Forgejo action caching with static ports

2023-08-15 21:38:06 +01:00 · 2023-08-15 21:38:06 +01:00 · ed77b340c8
parent 4142d069a3
commit ed77b340c8
2 changed files with 24 additions and 5 deletions
--- a/krops/nas/configuration.nix
+++ b/krops/nas/configuration.nix
@ -229,16 +229,20 @@
      };
    };
    gitea-actions-runner = {
-      package = pkgs.gitea-actions-runner;
+      # package = pkgs.forgejo-actions-runner;
      instances = {
        vancouver = {
          name = "vancouver";
          enable = true;
          labels = [
            "debian-latest:docker://node:18-bullseye"
+            "docker:docker://gitea/act_runner:nightly-dind-rootless"
            "nix:docker://nixos/nix"
          ];
          url = "https://git.gmem.ca/";
+          settings = {
+            cache.port = 4328;
+          };
        };
      };
    };
@ -253,7 +257,7 @@
      trustedInterfaces = ["tailscale0" "virbr0"];
      checkReversePath = "loose";
      enable = true;
-      allowedTCPPorts = [ 22 53 80 443 2049 ];
+      allowedTCPPorts = [ 22 53 80 443 2049 4328 ];
      allowedUDPPorts = [ 53 41641 ];
    };
    useDHCP = false;
--- a/krops/oracle-gitea-runner/configuration.nix
+++ b/krops/oracle-gitea-runner/configuration.nix
@ -8,9 +8,6 @@
  nix.settings.experimental-features = [ "nix-command" "flakes" ];
  boot.tmp.cleanOnBoot = true;
  zramSwap.enable = true;
-  networking.hostName = "gitea-arm-runner";
-  networking.domain = "gmem.ca";
-  networking.nameservers = [ "1.1.1.1" "1.0.0.1" ];
  environment.systemPackages = with pkgs; [
    vim
    wget
@ -40,9 +37,13 @@
          wget
          docker
          nix
+          zstd
        ];
        url = "https://vancouver.scorpion-ghost.ts.net/git";
        token = "";
+        settings = {
+          cache.port = 4328;
+        };
      };
    };
  };
@ -51,6 +52,20 @@
  programs.fish.enable = true;
  environment.shells = with pkgs; [ zsh fish ];

+  networking = {
+    hostName = "gitea-arm-runner";
+    domain = "gmem.ca";
+    nameservers = [ "1.1.1.1" "1.0.0.1" ];
+    firewall = {
+      trustedInterfaces = ["tailscale0"];
+      checkReversePath = "loose";
+      enable = true;
+      allowedTCPPorts = [ 22 80 443 4328 ];
+      allowedUDPPorts = [ ];
+    };
+    nftables.enable = true;
+  };
+  
  users.users = {
    root.openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIztwQxt+jqroFONSgq+xzPMuE2I5Dq/zWPQ8RcTYJr"