin-address = "192.168.1.14";
in {
networking.firewall.allowedTCPPorts = [ 80 443 8448 ];
@ -18,7 +20,7 @@ in {
forceSSL = true;
locations."/" = {
proxyPass = "http://10.0.0.4:${port}";
proxyPass = "http://${sin-address}:${port}";
proxyWebsockets = true;
extraConfig = ''
proxy_ssl_server_name on;
@ -57,7 +59,7 @@ in {
forceSSL = true;
locations."/" = {
proxyPass = "http://10.0.0.4:8001";
proxyPass = "http://${sin-address}:8001";
extraConfig = ''
proxy_ssl_server_name on;
'';
@ -68,25 +70,25 @@ in {
forceSSL = true;
locations."/" = {
proxyPass = "http://10.0.0.4:8000";
proxyPass = "http://${sin-address}:8000";
proxyWebsockets = true;
extraConfig = ''
proxy_ssl_server_name on;
'';
};
};
"striped.shobu.fr" = {
enableACME = true;
forceSSL = true;
# "striped.shobu.fr" = {
# enableACME = true;
# forceSSL = true;
root = "${striped-front.packages.x86_64-linux.default}/dist";
};
# root = "${striped-front.packages.x86_64-linux.default}/dist";
# };
"dashboard.shobu.fr" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://10.0.0.4:8082";
proxyPass = "http://${sin-address}:8082";
};
};
"git.shobu.fr" = {
@ -94,7 +96,7 @@ in {
forceSSL = true;
locations."/" = {
proxyPass = "http://10.0.0.4:3000";
proxyPass = "http://${sin-address}:3000";
};
};
"files.shobu.fr" = {
@ -102,7 +104,7 @@ in {
forceSSL = true;
locations."/" = {
proxyPass = "http://10.0.0.4:8086";
proxyPass = "http://${sin-address}:8086";
};
};
# "matrix.shobu.fr" = {
@ -111,9 +113,9 @@ in {
# locations."/".extraConfig = ''
# return 404;
# '';
# locations."/_matrix".proxyPass = "http://10.0.0.4:8008";
# locations."/_synapse/client".proxyPass = "http://10.0.0.4:8008";
# locations."/.well-known/matrix/server".proxyPass = "http://10.0.0.4:8008/.well-known/matrix/server";
# locations."/_matrix".proxyPass = "http://${sin-address}:8008";
# locations."/_synapse/client".proxyPass = "http://${sin-address}:8008";
# locations."/.well-known/matrix/server".proxyPass = "http://${sin-address}:8008/.well-known/matrix/server";
# };
}
);

7
hosts/thea/shares.nix
View File

@ -1,10 +1,13 @@
{...}: {
{...}: let
sin-address = "192.168.1.14";
in
{
boot.supportedFilesystems = [ "fuse.sshfs" ];
programs.fuse.userAllowOther = true;
fileSystems = {
"/mnt/shares/data" = {
device = "shobu@10.0.0.4:/mnt/data/";
device = "shobu@${sin-address}:/mnt/data/";
fsType = "fuse.sshfs";
options = [
"debug"

58
modules/gitea/thea/default.nix
View File

@ -1,10 +1,56 @@
{nodes, ...}:{
{
nodes,
inputs,
pkgs,
...
}:
let
sin-address = "192.168.1.14";
unstable = import inputs.unstable { system = pkgs.system; };
in
{
imports = [
./virtualisation.nix
];
networking.nat.forwardPorts = [{
sourcePort = nodes.sin.config.services.gitea.settings.server.SSH_PORT;
proto = "tcp";
destination = "10.0.0.4:22";
}];
networking.nat.forwardPorts = [
{
sourcePort = nodes.sin.config.services.gitea.settings.server.SSH_PORT;
proto = "tcp";
destination = "${sin-address}:22";
}
];
services.gitea-actions-runner.package = unstable.gitea-actions-runner;
# services.gitea-actions-runner.instances = {
# "gitea.shobu.fr-runner" = {
# enable = true;
# name = "gitea.shobu.fr-runner";
# url = nodes.sin.config.services.gitea.settings.server.ROOT_URL;
# token = "uEDPBW6Z9oItAKRtloVwis0LkPbD4OmV2w5esOhW";
# labels = [
# "ubuntu-22.04:docker://docker.gitea.com/runner-images:ubuntu-22.04"
# ];
# settings = {
# cache = {
# # Enable cache server to use actions/cache.
# enabled = true;
# # The directory to store the cache data.
# # If it's empty, the cache data will be stored in $HOME/.cache/actcache.
# dir = "";
# # The host of the cache server.
# # It's not for the address to listen, but the address to connect from job containers.
# # So 0.0.0.0 is a bad choice, leave it empty to detect automatically.
# host = "";
# # The port of the cache server.
# # 0 means to use a random available port.
# port = 0;
# # The external cache server URL. Valid only when enable is true.
# # If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself.
# # The URL should generally end with "/".
# external_server = "";
# };
# };
# };
# };
}

53
modules/gitea/thea/virtualisation.nix
View File

@ -1,4 +1,5 @@
{nodes, pkgs, ...}: {
{ nodes, pkgs, ... }:
{
systemd.sockets.podman.socketConfig.Symlinks = [
"/run/docker.sock"
];
@ -15,32 +16,34 @@
};
};
virtualisation.oci-containers.containers = let
runner_config = pkgs.writeTextFile {
name = "config.yml";
text = ''
virtualisation.oci-containers.containers =
let
runner_config = pkgs.writeTextFile {
name = "config.yml";
text = ''
container:
network: "bridge"
network: "host"
'';
};
in {
gitea-runner = {
image = "gitea/act_runner@sha256:8477d5b61b655caad4449888bae39f1f34bebd27db56cb15a62dccb3dcf3a944";
autoStart = true;
# capabilities = {
# NET_RAW = true;
# };
environment = {
GITEA_INSTANCE_URL = nodes.sin.config.services.gitea.settings.server.ROOT_URL;
GITEA_RUNNER_REGISTRATION_TOKEN = "uEDPBW6Z9oItAKRtloVwis0LkPbD4OmV2w5esOhW";
CONFIG_FILE = "/config.yml";
};
volumes = [
"/var/run/docker.sock:/var/run/docker.sock"
"${runner_config}:/config.yml:ro"
];
in
{
gitea-runner = {
image = "gitea/act_runner@sha256:8477d5b61b655caad4449888bae39f1f34bebd27db56cb15a62dccb3dcf3a944";
autoStart = true;
# capabilities = {
# NET_RAW = true;
# };
environment = {
GITEA_INSTANCE_URL = nodes.sin.config.services.gitea.settings.server.ROOT_URL;
GITEA_RUNNER_REGISTRATION_TOKEN = "uEDPBW6Z9oItAKRtloVwis0LkPbD4OmV2w5esOhW";
CONFIG_FILE = "/config.yml";
};
volumes = [
"/var/run/docker.sock:/var/run/docker.sock"
"${runner_config}:/config.yml:ro"
];
};
};
};
}