dotfiles/nixos-config
1
0
Fork 0
mirror of https://github.com/srid/nixos-config.git synced 2026-05-11 09:28:13 +08:00
Code Issues Projects Releases Packages Wiki Activity Actions

clusters/github-runner: init

Browse source
This commit is contained in:
Sridhar Ratnakumar 2024-03-26 16:56:10 -04:00
parent cede676eb0
commit 96672a0bda
5 changed files with 86 additions and 74 deletions
Download patch file Download diff file Expand all files Collapse all files

1
README.md
View file

@ -51,6 +51,7 @@ Start from `flake.nix` (see [Flakes](https://nixos.wiki/wiki/Flakes)). [`flake-p
- `users`: user information
- `secrets.json` (and `.sops.yaml`): sops-nix secrets
- `systems`: top-level configuration.nix('ish) for various systems
- `clusters`: Features that span more than 1 system
## Tips

22
clusters/github-runner/darwin-module.nix Normal file
View file

@ -0,0 +1,22 @@
{ pkgs, ... }:
{
# Github runner CI
users = {
knownUsers = [ "github-runner" ];
forceRecreate = true;
users.github-runner = {
uid = 1009;
description = "GitHub Runner";
home = "/Users/github-runner";
createHome = true;
shell = pkgs.bashInteractive;
# NOTE: Go to macOS Remote-Login settings and allow all users to ssh.
openssh.authorizedKeys.keys = [
# github-runner VM's /etc/ssh/ssh_host_ed25519_key.pub
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJUJvyuUnIs2q2TkJq29wqJ6HyOAeMmIK8PcH7xAlpVY root@github-runner"
];
};
};
nix.settings.trusted-users = [ "github-runner" ];
}

54
clusters/github-runner/nixos-module.nix Normal file
View file

@ -0,0 +1,54 @@
{ flake, pkgs, lib, ... }:
let
inherit (flake) inputs;
inherit (inputs) self;
user = "github-runner";
group = "github-runner";
tokenFile = "/run/keys/github-runner-token.secret"; # See colmena keys in top-level flake.nix
# Convenient function to create multiple runners per single personal repo.
mkPersonalRunners = user:
lib.concatMapAttrs (repoName: meta:
lib.listToAttrs (lib.flip builtins.map (lib.range 1 meta.num) (idx:
let
name = "${repoName}-${builtins.toString idx}";
in
lib.nameValuePair name {
inherit user group tokenFile name;
enable = true;
replace = true;
extraPackages = with pkgs; [
coreutils
nixci
];
url = "https://github.com/${user}/${repoName}";
})));
hostIP = "10.37.129.2"; # Find out using `ifconfig` on host, looking for bridge101
in
{
# User
users.users.${user} = {
inherit group;
isSystemUser = true;
};
users.groups.${group} = { };
nix.settings.trusted-users = [ user ];
# Runners
services.github-runners = mkPersonalRunners "srid" {
perpetuum.num = 2;
};
# macOS remote builder
nix.distributedBuilds = true;
nix.buildMachines = [{
hostName = hostIP;
systems = [ "aarch64-darwin" "x86_64-darwin" ];
# supportedFeatures = [ "kvm" "benchmark" "big-parallel" ];
maxJobs = 6; # 6 cores
protocol = "ssh-ng";
sshUser = user;
sshKey = "/etc/ssh/ssh_host_ed25519_key";
}];
}

31
systems/darwin.nix
View file

@ -1,32 +1,17 @@
{ pkgs, flake, ... }:
# See nix-darwin/default.nix for other modules in use.
let
inherit (flake) inputs;
inherit (inputs) self;
in
{
imports = [
flake.inputs.self.darwinModules.default
../nix-darwin/ci/github-runner.nix
../nix-darwin/zsh-completion-fix.nix
self.darwinModules.default
"${self}/nix-darwin/ci/github-runner.nix"
"${self}/nix-darwin/zsh-completion-fix.nix"
"${self}/clusters/github-runner/darwin-module.nix"
];
# Github runner CI
users = {
knownUsers = [ "github-runner" ];
forceRecreate = true;
users.github-runner = {
uid = 1009;
description = "GitHub Runner";
home = "/Users/github-runner";
createHome = true;
shell = pkgs.bashInteractive;
# NOTE: Go to macOS Remote-Login settings and allow all users to ssh.
openssh.authorizedKeys.keys = [
# github-runner VM's /etc/ssh/ssh_host_ed25519_key.pub
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJUJvyuUnIs2q2TkJq29wqJ6HyOAeMmIK8PcH7xAlpVY root@github-runner"
];
};
};
nix.settings.trusted-users = [ "github-runner" ];
nixpkgs.hostPlatform = "aarch64-darwin";
environment.systemPackages = with pkgs; [

52
systems/github-runner.nix
View file

@ -1,36 +1,8 @@
# TODO: WIP
# - [x] Intial config
# - [x] Colmena deploy, with keys from 1Password.
# - [x] Github Runners
# - [x] Distributed builder to host (macOS)
# - [x] Refactor, to allow multiple repos (then remove easy-github-runners.nix)
# - [ ] Refactor into own dir
{ flake, pkgs, lib, ... }:
let
inherit (flake) inputs;
inherit (inputs) self;
user = "github-runner";
group = "github-runner";
tokenFile = "/run/keys/github-runner-token.secret"; # See colmena keys in top-level flake.nix
# Convenient function to create multiple runners per single personal repo.
mkPersonalRunners = user:
lib.concatMapAttrs (repoName: meta:
lib.listToAttrs (lib.flip builtins.map (lib.range 1 meta.num) (idx:
let
name = "perpetuum-${builtins.toString idx}";
in
lib.nameValuePair name {
inherit user group tokenFile name;
enable = true;
replace = true;
extraPackages = with pkgs; [
coreutils
nixci
];
url = "https://github.com/${user}/${repoName}";
})));
hostIP = "10.37.129.2"; # Find out using `ifconfig` on host, looking for bridge101
in
{
imports = [
@ -40,6 +12,7 @@ in
"${self}/nixos/nix.nix"
"${self}/nixos/self/primary-as-admin.nix"
"${self}/nixos/server/harden/basics.nix"
"${self}/clusters/github-runner/nixos-module.nix"
];
system.stateVersion = "23.11";
@ -53,27 +26,4 @@ in
};
};
services.openssh.enable = true;
# Runners
users.users.${user} = {
inherit group;
isSystemUser = true;
};
users.groups.${group} = { };
nix.settings.trusted-users = [ user ];
services.github-runners = mkPersonalRunners "srid" {
perpetuum.num = 2;
};
# macOS remote builder
nix.distributedBuilds = true;
nix.buildMachines = [{
hostName = hostIP;
systems = [ "aarch64-darwin" "x86_64-darwin" ];
# supportedFeatures = [ "kvm" "benchmark" "big-parallel" ];
maxJobs = 6; # 6 cores
protocol = "ssh-ng";
sshUser = user;
sshKey = "/etc/ssh/ssh_host_ed25519_key";
}];
}