From fded320b63945866a30304308222e0ceb889bb69 Mon Sep 17 00:00:00 2001 From: iofq Date: Sat, 28 Feb 2026 00:01:58 -0600 Subject: [PATCH] add CI images to repo --- .forgejo/default-policy.json | 14 +++++++ .forgejo/tags.txt | 1 + .forgejo/workflows/images.yaml | 20 ++++++++++ .../workflows/{main.yml => nvim-bundle.yml} | 5 +-- nixos/zen/configuration.nix | 30 ++++++++++++--- pkgs/default.nix | 1 + pkgs/nix-with-node/default.nix | 38 +++++++++++++++++++ pkgs/nix-with-node/root/etc/nix/nix.conf | 3 ++ 8 files changed, 104 insertions(+), 8 deletions(-) create mode 100644 .forgejo/default-policy.json create mode 100644 .forgejo/tags.txt create mode 100644 .forgejo/workflows/images.yaml rename .forgejo/workflows/{main.yml => nvim-bundle.yml} (91%) create mode 100644 pkgs/nix-with-node/default.nix create mode 100644 pkgs/nix-with-node/root/etc/nix/nix.conf diff --git a/.forgejo/default-policy.json b/.forgejo/default-policy.json new file mode 100644 index 0000000..dffc54a --- /dev/null +++ b/.forgejo/default-policy.json @@ -0,0 +1,14 @@ +{ + "default": [ + { + "type": "insecureAcceptAnything" + } + ], + "transports": + { + "docker-daemon": + { + "": [{"type":"insecureAcceptAnything"}] + } + } +} diff --git a/.forgejo/tags.txt b/.forgejo/tags.txt new file mode 100644 index 0000000..e951978 --- /dev/null +++ b/.forgejo/tags.txt @@ -0,0 +1 @@ +nix-with-node:nix diff --git a/.forgejo/workflows/images.yaml b/.forgejo/workflows/images.yaml new file mode 100644 index 0000000..1df21e1 --- /dev/null +++ b/.forgejo/workflows/images.yaml @@ -0,0 +1,20 @@ +on: + workflow_dispatch: + schedule: + - cron: "0 0 * * 0" + workflow_dispatch: +jobs: + check: + runs-on: nix-upstream-latest + steps: + - run: echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf + - run: nix-env -i nodejs skopeo # bootstrap + - uses: actions/checkout@v4 + - run: mkdir -p /etc/containers && cp .forgejo/default-policy.json /etc/containers/policy.json + - run: |- + for line in $(cat .forgejo/tags.txt); do + IFS=: read -r pkg tag <<< $line + cp $(nix build .#$pkg --print-out-paths) /tmp/img.tar.gz + gunzip /tmp/img.tar.gz + skopeo copy --dest-creds="${{ secrets.FJ_USER }}:${{ secrets.FJ_PASS }}" docker-archive:///tmp/img.tar docker://git.10110110.xyz/ci/$tag:latest + done diff --git a/.forgejo/workflows/main.yml b/.forgejo/workflows/nvim-bundle.yml similarity index 91% rename from .forgejo/workflows/main.yml rename to .forgejo/workflows/nvim-bundle.yml index 5b63c12..6ee4758 100644 --- a/.forgejo/workflows/main.yml +++ b/.forgejo/workflows/nvim-bundle.yml @@ -5,15 +5,14 @@ on: branches: - main jobs: - build: + nvim-bundle: runs-on: nix-latest strategy: matrix: package_name: ["nvim"] steps: - uses: actions/checkout@v4 - - uses: DeterminateSystems/nix-installer-action@main - - name: check + - name: nix flake check run: nix flake check - name: Run `nix bundle` if: github.ref == 'refs/heads/main' diff --git a/nixos/zen/configuration.nix b/nixos/zen/configuration.nix index 3c73c75..f010a69 100644 --- a/nixos/zen/configuration.nix +++ b/nixos/zen/configuration.nix @@ -1,4 +1,9 @@ -{ host, config, pkgs, ... }: +{ + host, + config, + pkgs, + ... +}: { imports = [ ./hardware-configuration.nix @@ -18,20 +23,35 @@ allowedTCPPorts = [ 22 10250 - 25565 #mc - 25566 #mc + 25565 # mc + 25566 # mc ]; + interfaces."podman+" = { + allowedTCPPorts = [ 33393 ]; + }; }; }; - virtualisation.docker = { + virtualisation.podman = { enable = true; - extraOptions = "--dns 1.1.1.1"; }; services.gitea-actions-runner = { package = pkgs.forgejo-runner; instances.default = { enable = true; name = host.hostName; + settings = { + runner = { + capacity = 3; + }; + cache = { + enable = true; + host = "host.containers.internal"; + port = 33393; + }; + container = { + force_pull = true; + }; + }; url = "https://git.10110110.xyz"; tokenFile = config.sops.secrets.forgejo-runner.path; labels = [ diff --git a/pkgs/default.nix b/pkgs/default.nix index 19572c1..c34f530 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -7,5 +7,6 @@ nativeBuildInputs = [ pkgs.jujutsu ]; doCheck = false; }; + nix-with-node = import ./nix-with-node { inherit pkgs; }; } // import ./nvim { inherit inputs pkgs; } diff --git a/pkgs/nix-with-node/default.nix b/pkgs/nix-with-node/default.nix new file mode 100644 index 0000000..d0229d1 --- /dev/null +++ b/pkgs/nix-with-node/default.nix @@ -0,0 +1,38 @@ +{ pkgs, ... }: +pkgs.dockerTools.buildLayeredImage { + name = "nix-with-node"; + contents = with pkgs; [ + ./root + bashInteractive + cacert + coreutils + git + gnutar + gzip + jq + nix + nodejs + openssh + shadow + xz + ]; + + config = { + Cmd = [ "/bin/bash" ]; + WorkingDir = "/home/nixbld1"; + Env = [ + "ENV=/etc/profile.d/nix.sh" + "NIX_BUILD_SHELL=/bin/bash" + "PATH=/usr/bin:/bin" + "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" + "USER=root" + ]; + }; + + fakeRootCommands = '' + ${pkgs.dockerTools.shadowSetup} + groupadd -r nixbld + useradd -r -g nixbld nixbld1 + ''; + enableFakechroot = true; +} diff --git a/pkgs/nix-with-node/root/etc/nix/nix.conf b/pkgs/nix-with-node/root/etc/nix/nix.conf new file mode 100644 index 0000000..978cf89 --- /dev/null +++ b/pkgs/nix-with-node/root/etc/nix/nix.conf @@ -0,0 +1,3 @@ +accept-flake-config = true +experimental-features = nix-command flakes +max-jobs = auto