79 lines
1.7 KiB
Nix
79 lines
1.7 KiB
Nix
{
|
|
config,
|
|
pkgs,
|
|
...
|
|
}: {
|
|
imports = [
|
|
# Include the results of the hardware scan.
|
|
./hardware.nix
|
|
];
|
|
|
|
nixpkgs.config.allowUnfree = true;
|
|
nix.settings.experimental-features = ["nix-command" "flakes"];
|
|
boot.tmp.cleanOnBoot = true;
|
|
zramSwap.enable = true;
|
|
environment.systemPackages = with pkgs; [
|
|
vim
|
|
wget
|
|
git
|
|
htop
|
|
tailscale
|
|
];
|
|
|
|
services.gitea-actions-runner = {
|
|
package = pkgs.forgejo-actions-runner;
|
|
instances = {
|
|
oracle-arm = {
|
|
name = "oracle-arm";
|
|
enable = true;
|
|
labels = [
|
|
"debian-latest-arm:docker://node:18-bullseye"
|
|
];
|
|
url = "https://git.gmem.ca";
|
|
token = "dcSqNPRfeAFjAA2NUzZRbO4Q2k1L2WOOCAEAhPR4";
|
|
settings = {
|
|
cache.port = 4328;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
programs.zsh.enable = true;
|
|
programs.fish.enable = true;
|
|
environment.shells = with pkgs; [zsh fish];
|
|
|
|
networking = {
|
|
hostName = "forgejo-action-runner";
|
|
domain = "gmem.ca";
|
|
nameservers = ["1.1.1.1" "1.0.0.1"];
|
|
firewall = {
|
|
trustedInterfaces = ["tailscale0"];
|
|
checkReversePath = "loose";
|
|
enable = true;
|
|
allowedTCPPorts = [22 80 443 4328];
|
|
allowedUDPPorts = [];
|
|
};
|
|
nftables.enable = true;
|
|
};
|
|
|
|
users.users = {
|
|
root.openssh.authorizedKeys.keys = let
|
|
authorizedKeys = pkgs.fetchurl {
|
|
url = "https://gmem.ca/ssh";
|
|
hash = "sha256-7PpFDgWVfp26c9PuW+2s3O8MBAODtHr4q7WU/l3BoG4=";
|
|
};
|
|
in
|
|
pkgs.lib.splitString "\n" (builtins.readFile
|
|
authorizedKeys);
|
|
};
|
|
virtualisation = {
|
|
docker = {
|
|
enable = true;
|
|
};
|
|
};
|
|
|
|
services.openssh.enable = true;
|
|
services.tailscale.enable = true;
|
|
system.stateVersion = "23.11";
|
|
}
|