matt1432/nixos-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: pin docker images and run dind for act_runner
All checks were successful
Discord / discord commits (push) Has been skipped
Details

Browse source
This commit is contained in:
matt1432 2024-01-08 01:11:22 -05:00
parent 165cfbfca3
commit 0343967c75
6 changed files with 64 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
devices/servivi/modules/arion/default.nix
View file

@ -2,6 +2,7 @@
arion, arion,
config, config,
lib, lib,
pkgs,
... ...
} @ inputs: } @ inputs:
with lib; with lib;
@ -37,6 +38,7 @@ in {
value = import p (inputs value = import p (inputs
// { // {
importImage = file: pkgs.callPackage file pkgs;
rwPath = rwPath =
configPath configPath
+ "/" + "/"
@ -49,12 +51,26 @@ in {
# https://docs.hercules-ci.com/arion/options # https://docs.hercules-ci.com/arion/options
settings = { settings = {
enableDefaultNetwork = v.enableDefaultNetwork or true; enableDefaultNetwork = v.enableDefaultNetwork or true;
networks = optionalAttrs (hasAttr "networks" v) v.networks;
networks =
optionalAttrs (hasAttr "networks" v)
v.networks;
services = services =
mapAttrs (n': v': { mapAttrs (n': v': {
image = optionalAttrs (hasAttr "customImage" v') v'.customImage; # https://github.com/hercules-ci/arion/issues/169#issuecomment-1301370634
service = filterAttrs (n: v: n != "customImage") v'; build.image =
optionalAttrs (hasAttr "hostImage" v')
(mkForce v'.hostImage);
image =
optionalAttrs (hasAttr "customImage" v')
v'.customImage;
service =
filterAttrs
(n: v: n != "customImage" && n != "hostImage")
v';
}) })
v.services; v.services;
}; };

39
devices/servivi/modules/arion/forgejo/compose.nix
View file

@ -1,14 +1,15 @@
{ {
config, config,
rwPath, rwPath,
importImage,
... ...
}: let }: let
secrets = config.sops.secrets; secrets = config.sops.secrets;
in { in {
services = { services = {
"forgejo" = { "forgejo" = {
image = "codeberg.org/forgejo/forgejo:1.21.3-0";
container_name = "forgejo"; container_name = "forgejo";
hostImage = importImage ./images/forgejo.nix;
ports = [ ports = [
# Redirect WAN port 22 to this port # Redirect WAN port 22 to this port
@ -17,7 +18,6 @@ in {
]; ];
restart = "always"; restart = "always";
privileged = true;
depends_on = ["forgejo-db"]; depends_on = ["forgejo-db"];
env_file = [secrets.forgejo.path]; env_file = [secrets.forgejo.path];
@ -41,29 +41,32 @@ in {
]; ];
}; };
"runner" = {
image = "gitea/act_runner";
# TODO: change name
container_name = "podman-runner";
restart = "always";
depends_on = ["forgejo"];
volumes = [
"${secrets.forgejo-runner.path}:/data/.runner"
"/var/run/docker.sock:/var/run/docker.sock"
];
};
"forgejo-db" = { "forgejo-db" = {
image = "public.ecr.aws/docker/library/postgres:14";
container_name = "forgejo-db"; container_name = "forgejo-db";
hostImage = importImage ./images/postgres.nix;
restart = "always"; restart = "always";
env_file = [secrets.forgejo-db.path]; env_file = [secrets.forgejo-db.path];
volumes = ["${rwPath}/db:/var/lib/postgresql/data"]; volumes = ["${rwPath}/db:/var/lib/postgresql/data"];
}; };
"runner" = {
container_name = "act_runner";
hostImage = importImage ./images/act_runner.nix;
privileged = true;
restart = "always";
depends_on = ["forgejo"];
env_file = [secrets.forgejo-runner.path];
environment = {
GITEA_INSTANCE_URL = "https://git.nelim.org";
GITEA_RUNNER_NAME = "DinD";
};
volumes = ["${rwPath}/act:/data"];
};
}; };
} }

8
devices/servivi/modules/arion/forgejo/images/act_runner.nix Normal file
View file

@ -0,0 +1,8 @@
pkgs:
pkgs.dockerTools.pullImage {
imageName = "vegardit/gitea-act-runner";
imageDigest = "sha256:b785240f713d93f4a2d2a82926eacd0ac1deeae360d8ddfbd456102850285efb";
sha256 = "0z2vd663zyyfcz0rnl2ksivxmh63nhh4g42qx2idqb6j27s426bq";
finalImageName = "vegardit/gitea-act-runner";
finalImageTag = "dind-latest";
}

8
devices/servivi/modules/arion/forgejo/images/forgejo.nix Normal file
View file

@ -0,0 +1,8 @@
pkgs:
pkgs.dockerTools.pullImage {
imageName = "codeberg.org/forgejo/forgejo";
imageDigest = "sha256:5c89548057b137f5e2a78ed3434848679cb1fc5a510a4042caf7b47115c5174e";
sha256 = "13icchd25fwrdwsjg30g5fl0mgj7sndqa4g4pfry5cdprz0j5y9w";
finalImageName = "codeberg.org/forgejo/forgejo";
finalImageTag = "1.21.3-0";
}

8
devices/servivi/modules/arion/forgejo/images/postgres.nix Normal file
View file

@ -0,0 +1,8 @@
pkgs:
pkgs.dockerTools.pullImage {
imageName = "postgres";
imageDigest = "sha256:1b8d18a565774e1734ea11ac1d4485d3eb168718f08c85dc2e24aeb16316249c";
sha256 = "05m8lmgly87cszg5iiv7c0gkz72bpdnh0kpp8zp91p32vyl225px";
finalImageName = "postgres";
finalImageTag = "14";
}

BIN
flake.lock
View file

Binary file not shown.