From 43b6159feb46e6f9cfae2d1121cec81e35082e96 Mon Sep 17 00:00:00 2001 From: Nikolaos Karaolidis Date: Sun, 14 Sep 2025 17:25:42 +0100 Subject: [PATCH] Add gitea runner image Signed-off-by: Nikolaos Karaolidis --- flake.lock | 8 ++-- .../configs/console/podman/gitea/default.nix | 31 +++++++++++++++- .../console/podman/nextcloud/default.nix | 4 +- overlays/default.nix | 1 + packages/default.nix | 1 + .../gitea-act-runner-worker/default.nix | 37 +++++++++++++++++++ packages/docker/gitea-act-runner/default.nix | 11 +----- patches.nix | 11 +++++- submodules/secrets | 2 +- 9 files changed, 87 insertions(+), 19 deletions(-) create mode 100644 packages/docker/gitea-act-runner-worker/default.nix diff --git a/flake.lock b/flake.lock index 1d9469c..ead3dcd 100644 --- a/flake.lock +++ b/flake.lock @@ -511,11 +511,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1757583391, - "narHash": "sha256-q5ZXkTv0SJw7OMbu2K3b03Fbb+1Hz6ZafqdqGneyX9A=", + "lastModified": 1757861884, + "narHash": "sha256-s0cInWk/yrj0eY7Iee722ME9/bfjpUj9aKMlnb6q/t4=", "ref": "refs/heads/main", - "rev": "42df461dac05dccd22df0c36007174dd73aa0aea", - "revCount": 40, + "rev": "383cf08fa55a46c8aa1c5faf57160bf594e5feaa", + "revCount": 41, "type": "git", "url": "ssh://git@karaolidis.com/karaolidis/nix-secrets.git" }, diff --git a/hosts/jupiter/users/storm/configs/console/podman/gitea/default.nix b/hosts/jupiter/users/storm/configs/console/podman/gitea/default.nix index 037e49e..ebef532 100644 --- a/hosts/jupiter/users/storm/configs/console/podman/gitea/default.nix +++ b/hosts/jupiter/users/storm/configs/console/podman/gitea/default.nix @@ -61,7 +61,12 @@ in home-manager.users.${user} = let autheliaClientId = "I2ZYDFGWP1bzfiauXe94IaiReZF6SqoEskSp6phoL2L8l16Cq7YX3Vr4pkQOSYfNDOwuFjTRIpqQ8eAqK0M93NeEgpr8YoPhKHyR"; - inherit (hmConfig.virtualisation.quadlet) containers volumes networks; + inherit (hmConfig.virtualisation.quadlet) + containers + volumes + networks + images + ; in { sops = { @@ -214,6 +219,16 @@ in gitea-act-runner-cache = { }; }; + images.gitea-act-runner-worker.imageConfig = { + image = "docker-archive:${pkgs.dockerImages.gitea-act-runner-worker}"; + tag = + let + name = pkgs.dockerImages.gitea-act-runner-worker.passthru.buildArgs.name; + tag = pkgs.dockerImages.gitea-act-runner-worker.passthru.imageTag; + in + "localhost/${name}:${tag}"; + }; + containers = { gitea = { containerConfig = { @@ -278,8 +293,22 @@ in volumes = let uid = builtins.toString config.users.users.${user}.uid; + + runnerConfig = (pkgs.formats.yaml { }).generate "config.yaml" { + runner = { + file = "/var/lib/gitea-act-runner/registration"; + capacity = 4; + labels = [ "nix:docker://${images.gitea-act-runner-worker.imageConfig.tag}" ]; + }; + cache.dir = "/tmp/gitea-act-runner/"; + container = { + privileged = true; + docker_host = "-"; + }; + }; in [ + "${runnerConfig}:/etc/gitea-act-runner/config.yaml:ro" "/run/user/${uid}/podman/podman.sock:/var/run/docker.sock" "${volumes.gitea-act-runner-data.ref}:/var/lib/gitea-act-runner" "${volumes.gitea-act-runner-cache.ref}:/tmp/gitea-act-runner" diff --git a/hosts/jupiter/users/storm/configs/console/podman/nextcloud/default.nix b/hosts/jupiter/users/storm/configs/console/podman/nextcloud/default.nix index d3e6014..68eb37b 100644 --- a/hosts/jupiter/users/storm/configs/console/podman/nextcloud/default.nix +++ b/hosts/jupiter/users/storm/configs/console/podman/nextcloud/default.nix @@ -170,14 +170,14 @@ in ]; volumes = let - post-setup = pkgs.writeTextFile { + postSetup = pkgs.writeTextFile { name = "post-setup.sh"; executable = true; text = builtins.readFile ./post-setup.sh; }; in [ - "${post-setup}:/etc/nextcloud/post-setup.sh:ro" + "${postSetup}:/etc/nextcloud/post-setup.sh:ro" "/mnt/storage/private/storm/containers/storage/volumes/nextcloud-data/_data:/var/lib/nextcloud" "${volumes.nextcloud-log.ref}:/var/log/nextcloud" "${volumes.nextcloud-config.ref}:/var/www/nextcloud/config" diff --git a/overlays/default.nix b/overlays/default.nix index dfb6c3e..b20b238 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -20,6 +20,7 @@ final: prev: flaresolverr = final.docker-image-flaresolverr; gitea = final.docker-image-gitea; gitea-act-runner = final.docker-image-gitea-act-runner; + gitea-act-runner-worker = final.docker-image-gitea-act-runner-worker; grafana = final.docker-image-grafana; grafana-image-renderer = final.docker-image-grafana-image-renderer; jellyfin = final.docker-image-jellyfin; diff --git a/packages/default.nix b/packages/default.nix index 456798a..04ded9f 100644 --- a/packages/default.nix +++ b/packages/default.nix @@ -13,6 +13,7 @@ docker-image-flaresolverr = import ./docker/flaresolverr { inherit pkgs; }; docker-image-gitea = import ./docker/gitea { inherit pkgs; }; docker-image-gitea-act-runner = import ./docker/gitea-act-runner { inherit pkgs; }; + docker-image-gitea-act-runner-worker = import ./docker/gitea-act-runner-worker { inherit pkgs; }; docker-image-grafana = import ./docker/grafana { inherit pkgs; }; docker-image-grafana-image-renderer = import ./docker/grafana-image-renderer { inherit pkgs; }; docker-image-jellyfin = import ./docker/jellyfin { inherit pkgs; }; diff --git a/packages/docker/gitea-act-runner-worker/default.nix b/packages/docker/gitea-act-runner-worker/default.nix new file mode 100644 index 0000000..28b732d --- /dev/null +++ b/packages/docker/gitea-act-runner-worker/default.nix @@ -0,0 +1,37 @@ +{ pkgs, ... }: +let + containerPolicy = pkgs.writeTextDir "/etc/containers/policy.json" ( + builtins.readFile ( + (pkgs.formats.json { }).generate "policy.json" { + default = [ { type = "insecureAcceptAnything"; } ]; + transports.docker-daemon."" = [ { type = "insecureAcceptAnything"; } ]; + } + ) + ); +in +pkgs.dockerTools.buildImage { + name = "gitea-act-runner-worker"; + fromImage = pkgs.docker-image-base; + + copyToRoot = pkgs.buildEnv { + name = "root"; + paths = with pkgs; [ + git + curl + jq + nix + nodejs + buildah + skopeo + containerPolicy + ]; + pathsToLink = [ + "/bin" + "/etc" + ]; + }; + + runAsRoot = '' + mkdir -p /var/tmp + ''; +} diff --git a/packages/docker/gitea-act-runner/default.nix b/packages/docker/gitea-act-runner/default.nix index d4e894a..1376728 100644 --- a/packages/docker/gitea-act-runner/default.nix +++ b/packages/docker/gitea-act-runner/default.nix @@ -10,16 +10,7 @@ let runnerConfig = pkgs.writeTextDir "/etc/gitea-act-runner/config.yaml" ( builtins.readFile ( (pkgs.formats.yaml { }).generate "config.yaml" { - runner = { - file = "/var/lib/gitea-act-runner/registration"; - capacity = 4; - labels = [ - "ubuntu-latest:docker://catthehacker/ubuntu:act-latest" - "ubuntu-22.04:docker://catthehacker/ubuntu:act-22.04" - "ubuntu-20.04:docker://catthehacker/ubuntu:act-20.04" - "ubuntu-18.04:docker://catthehacker/ubuntu:act-18.04" - ]; - }; + runner.file = "/var/lib/gitea-act-runner/registration"; cache.dir = "/tmp/gitea-act-runner/"; # https://gitea.com/gitea/act_runner/issues/223#issuecomment-743748 container.docker_host = "-"; diff --git a/patches.nix b/patches.nix index 1ab9bfb..16fb58e 100644 --- a/patches.nix +++ b/patches.nix @@ -1 +1,10 @@ -{ patcher, ... }: { } +{ patcher, ... }: +{ + quadlet-nix.patches = [ + (patcher.fetchpatch { + name = "feat: supports images"; + url = "https://github.com/SEIAROTg/quadlet-nix/compare/main...karaolidis:quadlet-nix:image.diff"; + hash = "sha256-XLdOrSJ/gyLARGI0psBejtpX9Z2NSRTaUbFtBi8BxPw="; + }) + ]; +} diff --git a/submodules/secrets b/submodules/secrets index 42df461..383cf08 160000 --- a/submodules/secrets +++ b/submodules/secrets @@ -1 +1 @@ -Subproject commit 42df461dac05dccd22df0c36007174dd73aa0aea +Subproject commit 383cf08fa55a46c8aa1c5faf57160bf594e5feaa