From 1a2949f020caa6fc96b8e27233fc5f802c5e32d8 Mon Sep 17 00:00:00 2001 From: Price Hiller Date: Sat, 16 Mar 2024 14:27:16 -0500 Subject: [PATCH] feat(hosts/luna): use custom nixos runner image for gitea actions --- flake.lock | 88 ++++++++++++++++++++++++++- flake.nix | 3 +- hosts/luna/modules/services/gitea.nix | 53 ++++++++++++++-- 3 files changed, 138 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 1d2610b..f04438b 100644 --- a/flake.lock +++ b/flake.lock @@ -185,6 +185,22 @@ "type": "github" } }, + "flake-compat_3": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": "systems_2" @@ -276,6 +292,43 @@ "type": "github" } }, + "libgit2": { + "flake": false, + "locked": { + "lastModified": 1697646580, + "narHash": "sha256-oX4Z3S9WtJlwvj0uH9HlYcWv+x1hqp8mhXl7HsLu2f0=", + "owner": "libgit2", + "repo": "libgit2", + "rev": "45fd9ed7ae1a9b74b957ef4f337bc3c8b3df01b5", + "type": "github" + }, + "original": { + "owner": "libgit2", + "repo": "libgit2", + "type": "github" + } + }, + "nix": { + "inputs": { + "flake-compat": "flake-compat_3", + "libgit2": "libgit2", + "nixpkgs": "nixpkgs_2", + "nixpkgs-regression": "nixpkgs-regression" + }, + "locked": { + "lastModified": 1710522792, + "narHash": "sha256-P/JCIPlcHYJuRZDAiD7lT2wlIo441s9ygG3wkOzCDvU=", + "owner": "nixos", + "repo": "nix", + "rev": "0fb5024d8df46a47f5367c5b0a51f0b2f6d50032", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nix", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1702272962, @@ -292,7 +345,39 @@ "type": "github" } }, + "nixpkgs-regression": { + "locked": { + "lastModified": 1643052045, + "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + } + }, "nixpkgs_2": { + "locked": { + "lastModified": 1709083642, + "narHash": "sha256-7kkJQd4rZ+vFrzWu8sTRtta5D1kBG0LSRYAfhtmMlSo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b550fe4b4776908ac2a861124307045f8e717c8e", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1710451336, "narHash": "sha256-pP86Pcfu3BrAvRO7R64x7hs+GaQrjFes+mEPowCfkxY=", @@ -317,7 +402,8 @@ "flake-compat": "flake-compat_2", "flake-utils": "flake-utils_3", "impermanence": "impermanence", - "nixpkgs": "nixpkgs_2" + "nix": "nix", + "nixpkgs": "nixpkgs_3" } }, "rust-overlay": { diff --git a/flake.nix b/flake.nix index 56f10e3..7385fe0 100644 --- a/flake.nix +++ b/flake.nix @@ -2,6 +2,7 @@ description = "Price Hiller's flake for managing system configurations"; inputs = { + nix.url = "github:nixos/nix"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; flake-utils.url = "github:numtide/flake-utils"; deploy-rs.url = "github:serokell/deploy-rs"; @@ -147,4 +148,4 @@ ''; }; }); -} +} \ No newline at end of file diff --git a/hosts/luna/modules/services/gitea.nix b/hosts/luna/modules/services/gitea.nix index fc5bc15..87d0edd 100644 --- a/hosts/luna/modules/services/gitea.nix +++ b/hosts/luna/modules/services/gitea.nix @@ -1,6 +1,51 @@ -{ config, fqdn, ... }: -let gitea_host = "git.${fqdn}"; +{ config, fqdn, inputs, pkgs, ... }: +let + gitea_host = "git.${fqdn}"; + # TODO: Move this docker image out to a separate package and NixOS Module + # Huge thank you to https://icewind.nl/entry/gitea-actions-nix/ -- wouldn't have figured this out + # without that post 🙂 + base = import (inputs.nix + "/docker.nix") { + inherit pkgs; + name = "nix-ci-base"; + maxLayers = 10; + extraPkgs = with pkgs; [ nodejs_20 bash ]; + nixConf = { + substituters = [ + "https://cache.nixos.org/" + "https://nix-community.cachix.org" + # insert any other binary caches here + ]; + trusted-public-keys = [ + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + # insert the public keys for those binary caches here + ]; + # allow using the new flake commands in our workflows + experimental-features = [ "nix-command" "flakes" ]; + }; + }; + runner = pkgs.dockerTools.buildImage { + name = "nix-runner"; + tag = "latest"; + + fromImage = base; + fromImageName = null; + fromImageTag = "latest"; + + copyToRoot = pkgs.buildEnv { + name = "image-root"; + paths = [ pkgs.coreutils-full ]; + pathsToLink = [ "/bin" ]; # add coreutuls (which includes sleep) to /bin + }; + }; in { + virtualisation.oci-containers.containers = { + "nix-runner" = { + image = "nix-runner:latest"; + imageFile = runner; + }; + }; + age.secrets.gitea-db-pass = { owner = config.services.gitea.user; group = config.services.gitea.group; @@ -61,7 +106,7 @@ in { name = "Default"; settings = { runner.capacity = 8; }; labels = [ - "default:docker://nixos/nix:latest" + "default:docker://nix-runner:latest" "alpine:docker://alpine:latest" "debian:docker://debian:latest" ]; @@ -85,4 +130,4 @@ in { user = config.services.gitea.user; group = config.services.gitea.group; }]; -} +} \ No newline at end of file