matt1432/nixos-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: pin docker images and run dind for act_runner
All checks were successful
Discord / discord commits (push) Has been skipped
Details

Browse source
This commit is contained in:
matt1432 2024-01-08 01:11:22 -05:00
parent 165cfbfca3
commit 0343967c75
6 changed files with 116 additions and 73 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
devices/servivi/modules/arion/default.nix
View file

@ -2,6 +2,7 @@
arion,
config,
lib,
pkgs,
...
} @ inputs:
with lib;
@ -37,6 +38,7 @@ in {
value = import p (inputs
// {
importImage = file: pkgs.callPackage file pkgs;
rwPath =
configPath
+ "/"
@ -49,12 +51,26 @@ in {
# https://docs.hercules-ci.com/arion/options
settings = {
enableDefaultNetwork = v.enableDefaultNetwork or true;
networks = optionalAttrs (hasAttr "networks" v) v.networks;
networks =
optionalAttrs (hasAttr "networks" v)
v.networks;
services =
mapAttrs (n': v': {
image = optionalAttrs (hasAttr "customImage" v') v'.customImage;
service = filterAttrs (n: v: n != "customImage") v';
# https://github.com/hercules-ci/arion/issues/169#issuecomment-1301370634
build.image =
optionalAttrs (hasAttr "hostImage" v')
(mkForce v'.hostImage);
image =
optionalAttrs (hasAttr "customImage" v')
v'.customImage;
service =
filterAttrs
(n: v: n != "customImage" && n != "hostImage")
v';
})
v.services;
};

39
devices/servivi/modules/arion/forgejo/compose.nix
View file

@ -1,14 +1,15 @@
{
config,
rwPath,
importImage,
...
}: let
secrets = config.sops.secrets;
in {
services = {
"forgejo" = {
image = "codeberg.org/forgejo/forgejo:1.21.3-0";
container_name = "forgejo";
hostImage = importImage ./images/forgejo.nix;
ports = [
# Redirect WAN port 22 to this port
@ -17,7 +18,6 @@ in {
];
restart = "always";
privileged = true;
depends_on = ["forgejo-db"];
env_file = [secrets.forgejo.path];
@ -41,29 +41,32 @@ in {
];
};
"runner" = {
image = "gitea/act_runner";
# TODO: change name
container_name = "podman-runner";
restart = "always";
depends_on = ["forgejo"];
volumes = [
"${secrets.forgejo-runner.path}:/data/.runner"
"/var/run/docker.sock:/var/run/docker.sock"
];
};
"forgejo-db" = {
image = "public.ecr.aws/docker/library/postgres:14";
container_name = "forgejo-db";
hostImage = importImage ./images/postgres.nix;
restart = "always";
env_file = [secrets.forgejo-db.path];
volumes = ["${rwPath}/db:/var/lib/postgresql/data"];
};
"runner" = {
container_name = "act_runner";
hostImage = importImage ./images/act_runner.nix;
privileged = true;
restart = "always";
depends_on = ["forgejo"];
env_file = [secrets.forgejo-runner.path];
environment = {
GITEA_INSTANCE_URL = "https://git.nelim.org";
GITEA_RUNNER_NAME = "DinD";
};
volumes = ["${rwPath}/act:/data"];
};
};
}

8
devices/servivi/modules/arion/forgejo/images/act_runner.nix Normal file
View file

@ -0,0 +1,8 @@
pkgs:
pkgs.dockerTools.pullImage {
imageName = "vegardit/gitea-act-runner";
imageDigest = "sha256:b785240f713d93f4a2d2a82926eacd0ac1deeae360d8ddfbd456102850285efb";
sha256 = "0z2vd663zyyfcz0rnl2ksivxmh63nhh4g42qx2idqb6j27s426bq";
finalImageName = "vegardit/gitea-act-runner";
finalImageTag = "dind-latest";
}

8
devices/servivi/modules/arion/forgejo/images/forgejo.nix Normal file
View file

@ -0,0 +1,8 @@
pkgs:
pkgs.dockerTools.pullImage {
imageName = "codeberg.org/forgejo/forgejo";
imageDigest = "sha256:5c89548057b137f5e2a78ed3434848679cb1fc5a510a4042caf7b47115c5174e";
sha256 = "13icchd25fwrdwsjg30g5fl0mgj7sndqa4g4pfry5cdprz0j5y9w";
finalImageName = "codeberg.org/forgejo/forgejo";
finalImageTag = "1.21.3-0";
}

8
devices/servivi/modules/arion/forgejo/images/postgres.nix Normal file
View file

@ -0,0 +1,8 @@
pkgs:
pkgs.dockerTools.pullImage {
imageName = "postgres";
imageDigest = "sha256:1b8d18a565774e1734ea11ac1d4485d3eb168718f08c85dc2e24aeb16316249c";
sha256 = "05m8lmgly87cszg5iiv7c0gkz72bpdnh0kpp8zp91p32vyl225px";
finalImageName = "postgres";
finalImageTag = "14";
}

104
flake.lock generated
View file

@ -7,11 +7,11 @@
]
},
"locked": {
"lastModified": 1704549352,
"narHash": "sha256-fUwtVfjpkEtpQE2xwCTIgtmJzJSegFvNKsoZABDMvX4=",
"lastModified": 1704657027,
"narHash": "sha256-GWkEQO7hCE8zhNbBhYv02vDxRuLv/ni71rOfaAkztcA=",
"owner": "Aylur",
"repo": "ags",
"rev": "dcb24f887efc3d0dbf291c75da05b19221bfdee4",
"rev": "19f823b93ee9b1de22e2a3acae5dfbe70c0a1e7a",
"type": "github"
},
"original": {
@ -236,11 +236,11 @@
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1701473968,
"narHash": "sha256-YcVE5emp1qQ8ieHUnxt1wCZCC3ZfAS+SRRWZ2TMda7E=",
"lastModified": 1704152458,
"narHash": "sha256-DS+dGw7SKygIWf9w4eNBUZsK+4Ug27NwEWmn2tnbycg=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5",
"rev": "88a2cd8166694ba0b6cb374700799cec53aef527",
"type": "github"
},
"original": {
@ -380,11 +380,11 @@
"gpu-screen-recorder-src": {
"flake": false,
"locked": {
"lastModified": 1704537241,
"narHash": "sha256-6bo1tRgmozGjVhcBQB35qOfRjOnPNFwyM2bDiqF9qXU=",
"lastModified": 1704659362,
"narHash": "sha256-svbMipmpMFyxmwdNeZXkT6Z/wNtxKVjGIJt35h40itM=",
"ref": "refs/heads/master",
"rev": "36e38fcad8f28c0efc77eb3328a5f93e93c3880a",
"revCount": 453,
"rev": "4c098a4f0397876110a950d99e9951c360fedca8",
"revCount": 455,
"type": "git",
"url": "https://repo.dec05eba.com/gpu-screen-recorder"
},
@ -541,11 +541,11 @@
"xdph": "xdph"
},
"locked": {
"lastModified": 1704475363,
"narHash": "sha256-isiBkAsjXIvb/6McVK42/iBbC4h+UL3JRkkLqTSPE48=",
"lastModified": 1704649868,
"narHash": "sha256-PKVOCPV5i8prioWway5PjRMsICtrVONV3y5W69gQLWw=",
"owner": "hyprwm",
"repo": "Hyprland",
"rev": "7e033e48ace5406a9bc442f7d403f9ce3af193f3",
"rev": "d7d333d162da2d3fc852b2c7a3faa2709440cefa",
"type": "github"
},
"original": {
@ -603,11 +603,11 @@
"nixpkgs-lib": "nixpkgs-lib_2"
},
"locked": {
"lastModified": 1704024543,
"narHash": "sha256-hmKcKSuTqVK47l2G0PkLAinZN1oCOb6XdPPJhNCQ2rg=",
"lastModified": 1704629345,
"narHash": "sha256-cWrno5kSY2cCaWIl97Ae4/iZ9rnMLlm0VrwRqdzIESk=",
"owner": "nix-community",
"repo": "lib-aggregate",
"rev": "4608880f02f8f868e1b7f85c60abdfc5cb0cf9ec",
"rev": "3e408e7391e9d778f48861bb9da08ac54e01441a",
"type": "github"
},
"original": {
@ -643,11 +643,11 @@
]
},
"locked": {
"lastModified": 1704499431,
"narHash": "sha256-P6PfGHT2VkjVkW1SuvzHGwf9n043Zq3XACVQ/U2oXuo=",
"lastModified": 1704672222,
"narHash": "sha256-GkwxrG62hqDXLAdW17bulA6ckI8JuVuwythPqOiMoHs=",
"owner": "nix-community",
"repo": "neovim-nightly-overlay",
"rev": "713cb443519c554eb5957d5b5573483e94a90902",
"rev": "688360dd650feff8fef1d5a539eede840ec07d14",
"type": "github"
},
"original": {
@ -666,11 +666,11 @@
},
"locked": {
"dir": "contrib",
"lastModified": 1704494961,
"narHash": "sha256-gQiTqBZLl4lpvCZ6zz8FZkE2u+9RmzGqVIdPQpY99E8=",
"lastModified": 1704648325,
"narHash": "sha256-8DxfLibKTkbPc/ct9eApn+ET7dbY3Z2Du46U0KK0zL4=",
"owner": "neovim",
"repo": "neovim",
"rev": "28c183b38cdc00436d95af80ee8e34e4793ee38d",
"rev": "367e52cc79a786bbee4456b30f9ec5db7e28d6a5",
"type": "github"
},
"original": {
@ -748,11 +748,11 @@
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1704244428,
"narHash": "sha256-n3KZlxx1QS3919I1O77OhBouUeetlLpmQQcIx3dqAso=",
"lastModified": 1704590450,
"narHash": "sha256-9wUJ0irPrkukEUiqjXQev961l0sa0vgNlu9SW4GDV+E=",
"owner": "fufexan",
"repo": "nix-gaming",
"rev": "bd7442917422de061bcf61323b07abbb93bdb766",
"rev": "7a393401bd9212a5635e82dede0198d3e9602d41",
"type": "github"
},
"original": {
@ -790,11 +790,11 @@
]
},
"locked": {
"lastModified": 1703992163,
"narHash": "sha256-709CGmwU34dxv8DjSpRBZ+HibVJIVaFcA4JH+GFnhyM=",
"lastModified": 1704596958,
"narHash": "sha256-BK3Ohsz7m8X6qVKFxDtr8KVcHipfr5hYE9PDIJevHbQ=",
"owner": "Mic92",
"repo": "nix-index-database",
"rev": "d6510ce144f5da7dd9bac667ba3d5a4946c00d11",
"rev": "f46800ac5a6e9f892fe36e50821c5d85794ecc62",
"type": "github"
},
"original": {
@ -882,11 +882,11 @@
"nixpkgs-lib": {
"locked": {
"dir": "lib",
"lastModified": 1701253981,
"narHash": "sha256-ztaDIyZ7HrTAfEEUt9AtTDNoCYxUdSd6NrRHaYOIxtk=",
"lastModified": 1703961334,
"narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e92039b55bcd58469325ded85d4f58dd5a4eaf58",
"rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9",
"type": "github"
},
"original": {
@ -899,11 +899,11 @@
},
"nixpkgs-lib_2": {
"locked": {
"lastModified": 1703983607,
"lastModified": 1704588527,
"narHash": "sha256-YECXW8P0bqFM5e65Mu2fL4wZlonNWCuNEk7UQPsuJZ0=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "a6c99b57d2e58f7fc6d52a08b0ba40160e75f738",
"rev": "be8e58791dcfa2b98b512c2a1bdf3bd94a38790b",
"type": "github"
},
"original": {
@ -936,11 +936,11 @@
"nixpkgs": "nixpkgs_7"
},
"locked": {
"lastModified": 1704330409,
"narHash": "sha256-msr/ZbWUZBG4WZIybCC0sZJmdkJJLDbCB4uZG4lNFbE=",
"lastModified": 1704684968,
"narHash": "sha256-h+lSV/cfnfE5//dHefL154mgvaEmTz13ehI7eb/Hph0=",
"owner": "nix-community",
"repo": "nixpkgs-wayland",
"rev": "6c542fbd24f9115eda6d7e33392f64aa95021eda",
"rev": "17d7827cd61e7e6bdc732c4817ea4da26ab0b47b",
"type": "github"
},
"original": {
@ -967,11 +967,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1703499205,
"narHash": "sha256-lF9rK5mSUfIZJgZxC3ge40tp1gmyyOXZ+lRY3P8bfbg=",
"lastModified": 1704161960,
"narHash": "sha256-QGua89Pmq+FBAro8NriTuoO/wNaUtugt29/qqA8zeeM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e1fa12d4f6c6fe19ccb59cac54b5b3f25e160870",
"rev": "63143ac2c9186be6d9da6035fa22620018c85932",
"type": "github"
},
"original": {
@ -999,11 +999,11 @@
},
"nixpkgs_5": {
"locked": {
"lastModified": 1704194953,
"narHash": "sha256-RtDKd8Mynhe5CFnVT8s0/0yqtWFMM9LmCzXv/YKxnq4=",
"lastModified": 1704538339,
"narHash": "sha256-1734d3mQuux9ySvwf6axRWZRBhtcZA9Q8eftD6EZg6U=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "bd645e8668ec6612439a9ee7e71f7eac4099d4f6",
"rev": "46ae0210ce163b3cba6c7da08840c1d63de9c701",
"type": "github"
},
"original": {
@ -1031,11 +1031,11 @@
},
"nixpkgs_7": {
"locked": {
"lastModified": 1704194953,
"narHash": "sha256-RtDKd8Mynhe5CFnVT8s0/0yqtWFMM9LmCzXv/YKxnq4=",
"lastModified": 1704538339,
"narHash": "sha256-1734d3mQuux9ySvwf6axRWZRBhtcZA9Q8eftD6EZg6U=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "bd645e8668ec6612439a9ee7e71f7eac4099d4f6",
"rev": "46ae0210ce163b3cba6c7da08840c1d63de9c701",
"type": "github"
},
"original": {
@ -1131,11 +1131,11 @@
},
"nur": {
"locked": {
"lastModified": 1704554033,
"narHash": "sha256-4sgRZyamI4sh6VRk3kgkM/ojW+KCc4iDD0RRa4ed/7k=",
"lastModified": 1704687706,
"narHash": "sha256-kLipB2vqaB3Er4AEBSmRK1JM7q+4BcdI/Qg67HWyyS8=",
"owner": "nix-community",
"repo": "NUR",
"rev": "3fbed9bd2b3c6eced12baea4b61b3a060cd39b8d",
"rev": "0c2e0672caa72f21ff4a4ea5ff8141bce26d3f7b",
"type": "github"
},
"original": {
@ -1309,11 +1309,11 @@
"sops-nix": "sops-nix"
},
"locked": {
"lastModified": 1704604320,
"narHash": "sha256-tg8zrdwd4po2vaiGGm4mNmhnaEOWtbcAA05atam5LjM=",
"lastModified": 1704693422,
"narHash": "sha256-WjkB2UE+UyYYPKieq2JtYit0PlbTovO68+TFiERI3lk=",
"ref": "refs/heads/main",
"rev": "c9ed7f5dfe70d863e1f0553a9761b072c0a133b7",
"revCount": 25,
"rev": "34a949edd2ff2edec3b780c20287c2c8b6cd2ae5",
"revCount": 27,
"type": "git",
"url": "ssh://git@git.nelim.org/matt1432/nixos-secrets"
},