nixos-config/clusters/github-runner/README.md

Self-Hosted CI on Macbook Pro

WARNING: WIP Notes. Expect final version in nixos.asia as a blog post.

github-runner.nix

Create a classic token, and store it impurely:

sudo sh -c "echo 'ghp_...' > /run/github-token-ci"

Setup github-runner.nix for first time, and then:

sudo chown _github-runner:_github-runner /run/github-token-ci

Linux Builder

The author has observed the official "linux-builder" to be slow, in comparison to a Parallels VM. Prefer setting up a Parallels VM if you can.

Via Parallels

• Create new VM, installing NixOS: https://nixos.asia/en/nixos-install-disko
  • Name it parallels-linux-builder`
  • CPU: 6; RAM 16GB; Disk 1TB; Use Rosetta
  • Post install
    • sudo nano /etc/nixos/configuration.nix and services.openssh.enable = true; and sudo nixos-rebuild switch
    • If you are not using disko, you must copy over hardware-configuration.nix
• ssh-copy-id your keys to both parallels@ and root@
  • ssh-copy-id -o PubkeyAuthentication=no -o PreferredAuthentications=password parallels@parallels-linux-builder
  • ssh parallels@parallels-linux-builder and sudo sh -c 'cp /home/parallels/.ssh/authorized_keys /root/.ssh'
  • Verify ssh root@parallels-linux-builder works.
    • service gdm stop (we don't need)
• Adjust the mac host keys

j remote-install

As root, run ssh -i /etc/ssh/ssh_host_ed25519_key srid@parallels-linux-builder to access it as known host.

Via linux-builder

See nix-darwin/linux-builder. Follow the instructions.

See also

• Zulip notes