feat: pin docker images and run dind for act_runner
All checks were successful
Discord / discord commits (push) Has been skipped
All checks were successful
Discord / discord commits (push) Has been skipped
This commit is contained in:
parent
165cfbfca3
commit
0343967c75
6 changed files with 64 additions and 21 deletions
|
@ -2,6 +2,7 @@
|
|||
arion,
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
} @ inputs:
|
||||
with lib;
|
||||
|
@ -37,6 +38,7 @@ in {
|
|||
|
||||
value = import p (inputs
|
||||
// {
|
||||
importImage = file: pkgs.callPackage file pkgs;
|
||||
rwPath =
|
||||
configPath
|
||||
+ "/"
|
||||
|
@ -49,12 +51,26 @@ in {
|
|||
# https://docs.hercules-ci.com/arion/options
|
||||
settings = {
|
||||
enableDefaultNetwork = v.enableDefaultNetwork or true;
|
||||
networks = optionalAttrs (hasAttr "networks" v) v.networks;
|
||||
|
||||
networks =
|
||||
optionalAttrs (hasAttr "networks" v)
|
||||
v.networks;
|
||||
|
||||
services =
|
||||
mapAttrs (n': v': {
|
||||
image = optionalAttrs (hasAttr "customImage" v') v'.customImage;
|
||||
service = filterAttrs (n: v: n != "customImage") v';
|
||||
# https://github.com/hercules-ci/arion/issues/169#issuecomment-1301370634
|
||||
build.image =
|
||||
optionalAttrs (hasAttr "hostImage" v')
|
||||
(mkForce v'.hostImage);
|
||||
|
||||
image =
|
||||
optionalAttrs (hasAttr "customImage" v')
|
||||
v'.customImage;
|
||||
|
||||
service =
|
||||
filterAttrs
|
||||
(n: v: n != "customImage" && n != "hostImage")
|
||||
v';
|
||||
})
|
||||
v.services;
|
||||
};
|
||||
|
|
|
@ -1,14 +1,15 @@
|
|||
{
|
||||
config,
|
||||
rwPath,
|
||||
importImage,
|
||||
...
|
||||
}: let
|
||||
secrets = config.sops.secrets;
|
||||
in {
|
||||
services = {
|
||||
"forgejo" = {
|
||||
image = "codeberg.org/forgejo/forgejo:1.21.3-0";
|
||||
container_name = "forgejo";
|
||||
hostImage = importImage ./images/forgejo.nix;
|
||||
|
||||
ports = [
|
||||
# Redirect WAN port 22 to this port
|
||||
|
@ -17,7 +18,6 @@ in {
|
|||
];
|
||||
|
||||
restart = "always";
|
||||
privileged = true;
|
||||
depends_on = ["forgejo-db"];
|
||||
|
||||
env_file = [secrets.forgejo.path];
|
||||
|
@ -41,29 +41,32 @@ in {
|
|||
];
|
||||
};
|
||||
|
||||
"runner" = {
|
||||
image = "gitea/act_runner";
|
||||
|
||||
# TODO: change name
|
||||
container_name = "podman-runner";
|
||||
|
||||
restart = "always";
|
||||
depends_on = ["forgejo"];
|
||||
|
||||
volumes = [
|
||||
"${secrets.forgejo-runner.path}:/data/.runner"
|
||||
"/var/run/docker.sock:/var/run/docker.sock"
|
||||
];
|
||||
};
|
||||
|
||||
"forgejo-db" = {
|
||||
image = "public.ecr.aws/docker/library/postgres:14";
|
||||
container_name = "forgejo-db";
|
||||
hostImage = importImage ./images/postgres.nix;
|
||||
|
||||
restart = "always";
|
||||
|
||||
env_file = [secrets.forgejo-db.path];
|
||||
|
||||
volumes = ["${rwPath}/db:/var/lib/postgresql/data"];
|
||||
};
|
||||
|
||||
"runner" = {
|
||||
container_name = "act_runner";
|
||||
hostImage = importImage ./images/act_runner.nix;
|
||||
privileged = true;
|
||||
|
||||
restart = "always";
|
||||
depends_on = ["forgejo"];
|
||||
|
||||
env_file = [secrets.forgejo-runner.path];
|
||||
environment = {
|
||||
GITEA_INSTANCE_URL = "https://git.nelim.org";
|
||||
GITEA_RUNNER_NAME = "DinD";
|
||||
};
|
||||
|
||||
volumes = ["${rwPath}/act:/data"];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -0,0 +1,8 @@
|
|||
pkgs:
|
||||
pkgs.dockerTools.pullImage {
|
||||
imageName = "vegardit/gitea-act-runner";
|
||||
imageDigest = "sha256:b785240f713d93f4a2d2a82926eacd0ac1deeae360d8ddfbd456102850285efb";
|
||||
sha256 = "0z2vd663zyyfcz0rnl2ksivxmh63nhh4g42qx2idqb6j27s426bq";
|
||||
finalImageName = "vegardit/gitea-act-runner";
|
||||
finalImageTag = "dind-latest";
|
||||
}
|
8
devices/servivi/modules/arion/forgejo/images/forgejo.nix
Normal file
8
devices/servivi/modules/arion/forgejo/images/forgejo.nix
Normal file
|
@ -0,0 +1,8 @@
|
|||
pkgs:
|
||||
pkgs.dockerTools.pullImage {
|
||||
imageName = "codeberg.org/forgejo/forgejo";
|
||||
imageDigest = "sha256:5c89548057b137f5e2a78ed3434848679cb1fc5a510a4042caf7b47115c5174e";
|
||||
sha256 = "13icchd25fwrdwsjg30g5fl0mgj7sndqa4g4pfry5cdprz0j5y9w";
|
||||
finalImageName = "codeberg.org/forgejo/forgejo";
|
||||
finalImageTag = "1.21.3-0";
|
||||
}
|
|
@ -0,0 +1,8 @@
|
|||
pkgs:
|
||||
pkgs.dockerTools.pullImage {
|
||||
imageName = "postgres";
|
||||
imageDigest = "sha256:1b8d18a565774e1734ea11ac1d4485d3eb168718f08c85dc2e24aeb16316249c";
|
||||
sha256 = "05m8lmgly87cszg5iiv7c0gkz72bpdnh0kpp8zp91p32vyl225px";
|
||||
finalImageName = "postgres";
|
||||
finalImageTag = "14";
|
||||
}
|
BIN
flake.lock
BIN
flake.lock
Binary file not shown.
Loading…
Reference in a new issue