infra/nix/oracle-gitea-runner/configuration.nix

{
  config,
  pkgs,
  ...
}: {
  imports = [
    # Include the results of the hardware scan.
    ./hardware.nix
  ];

  nixpkgs.config.allowUnfree = true;
  nix.settings.experimental-features = ["nix-command" "flakes"];
  boot.tmp.cleanOnBoot = true;
  zramSwap.enable = true;
  environment.systemPackages = with pkgs; [
    vim
    wget
    git
    htop
    tailscale
  ];

  services.gitea-actions-runner = {
    package = pkgs.forgejo-actions-runner;
    instances = {
      oracle-arm = {
        name = "oracle-arm";
        enable = true;
        labels = [
          "debian-latest-arm:docker://node:18-bullseye"
        ];
        url = "https://git.gmem.ca";
        token = "dcSqNPRfeAFjAA2NUzZRbO4Q2k1L2WOOCAEAhPR4";
        settings = {
          cache.port = 4328;
        };
      };
    };
  };

  programs.zsh.enable = true;
  programs.fish.enable = true;
  environment.shells = with pkgs; [zsh fish];

  networking = {
    hostName = "forgejo-action-runner";
    domain = "gmem.ca";
    nameservers = ["1.1.1.1" "1.0.0.1"];
    firewall = {
      trustedInterfaces = ["tailscale0"];
      checkReversePath = "loose";
      enable = true;
      allowedTCPPorts = [22 80 443 4328];
      allowedUDPPorts = [];
    };
    nftables.enable = true;
  };

  users.users = {
    root.openssh.authorizedKeys.keys = let
      authorizedKeys = pkgs.fetchurl {
        url = "https://gmem.ca/ssh";
        hash = "sha256-7PpFDgWVfp26c9PuW+2s3O8MBAODtHr4q7WU/l3BoG4=";
      };
    in
      pkgs.lib.splitString "\n" (builtins.readFile
        authorizedKeys);
  };
  virtualisation = {
    docker = {
      enable = true;
    };
  };

  services.openssh.enable = true;
  services.tailscale.enable = true;
  system.stateVersion = "23.11";
}
Add oracle cloud based ARM runner for forge 2023-07-15 22:54:03 +01:00			`{`
format with alejandra style 2024-02-05 13:13:44 +00:00			`config,`
			`pkgs,`
			`...`
			`}: {`
			`imports = [`
			`# Include the results of the hardware scan.`
			`./hardware.nix`
			`];`
Experimental Coder 2023-11-07 12:33:12 +00:00
			`nixpkgs.config.allowUnfree = true;`
format with alejandra style 2024-02-05 13:13:44 +00:00			`nix.settings.experimental-features = ["nix-command" "flakes"];`
Add oracle cloud based ARM runner for forge 2023-07-15 22:54:03 +01:00			`boot.tmp.cleanOnBoot = true;`
			`zramSwap.enable = true;`
			`environment.systemPackages = with pkgs; [`
			`vim`
			`wget`
			`git`
			`htop`
			`tailscale`
			`];`

			`services.gitea-actions-runner = {`
Move krops to nix 2023-09-05 21:44:01 +01:00			`package = pkgs.forgejo-actions-runner;`
Minor tweaks to gitea runners 2023-07-19 11:59:28 +01:00			`instances = {`
			`oracle-arm = {`
			`name = "oracle-arm";`
			`enable = true;`
			`labels = [`
			`"debian-latest-arm:docker://node:18-bullseye"`
			`];`
Move krops to nix 2023-09-05 21:44:01 +01:00			`url = "https://git.gmem.ca";`
Remove coder from gitea runner, ssh keys 2023-12-08 23:41:29 +00:00			`token = "dcSqNPRfeAFjAA2NUzZRbO4Q2k1L2WOOCAEAhPR4";`
Forgejo action caching with static ports 2023-08-15 21:38:06 +01:00			`settings = {`
			`cache.port = 4328;`
			`};`
Add oracle cloud based ARM runner for forge 2023-07-15 22:54:03 +01:00			`};`
			`};`
Minor tweaks to gitea runners 2023-07-19 11:59:28 +01:00			`};`
Add oracle cloud based ARM runner for forge 2023-07-15 22:54:03 +01:00
			`programs.zsh.enable = true;`
			`programs.fish.enable = true;`
format with alejandra style 2024-02-05 13:13:44 +00:00			`environment.shells = with pkgs; [zsh fish];`
Add oracle cloud based ARM runner for forge 2023-07-15 22:54:03 +01:00
Forgejo action caching with static ports 2023-08-15 21:38:06 +01:00			`networking = {`
Move krops to nix 2023-09-05 21:44:01 +01:00			`hostName = "forgejo-action-runner";`
Forgejo action caching with static ports 2023-08-15 21:38:06 +01:00			`domain = "gmem.ca";`
format with alejandra style 2024-02-05 13:13:44 +00:00			`nameservers = ["1.1.1.1" "1.0.0.1"];`
Forgejo action caching with static ports 2023-08-15 21:38:06 +01:00			`firewall = {`
			`trustedInterfaces = ["tailscale0"];`
			`checkReversePath = "loose";`
			`enable = true;`
format with alejandra style 2024-02-05 13:13:44 +00:00			`allowedTCPPorts = [22 80 443 4328];`
			`allowedUDPPorts = [];`
Forgejo action caching with static ports 2023-08-15 21:38:06 +01:00			`};`
			`nftables.enable = true;`
			`};`
format with alejandra style 2024-02-05 13:13:44 +00:00
Add oracle cloud based ARM runner for forge 2023-07-15 22:54:03 +01:00			`users.users = {`
Remove coder from gitea runner, ssh keys 2023-12-08 23:41:29 +00:00			`root.openssh.authorizedKeys.keys = let`
			`authorizedKeys = pkgs.fetchurl {`
			`url = "https://gmem.ca/ssh";`
			`hash = "sha256-7PpFDgWVfp26c9PuW+2s3O8MBAODtHr4q7WU/l3BoG4=";`
			`};`
format with alejandra style 2024-02-05 13:13:44 +00:00			`in`
			`pkgs.lib.splitString "\n" (builtins.readFile`
			`authorizedKeys);`
Add oracle cloud based ARM runner for forge 2023-07-15 22:54:03 +01:00			`};`
			`virtualisation = {`
			`docker = {`
			`enable = true;`
			`};`
			`};`
format with alejandra style 2024-02-05 13:13:44 +00:00
Add oracle cloud based ARM runner for forge 2023-07-15 22:54:03 +01:00			`services.openssh.enable = true;`
			`services.tailscale.enable = true;`
Move krops to nix 2023-09-05 21:44:01 +01:00			`system.stateVersion = "23.11";`
Add oracle cloud based ARM runner for forge 2023-07-15 22:54:03 +01:00			`}`